chainguard-dev · SharpRake · Jun 9, 2026 · Jun 9, 2026 · Jun 9, 2026 · Jun 12, 2026
@@ -0,0 +1,17 @@
+---
+title: "Chainguard Agent Skills"
+linkTitle: "Chainguard Agent Skills"
+description: "Hardened AI agent skills that Chainguard reviews, scopes, and publishes with a full audit trail."
+type: "article"
+date: 2026-06-05T08:48:45+00:00
+lastmod: 2026-06-05T08:48:45+00:00
+draft: false
+images: []
+weight: 025
+---
+
+Chainguard Agent Skills is a catalog of hardened AI agent skills that Chainguard reviews, scopes, and publishes with a full audit trail. It lets teams extend their AI agents without extending their attack surface.
+
+- **[Overview](/chainguard/agent-skills/overview/)** — what agent skills are, the supply chain risk they introduce, and how Chainguard hardens them.
+- **[Skills Registry](/chainguard/agent-skills/skills-registry/)** — publish, install, and run a skill scoped to your organization with `chainctl`.
+- **[Public catalog](/chainguard/agent-skills/public-catalog/)** — browse, inspect, install, and run hardened skills from Chainguard's public catalog.
@@ -0,0 +1,56 @@
+---
+title: "Chainguard Agent Skills overview"
+linktitle: "Overview"
+description: "Learn what Chainguard Agent Skills are, the supply chain risk they address, and how Chainguard hardens skills before you install them."
+type: "article"
+date: 2026-06-05T08:48:45+00:00
+lastmod: 2026-06-05T08:48:45+00:00
+draft: false
+tags: ["Agent Skills", "Overview"]
+images: []
+menu:
+  docs:
+    parent: "agent-skills"
+toc: true
+weight: 001
+---
+
+Chainguard Agent Skills is a catalog of hardened AI agent skills that Chainguard reviews, scopes, and publishes with a full audit trail. It lets teams extend their AI agents without extending their attack surface.
+
+{{< beta feature="Chainguard Agent Skills" access="Chainguard Containers customers who sign up for the beta program. You can sign up by visiting the [Chainguard Agent Skills product page](https://www.chainguard.dev/agent-skills) and clicking **Join the beta**" >}}
+
+## What is an agent skill?
+
+An agent skill is a small, modular instruction set — typically a single `SKILL.md` file — that extends what an AI agent can do. Agents such as Claude Code use skills to perform tasks like browser automation, database management, and code generation.
+
+Skills are the newest class of third-party software dependency, much like npm packages or container images. Like any dependency, a skill you install runs in your environment with whatever permissions and shell access its author gave it.
+
+## The problem with skill registries
+
+Community skill registries are growing quickly, but most have no review process, no permission scoping, no integrity verification, and no audit trail. A skill can ship with broad tool permissions, unrestricted shell access, or a vague description that causes an agent to invoke it in the wrong context. Recent supply chain attacks have used malicious skills to direct agents into installing credential-stealing malware.
+
+Every skill installed without review is an unaudited dependency with arbitrary permissions running where your agent runs.
+
+## How Chainguard hardens skills
+
+Chainguard applies the same model it brings to container images and language libraries — hardened defaults, continuous updates, and verifiable provenance — to agent skills:
+
+- **Ingest and review.** Chainguard pulls popular skills from community registries and reviews each one against a security and quality ruleset.
+- **Target real attack vectors.** The ruleset addresses how attackers exploit the agent-skill trust relationship, including unrestricted shell access, overly broad tool permissions, and vague descriptions that enable mis-invocation.
+- **Harden with an audit trail.** An automated agentic pipeline applies fixes one at a time, committing each change individually. Every published skill links to a pull request with a full diff showing what changed and why.
+- **Reconcile continuously.** Rather than scanning once, the catalog runs a persistent loop that compares each skill against the current rules. When an upstream source changes or a new rule is added, affected skills are re-evaluated and re-hardened, so the catalog doesn't go stale.
+
+The security work happens upstream, before you or your agent ever touches the skill. To install a hardened skill, you just need to add its `SKILL.md` to your agent; there's no new toolchain or configuration required.
+
+## Public catalog and private registries
+
+Chainguard Agent Skills involves two registries, both served from `skills.cgr.dev`:
+
+- **The public catalog**, maintained by Chainguard at `skills.cgr.dev/chainguard/<skill>`. This is the hardened catalog described above. Anyone can pull from it, and the skills in it are reviewed and re-hardened on an ongoing basis.
