Getting Started

v0.4.16

vskill scans, verifies, and installs AI skills across 49 agent platforms. Every install goes through a security pipeline — static pattern analysis, LLM intent review, and provenance verification.

Install

No global installation required. Run with npx for one-off use, or install globally for repeated use.

bash

# No install required — run directly
npx vskill install remotion-best-practices

Install your first skill

Install a skill from the registry

Choose a skill from the registry or install by name.

bash

npx vskill install remotion-best-practices

Security scan runs automatically

Every install triggers a security scan — 52 static patterns across 9 threat categories. There is no --skip-scan flag.

Skill is installed to all detected agents

vskill auto-detects your installed agents (Claude Code, Cursor, Copilot, etc.) and installs the skill to all of them. Target a specific agent with --agent cursor.

Use the skill in your agent

The skill is now available in your AI agent. Invoke it via /skill-name or reference it in your prompts.

How it works

Every install flows through four stages. No stage can be skipped.

bash

  ┌──────────┐     ┌──────────┐     ┌──────────┐     ┌──────────┐
  │  Source   │────>│   Scan   │────>│  Verify  │────>│ Install  │
  │          │     │          │     │          │     │          │
  │ GitHub   │     │ 52 rules │     │ LLM      │     │ Pin SHA  │
  │ Registry │     │ Blocklist│     │ analysis │     │ Lock ver │
  │ Local    │     │ Patterns │     │ Intent   │     │ Symlink  │
  └──────────┘     └──────────┘     └──────────┘     └──────────┘

ℹLock file

The vskill.lock file records the SHA-256 hash, scan date, and trust tier for every installed skill. Running vskill update diffs against the locked version and re-scans before applying any changes.

Three-tier verification

Scanned

Baseline

52 deterministic pattern checks against known attack vectors. Every install, every time.

Verified

Recommended

Pattern scan + LLM-based intent analysis across 6 semantic dimensions.

Certified

Highest

Full manual security review by the vskill team.

49 agent platforms

vskill auto-detects your installed agents and installs skills to all of them simultaneously.

├── CLI & TerminalClaude Code, Cursor, Copilot, Windsurf, Codex, Gemini CLI, Amp, Cline, Roo Code, Goose, Aider, Kilo, Devin, OpenHands, and more

├── IDE ExtensionsVS Code, JetBrains, Zed, Neovim, Emacs, Sublime Text, Xcode

└── Cloud & HostedReplit, Bolt, v0, GPT Pilot, Plandex, Sweep

Target a specific agent with --agent cursor. vskill handles agent-specific config paths and formats automatically.

Skills vs plugins

├── SkillsSingle SKILL.md files that work with any of the 49 supported agents. Drop a SKILL.md into the agent's commands directory — no configuration needed.

└── PluginsMulti-component containers for Claude Code. Bundle skills, hooks, commands, and agents under a single namespace with enable/disable support.

ℹLearn more

See the Plugins guide for how to install and use the 13 domain plugins with 42 expert skills.

Next steps

CLI ReferenceAll commands and flags

→

Security Guidelines52 scan patterns and how to pass verification

→

Plugin MarketplaceBrowse 42 expert skills across 13 domains

→

Submit a SkillPublish your own skill to the registry

→

Related resources

CLI Reference→Security Guidelines→Plugin Marketplace→FAQ→