{"slug": "i-tried-to-trick-my-own-ai-skill-signing-tool-here-s-what-happened", "title": "I tried to trick my own AI-skill signing tool. Here's what happened.", "summary": "A developer built Skillerr, an open-source protocol and CLI that adds trust and verification to AI skills before execution. The tool uses cryptographic hashing and signing to detect tampering, and the developer successfully tested it by attempting to break it. Skillerr is designed to address supply-chain security issues as AI agents increasingly rely on reusable skill packages.", "body_md": "Over the last few months I’ve noticed a pattern emerging across AI tools.\n\nWhether it’s Claude Skills, Cursor, Codex, or custom agent frameworks, we’re increasingly giving AI agents “skills”—packages containing instructions, documentation, and sometimes scripts.\n\nThe problem is…\n\nA skill is usually just a Markdown file (plus some assets).\n\nNothing tells you:\n\nAs AI agents become capable of executing increasingly powerful workflows, that becomes a real supply-chain problem.\n\nSo I built Skillerr.\n\n⸻\n\nWhat is Skillerr?\n\nSkillerr is an open-source protocol and CLI that adds trust and verification to AI skills before they’re executed.\n\nInstead of treating a skill as “just another folder,” Skillerr treats it as a verifiable package.\n\nIt focuses on three things.\n\nEvery packaged skill receives a unique content-derived identifier along with cryptographic SHA-256 hashes.\n\nIf any file changes after packaging—even a single character—Skillerr detects it immediately.\n\nNo silent modifications.\n\n⸻\n\nInstead of relying on long paragraphs that an AI has to interpret, a Skill contains a structured contract describing:\n\nThis makes skills easier for both humans and AI agents to reason about.\n\n⸻\n\nAuthors can cryptographically sign their skills.\n\nOptionally, the package digest can also be anchored into Sigstore’s transparency log, making it independently verifiable without trusting Skillerr itself.\n\nImportantly:\n\nOnly cryptographic identifiers are published.\n\nNo prompts.\n\nNo documentation.\n\nNo knowledge base.\n\nNo proprietary content.\n\n⸻\n\nI tried to break my own tool\n\nBefore releasing it, I intentionally attacked it.\n\nFirst I packaged and signed a simple CSV processing skill.\n\nThen I:\n\nSkillerr immediately rejected it because the package hashes no longer matched.\n\nNext I tried executing an unsigned package.\n\nIt refused by default.\n\nRunning untrusted skills requires an explicit opt-in rather than being the default behavior.\n\nThat felt like the right security model.\n\n⸻\n\nWhy I built this\n\nI don’t think AI agents should execute arbitrary instructions simply because they happen to live inside a Markdown file.\n\nIf we’re going to build ecosystems around reusable AI skills, we also need ways to answer questions like:\n\nThat’s the problem Skillerr is trying to solve.\n\n⸻\n\nIt’s open source\n\nI’d genuinely love people to try breaking it.\n\nIf you’re already building AI skills—for Claude, Cursor, Codex, or your own framework—I’d love to know:\n\nIssues and pull requests are very welcome.\n\nGitHub: [https://github.com/dot-skill/skillerr](https://github.com/dot-skill/skillerr)\n\nProtocol Package: @skillerr/protocol\n\nDocumentation: [https://skillerr.com/docs](https://skillerr.com/docs)\n\nIf you find a bug, please open an issue.\n\nIf you can’t break it, I’d like to hear that too.", "url": "https://wpnews.pro/news/i-tried-to-trick-my-own-ai-skill-signing-tool-here-s-what-happened", "canonical_source": "https://dev.to/csinye/i-tried-to-trick-my-own-ai-skill-signing-tool-heres-what-happened-1e2d", "published_at": "2026-07-18 06:41:22+00:00", "updated_at": "2026-07-18 06:57:45.588838+00:00", "lang": "en", "topics": ["ai-safety", "ai-tools", "developer-tools", "ai-agents"], "entities": ["Skillerr", "Claude Skills", "Cursor", "Codex", "Sigstore", "dot-skill/skillerr"], "alternates": {"html": "https://wpnews.pro/news/i-tried-to-trick-my-own-ai-skill-signing-tool-here-s-what-happened", "markdown": "https://wpnews.pro/news/i-tried-to-trick-my-own-ai-skill-signing-tool-here-s-what-happened.md", "text": "https://wpnews.pro/news/i-tried-to-trick-my-own-ai-skill-signing-tool-here-s-what-happened.txt", "jsonld": "https://wpnews.pro/news/i-tried-to-trick-my-own-ai-skill-signing-tool-here-s-what-happened.jsonld"}}