skills-check

Quality & integrity layer for Agent Skills
Freshness, security, quality, and efficiency — 10 commands, one toolkit

npx skills-check check

The problem

Agent skills are treated like documentation, but they’re really executable instructions. They go stale, reference packages that don’t exist, suggest dangerous commands, and silently bloat your context window. Nobody notices until something breaks.

⚠

Silent staleness

A renamed package, a deprecated API, a missing parameter — stale skills don’t always fail loudly. Sometimes they just quietly produce worse outcomes.

🛡

Safety is a blindspot

Skills can reference hallucinated packages, contain prompt injection patterns, or suggest commands that delete data. Without auditing, you’re trusting unknown instructions.

📦

Code has dependency management. Skills don’t.

npm outdated tells you when packages are behind. Dependabot opens PRs. But for agent knowledge? Nothing. Your skill files are flying blind.

✅

skills-check fixes this

10 commands covering freshness, security, quality, token budgets, semver verification, and policy enforcement — everything you need to keep agent skills correct, safe, and efficient.

Read the full story: Your Agent’s Knowledge Has a Shelf Life→

10 commands, one toolkit

Everything you need to keep agent skills fresh, safe, and efficient.

Freshness & Currency

✓

check

Detect version drift by comparing skill frontmatter against the npm registry.

↻

refresh

AI-assisted updates to stale skills using LLMs. Fetches changelogs and generates diffs.

⚑

report

Generate a formatted staleness report in markdown or JSON for your team or CI.

Security & Quality

⚡

audit

Scan for hallucinated packages, prompt injection, dangerous commands, and dead URLs.

✦

lint

Validate metadata completeness, structural quality, and format in skill files.

⊞

policy

Enforce organizational trust rules for skills via .skill-policy.yml policy-as-code.

Analysis & Verification

≡

budget

Measure token cost per skill, detect redundancy, and track context window usage over time.

⚐

verify

Validate that content changes between skill versions match the declared semver bump.

▷

test

Run eval test suites declared in skill tests/ directories for regression detection.

Setup

➜

init

Scan a skills directory for SKILL.md files and generate a skills-check.json registry.

Quickstart

Five steps to keep your agent skills fresh, safe, and efficient.

Initialize your registry

Discover SKILL.md files and map them to npm packages.

npx skills-check init

Check freshness and audit safety

Detect version drift and scan for security issues in one pass.

npx skills-check check && npx skills-check audit

Lint, budget, and verify

Validate metadata, measure token costs, and confirm version bumps are honest.

npx skills-check lint && npx skills-check budget && npx skills-check verify

Enforce policy and test

Apply organizational trust rules and run eval test suites.

npx skills-check policy check && npx skills-check test

Refresh stale skills

Use an LLM to propose targeted updates and generate a report.

npx skills-check refresh && npx skills-check report