Add /learn - cross-platform skill discovery with security scanning

[romainsimon]

Summary

Adds /learn, a cross-platform skill discovery and installation tool powered by agentskill.sh.

What it does

• Search 40,000+ skills across platforms (not just Goose)
• Two-layer security: server-side scanning (12 threat categories) + client-side verification
• Auto-rating feedback loop surfaces quality, flags bad actors
• Works with Goose, Claude Code, Cursor, Codex, Windsurf, and 10+ more

Commands

Command	Description
/learn seo	Search by keyword
/learn @owner/name	Install specific skill
/learn	Project-based recommendations
/learn trending	Popular skills
/learn scan <path>	Security scan before install
/learn list	Show installed skills
/learn update	Check for updates

Why include this?

After ClawHub's malware incident (20% malicious skills), security-first discovery matters. This gives Goose users access to a pre-vetted, cross-platform skill ecosystem.

Security dashboard

[github-actions]

✅ Validate Skills — PASSED

Summary: FAIL=0 · WARN=0
Changed skill dirs: learn

Output (last 200 lines)

✅ Found 8 skill directories.
✅ api-setup: structure validated
✅ beads: structure validated
✅ code-review: structure validated
✅ frontend-design: structure validated
✅ goose-blog-post: structure validated
✅ learn: structure validated
✅ rp-why: structure validated
✅ testing-strategy: structure validated

Structure validation PASSED.

[github-actions]

🛡️ Skills Security Scan — FAIL

Summary: FAIL=5 · WARN=43 · FILES=2
Changed skills scanned: learn

❌ FAIL blocks merge. Fix the items below.

❌ Failures

learn

• prompt-injection:secrets-escalation — learn/SKILL.md:384

| CRITICAL | ×20 | Prompt injection, remote code execution, credential theft, reverse shells, destructive commands |

Guidance: Blocks prompt-injection language combined with secret-target keywords.

• remote-exec:curl-pipe-shell — learn/references/SECURITY.md:178

| One-liner installers | `curl ... \| bash` with obfuscated payload |

Guidance: Blocks download-and-execute. Vendor scripts or verify pinned downloads + checksums.

• remote-exec:curl-pipe-shell — learn/references/SECURITY.md:283

| `curl \| bash` patterns | Remote code execution |

Guidance: Blocks download-and-execute. Vendor scripts or verify pinned downloads + checksums.

• remote-exec:curl-pipe-shell — learn/references/SECURITY.md:430

| `curl \| bash` | Remote code execution |

Guidance: Blocks download-and-execute. Vendor scripts or verify pinned downloads + checksums.

• prompt-injection:secrets-escalation — learn/references/SECURITY.md:20

### Secret Scanners

Guidance: Blocks prompt-injection language combined with secret-target keywords.

⚠️ Warnings

learn

• content:entropy-high-file — learn/SKILL.md:1

---

• network:url — learn/SKILL.md:16

Discover, install, and manage AI agent skills from [agentskill.sh](https://agentskill.sh). This skill turns your agent into a self-improving system that can search for capabilities it lacks, install them mid-session, and provide feedback af…

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:45

1. Use WebFetch to call: `https://agentskill.sh/api/agent/search?q=<URL-encoded query>&limit=5`

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:73

If no results are found, say: "No skills found for '<query>'. Try different keywords or browse at https://agentskill.sh"

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:82

2. Use WebFetch to call: `https://agentskill.sh/api/agent/skills/<slug>/install?owner=<owner>`

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:84

4. If not found, say: "Skill @<owner>/<slug> not found. Check the name at https://agentskill.sh"

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:92

1. Parse the slug from the URL path (last segment of `https://agentskill.sh/<slug>`)

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:93

2. Use WebFetch to call: `https://agentskill.sh/api/agent/skills/<slug>/install`

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:126

1. Use WebFetch to call: `https://agentskill.sh/api/agent/search?section=trending&limit=5`

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:138

3. Use WebFetch to POST to `https://agentskill.sh/api/skills/<slug>/agent-feedback` with JSON body:

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:184

2. Collect all slugs and call the batch version endpoint: `https://agentskill.sh/api/agent/skills/version?slugs=<comma-separated slugs>`

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:261

1. Fetch skill content from `https://agentskill.sh/api/agent/skills/<slug>/install?platform=<platform>` if not already fetched

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:330

   # source: https://agentskill.sh/<slug>

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:336

9. Track the install — use WebFetch to POST to `https://agentskill.sh/api/skills/<slug>/install` with JSON body:

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:424

After scanning, report any issues found to `POST https://agentskill.sh/api/agent/security-reports` with the scan results. This helps flag malicious skills and protect other users. Fire-and-forget; do not block on this call.

