Trusted Claude Skills

A curated catalog of Claude Code (and Claude Desktop) Agent Skills with trust ratings.

Why this exists: Anthropic's own guidance is "use Skills only from trusted sources: those you created yourself or obtained from Anthropic." A malicious skill can direct Claude to invoke tools or execute code in ways that don't match its stated purpose. As of April 2026, 13%+ of marketplace skills have been found to contain critical vulnerabilities (per the Tech Leads Club audit), and security-vetting registries are emerging. This wiki is one personal node in that emerging trust network.

Trust tiers

Tier	Meaning
🟢 Anthropic	Published / maintained by Anthropic in `anthropics/skills`. Default trust.
🔵 First-party	Bundled with Claude Code or Claude.ai by Anthropic — visible in `Skill` tool listings.
🟡 Vetted-third-party	Listed in a security-scanning registry (Skills Directory, SkillHub S/A-rank, agentskills.io verified) AND has visible source.
🟠 Personal-use	Jacob has used it personally, read the source, and finds it benign. No external audit.
🔴 Audit-before-use	Listed in marketplaces but not yet personally vetted; the standard Anthropic warning applies.

Skills used in this stack (Mac Mini, M3)

These appeared in recent Claude Code sessions on Jacob's machines:

Skill	Source	Tier	Notes
`simplify`	local	🟠	Reviews changed code for reuse/quality/efficiency
`loop`	local	🟠	Recurring task runner; calls `ScheduleWakeup` / cron
`schedule`	local	🟠	Manages scheduled remote agents (routines)
`claude-api`	local	🟠	Anthropic SDK helper — prompt caching, model migration
`feature-dev`	local	🟠	Guided feature development with codebase awareness
`init`	local	🟠	Bootstraps a new `CLAUDE.md` from a codebase scan
`frontend-design`	local	🟠	Produces non-generic UI code
`prd`	local	🟠	Generates a PRD for a new feature
`ralph`	local	🟠	Converts PRD → Ralph autonomous-agent JSON
`mac-app-store-submit`	local	🟠	Mac App Store submission walkthrough
`update-config`	local	🟠	Edits `~/.claude/settings.json` and hooks
`fewer-permission-prompts`	local	🟠	Scans transcripts and proposes allow-list rules
`keybindings-help`	local	🟠	Customizes `~/.claude/keybindings.json`
`colony-bootstrap`	local	🟠	Bootstraps an Agent Colony plan
`security-review`	local	🟠	Branch security review
`review`	local	🟠	PR review skill

All "local" skills live under ~/.claude/skills/ (or are loaded via plugin) and are inspectable. Trust = the source is local and readable.

High-reputation third-party skills (Tier 🟡)

Skills that appear repeatedly across multiple registries with security scanning:

anthropics/skills — Anthropic's own public skill repo. 🟢
Skills Directory — every skill scanned for malware, prompt injection, credential theft. 🟡
SkillHub — 7,000+ AI-evaluated skills, S-rank (9.0+) skills are conservative bets. 🟡 (only S/A-rank)
Tech Leads Club agent-skills — verified-tested-safe skill registry; positions itself against the 13% malicious baseline. 🟡
LobeHub Skills Marketplace — security-first vetting. 🟡 (with caveat — re-audit anything before piping it to a tool with shell access)

Marketplaces requiring caution (Tier 🔴 by default)

SkillsMP — community aggregator from GitHub. Useful for discovery; treat each skill as untrusted until read.
claudeskills.info — 140+ open-source skills, but no security audit before listing.

How to vet a Claude skill before installing

Read the skill's SKILL.md (or skill.md) end-to-end. Anything invoking Bash, Write, network calls, or eval is high-risk.
Check the tools declared in frontmatter — a "summarize a paragraph" skill that asks for Bash is suspicious.
Cross-reference the author against at least one of: anthropics/skills contributors, Skills Directory verified list, SkillHub S-rank.
If you must use it, run it first in a sandbox (OpenClaw + sandbox-on, or a Docker workspace) before granting your real shell.
If the skill bundles binary blobs or fetches code at runtime, stop. Anthropic's threat model doesn't cover this.