Governance for agent skills
Validate, evaluate, optimize, and distribute skills across Claude Code, Cursor, Windsurf, Copilot, and Kiro.
pip install skillsops
Works with your IDE
The problem
Skills with hardcoded secrets, prompt injection, or data exfiltration patterns reach production unchecked.
"Does this skill actually help?" is answered by gut feeling, not measurement. No baselines, no regression detection.
The same skill maintained in 5 places — Claude Code, Cursor, Windsurf, Copilot, Kiro. Changes drift. Versions diverge.
The lifecycle
Capabilities
9 threat categories, ~50 pattern detectors. A-F grading. Critical findings block publishing. Customize with .skilleval.yaml.
One command distributes to Claude Code, Cursor, Windsurf, GitHub Copilot, and Kiro. Frontmatter auto-translated to each IDE's format.
Works with bare SKILL.md files — no skill.yaml required. Add a skillctl: block for governance metadata that IDEs ignore.
LLM-driven iterative loop: evaluate → identify weaknesses → generate variants → promote the best. Any model via LiteLLM.
Portable skill archives (tar.gz/zip). Export from one machine, import on another. Filter by namespace or tag.
14 MCP tools + 3 skills. Claude can validate, audit, optimize, and install skills as part of its workflow.
Quickstart
$ pip install skillsops
$ skillctl create skill my-org/code-reviewer
✓ Skill scaffolded: skill.yaml + SKILL.md
$ skillctl eval audit .
Grade: A (95/100) — 0 critical, 1 warning
$ skillctl apply
✓ Pushed my-org/code-reviewer@0.1.0 (hash: a3f7c2...)
$ skillctl install my-org/code-reviewer@0.1.0 --target all
✓ claude: .claude/skills/code-reviewer/SKILL.md
✓ cursor: .cursor/rules/code-reviewer.mdc
✓ kiro: .kiro/steering/code-reviewer.mdOne install. One command. Every IDE.
pip install skillsops