GuardSkills – Security layer for skills.sh workflows

Summary: GuardSkills analyzes skills before execution within the skills.sh ecosystem to detect risky behavior such as dangerous commands, suspicious network access, and secret exfiltration. It applies context-aware policies and supports custom allow/deny rules to reduce trust risks in AI workflows.

What it does

GuardSkills inspects skill metadata and behavior before running, flagging dangerous shell commands and unauthorized actions using skills.sh–specific rules. It integrates via npm and adds a guard step to workflows.

Who it's for

It is designed for teams and users of the skills.sh ecosystem who need to secure third-party or community skills before execution.

Why it matters

It addresses the lack of a review layer in skills.sh by providing a security checkpoint to prevent unsafe code from accessing environments, files, and secrets.