Skip to main content

Trust Tiers

Skillsmith uses a four-tier trust system to help you evaluate skill safety before installation. Each tier represents a different level of verification and review.

Tier Overview

Official

Anthropic or partner skills

  • Auto-install: Yes
  • Review required: No
Verified

Publisher verified, quality checked

  • Auto-install: Yes
  • Review required: No
Community

Basic scan passed, metadata present

  • Auto-install: No
  • Review required: Recommended
Unverified

No verification performed

  • Auto-install: No
  • Review required: Required

Official Tier

What It Means

Published by Anthropic or trusted partners. These skills undergo a full security review and are maintained with the highest standards.

Requirements

  • Published under anthropic/ namespace
  • Full code review by Anthropic security team
  • Cryptographic signing (planned)
  • Automatic updates deployed

Examples

anthropic/varlock, anthropic/commit, anthropic/governance

When to Install

Always safe. These skills are maintained by Anthropic and suitable for any environment, including production and enterprise use.

Verified Tier

What It Means

Publisher identity is verified, and the skill meets quality and age requirements. The author is accountable for the skill's behavior.

Requirements

  • Publisher identity verified via GitHub OAuth
  • Automated security scan passed with no critical/high findings
  • Minimum 10 GitHub stars
  • Published for at least 30 days
  • Has valid LICENSE file
  • Complete README and SKILL.md

Verification Process

  1. Publisher submits verification request
  2. Automated security scan runs
  3. Identity verification via GitHub
  4. Manual review for edge cases
  5. Verified badge granted (renewable annually)

When to Install

Generally safe. The publisher is accountable for the skill. Suitable for production use in most cases.

Community Tier

What It Means

The skill passed basic security scans and has required metadata, but the publisher identity has not been verified.

Requirements

  • Security scan passed (no critical findings)
  • Valid SKILL.md with proper frontmatter
  • Has LICENSE file
  • Has README.md
  • No blocklist matches

What Community Tier Does NOT Guarantee

  • Publisher identity
  • Code quality
  • Ongoing maintenance
  • Absence of subtle security issues

When to Install

Review first. Check the author's GitHub profile and other projects. Read the SKILL.md content before installing.

Unverified Tier

What It Means

No verification has been performed. The skill may be newly published, failed a security scan, or the author hasn't submitted for verification.

Why a Skill Might Be Unverified

  • Just published (hasn't been scanned yet)
  • Failed security scan
  • Missing required files (LICENSE, README)
  • Author hasn't submitted for verification
  • Quarantined for suspicious activity

When to Install

Only if you personally trust the author or you've manually reviewed all code. Installation requires explicit confirmation: 

This skill is unverified. Are you sure you want to install? (y/N)

Getting Verified

To upgrade your skill from Community to Verified:

  1. Ensure requirements are met
    • Security scan passes with no critical/high findings
    • At least 10 GitHub stars
    • Published for at least 30 days
    • Complete LICENSE, README, and SKILL.md
  2. Submit verification request

    Visit skillsmith.app/verify to start the process

  3. Complete identity verification

    Authenticate with your GitHub account to verify publisher identity

  4. Wait for review

    Typical review time is 2-5 business days

  5. Maintain verification

    Verified status is renewable annually and can be revoked if issues arise

Tier Transitions

Upgrades

Skills can upgrade tiers by meeting higher requirements:

  • Unverified → Community: Pass basic security scan, add required metadata
  • Community → Verified: Submit verification request, meet all Verified requirements

Downgrades

Skills can be downgraded if:

  • Security scan fails on update
  • Publisher verification expires
  • Reports of malicious behavior
  • Author requests removal

Filtering by Trust Tier

Use the --tier filter when searching to find skills at specific trust levels:

Using Claude (MCP)

"Find verified testing skills"
"Show only official skills"
"Search for community git helpers"

Using the CLI

# Find verified skills only
skillsmith search testing --tier verified

# Find official Anthropic skills
skillsmith search --tier official

# Exclude unverified skills
skillsmith search git --tier community,verified,official

Recommendations by Use Case

Scenario Recommended Minimum Tier
Production code Verified or Official
Personal projects Community or higher
Experimentation Any (with review)
Enterprise / Regulated Official only

Trust Tier in API Responses

The get_skill tool returns detailed trust information:

{
  "id": "community/jest-helper",
  "trustTier": "verified",
  "publisherVerified": true,
  "scanPassed": true,
  "scanDate": "2026-01-10",
  "stars": 47,
  "publishedDays": 89
}

Questions?

Related Documentation