The skill ecosystem was built in the open. Then someone weaponized it.
SkillOx exists because AI agents are quietly installing random code from the internet and there is nothing in place to stop the bad ones.
The problem isn't theoretical.
In December 2025, Anthropic released an open standard called SKILL.md — a way to extend AI agents with portable, version-controlled instructions. The format was adopted by 40+ agent products within six months. Claude Code, Cursor, OpenAI Codex, Gemini CLI, GitHub Copilot, every modern coding agent. It became infrastructure overnight.
Then, in February 2026, the first coordinated supply-chain attack hit the ecosystem. 30+ malicious skills were distributed via ClawHub under disguised names. The payloads exfiltrated $ANTHROPIC_API_KEY, $DATABASE_URL, $AWS_ACCESS_KEY_ID — anything an agent could read.
Days later, Snyk audited 3,984 skills across the major registries. The numbers were worse than anyone expected:
The marketplaces themselves are not going to fix this. Anthropic explicitly states it does not audit MCP servers or skills. Skills.sh has no curation by design — it's a registry, not a publisher. The best paid curators in the market run an 8-point automated scan, and 36% of audited skills still passed it with prompt injection in place.
Marketplaces won't fix this. They are the problem.
Every existing skill marketplace is competing on catalog size. More skills, more listings, more leaderboards. None of them is competing on trust — because trust is expensive, slow, and doesn't move vanity metrics.
We picked a different fight. SkillOx doesn't try to be another marketplace. We sit above all of them.
Skill marketplaces won't fix this. They are the problem. We sit on top of all of them.
Whether the skill came from Skills.sh, ClawHub, GitHub, a paid curator, or a Slack DM from a random contractor, the question is the same: is this safe to install? SkillOx is the layer that gives an honest answer.
What we promise.
We promise six things — built progressively over time. Today (v0), only the rule-based scanner and the persistent shareable report are live. The rest is on the roadmap and we will not pretend otherwise.
What SkillOx commits to.
Honest rule-based scanning, free for everyone.
Twelve rules covering env-var harvesting, instruction-injection, dangerous shell, undeclared network egress, obfuscation, and repository provenance heuristics. Open-source. No telemetry. No paywall on the local scan.
Semantic prompt-injection detection that catches what regex misses.
LLM-based adversarial probes that run inputs against the skill itself — catching the exfiltration and instruction-override patterns existing 8-point scanners miss. The probe suite starts focused and expands over time.
Capability-scoped sandbox at runtime.
Every signed skill declares what it can read, write, send, execute. The runtime enforces it. Anything undeclared = automatic kill + audit-log entry. WebAssembly-based, <5% performance overhead.
Continuous re-scan against fresh threat intel.
When a new attack pattern is discovered, every installed skill across every customer is re-scanned automatically. CVEs get published. Quarantine policies get applied. No one has to wait for the next manual review cycle.
Audit trails auditors actually accept.
Pre-mapped evidence packages for SOC 2 Type II controls, ISO 42001 Annex A, and EU AI Act Article 12 transparency obligations. Append-only, cryptographically signed, 7-year retention by default. One-click export for your annual audit.
Self-hosted. EU-jurisdictioned. Independent.
SkillOx runs on Hetzner in the EU (Finland). No US cloud. No third-party code-host. Our source lives on our own Forgejo. A gatekeeper can pull the rug overnight — so sovereignty over what we build is non-negotiable. The same standard applies to your data.
Who we are.
SkillOx is built by Atomira Technologies S.L., a Spanish company incorporated in Barcelona in April 2026. Single founder, no outside investors yet, fully bootstrapped through Q1 2027.
The founder, Arsalan Akhtar, holds a PhD in computational materials science and spent six years at the Catalan Institute of Nanoscience and Nanotechnology before turning to software full-time. The technical bias here is toward correctness, reproducibility, and auditable claims — every Snyk number on this page is sourced, every roadmap milestone is dated, every defer is named.
We will not raise on hype. We will not promise features we have not built. We will not become another “marketplace #9 with a slick landing page.”
Stop installing random code.
Audit your first skill in 30 seconds. No signup, no credit card. Free forever for individuals.