Skip to content

haluke1/skill-spec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
content
content
 
 
scripts
scripts
 
 
skill-registry
skill-registry
 
 
MARKETING-PLAN.md
MARKETING-PLAN.md
 
 
README.md
README.md
 
 
SKILL-SPEC.md
SKILL-SPEC.md
 
 
SKILL-TEMPLATE.md
SKILL-TEMPLATE.md
 
 

Repository files navigation

SKILL-SPEC: The DNS Layer for AI Skills

In 1983, the entire internet ran on a single text file. Today, AI skills run the same way. We're fixing that.

The Problem

Skills today are .md files with:

  • ❌ No validation
  • ❌ No versioning
  • ❌ No schema
  • ❌ No dependency management
  • ❌ No trust chain
  • ❌ No checksums

HOSTS.TXT broke at 2,000 hosts. We're at host 50.

The Solution

SKILL-SPEC provides the missing infrastructure:

┌─────────────────────────────────────────────────────────────┐
│                     SKILL-SPEC v1.0                        │
├─────────────────────────────────────────────────────────────┤
│  ✓ Checksums      — Verify integrity                       │
│  ✓ Signatures     — Prove authorship                       │
│  ✓ Versioning     — Semantic versions (1.0.0)              │
│  ✓ Dependencies   — Skills can require other skills        │
│  ✓ Capabilities   — Declared permissions, not assumed      │
│  ✓ Trust Levels   — untrusted → signed → verified → trusted│
└─────────────────────────────────────────────────────────────┘

Quick Start

1. Generate checksums for your skill

./skill-registry/verify.sh --generate ./my-skill/

2. Sign with GPG

./scripts/skill-sign.sh --key YOUR_KEY_ID ./my-skill/

3. Verify a skill

./skill-registry/verify.sh --check ./my-skill/

4. Install from registry

./skill-registry/install.sh gog@1.0.0

Repository Structure

skill-protocol/
├── SKILL-SPEC.md           # Full specification
├── SKILL-TEMPLATE.md       # Template for new skills
├── README.md               # This file
├── skill-registry/
│   ├── index.json          # Local registry manifest
│   ├── verify.sh           # Checksum verification
│   └── install.sh          # Skill installation
└── scripts/
    └── skill-sign.sh       # GPG signing

Capability Model

Skills declare required capabilities:

Capability Risk Description
read Low Read files
write Medium Write/modify files
exec High Execute commands
network Medium HTTP requests
credentials Critical Access secrets
browser High Browser automation
message High External messages

Trust Levels

  1. Untrusted — No verification, sandboxed
  2. Signed — Checksum + GPG signature verified
  3. Verified — Registry-verified, reputation score
  4. Trusted — Explicitly trusted by user

Roadmap

  • v1.0 — Checksums, signatures, basic registry
  • v1.1 — Dependency resolution, lock files
  • v1.2 — Remote registry (ClawhHub)
  • v2.0 — Federated registries, revocation
  • v3.0 — Skill composition, runtime capabilities

Philosophy

"The winners won't publish the most skills. They'll standardize the protocol layer."

We're not competing on skill quantity. We're building the infrastructure that makes all skills trustworthy.

Contributing

  1. Fork this repository
  2. Create your skill following SKILL-TEMPLATE.md
  3. Generate checksums: ./skill-registry/verify.sh --generate ./your-skill/
  4. Sign: ./scripts/skill-sign.sh ./your-skill/
  5. Submit PR

License

MIT

Built by The Mechanical Turk & CEO Haluk | Inspired by Michał Piszczek's HOSTS.TXT analogy

About

SKILL-SPEC: The DNS layer for AI skills. Checksums, signatures, versioning, trust.

github.com/haluke1/skill-spec

Topics

security ai skills protocol trust agents

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages