skillsvault documentation
skillsvault is the control plane for agent skills. Your organisation publishes the skills it approves; every developer's AI agent pulls and installs them; and the right version is enforced at run time — with a complete, immutable audit trail.
A Skill (the open agentskills.io SKILL.md format) is an operational procedure an agent executes — CRM entry, legal review, financial reporting. The moment a skill encodes a process, a stale or wrong version of it is an operational liability. Local-first installers (skills.sh, asm) have no org governance, no version enforcement, and no audit. skillsvault is the cloud layer that adds exactly that.
Who these docs are for
These are the engineering docs — they describe how skillsvault is built and how to operate it: the CLI, the runtime gate, the signed-bundle contract, the REST API, deployment, and debugging. For product positioning see the landing page; for domain definitions start with Concepts & glossary.
The loop
author / import ──▶ skillsvault publish ──▶ ORG REGISTRY (cloud, versioned, governed)
│
┌───────────────────────────────────┤
▼ ▼
skillsvault pull ──▶ installs APPROVED skills policy bundle (Ed25519-signed)
into each harness; BANNED skills removed │
│ ▼
▼ skillsvault gate ──▶ allow / warn / HALT
harness agent uses skills (local, <1ms, no model, no network)
│ │
└──────────────▶ immutable AUDIT LOG ◀┘ (who ran what, where, decision, policy)
You work with skillsvault through two surfaces:
- The console — where your organisation publishes skills, writes policies, and reviews the audit trail.
- The
skillsvaultCLI — a single binary that pulls approved skills onto each developer's machine and runs the gate that allows, warns, or halts a skill at invocation time.
The gate decides locally and instantly — no network call and no model on the path — so a skill never waits on the cloud and enforcement keeps working offline.
Start here
Connect a machine, sync approved skills, and gate a skill — end to end in five minutes.
Install the skillsvault binary, authorize a machine, and learn the command set.
Define a skill, make it skillsvault-compliant, and deploy it to your org registry.
How skillsvault gate turns a skill invocation into allow / warn / halt.
Ban, deprecate, or scope a skill — and understand how the decision is made.
Fix the common failures: not configured, no bundle, rejected signature, a hook that won't fire.
Honest scope
skillsvault draws two capabilities and never conflates them:
| Capability | Coverage |
|---|---|
| Distribution governance — install approved skills, remove banned | 19 harnesses (Claude Code, Codex, Cursor, Windsurf, Cline, Roo, Continue, Copilot, Aider, OpenCode, Zed, Amp, Gemini, Antigravity, …) via skillsvault pull --all |
| Runtime veto — a hook blocks a banned skill at invocation | Claude Code today (PreToolUse hook). Harnesses without a vetoing hook get distribution governance only. |
Enforcement is cooperative, not adversarial: it stops the accidental run of a stale or banned skill. It does not stop a user who deliberately uninstalls the CLI. See Harness coverage for the full matrix.