Publish through PRs plus automated scanning for quality and abuse
Section: Open risks, point 3 (Quality and abuse at scale)
A registry with no editorial gate will accumulate broken, low-quality, and outright malicious assets. Provenance and signing help; they do not solve.
I don't think we should run a fully open registry with no gate. My instinct is to publish assets through PRs, so a human actually looks before something lands, and to run automated scanning on top of that. The PR step gives us a review checkpoint and clean provenance for free, and it lines up with the git as the registry option already floated in the design options, so it isn't extra invention.
I know that scanning a skill only goes so far. A skill is mostly plain English instructions, so we can catch known bad commands or sneaky network calls, but a cleverly worded prompt that tells the agent to do something harmful is hard to detect automatically. So I see scanning as a filter, not a guarantee, which is the same thing the doc says about provenance and signing.
Ask: Can we make PR based review the default publish path at v0 rather than an open ungated registry, and add automated scanning as a second layer? And can we be explicit that scanning is a filter, not a full solve, so we don't oversell it?
Publish through PRs plus automated scanning for quality and abuse
Section: Open risks, point 3 (Quality and abuse at scale)
I don't think we should run a fully open registry with no gate. My instinct is to publish assets through PRs, so a human actually looks before something lands, and to run automated scanning on top of that. The PR step gives us a review checkpoint and clean provenance for free, and it lines up with the git as the registry option already floated in the design options, so it isn't extra invention.
I know that scanning a skill only goes so far. A skill is mostly plain English instructions, so we can catch known bad commands or sneaky network calls, but a cleverly worded prompt that tells the agent to do something harmful is hard to detect automatically. So I see scanning as a filter, not a guarantee, which is the same thing the doc says about provenance and signing.
Ask: Can we make PR based review the default publish path at v0 rather than an open ungated registry, and add automated scanning as a second layer? And can we be explicit that scanning is a filter, not a full solve, so we don't oversell it?