Skip to main content

Verified Skills Standard

The trust layer. A graduated security certification system that filters dangerous skills before they reach your codebase.

Snyk's ToxicSkills study (February 2026) found that 36.82% of 3,984 publicly available skills contained security flaws, including 76 confirmed malicious payloads. The Verified Skills Standard introduces three-tier certification:

TierMethodCostSpeed
Scanned41 pattern checks + structural validationFree< 500ms
VerifiedTier 1 + LLM intent analysis~$0.03/skill5-15s
CertifiedTiers 1+2 + human security review + sandbox$50-200/skill1-5 days

The registry at verifiedskill.com provides a trusted source for browsing and submitting skills, with the npx vskill CLI for command-line access.


In This Section

The Standard (3-Tier Trust)

The full overview — three certification tiers, trust badges, mandatory SKILL.md sections, forbidden patterns, and the verifiedskill.com registry.

Skill Factory RFC (Full Spec)

The complete technical specification — all 41 forbidden patterns, structural validation rules, vendor auto-verification logic, and backwards compatibility.

Security Landscape

Platform comparison, ToxicSkills data, risk taxonomy, threat actors, and real-world attack examples across the skills ecosystem.


See Also