The Agent Skills Directory

[DATA_EXFILTRATION]: The skill's primary purpose is to share user-generated code and services with a community gateway. To mitigate the risk of accidental data exposure, the skill implements multiple security layers:
Path Blocklist: The lib/validate.py file defines a comprehensive list of blocked paths (e.g., .env, .ssh/, .aws/credentials, private keys) that are excluded from being collected or published.
Secret Scanning: It uses regex patterns to scan file content for various sensitive tokens, including OpenAI/Anthropic API keys, GitHub PATs, AWS access keys, and JWTs. Discovery of these patterns triggers a validation error that blocks publication.
Local Validation: The validate_open_source function performs these checks locally before any data is transmitted to the gateway.
[EXTERNAL_DOWNLOADS]: The fork functionality allows downloading project code from the official community GitHub repository (Starchild-ai-agent/community-projects) via the GitHub API and raw.githubusercontent.com. These are recognized as trusted/well-known infrastructure for the skill's author.
[COMMAND_EXECUTION]: The skill generates commands (in lib/install.py) to help the user run or host projects they have forked. It strictly adheres to a 'human-in-the-loop' philosophy: instructions in SKILL.md mandate that the agent must show the diffs and command lines to the user for confirmation rather than executing downloaded code or scripts automatically.
[SAFE]: The skill follows security best practices for AI agents, including avoiding automatic state changes (e.g., auto-listing projects on a public dashboard), providing informative status updates based on fresh data rather than internal memory, and implementing robust pre-flight validation to protect user credentials.

community-publish