+- **Your organization's private registry**, available to customers with access, at `skills.cgr.dev/<your-org>/<skill>`. You can use it to publish, manage, and distribute your own skills scoped to your organization, and you control who can push and install them.
+
+To interact with either of these registries, use the [`chainctl skills` commands](/chainguard/chainctl/chainctl-docs/chainctl_skills/).
+
+## Next steps
+
+To install and run a skill hardened by Chainguard, check out our guide on [Getting started with the Chainguard Agent Skills public catalog](/chainguard/agent-skills/public-catalog/). Alternatively, to publish, push, and run skills in your organization's private registry, refer to our guide on [Getting started with the Chainguard Skills Registry](/chainguard/agent-skills/skills-registry/).
@@ -0,0 +1,175 @@
+---
+title: "Getting started with the Chainguard Agent Skills public catalog"
+linktitle: "Public Catalog"
+description: "Browse, inspect, install, and run hardened agent skills from Chainguard's public catalog with chainctl."
+type: "article"
+date: 2026-06-08T08:48:45+00:00
+lastmod: 2026-06-08T08:48:45+00:00
+draft: false
+tags: ["Agent Skills", "Overview"]
+images: []
+menu:
+  docs:
+    parent: "agent-skills"
+toc: true
+weight: 003
+---
+
+Chainguard publishes a curated set of hardened agent skills in a public catalog at `skills.cgr.dev/chainguard`. Anyone with `chainctl` can browse and install them — no entitlement and no legal terms required. The Chainguard Agent Skills public catalog is pull-only: you can install skills from the catalog, but you can't push your own skills to it.
+
+This guide walks through the full workflow: listing the available skills, inspecting one, pulling it to audit how Chainguard hardened it, installing it, and running it with an agent.
+
+{{< beta feature="Chainguard Agent Skills" access="Chainguard Containers customers who sign up for the beta program. You can sign up by visiting the [Chainguard Agent Skills product page](https://www.chainguard.dev/agent-skills) and clicking **Join the beta**" >}}
+
+## Prerequisites
+
+To follow this guide, you need `chainctl` **v0.2.282** or later, installed. Refer to our guide on [How to Install `chainctl`](/chainguard/chainctl-usage/how-to-install-chainctl/) if you don't have it yet.
+
+Unlike a [private Chainguard Skills Registry](/chainguard/agent-skills/skills-registry/), the public catalog requires no entitlement, terms acceptance, or organization membership. You do need a Chainguard account to list and pull skills, but you don't need to be a customer.
+
+## List available skills
+
+Sign in, then browse the skills published in the public Chainguard catalog with the `list` subcommand. The `--recursive` flag lists skills across every owner in the catalog:
+
+```shell
+chainctl auth login
+chainctl skills list --group chainguard --recursive
+```
+```output
+              NAME              | LATEST TAG |   UPDATED
+--------------------------------|------------|--------------
+ agentspace-so/agentspace       | latest     | 21 hours ago
+ antfu/antfu                    | latest     | 21 hours ago
+ antfu/nuxt                     | latest     | 21 hours ago
+ antfu/vitest                   | latest     | 21 hours ago
+ antfu/vue                      | latest     | 21 hours ago
+ anthropics/doc-coauthoring     | latest     | 21 hours ago
+ anthropics/frontend-design     | latest     | 21 hours ago
+ apollographql/apollo-client    | latest     | 21 hours ago
+
+ . . .
+```
+
+To list the skills from a single upstream owner, name it in the `--group` value:
+
+```shell
+chainctl skills list --group chainguard/anthropics
+```
+```output
+ TYPE  |      NAME       | LATEST TAG | UPDATED
+-------|-----------------|------------|------------
+ skill | doc-coauthoring | latest     | 1 hour ago
+ skill | frontend-design | latest     | 1 hour ago
+```
+
+## Inspect a skill
+
+To retrieve a skill's reference, digest, tags, and metadata, use the `describe` subcommand. The output records the upstream source and the exact commit Chainguard hardened from:
+
+```shell
+chainctl skills describe skills.cgr.dev/chainguard/github/add-educational-comments:latest
+```
+```output
+      FIELD      |                                                    VALUE                                                     
+-----------------|--------------------------------------------------------------------------------------------------------------
+ Display Name    | add-educational-comments
+ Reference       | chainguard/github/add-educational-comments
+ Install Name    | chainguard-github-add-educational-comments
+ OCI URL         | skills.cgr.dev/chainguard/github/add-educational-comments:latest
+ Description     | Add educational comments to the file specified, or prompt asking for file to comment if one is not provided.
