Documentation

Build with trust

Everything you need to install, verify, and understand agent skills. Security scanning, cryptographic signing, and full transparency.

Getting Started

Introduction CLI Reference API Reference

Trust & Security

How vett Works Security Model Signing & Provenance

Legal

Vett is the trust layer for agent skills. We scan every skill for malicious patterns, infer what permissions it needs, sign an immutable artifact, and let you verify exactly what you're installing before a single file touches your machine.

Security scanning

Every skill analyzed for threats

Permission inference

Know what it can access

Signed artifacts

Cryptographic verification

Why vett?

Agent skills are instructions that tell AI what to do. They're powerful—and dangerous if you can't trust them.

Today, skills are pulled directly from GitHub with no verification. When your agent installs a skill, it's running arbitrary instructions with the trust model of an eager intern who does exactly what the README says.

A malicious skill can steal credentials, exfiltrate data, or—worse—rewrite your agent's identity files, changing not what it has but who it is. The agent wouldn't know it was compromised because the instruction looks like its own thought.

Vett fixes this. We scan every skill for malicious patterns, infer what permissions it actually needs, sign an immutable artifact, and verify that what you install is exactly what we scanned. No force-push risk. No upstream tampering. Full transparency.

A growing attack surface

Researchers have demonstrated prompt injection attacks that hijack agent behavior through malicious instructions embedded in skill files. As agents gain more tool access, the blast radius of a compromised skill grows with it.

Quick Start

Install the CLI and add your first skill in under a minute.

$ npm install -g vett

npmjs.com/vett · published with provenance

terminal

$ vett add anthropics/claude-code/memory
◇  Checking registry
◇  Found in registry
  memory
  ✓ Verified · anthropics/claude-code
  Persistent memory across sessions using a local markdown file.
  Permissions
    Filesystem: ~/MEMORY.md
    Network:    none
    Env vars:   none
  Size: 2.1 KB  Version: 1.0.0
◆  Install this skill? Yes
◇  Downloaded and verified
◇  Signature verified
◇  Integrity verified (Sigstore · Rekor transparency log)
◇  Installed to vett
◇  Detected 3 agents
◇  Installed to 3 agents
◆  anthropics/claude-code/memory@1.0.0
◇  Agents: Claude Code, Cursor, Windsurf (global)
└  Done

Already know what you want?

Add skills by reference. The format is owner/repo/skill.

vett add cursor/skills/frontend-design

Have a GitHub URL?

Paste the full URL. Vett will fetch, scan, and cache it.

vett add https://github.com/org/repo/tree/main/skills/web-scraper

Core Concepts

Skills

Instructions that extend what an agent can do. A skill might teach an agent to write React, manage a database, or deploy infrastructure. Skills are just markdown and YAML—but that simplicity is also the vulnerability.

Manifests

The canonical representation of a skill. Vett bundles all skill files into a JSON manifest, hashes it, and signs it. The manifest is what gets scanned, stored, and verified.

Risk Levels

Every skill gets a risk assessment: none, low, medium, high, or critical. Critical skills are blocked entirely. High-risk skills require explicit consent. Medium skills require confirmation.

Signatures

ECDSA P-256 signatures via Sigstore prove that a manifest was scanned and approved by Vett. Every signature is recorded in Rekor's public transparency log. The CLI verifies the Sigstore bundle before installing anything.

Skill References

Skills are identified by a three-part reference, optionally with a version.

owner/repo/skill[@version]

ownerThe organization or user that created the skill (e.g., anthropics)

repoThe repository containing the skill (e.g., claude-code)

skillThe skill name within the repository (e.g., memory)

@versionOptional semantic version (defaults to latest)

Examples: anthropics/claude-code/memory, cursor/skills/frontend-design@2.1.0

Configuration

Vett stores configuration, installed skill index, and files in a local directory.

~/.vett/config.jsonCLI configuration including registry URL and telemetry

~/.vett/index.jsonInstalled skill index and metadata

~/.vett/skills/Installed skill files, organized by owner/repo/skill

Registry URL

By default, the CLI uses https://vett.sh as the registry. You can override this in config.json for enterprise or local development.

Telemetry

Telemetry is enabled by default. Set telemetry.enabled tofalse in config.json (or use VETT_TELEMETRY_ENABLED=false) to opt out.

What's Next?

CLI Reference →

All commands, flags, and examples for the vett CLI.

API Reference →

Integrate with the registry API for custom tooling.

How vett Works →

Deep dive into ingestion, scanning, storage, and verification.

Security Model →

Threat analysis, risk levels, and what we detect.