CLI overview

The SkillOx CLI is a single bundled binary (~417 KB, zero runtime deps) that packages the same A–F engine as the hosted scanner. Apache-2.0, local-first, no telemetry — only optional GitHub-provenance fetches and (for skillox audit) the URL you ask it to scan.

Coming soon. The CLI is in preview. The install command below is the planned entry point — it does not work yet. Everything on this page describes what the CLI will do once it ships.

Install

npm install -g skillox

The CLI will be distributed on npm, with a Homebrew formula and direct binaries to follow.

What the CLI will do

skillox init — scaffold a new SKILL.md with secure-by-default frontmatter. Three templates: tool, knowledge, workflow.
skillox lint — author-time scan of local SKILL.md files. Multi-file, CI-friendly exit codes, JSON output. The dev-loop counterpart to audit.
skillox audit — one-shot scan of a single target (URL or file). Built for "is this safe to install?" questions.
skillox policy — apply an org-wide policy file (allowed grades, allowed verification levels, banned rules) on top of a scan result.

What's next

The CLI is the first piece of the broader SkillOx Workbench — later releases add test, sign, and publish, then a hosted Studio IDE. The first release focuses on init, lint, audit, and policy.

Why local-first

The CLI is for CI/CD, pre-commit hooks, and editor integrations where you want fast, deterministic, offline-capable scans. The hosted scanner exists for shareable result pages and SEO; the CLI exists for the loop you run every PR. Lint clean → audit clean → publish clean — one engine, three surfaces.