Started building this after getting nervous about installing random SKILL.md files from GitHub. Scans for prompt injection in markdown/references and suspicious patterns in scripts/.
- 200+ curated skills included
- 33 supported agents
- Symlinks for one install anywhere and automatic updates
- CLI, TUI, or MCP interface: try asking Claude to find and add Awesome repos.
- Semantic search across skill content
Working on: local skill authoring, mise-style directory activation
I built this because I was mass copy-pasting skills between Claude Code, Cursor, and Codex. Every agent has its own skills directory, its own format, and no way to sync them.
Skulto:
- Installs via symlinks — one source of truth, updates propagate instantly
- Security scanner with 35+ patterns (prompt injection, jailbreaks, data exfil)
- Offline-first after initial sync, pure-Go binary (no CGO, no libsqlite3)
- MCP server so Claude Code can search/install skills without leaving the terminal
The scanner isn't grep-for-bad-words.
200+ curated skills indexed. Supports Claude Code, Cursor, Windsurf, Copilot, Codex, and 25+ others.
Install: brew install asteroid-belt/tap/skulto
Happy to answer questions about the architecture or the security patterns.
https://github.com/asteroid-belt/skulto
Started building this after getting nervous about installing random SKILL.md files from GitHub. Scans for prompt injection in markdown/references and suspicious patterns in scripts/.
- 200+ curated skills included
- 33 supported agents
- Symlinks for one install anywhere and automatic updates
- CLI, TUI, or MCP interface: try asking Claude to find and add Awesome repos.
- Semantic search across skill content
Working on: local skill authoring, mise-style directory activation
Go + Bubble Tea. Happy to hear what's missing.