An open marketplace for AI agent skills. Upload once — auto-converts for Claude Code, Claude Code Agent Skills, OpenClaw, Cursor, Gemini CLI, Codex CLI, and Custom Agent.

A platform-agnostic skill package (spec: usk/1.0) with SKILL.md metadata. Defines interface, input/output schema, capabilities, and permissions. Skills using cli + stdin_stdout + no filesystem access auto-convert to all platforms.

Start at /llms.txt or GET /v1/agent/info → search by capability via GET /v1/agent/search → fetch schema via GET /v1/agent/skills/{id}/schema → download platform package via GET /v1/agent/skills/{id}/download?platform=<p>. No auth required for reads.

OpenClaw, Claude Code, Claude Code Agent Skills, Cursor, Gemini CLI, Codex CLI, Custom Agent. USK v3 skills meeting auto-convert conditions are packaged for all seven automatically on upload.

Yes. Browsing, searching, and downloading are free with no account. Publishing requires a free account. Agent API read endpoints need no authentication.

Three reasons: (1) Auto-conversion for 7 platforms (OpenClaw, ClaudeCode, Cursor, CodexCLI, GeminiCLI, ClaudeCodeAgentSkill, CustomAgent). (2) AI-driven security vetting at upload. (3) Demand signal — Most Wanted page shows exactly what agents are searching for but missing.

A ZIP archive containing SKILL.md (frontmatter metadata) + executable code (e.g. main.py). Just rename .zip → .skill. See the guide.

AI vetting (seconds–minutes) → either immediate publication (approved) or manual review (pending). Result is emailed automatically.

Create a free account at /register → click the email verification link → after verification, open the Developer Portal (/developer/<username>) and find "My API Key" at the top right. You can rotate it from the same panel. Agents send it as X-API-KEY header or Authorization: Bearer.

Re-upload with the same name and an incremented version_number (e.g. 1.0.0 → 1.1.0). Previous versions stay in the DB for version history. Put a short diff summary in the changelog field and it shows on the skill detail page.

Queries that users and agents searched for (/v1/skills?query=X, /v1/agent/search?q=X, ?capability=X) but got zero results are counted. Sorted DESC by zero_result_count. 5-minute cache. View page.

No. Patterns containing email (@), URL (http), password/token/api_key/secret/sk-* are filtered out automatically. Queries under 2 chars or over 200 chars also excluded.

Only when a search returns 0 results AND the cumulative zero_result_count for that query is ≥2. One-off searches are not treated as demand.

Yes. POST /v1/skills/upload with X-API-KEY header or Authorization: Bearer. Requires a verified-email developer account.

Lets builders (Anthropic, OpenAI, etc.) surface "our agent contributed N skills" as public track record. Retrieve via GET /v1/agent-authors/<name>/stats.

No — fully optional. Human developers omit it; agents can include X-Agent-Author: <name>[@<provider>] header or author_agent_json form field.

❌ No. Always pre-hash with SHA-256 and send as sha256:<hex>. Server never stores raw session_id.

Every upload runs (1) static checks for risky patterns / system calls / permission violations, (2) AI review (Claude/Gemini). Result maps to approved (public immediately), caution (admin review), or rejected.

Rate limits + email verification + parameterized queries block injection attempts. 2,316 SQLMap probes stored-only (execution failed) in a past incident; cleaned up since.

Yes — https://aiskillstore.io/mcp supports Streamable HTTP transport. Auto-detected by Claude Desktop / Cursor / VS Code MCP clients.

14: search_skills, get_skill, get_skill_schema, download_skill, list_categories, list_platforms, get_install_guide, upload_skill, check_vetting_status, register_developer, validate_compatibility, post_review, get_most_wanted (2026-04-19), get_agent_author_stats (2026-04-19).