TL;DR: The skills.sh CLI installs agent skills from GitHub into Claude Code with one command. This tutorial covers installing security skills, validating they work, setting up skill discovery, and auditing skills for supply-chain risks before running them
The problem
Every time you start a security task in Claude Code, it’s the same routine: type out the prompt, paste in your methodology, and repeat
Skills is the way you can teach Claude code a workflow of how to do something, and then you can repeat this the same workflow again and again
What is skills.sh
skills.sh is an open agent skills CLI built by Vercel Labs. One command installs a skill from a GitHub repo into AI agent
It supports 18+ agents: Claude Code, Cursor, GitHub Copilot, Codex, and more. The same skill format works across all of them.
The website skills.sh is a leaderboard for discovering skill packages. Browse by category, check install counts and find what's popular.
Setup
Prerequisites
Before installing any skill, verify the prerequisites.
Node.js 18+:
Command: Send below command to terminal
node --versionIf the output is below v18, install Node.js newest LTS version first.
npx (bundled with Node.js):
Command: Send below command to terminal
npx --versionThis should return a version number.
Use cases
Web UI: discover skills on skills.sh
Browse https://skills.sh/ to find skills before installing. Search by keyword. Filter by category. Check install counts and source repos.
Skill.sh web ui
Basically you can search the skills you want and installed it by just copy paste the installation skill command.
Use case 1: Install Skill manually via CLI
This tutorial uses the idor-testing skill from sickn33 as the example that will do structural IDOR testing
Command: Send below command to terminal
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill idor-testing -a claude-code -gFlag breakdown:
Flag | What it does |
|---|---|
| GitHub repo containing the skill |
| Specific skill to install from the repo |
| Install for claude code |
| Install globally (available across all projects) |
Validate the installation:
Command: Send below command to terminal
npx skills list -g
The output should show idor-testing in the list
Test it in Claude Code:
Open Claude Code and type a simple message to confirm the skill loaded
Hi idor testing skills, how are you ?
From now on you can use this installed skill to complete you task, Example of how we use this idor-testing skill can be seen here:
Use case 2: Install skills automatically with find-skills
Manually browsing skills.sh works. But there's a faster way: the find-skills skill searches for skills from inside Claude Code.
Install find-skills:
Command: Send below command to terminal
npx skills add vercel-labs/skills --skill find-skills -a claude-code -gExample finding SSRF skills
Prompt: Send below prompt to Claude Code
Find skills for SSRF vulnerability testingfind-skills searches the skills.sh registry. It returns matching skills with descriptions. Select one. It installs directly. You don't need a browser or to copy-paste repo URLs.
find-skill skill is loaded to find the good skill for SSRF testing
From this you pick and choose which SSRF skills you want to install
Skill security audit (before you install)
Installing a skill gives it access to Claude Code's execution context. That includes file system access, shell commands, and environment variables.
Snyk's ToxicSkills research found prompt injection in 36% of tested skills. The ClawHavoc campaign deployed 335 coordinated malicious packages. 91% of malicious skills combine prompt injection with traditional malware. This is not theoretical.
4 attack patterns
Pattern | How It Works |
|---|---|
Prompt injection via SKILL.md | Adversarial instructions embedded in the skill file. Claude follows them without the user knowing |
Hidden subprocess execution | A bundled |
Sleeping payloads | Conditional activation triggers after a delay or specific event |
Credential exfiltration | Instructions to read environment variables and send values to an external URL |
Pre-install audit checklist
Run through this list before installing any skill:
Read the SKILL.md. Skills are markdown. Every line is readable. If the content looks suspicious, do not install it.
Check
allowed-toolsfrontmatter. Skills requestingBashaccess warrant more scrutiny than those using onlyReadandGrep.Review bundled scripts. Any
.sh,.py, or.jsfiles alongsideSKILL.mdneed inspection. These execute with the same permissions as Claude Code.Check the source. Skills from established security firms (e.g Trail of Bits) carry lower risk than unknown publishers. Check the GitHub repo: stars, contributors, commit history.
Quick browser audit
For a fast check without installing anything: https://skills.repello.ai/
Upload a skill's ZIP file. Get a security verdict in under a minute. Works across Claude Code, Cursor, and other agent platforms.
Red flags
Stop and investigate if a SKILL.md contains:
Instructions to read
ENVvariables orprocess.envcurlorwgetcalls to unknown URLseval(),exec(), orchild_processreferencesBase64-encoded strings or hex-encoded content
Instructions to modify
~/.bashrc,~/.zshrc, or startup scripts
Managing skills over time
Update all installed skills:
Command: Send below command to terminal
npx skills updateRemove a skill:
Command: Send below command to terminal
npx skills remove <skill-name>What could be better
Verified publisher workflows would reduce supply-chain risk. A GPG signature on each skill release gives auditable provenance.
Teams with specific security playbooks (internal triage procedures, proprietary testing frameworks) need custom skills. The next post covers building them.
Skills are static instructions today. Connecting them to MCP servers or CLI tools would give skills real-time tool access during security testing: live Burp Suite data, running code analysis, active port scans.
Further reading
MCP Servers:
Skills & Agents:
Config Management:
Claude Samurai - Visual configuration manager for Claude Code and MCP
Skill Security:
Ready to apply AI to your Security Engineering ?
Subscribe to Secengai Newsletter for weekly actionable content on AI for security engineers.
Disclaimer
This content reflects personal views, experiments, and use cases in AI and security engineering. It does not represent any employer's positions, policies, or practices.