PROBLEM / 01
Skill drift
The same SKILL.md gets copy-pasted across repos and adapted locally. No upstream tracking, no merge story.
no provenancev0.4First public release · May 2026
The skill registry
with a gate.
Curated skills for AI agents — validated at the door, signed with provenance, scoped per caller, and transformed to fit every agent platform without forking. Local-first. Self-hostable.
~ bash
$
curl -fsSL https://autovault.sh | sh// dirty// scoped
The state of skills
Six concrete holes in how skills work today.
The format works. The ecosystem around the format is a hot mess. Each of these is a separate fix to a separate hole.
PROBLEM / 02
Supply chain attacks
Public registries have shipped credential stealers disguised as utilities. No code signing, no permission manifests.
shipping malwarePROBLEM / 03
Duplicate explosion
Agents write skills on the fly with no dedup. You end up with seventeen variants of extract-pdf-text.
no dedupPROBLEM / 04
Platform inconsistency
Same skill, three forks — each calling agent expects different tool names. Fork once, maintain three.
fork × 3PROBLEM / 05
Context bloat
Every agent loads every SKILL.md at startup. Forty skills means thousands of tokens burned before work begins.
token taxPROBLEM / 06
No permission scoping
Skills load globally. Dev-machine skills leak into prod, client A skills leak to client B.
leaks by default The actually clever part
One canonical skill.
Three rendered views.
Authors write the skill once against canonical capability names. AutoVault holds a transformation manifest that maps to whatever the calling agent actually understands — at delivery time, not author time.
Transformation manifest in flight
Hover or click the platforms to see the rendered view change. The skill on the left never moves.
1 · Canonical skill
extract-pdf/SKILL.md SIGNED
name: extract-pdf
version: 1.4.0
tools_required:
- browser.fill_form
- browser.click
- fs.read
- fs.write
# transformations applied at delivery
2 · Engine
3 · Rendered for caller
● claude-codeSKILL.md rewritten
tools_required:
browser.fill_form→chrome-devtools
browser.click→chrome-devtools
fs.read→read
fs.write→write
✓ Skill author wrote one file.
✓ Agent receives native tool names.
✓ No fork, no drift, no duplicate.
Manifest format
YAML in skill frontmatter, validated at install and render
Resolution latency
< 4ms per skill, cached after first render
Agents supported today
Claude Code, Codex, Cursor, AutoHub + bridge skill for the rest
The wedge
Skills enter dirty.
They leave signed.
Existing registries are publish-and-pray. AutoVault is gate-and-sign — every skill runs the same five-step validation pipeline before it touches the vault.
Reject rate
11.4%
of submissions in private beta
Avg. gate latency
820ms
per skill, fully validated
UNTRUSTEDweather-skill@1.2.0 from clawdhub-mirror?
1QUEUED
YAML auto-repair
Frontmatter is the main source of breakage. We fix it before storage.
2QUEUED
Security denylist
Known-bad patterns: credential stealers, fork bombs, exfiltration.
3QUEUED
Capability vs. behavior
Does the skill actually do what its frontmatter claims?
4QUEUED
Dedup
Text similarity in V1, embedding-space matching in V2.
5QUEUED
Ed25519 sign
Provenance becomes a first-class artifact, not a hope.
VERIFIEDweather-skill@1.2.0 — admittedsig:0x9af4…2c81
Four-axis scoping
The skill exists.
Whether you can see it is a separate question.
Every request carries a context. Same vault, filtered four ways — agent, device, project, tool.
Per-caller profiles
Codex, Claude Code, Cursor, AutoHub, custom — each gets a filtered view, transformed to native tool names.
claude-codecodexcursorautohub
Machine-bound skills
Laptop, server, ephemeral CI runner — different sets per machine. Production never sees the dev sandbox.
laptop-jackprod-runner-3ci-ephemeral
Project boundaries
Project-scoped skills don't leak across repos. Client work stays inside the client's namespace.
autovaultclient-foointernal/ops
Fine-grained access
Per-tool permissions, role-based access. Read-only roles see read-only skills.
role:engineerrole:designrole:ops
Honest deltas
How AutoVault differs.
Specific features, not vibes. Other registries are publish-and-pray; AutoVault is gate-and-sign.
| Capability | AutoVault | Tessl | ClawdHub | agentskills.io | TLC registry |
|---|---|---|---|---|---|
| Validation gate at install | ● | ○ | ○ | ◐ | ○ |
| Ed25519 signed provenance | ● | ○ | ○ | ○ | ○ |
| Per-caller transformation | ● | ○ | ○ | ○ | ○ |
| Four-axis permission scoping | ● | ○ | ◐ | ○ | ○ |
| Dedup at submission | ● | ○ | ○ | ○ | ○ |
| Local-first (no required cloud) | ● | ○ | ○ | ● | ● |
| Self-hostable team mode | ● | ○ | ● | ○ | ◐ |
| MCP-native + non-MCP bridge | ● | ◐ | ○ | ● | ○ |
| Progressive disclosure (no bloat) | ● | ○ | ○ | ○ | ○ |
Five minutes, two agents
Same skill, two callers, zero forks.
STEP / 01Install the local vault
$ curl -fsSL https://autovault.sh | sh
↳ installed → ~/.autovault/app
● vault healthy · 0 skills · ed25519 keypair generated
STEP / 02Add a validated skill
$ autovault add github:autoworks-ai/skills/extract-pdf
↳ [1/5] yaml-repair: ok
↳ [5/5] sign: 0x9af4…2c81
✓ admitted to vault
STEP / 03Scope to a project
$ autovault scope extract-pdf --project autovault-website --agent claude-code,codex
↳ scoped: 2 agents × 1 project
✓ ready · cached
STEP / 04Run from either agent
# in claude-code
> use extract-pdf to summarize report.pdf
✓ tool resolved: chrome-devtools, read
# in codex
> use extract-pdf to summarize report.pdf
✓ tool resolved: browser_form, file_read
Ship one
Signed skills. Real provenance.
No mystery code.
One vault. Every agent. No drift. Self-host the team mode, or run local-only — same engine, same gate.