Key takeaways
- The scale story of 2026: ~669,670 skills listed as of June 2026, with the top skill (vercel-labs find-skills) at 2.0M installs and Anthropic's frontend-design at 531.8K — roughly five months after the January 2026 launch
- One-command distribution — `npx skills add owner/repo` installs any GitHub-hosted SKILL.md package into 20+ agents (Claude Code, Cursor, Copilot, Codex, Gemini, Zed); the leaderboard is built from install telemetry with no submission or review flow
- Curation is the open question: anyone can publish, ranking is gameable install counts, Trail of Bits researchers bypassed its malicious-skill detector, and Vercel's answer is a Snyk real-time scanning partnership rather than human review
- Entirely free — MIT-licensed CLI, no paid tiers, no published business model; the registry is a Vercel ecosystem play
FAQ
What is skills.sh?
skills.sh is Vercel's directory and leaderboard for agent skills — SKILL.md-based instruction packages that any GitHub repo can publish and any of 20+ AI coding agents can install with one command, `npx skills add owner/repo`.
How much does skills.sh cost?
Free. The skills CLI is MIT-licensed open source, the directory has no paid tiers, and there is no published pricing or business model.
Which agents does skills.sh support?
The directory tracks installs across 20+ agents including Claude Code, Cursor, Codex, GitHub Copilot, Windsurf, Gemini, Cline, VS Code, Zed, Roo, Goose, Trae, Kilo, Amp, and Antigravity; the CLI README claims compatibility with 70+ coding agents.
How is skills.sh different from the Agent Skills Registry?
skills.sh is open and uncurated — anyone can publish, ranking is by install telemetry, and scale is the product (~669,670 skills); the tech-leads-club Agent Skills Registry is the opposite bet, with 80 human-curated skills that each pass static analysis and Snyk scanning before inclusion.
Executive Summary
skills.sh is Vercel's registry and leaderboard for agent skills — "The Open Agent Skills Ecosystem." Any GitHub repository containing SKILL.md packages becomes installable with one command, npx skills add owner/repo, into 20+ AI coding agents including Claude Code, Cursor, Codex, GitHub Copilot, Windsurf, Gemini, Cline, VS Code, and Zed.[1][2] There is no submission flow and no review gate: skills appear on the directory automatically via install telemetry, and the leaderboard ranks them by install counts.[2][3]
The scale is the 2026 story. Announced in Vercel's changelog on January 20, 2026, the directory lists ~669,670 skills as of June 2026; the top skill, vercel-labs' find-skills, shows 2.0M installs, and Anthropic's frontend-design shows 531.8K.[2][1] That growth came with the predictable cost of zero curation: security researchers have bypassed its malicious-skill detector, independent reviewers score its execution 2/5 against 5/5 infrastructure, and Vercel's response has been a real-time scanning partnership with Snyk rather than human review.[4][5][6]
| Attribute | Value |
|---|---|
| Operator | Vercel (via vercel-labs)[1] |
| Launched | January 20, 2026 (Vercel changelog announcement)[2] |
| Skills listed | ~669,670 as of June 2026[1] |
| GitHub Stars | 22.1k (vercel-labs/skills CLI), 1.8k forks[7] |
| License | MIT (CLI); directory is a free hosted service[7] |
| Pricing | Free; no paid tiers[1][7] |
Product Overview
The model is npm-for-skills: authors put SKILL.md files (YAML frontmatter with name and description) in a GitHub repo; consumers run npx skills add owner/repo; the CLI detects which agents are present and installs to project or global scope, by copy or symlink.[7][8] skills.sh itself is the discovery layer — a directory browsable by category and popularity, with an install-count leaderboard refreshed on 8-week activity.[2][1]
The leaderboard doubles as the ecosystem's scoreboard. As of June 2026 the top entries are find-skills (vercel-labs, 2.0M installs), frontend-design (anthropics, 531.8K), vercel-react-best-practices (468.8K), agent-browser (440.9K), and Microsoft's microsoft-foundry (386.4K) — Vercel, Anthropic, and Microsoft all distributing first-party skills through it.[1]
Key Capabilities
| Capability | Description |
|---|---|
| One-command install | npx skills add owner/repo from any GitHub repo; no registry account needed[7] |
| Multi-agent targeting | Installs into 20+ agents tracked by the directory; CLI README claims 70+ compatible agents[1][7] |
| Discovery | skills find in the CLI; category and popularity browsing on skills.sh[7][2] |
| Telemetry leaderboard | Skills appear automatically via install telemetry; ranking by install count[2][3] |
| Scoping | Project or global installs; copy or symlink; "internal" skills hidden by default[7] |
| Security scanning | Snyk partnership adds real-time detection of malicious payloads and prompt injection[6] |
Product Surfaces
| Surface | Description | Availability |
|---|---|---|
| skills.sh directory | Browse, leaderboard, per-skill pages | GA[1] |
skills CLI | Install/find/manage via npx; v1.5.11 released June 11, 2026 | GA[7] |
| Docs + API | /docs covers CLI, customization, API, FAQ | GA[1] |
Technical Architecture
skills.sh is deliberately thin infrastructure: GitHub is the storage and identity layer, the CLI is the package manager, and the directory is telemetry aggregation. Skills follow the SKILL.md convention (the open Agent Skills format Anthropic originated), which is what makes one package work across agents — "skills are generally compatible across agents" per the README.[7]