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:435

2. Use WebFetch to call: `https://agentskill.sh/api/agent/skills/learn/version`

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:439

   a. Fetch the latest version from `https://agentskill.sh/api/agent/skills/learn/install`

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:642

| API unreachable / timeout | "Could not reach agentskill.sh. Check your connection or try again later. You can also browse skills at https://agentskill.sh" |

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:643

| No search results         | "No skills found for '<query>'. Try different keywords or browse at https://agentskill.sh"                                     |

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:644

| Skill not found (404)     | "Skill '<slug>' not found. It may have been removed. Browse available skills at https://agentskill.sh"                         |

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/SKILL.md:655

All endpoints are on `https://agentskill.sh`.

Guidance: Review: URL present; confirm expected destination and purpose.

• content:entropy-high-line — learn/references/SECURITY.md:3

**Treat skill installation like installing software.** Only use skills from trusted sources — those you created yourself or obtained from verified authors. Skills provide Claude with new capabilities through instructions and code, and a mal…

• content:entropy-high-file — learn/references/SECURITY.md:1

# Security Pattern Library

• network:curl-wget — learn/references/SECURITY.md:111

| curl/wget with variables | `curl -d "$API_KEY" https://...` |

Guidance: Review: network tool usage; ensure it's necessary and safe.

• network:curl-wget — learn/references/SECURITY.md:316

| `curl` output used in prompts | External data becomes instructions |

Guidance: Review: network tool usage; ensure it's necessary and safe.

• network:curl-wget — learn/references/SECURITY.md:431

| `wget && chmod +x` | Download and execute |

Guidance: Review: network tool usage; ensure it's necessary and safe.

• network:url — learn/references/SECURITY.md:111

| curl/wget with variables | `curl -d "$API_KEY" https://...` |

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/references/SECURITY.md:466

| Unknown sources | `pip install git+https://...` |

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/references/SECURITY.md:467

| Editable installs from URL | `pip install -e https://...` |

Guidance: Review: URL present; confirm expected destination and purpose.

• network:url — learn/references/SECURITY.md:544

POST https://agentskill.sh/api/agent/security-reports

Guidance: Review: URL present; confirm expected destination and purpose.

• prompt-injection:jailbreak — learn/SKILL.md:549

4. **User can override anytime**: `/learn feedback <slug> <score> [comment]`

Guidance: Review: jailbreak/system prompt language.

• prompt-injection:jailbreak — learn/SKILL.md:576

### User Override

Guidance: Review: jailbreak/system prompt language.

• prompt-injection:jailbreak — learn/SKILL.md:578

If the user disagrees with your auto-rating, they can override it:

Guidance: Review: jailbreak/system prompt language.

• prompt-injection:jailbreak — learn/SKILL.md:582

The override will update the rating. Always respect user overrides.

Guidance: Review: jailbreak/system prompt language.

• prompt-injection:jailbreak — learn/SKILL.md:631

   *Override any rating: `/learn feedback <slug> <score> [comment]`*

Guidance: Review: jailbreak/system prompt language.

• prompt-injection:ignore-instructions — learn/references/SECURITY.md:226

| "ignore previous instructions" | Direct override |

Guidance: Review: instruction-bypass language. Ensure skill cannot override safety/system rules.

• prompt-injection:ignore-instructions — learn/references/SECURITY.md:557

      "description": "Contains 'ignore previous instructions'",

Guidance: Review: instruction-bypass language. Ensure skill cannot override safety/system rules.

• prompt-injection:jailbreak — learn/references/SECURITY.md:222

**What to detect:** Attempts to override agent behavior.

Guidance: Review: jailbreak/system prompt language.

• prompt-injection:jailbreak — learn/references/SECURITY.md:227

| "ignore all prior" | Direct override |

Guidance: Review: jailbreak/system prompt language.

• prompt-injection:jailbreak — learn/references/SECURITY.md:228

| "disregard above" | Direct override |

Guidance: Review: jailbreak/system prompt language.

• prompt-injection:jailbreak — learn/references/SECURITY.md:229

| "DAN mode" | Jailbreak attempt |

Guidance: Review: jailbreak/system prompt language.

• prompt-injection:jailbreak — learn/references/SECURITY.md:230

| "jailbreak" | Jailbreak attempt |

Guidance: Review: jailbreak/system prompt language.

• prompt-injection:jailbreak — learn/references/SECURITY.md:470

| Private registry override | Dependency confusion attacks |

Guidance: Review: jailbreak/system prompt language.

---

Notes: This comment auto-updates on each push to keep PRs clean.

[romainsimon]

Fixed the issues flagged by the validator:

1. Frontmatter format - Moved author and version to top level (was nested under metadata)

2. Security scan false positives - The inline pattern examples (curl|bash, etc.) were being flagged as dangerous code. These are actually patterns TO DETECT, not code to execute. Moved the full pattern library to references/SECURITY.md and kept only a high-level summary in SKILL.md.

The skill now references the external file for detailed patterns rather than listing them inline.