What is Open Agent Skill?

Open Agent Skill is an open marketplace for AI agent skills. It helps developers discover, publish, and share reusable skills, tools, plugins, and workflows for AI agents like Claude, GPT, and LangChain.

How do I install a skill?

You can install any skill using the command: npx skills add . Each skill page also shows specific installation instructions.

How are skills ranked?

Skills are ranked by real agent usage data, not just GitHub stars. We track actual API calls from agents, success rates, and response times to surface the most reliable skills.

How do I submit my own skill?

Visit the Submit page and provide your GitHub repository URL. Our AI will review your skill for quality and security, then it will be listed in the marketplace.

Decision filters

Choose skills by scenario, quality, and trust signals.

Use casePlatform fitQuality tierGitHub adoption

9 skills matching "vulnerability"

Best blend of quality, stars, freshness, and agent usage

Promptfoo

VERIFIEDEXCELLENT · 100

Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command line and CI/CD integration. Used by OpenAI and Anthropic.

$ npx skills add promptfoo/promptfoo

21.5K stars74 qualityClaude Code + OpenAI Agents

High-confidence pick with strong adoption and healthy maintenance signals.

typescriptrag

by promptfooQuick view

Skills

VERIFIEDEXCELLENT · 100

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

$ npx skills add trailofbits/skills

5.4K stars69 qualityClaude Code

High-confidence pick with strong adoption and healthy maintenance signals.

by trailofbitsQuick view

ScopeSentry

VERIFIEDEXCELLENT · 98

ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes

$ npx skills add Autumn-27/ScopeSentry

1.5K stars64 qualityClaude Code

High-confidence pick with strong adoption and healthy maintenance signals.

gocrawler

by Autumn-27Quick view

Appshark

VERIFIEDEXCELLENT · 98

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

$ npx skills add bytedance/appshark

1.7K stars61 qualityClaude Code

High-confidence pick with strong adoption and healthy maintenance signals.

kotlinstatic-analysis

by bytedanceQuick view

Wscan

STRONG · 81

Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.

$ npx skills add chushuai/wscan

706 stars54 qualityClaude Code

Solid option that is likely worth shortlisting for production workflows.

gocrawler

by chushuaiQuick view

RED HAWK

VERIFIEDSTRONG · 76

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

$ npx skills add Tuhinshubhra/RED_HAWK

3.7K stars52 qualityClaude Code

Solid option that is likely worth shortlisting for production workflows.Check: Repository looks stale

phpcrawler

by TuhinshubhraQuick view

Crawlergo

VERIFIEDSTRONG · 75

A powerful browser crawler for web vulnerability scanners

$ npx skills add Qianlitp/crawlergo

3.0K stars51 qualityClaude Code + Browser agents

Solid option that is likely worth shortlisting for production workflows.Check: Repository looks stale

gocrawler

by QianlitpQuick view

Semgrep Rules

STRONG · 80

A collection of my Semgrep rules to facilitate vulnerability research.

$ npx skills add 0xdea/semgrep-rules

813 stars51 qualityClaude Code

Solid option that is likely worth shortlisting for production workflows.

cstatic-analysis

by 0xdeaQuick view

Vulnx

VERIFIEDSTRONG · 74

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

$ npx skills add anouarbensaad/vulnx

2.1K stars50 qualityClaude Code

Solid option that is likely worth shortlisting for production workflows.Check: Repository looks stale

pythoncrawler

by anouarbensaadQuick view