npx skills add vercel-labs/agent-skills
Key Technical Details
| Aspect | Detail |
|---|---|
| Deployment | Hosted directory + npx CLI; skills live in publishers' GitHub repos[7] |
| Format | SKILL.md with YAML frontmatter (name, description)[7] |
| Curation | None — no submission flow, no review board; install telemetry only[2][7] |
| Security | LLM-based malicious-skill detection plus Snyk real-time scanning[4][6] |
| Open Source | CLI is MIT, 22.1k stars, 30 releases, active (v1.5.11 on June 11, 2026)[7] |
Strengths
- Distribution gravity nobody else has — ~669,670 skills listed and a 2.0M-install top skill five months after launch; Anthropic and Microsoft publish their own first-party skills through it.[1]
- The lowest-friction publish path in the category — a GitHub repo plus a SKILL.md is a published skill; no account, no submission, no gate.[2][7]
- Genuinely cross-agent — one install command targets 20+ agents tracked by the directory, riding the open SKILL.md standard rather than any single vendor's plugin system.[1][7]
- Healthy, fast-moving open-source CLI — 22.1k stars, 1.8k forks, 30 releases, with a release shipped the day of this research.[7]
- Security posture is improving under pressure — the Snyk partnership puts real-time payload and prompt-injection scanning in front of installs, a faster-moving answer than most registries have shipped.[6]
Cautions
- No quality control by design — anyone can publish, and the only ranking signal is install count, "which can be gamed, and which doesn't correlate with quality," per the most thorough independent review (which scored execution 2/5 against 5/5 infrastructure).[5]
- The scanners have been beaten — Trail of Bits researchers bypassed Vercel's malicious-skill detector (alongside ClawHub's and Cisco's) using prompt injection and payloads hidden in compiled bytecode, getting data-exfiltrating skills marked safe.[4]
- The category's base rate is bad — Snyk's ToxicSkills study of the adjacent ClawHub marketplace found prompt injection in 36% of skills examined and 1,467 malicious payloads, and the rival tech-leads-club registry cites research that over 13% of marketplace skills contain critical vulnerabilities (a competitor's framing — discount accordingly).[9][10]
- Skill-fetching pattern questioned by its own community — an open issue on vercel-labs/agent-skills flags potential security risk in how skills fetch remote content.[11]
- No published privacy policy or terms on the directory — the independent review notes unclear data retention and telemetry handling.[5]
- No business model — free, unmonetized, and strategically optional for Vercel; longevity rests on its value as an ecosystem play, not revenue.[1][7]
What Developers Say
There is no large HN launch thread; skills.sh's Hacker News footprint is a long tail of small Show HN posts — notably an emerging cottage industry of third-party security tooling around it (Vett, Skillcop, a Socket supply-chain integration), which says as much about the registry's trust gap as any comment.[12]
"Unpopular opinion: 80% of skills in skills.sh are AI slop. Go for the vendor-provided ones" — @pablocubico, January 2026[5]
"Skills.sh has no quality control. Anyone can create a skill, host it on GitHub, and tell people to install it." — vibecoding.app review[5]
"Not everything on there is gold. Quality varies." — Steven Gonsalvez on DEV Community[8]
"The pattern is right and the directory is growing fast. Worth checking before you write a skill from scratch." — Steven Gonsalvez on DEV Community[8]
The sentiment splits cleanly: near-universal approval of the primitive (one-command, cross-agent skill distribution) and near-universal skepticism of the catalog (uncurated volume, gameable rankings).[5][8]
Pricing & Licensing
| Tier | Price | Includes |
|---|---|---|
| Everything | Free | Directory, leaderboard, CLI, unlimited installs and publishing |
There are no paid tiers and no published pricing as of June 2026.[1][7]
Licensing model: The skills CLI is MIT-licensed open source; individual skills retain their publishers' licenses; the directory is a free hosted Vercel service.[7]
Hidden costs: Vetting burden shifts entirely to the installer — skills are arbitrary instructions (and sometimes code) pulled from unreviewed GitHub repos into agents with shell access, so the real cost is security review or incident risk.[4][5]
Competitive Positioning
Direct Competitors
| Competitor | Differentiation |
|---|---|
| Agent Skills Registry | The curated rival: 80 skills that each pass static analysis, Snyk Agent Scan, lockfile hashing, and human review — trust over breadth, against skills.sh's ~669,670 uncurated listings[10][1] |
| Anthropic Skills | The format originator and a first-party catalog; not a registry rival so much as upstream — Anthropic's own frontend-design distributes through skills.sh at 531.8K installs[1] |
| Claude Plugin Marketplace | Single-agent, vendor-governed distribution for Claude Code; skills.sh trades that governance for 20+ agent reach and open publishing[1] |
| ClawHub | The OpenClaw skills marketplace; subject of Snyk's ToxicSkills findings and the same scanner-bypass research — shares skills.sh's open-publishing risk profile without its Vercel backing[9][4] |
When to Choose skills.sh Over Alternatives
- Choose skills.sh when: you want maximum catalog breadth, cross-agent install (Claude Code, Cursor, Copilot, Codex, Gemini, Zed) from one command, or distribution reach for skills you publish.