+ License         | MIT
+ Upstream        | github.com/github/awesome-copilot/skills/add-educational-comments
+ Upstream Commit | cf4347e88c2e40a9aabe5801748ec6bf924c09be
+ License Source  | LICENSE
+ Tag             | cf4347e88c2e40a9aabe5801748ec6bf924c09be
+ Digest          | sha256:59b781f87f82aba08ccf622b60a31ee5b8fbb27fa447ed5910850d4320505735
+ Size            | 1.1 KB
+ Published       | 1 day ago   
+```
+
+## Pull a skill to inspect it
+
+Where `install` drops a skill straight into your agent's skills directory, `pull` writes the skill's files to a directory you choose so you can inspect them first:
+
+```shell
+chainctl skills pull skills.cgr.dev/chainguard/github/add-educational-comments:latest ./add-educational-comments
+```
+```output
+Skill written to: /home/linky/add-educational-comments
+```
+
+Every hardened skill ships with a `HARDENING.md` that records the upstream source, the exact commit Chainguard hardened from, and every change the hardening engine made:
+
+```shell
+cat add-educational-comments/HARDENING.md
+```
+```output
+# Hardening Report: github.com/github/awesome-copilot/skills/add-educational-comments
+
+| Field | Value |
+|---|---|
+| Upstream SHA | `cf4347e88c2e40a9aabe5801748ec6bf924c09be` |
+| Hardened at | 2026-06-09T23:14:22Z |
+| Files processed | 2 |
+| .md files (clean after harden) | 1 |
+| .md files (attempts exhausted) | 0 |
+| Non-.md files (copied verbatim) | 1 |
+
+## Markdown files
+
+### `SKILL.md`
+
+- Status: **clean**
+- Attempts used: 2
+- Findings + fixes applied:
+
+  | Attempt | Rule | Severity | Finding |
+  |---|---|---|---|
+  | 1 | `minimal-permissions` | high | The skill's purpose is to statically analyze and add comments to code files. It does not require the ability to execute the code to fulfill its objectives. The prompt's rules about not 'breaking execution' are constraints on the output, not a requirement to test the code by running it in a live environment. |
+
+## Verbatim files
+
+- `LICENSE`
+```
+
+Here, the engine flagged `minimal-permissions`: the skill only needs to read and comment on files, so the hardened version drops the implied permission to execute them.
+
+## Install a skill
+
+Download and install the skill to make it available to agents on your machine with the `install` subcommand:
+
+```shell
+chainctl skills install skills.cgr.dev/chainguard/github/add-educational-comments:latest
+```
+
+This command automatically detects any agents on your machine and places the skill into their relevant directories. The following example output shows the results on a machine where Claude Code is present:
+
+```output
+Installing github/add-educational-comments
+    AGENT    |                         LOCATION                          |                                   MODE                                    
+-------------|-----------------------------------------------------------|---------------------------------------------------------------------------
+ Claude Code | .claude/skills/chainguard-github-add-educational-comments | symlink → ../../.agents/skills/chainguard-github-add-educational-comments 
+```
+
+## Run the skill from an agent
+
+Load the skill into Claude Code or any MCP-compatible agent. In Claude Code, invoke it by name:
+
+```Agent
+/add-educational-comments
+```
+
+The agent loads the skill and runs it, confirming it installed and loaded correctly end to end.
+
+## Command reference
+
+| Action | Command |
+| ----- | ----- |
+| List skills | `chainctl skills list --group chainguard --recursive` |
+| Describe a skill | `chainctl skills describe skills.cgr.dev/chainguard/<owner>/<name>:<tag>` |
+| Pull a skill | `chainctl skills pull skills.cgr.dev/chainguard/<owner>/<name>:<tag> <dir>` |
+| Install a skill | `chainctl skills install skills.cgr.dev/chainguard/<owner>/<name>:<tag>` |
+
+## Next steps
+
+To publish, install, and run skills scoped to your own organization, see [Getting started with the Chainguard Skills Registry](/chainguard/agent-skills/skills-registry/).