Skills DirectoryHow Skills Directory scans Claude and agent skills
Skills can shape agent behavior, suggest commands, and include supporting files. Our methodology is designed to surface risk before a user copies or installs a skill.
How grades work
Each skill starts from a high score. Findings reduce the score based on severity. The final score maps to a letter grade so users can quickly decide what deserves review.
| Grade | Score | Meaning |
|---|---|---|
| A | 90-100 | Low risk signals detected; still review before install |
| B | 75-89 | Some risk signals; inspect details before using |
| C | 60-74 | Meaningful concerns; use only with strong source trust |
| D | 40-59 | High concern; avoid unless you understand every issue |
| F | 0-39 | Severe risk signals; do not install casually |
What scans can catch
Static scans are good at catching suspicious strings, risky command patterns, secret handling, hidden files, and instructions that ask agents to bypass user intent.
What scans cannot prove
Automated scans cannot guarantee intent, correctness, or future repository changes. Always review source and install only what you trust.
Trust-preserving monetization rule
Sponsors may buy clearly labeled placements, but they cannot buy a security grade, hide findings, or override organic safety signals. The directory is useful only if users can trust that grades mean what they say.