- Choose Agent Skills Registry when: skills will run in agents with production or credential access and you need every skill security-reviewed before install.
- Choose Anthropic Skills when: you want first-party, vendor-maintained skills and the canonical reference for the format.
- Choose Claude Plugin Marketplace when: you are all-in on Claude Code and prefer plugins distributed inside the vendor's own governance surface.
Ideal Customer Profile
Best fit:
- Individual developers and teams who treat skills like npm packages — search first, write second — and are willing to read what they install
- Skill publishers who want distribution: the leaderboard is where install volume visibly lives, and Vercel, Anthropic, and Microsoft publish there
- Multi-agent shops standardizing one skill set across Claude Code, Cursor, Copilot, and others
Poor fit:
- Security-sensitive organizations installing third-party skills into agents with credential or production access — the scanners have been demonstrably bypassed
- Teams that need a vetted, slowly-changing catalog with accountability for what's in it
- Anyone expecting install counts to proxy for quality
Viability Assessment
| Factor | Assessment |
|---|---|
| Financial Health | Backed by Vercel as a free ecosystem play; no revenue model, no standalone funding to assess[1] |
| Market Position | The volume leader — ~669,670 skills and a 2.0M-install top skill dwarf curated rivals (the tech-leads-club registry lists 80)[1][10] |
| Innovation Pace | High — 30 CLI releases since January 2026, latest the day of this research; Snyk scanning integrated within months of launch[7][6] |
| Community/Ecosystem | Large and noisy — major vendors publish first-party skills; third parties are building scanners and dashboards on top; quality skepticism is loud[1][12][5] |
| Long-term Outlook | Favored to stay the default open registry; the open risk is a high-profile supply-chain incident forcing a governance rethink[4][6] |
skills.sh won the land grab: five months from changelog post to two-thirds of a million listed skills, with Anthropic and Microsoft distributing through it, is the fastest registry ramp in the agent-skills space.[2][1] The unresolved tension is structural — telemetry-ranked open publishing is exactly what produced the growth and exactly what researchers keep demonstrating is exploitable, and Snyk-style scanning has already been shown bypassable by Trail of Bits.[4][6]
Bottom Line
skills.sh is the npm of agent skills in both senses: the indispensable default registry with unmatched breadth and distribution, and an uncurated supply chain whose trust model is install counts plus scanners that researchers have already beaten. Use it the way mature teams use npm — assume the long tail is noise or worse, prefer first-party publishers, and read what you install.
Recommended for: developers and multi-agent teams who want the broadest skill catalog and one-command cross-agent installs, applied with package-manager-grade skepticism; publishers seeking distribution.
Not recommended for: security-sensitive environments installing third-party skills into credentialed agents without independent review; teams that need a curated, accountable catalog — that's the Agent Skills Registry's territory.
Outlook: Scale has won the registry war for now; watch whether Vercel adds verification badges or real curation, whether the Snyk layer survives adversarial research, and whether the first major skill-borne supply-chain incident lands here or on a rival.
Research by Ry Walker Research • methodology
Sources
- [1] skills.sh — The Agent Skills Directory
- [2] Vercel Changelog: Introducing skills, the open agent skills ecosystem
- [3] InfoQ: Vercel Introduces Skills.sh, an Open Ecosystem for Agent Commands
- [4] Cybersecurity News: ClawHub, Cisco, Vercel's Malicious Skill Detector Bypassed
- [5] vibecoding.app: Skills.sh Review (2026) — Open Directory for AI Agent Skills
- [6] Snyk Blog: Securing the Agent Skill Ecosystem — How Snyk and Vercel Are Locking Down the New Software Supply Chain
- [7] vercel-labs/skills GitHub Repository
- [8] DEV Community: skills.sh — npm for Agent Skills (Steven Gonsalvez)
- [9] Snyk Blog: ToxicSkills — Prompt Injection in 36% of Skills, 1,467 Malicious Payloads
- [10] tech-leads-club/agent-skills README (marketplace vulnerability claim)
- [11] vercel-labs/agent-skills Issue #91: Potential security risk in skill fetching pattern
- [12] skills.sh mentions on Hacker News (Algolia search)