Problem
The agent skills ecosystem is under active attack (Q1 2026):
- ClawHavoc campaign: 341 malicious skills flooding ClawHub in 3 days
- Snyk audit: 13.4% of marketplace skills contain critical security issues
- OWASP Agentic Skills Top 10 recommends ed25519 signing + content_hash
SkillKit has skillkit scan and skillkit validate but no cryptographic integrity verification.
Proposed Solution
Phase 1: Content Hashing
Phase 2: Skill Signing
- ed25519 key pair generation:
skillkit sign init
- Sign skills on publish:
skillkit publish --sign
- Verify signatures on install:
skillkit install --verify
- Public key registry for known publishers
Phase 3: Trust Chain
- Configurable trust levels:
trusted (signed + verified), scanned (passed security scan), unknown
skillkit.yaml config: trust: { requireSigned: true, allowedPublishers: [...] }- CI/CD flag:
--require-signed to fail on unsigned skills
References
Problem
The agent skills ecosystem is under active attack (Q1 2026):
SkillKit has
skillkit scanandskillkit validatebut no cryptographic integrity verification.Proposed Solution
Phase 1: Content Hashing
integrityfield to skill.json (per [Feature]: Read skill.json from source repos for install, recommend, and translate #83):"integrity": "sha256-yY1jg1cPGoisxK/..."skillkit installverifies hash after downloadskillkit validatechecks integrity matches contentskillkit publishauto-generates integrity hashPhase 2: Skill Signing
skillkit sign initskillkit publish --signskillkit install --verifyPhase 3: Trust Chain
trusted(signed + verified),scanned(passed security scan),unknownskillkit.yamlconfig:trust: { requireSigned: true, allowedPublishers: [...] }--require-signedto fail on unsigned skillsReferences