So I click on "Skills" and it feels like the page cannot decide what to show me, every item on the list shifts and moves, how is anyone supposed to click on something if it disappears?
- The first one is WireGuard "... secure routing and key management".
- I'd download it, hook it to this bot running on my system.
- I'd ask the bot to store / manage super-secret keys that protect actual servers with user data and personal details and god knows what...
- The bot follows my commands by spelunking random snippets of markdown, running other programs on my computer, doing web searches, reading what it finds on the web and giving itself more commands to do...
I've only been in tech for like 20 years or so but I feel like either I'm missing something substantial or some kind of madness is happening to people.
> I've only been in tech for like 20 years or so but I feel like either I'm missing something substantial or some kind of madness is happening to people.
People are extremely eager for a helpful AI assistant that they are willing to sacrifice security for it. Prompt injection attacks are theoretical until they hit you. Until you're hit you're just having fun riding the wave.
VirusTotal is completely useless for this though? You need enough people to be pwned by that particular piece of malware for it to be flagged as dangerous, by which point the attackers would've already repacked it so it doesn't match the previous signature.
VirusTotal is flagging the trello skill as suspucious because it Does NOT include an API key? Am i expected to share my keys if I want to upload a skill?
"Requiring TRELLO_API_KEY and TRELLO_TOKEN is appropriate for Trello access, but the registry records no required env vars while SKILL.md documents them. This omission is problematic: the skill will need highly privileged credentials but the published metadata does not disclose that requirement. The SKILL.md also references 'jq' and uses curl, but these are not declared in the registry entry."
Do these skills actually provide much value? Like, how much better are they than something that I could tell Claude to generate based on a single API doc from Slack/Trello?
Zero. If a skill actually provides value, one of two things happens: it gets absorbed into Claude Code (or similar) within a week, or a company packages it up and charges real money for it. The "free skill that gives you an edge" window is essentially nonexistent. By the time you find it, everyone else has it too. You're better off learning to prompt well against raw API docs than chasing a library of pre-built skills that are either trivial to recreate or about to be made redundant.
From my experience, most are just some high level instructions on how to use CLI tools installed on the system. A lot of the CLI tools they're calling out to have 0 reputation on Github or don't work at all.
I've had more luck writing my own skills using CLI tools I know and trust.
Skills is actually what also Claude code uses internally, it's cool because the llm will load the whole context on how to use it only on demand and keeps the context cleaner.
My understanding is that it's just an abstraction layer that feeds right into the context window. Might as well just feed it into the prompt. I think cursor even proved that skills aren't as good as direct prompts (or something to that extent, can't remember exactly)
IMO, yes. Gemini et. al. out of the box are good at composing, but are entirely passive. Skills enable you to - easily, with low code/no code - teach your AI to perform active tasks either upon direction or under any automatic conditions you specify. This is incredibly powerful. Incredibly dangerous, too, but so is a car when compared with a skateboard.
How could a public repository of unverified skills that can be downloaded by casual users for a software tool that allows for un-gated access to private information, including financial information, possibly go wrong?
So I click on "Skills" and it feels like the page cannot decide what to show me, every item on the list shifts and moves, how is anyone supposed to click on something if it disappears?
This is what? The 4th or 5th attempt at this in the past two weeks?
Welcome to the world with zero cost software
Show HN as a service
At least we nipped the Moltbook march in the butt before it got bad here
So let's recap:
- I click skills.
- The first one is WireGuard "... secure routing and key management".
- I'd download it, hook it to this bot running on my system.
- I'd ask the bot to store / manage super-secret keys that protect actual servers with user data and personal details and god knows what...
- The bot follows my commands by spelunking random snippets of markdown, running other programs on my computer, doing web searches, reading what it finds on the web and giving itself more commands to do...
I've only been in tech for like 20 years or so but I feel like either I'm missing something substantial or some kind of madness is happening to people.
You're downloading untested code from an unknown user on a random literally just-spun-up 'marketplace' and are shocked when it doesn't work
I think you misinterpreted GP's comment (or at least the tone).
> I've only been in tech for like 20 years or so but I feel like either I'm missing something substantial or some kind of madness is happening to people.
People are extremely eager for a helpful AI assistant that they are willing to sacrifice security for it. Prompt injection attacks are theoretical until they hit you. Until you're hit you're just having fun riding the wave.
Who is scanning these skills for malware? This seems like a prime target for malicious actors.
Virustotal at upload and periodically during the day
VirusTotal is completely useless for this though? You need enough people to be pwned by that particular piece of malware for it to be flagged as dangerous, by which point the attackers would've already repacked it so it doesn't match the previous signature.
Adding on here...
VirusTotal is flagging the trello skill as suspucious because it Does NOT include an API key? Am i expected to share my keys if I want to upload a skill?
https://clawhub.ai/steipete/trello
"Requiring TRELLO_API_KEY and TRELLO_TOKEN is appropriate for Trello access, but the registry records no required env vars while SKILL.md documents them. This omission is problematic: the skill will need highly privileged credentials but the published metadata does not disclose that requirement. The SKILL.md also references 'jq' and uses curl, but these are not declared in the registry entry."
These are single-file .MDs, right? Written in markdown...
Can't you just read it?
I see a number of uploaded skills on the site with bash and python scripts. No idea what runs them
Oh god...I guess I haven't gotten that deep in the crap yet
Do these skills actually provide much value? Like, how much better are they than something that I could tell Claude to generate based on a single API doc from Slack/Trello?
Zero. If a skill actually provides value, one of two things happens: it gets absorbed into Claude Code (or similar) within a week, or a company packages it up and charges real money for it. The "free skill that gives you an edge" window is essentially nonexistent. By the time you find it, everyone else has it too. You're better off learning to prompt well against raw API docs than chasing a library of pre-built skills that are either trivial to recreate or about to be made redundant.
From my experience, most are just some high level instructions on how to use CLI tools installed on the system. A lot of the CLI tools they're calling out to have 0 reputation on Github or don't work at all.
I've had more luck writing my own skills using CLI tools I know and trust.
That's a big part of the reason skills are exploding, people use them as stealth marketing in addition to being a malware injection vector.
Skills is actually what also Claude code uses internally, it's cool because the llm will load the whole context on how to use it only on demand and keeps the context cleaner.
My understanding is that it's just an abstraction layer that feeds right into the context window. Might as well just feed it into the prompt. I think cursor even proved that skills aren't as good as direct prompts (or something to that extent, can't remember exactly)
>Do these skills actually provide much value?
IMO, yes. Gemini et. al. out of the box are good at composing, but are entirely passive. Skills enable you to - easily, with low code/no code - teach your AI to perform active tasks either upon direction or under any automatic conditions you specify. This is incredibly powerful. Incredibly dangerous, too, but so is a car when compared with a skateboard.
Does Openwork replace the need for openclaw? Seems like a more grown up version of it.
> Upload AgentSkills bundles, version them like npm, and make them searchable with vectors. No gatekeeping, just signal.
Sigh, when I read this and only understand "npm", I feel like retiring.
Half the stuff posted like this doesn't give a clue what it does at all much less use made up phrases that make no sense (to most of us).
I have the clawhub skill disabled. You really shouldnt use it, especially when you can just have your claw create their own skills as needed.
How could a public repository of unverified skills that can be downloaded by casual users for a software tool that allows for un-gated access to private information, including financial information, possibly go wrong?
"Don't worry, we have stars."
Itchy and Scratchy land is open for business.
"Bort? Who the hell is called Bort?!"
My son is also named Bort.
That is pretty cool.