I tried to trick my own AI-skill signing tool. Here's what happened.
Over the last few months I’ve noticed a pattern emerging across AI tools. Whether it’s Claude Skills, Cursor, Codex, or custom agent frameworks, we’re increasingly giving AI agents “skills”—packages containing instructions, documentation, and sometimes scripts. The problem is… A skill is usually just a Markdown file (plus some assets). Nothing tells you: Who created it. Whether it has been modified. Whether the version your AI is executing is the same one you reviewed yesterday. Whether someone quietly injected new instructions into it. As AI agents become capable of executing increasingly powerful workflows, that becomes a real supply-chain problem. So I built Skillerr. ⸻ What is Skillerr? Skillerr is an open-source protocol and CLI that adds trust and verification to AI skills before they’re executed. Instead of treating a skill as “just another folder,” Skillerr treats it as a verifiable package. It focuses on three things. Package Integrity Every packaged skill receives a unique content-derived identifier along with cryptographic SHA-256 hashes. If any file changes after packaging—even a single character—Skillerr detects it immediately. No silent modifications. ⸻ Structured Contracts Instead of relying on long paragraphs that an AI has to interpret, a Skill contains a structured contract describing: required inputs permissions forbidden actions expected outputs whether a human has actually reviewed it This makes skills easier for both humans and AI agents to reason about. ⸻ Optional Public Provenance Authors can cryptographically sign their skills. Optionally, the package digest can also be anchored into Sigstore’s transparency log, making it independently verifiable without trusting Skillerr itself. Importantly: Only cryptographic identifiers are published. No prompts. No documentation. No knowledge base. No proprietary content. ⸻ I tried to break my own tool Before releasing it, I intentionally attacked it. First I packaged and signed a simple CSV processing s