Agent Skills reference

From frontmatter fields to install scopes — the SKILL.md standard and our audit model in one place.

Start here Skill writing tutorial

A full path from deciding whether a skill is needed, writing the minimum SKILL.md, progressive disclosure, real traces, audit, testing, routing, and iteration.

Open guide →
Before install General install guide

Understand agent paths, package runners, runtime preparation, verification, and common fixes.

View install →

What is an Agent Skill

A skill is a folder. The bare minimum is a SKILL.md describing what problem it solves, when the agent should reach for it, and how to do the work. It can bundle scripts/, references/, and assets/ alongside. The format was open-sourced by Anthropic at agentskills.io and is now supported by 30+ agent products including Claude Code, Codex, Cursor, Gemini CLI, OpenCode, Goose and GitHub Copilot.

Anatomy of a skill folder

Only SKILL.md is required; the rest are optional. Codex additionally reads agents/openai.yaml for UI config, invocation policy and tool dependencies.

my-skill/
├── SKILL.md             # 必须 · 元数据 + 指令
├── scripts/             # 可选 · 可执行代码
├── references/          # 可选 · 参考文档
├── assets/              # 可选 · 模板与素材
└── agents/openai.yaml   # 可选 · Codex 专用 UI/策略

SKILL.md frontmatter fields

All fields live between the leading --- delimiters. Only name and description are spec-mandatory; the rest are audit bonuses and community convention. Keep description under 140 chars — it enters the agent's startup progressive-disclosure index and is the only signal the agent has when deciding whether to load the full body.

Field Type Required Description
name string Yes Skill slug; must match folder name; lowercase-kebab.
description string ≤ 140 Yes One-liner stating when this skill should and should NOT trigger.
category enum No engineering · ai · productivity · design · devops · documentation · writing · data · security · other
license SPDX No SPDX identifier. Declare explicitly for +6 audit points.
version semver No Semver string for change tracking (+4 audit points).
agents string[] No Compatible agent IDs; controls how many install commands render.
allowed-tools string[] No Tools the skill needs (Bash, Read, …). Omitting is interpreted as "any tool".
tags string[] No Free-form keywords; folded into the search haystack.

Progressive disclosure: how agents use skills

At startup, the agent only loads each skill's name + description (a few dozen tokens, sub-1KB total). Only when a user request matches a description does the agent pull the full SKILL.md into context; scripts under scripts/ load lazily when called. This is how an agent can carry hundreds of skills with negligible context overhead.

  1. 01 Discovery

    name + description only — a few dozen tokens each

  2. 02 Activation

    Pull full SKILL.md only when the description matches

  3. 03 Execution

    Lazy-load scripts/ and references/ when invoked

Where skills live: four scopes

Directories vary by agent but scope semantics are stable: SYSTEM is shipped by the agent vendor; ADMIN is pushed by your org; USER is your personal library; REPO travels with the repository for team sharing. The Hub crawls public SKILL.md files in the first three scopes and never reads private local skills.

Scope Path Note
SYSTEM 随 Agent 安装包内置 Bundled with the agent. Codex auto-loads .system on install.
ADMIN /etc/codex/skills · 类似企业策略 Org-pushed compliance skills; overrides user scope.
USER ~/.claude/skills · ~/.codex/skills · ~/.agents/skills Your personal library, shared across projects.
REPO $REPO/.agents/skills · $CWD/.claude/skills Repo-bound skills; travel with the branch and team.

Installing a skill, per agent

Every skill detail page emits a single-line install command per agent. Commands are idempotent — running them twice is safe. For agents that don't yet ship an official registry, we emit a placeholder shape; the card metadata stays stable so SKILL.md needs no edits when registries land.

Reading the audit

Every skill carries a 0–100 trust score and a verdict (verified / community / unverified / flagged). All findings render verbatim — no severity is suppressed. See the Security policy page for the full scoring formula.

Webhook API & MCP

POST /api/webhook/dify validates an HMAC-SHA256 signed payload. Before forwarding, every secret is replaced with a typed placeholder ([REDACTED:aws], [REDACTED:jwt], …). The same index is exposed as an MCP server so agents can search/install programmatically.

Privacy & data

No accounts are required to browse or install. Telemetry is restricted to anonymous code-block dwell time used for ranking; opt out via DNT or by blocking /api/telemetry. Every entry in the index is derived from public GitHub repos with author attribution preserved.

Writing principle: extract from real traces

Do not treat a skill as a polished prompt. A stronger path is to run the workflow once in real files, environment, and goals, then record assumptions, tool order, recovery, verification, and output format before compressing it into a reviewable workflow.

Quality loop: audit, test, iterate

When reusing skills, stars are discovery signals, not quality proof. Audit files before installing, then test should-trigger, should-not-trigger, and should-stop cases. One failure is a clue, not a rule; compare examples before editing description, body, scripts, or references.