What is Open Agent Skill?

Open Agent Skill is an open marketplace for AI agent skills. It helps developers discover, publish, and share reusable skills, tools, plugins, and workflows for AI agents like Claude, GPT, and LangChain.

How do I install a skill?

You can install any skill using the command: npx skills add . Each skill page also shows specific installation instructions.

How are skills ranked?

Skills are ranked by real agent usage data, not just GitHub stars. We track actual API calls from agents, success rates, and response times to surface the most reliable skills.

How do I submit my own skill?

Visit the Submit page and provide your GitHub repository URL. Our AI will review your skill for quality and security, then it will be listed in the marketplace.

Bandit

VERIFIED

Bandit is a tool designed to find common security issues in Python code.

Downloads 0

Stars 8.1K

Version 1.0.0

Quality 100/100 · Excellent

Install with one command

$ npx skills add PyCQA/bandit

Decision summary

Production-ready for Coding agents

Use this as a leading candidate, then validate the README and install path in your own agent stack.

100

Readiness

Best for

Coding agents workflows
Claude Code teams
teams that value GitHub adoption signals

Not ideal for

teams that need a vendor-supported SLA
high-compliance environments without internal security review

Risk notes

No major risk signals from current metadata

Quality profile

Excellent candidate for agent workflows

High-confidence pick with strong adoption and healthy maintenance signals.

100

GitHub stars

8.1K

Freshness

13d ago

Install ready

Yes

License

Apache-2.0

Workflow fit

Use this skill in these scenarios

Build and ship code

Coding agents

I need a coding agent that can understand a repository, edit code, and review pull requests.

Manage repositories

GitHub automation

I need my agent to triage GitHub issues, review pull requests, and summarize repository changes.

Reduce risk

Security and compliance

I need my agent to scan a project for security risks and summarize what needs attention.

Stack fit

Add it to a complete workflow

Inspect, patch, and verify code

Coding review agent

A stack for software agents that inspect repositories, review pull requests, generate tests, and turn findings into shippable patches.

Turn skills into distribution

Content growth agent

A stack for turning newly indexed skills into SEO briefs, social drafts, comparison pages, and reusable publishing workflows.

Ingest, retrieve, and cite

RAG knowledge base

A stack for document-heavy agents that ingest files, create searchable knowledge, retrieve relevant context, and answer with grounded sources.

Overview

Bandit is a tool designed to find common security issues in Python code.

Imported by the skill-only GitHub discovery pipeline because it matches agent skill, automation, RAG, or developer-tool signals. Protocol-server projects are excluded from automated imports.

Platform Compatibility

pythonFULL

securityFULL

Technical Details

Version: 1.0.0
License: Apache-2.0
Last Updated: 6/7/2026
Published: 6/6/2026

Frameworks & Tools

PythonSecurity

Install

Free and open source

Compare Alternatives View on GitHub Documentation

Claim this skill

Project owners can request ownership review. Approved claims unlock a stronger trust signal.

Author

PyCQA✓

@pycqa

Platform Fit

Claude Code

Health Signals

GitHub stars: 8.1K
Quality score: 69/100
Last GitHub push: May 25, 2026
Framework hints: 2
OpenAgentSkill views: 2
Install copies: 0
Outbound clicks: 0

Community Signal

Share whether this skill looks useful for your agent workflow. Aggregated feedback improves rankings over time.

Trust & Safety

—Open source (public GitHub repo)
—AI static analysis passed
—License: Apache-2.0
—Manually verified by team

Related Skills

Nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

29.1K stars · 0 installs

Lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

15.7K stars · 0 installs

Zaproxy

The ZAP by Checkmarx Core project

15.2K stars · 0 installs

Vuls

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

12.2K stars · 0 installs