Security Guidelines
Best practices for creating secure skills and understanding the security scanner.
Security Scanner
All skills are automatically scanned before publishing. The scanner checks for:
- Hardcoded secrets, API keys, and credentials
- Dangerous shell commands and code execution patterns
- Suspicious network requests and data exfiltration
- File system operations outside declared capabilities
- Known vulnerability patterns
Security Score
Skills receive a score from 0-100:
Minimal security concerns
Some issues to review
Cannot be published
What to Avoid
Hardcoded Secrets
Never include API keys, passwords, or tokens in your skill.
Dangerous Commands
Avoid destructive shell commands.
Arbitrary Code Execution
Don't use eval() or similar dynamic execution.
Undeclared Capabilities
Don't access files or network without declaring capabilities.
Best Practices
Declare All Capabilities
Be explicit about what permissions your skill needs.
capabilities:
- capability: file:read
reason: To read config files
constraints:
paths: ["*.json", "*.yaml"]Use Minimal Permissions
Only request capabilities you actually need. Users are more likely to trust skills with fewer permission requirements.
Constrain Access
Use constraints to limit file paths, network hosts, and other access patterns to the minimum required.
Validate Inputs
Always validate and sanitize user-provided inputs before using them in commands or file paths.
Capability Guidelines
file:read / file:write
Always specify path constraints. Never request access to sensitive directories.
- Use specific patterns:
*.pdf,./data/* - Avoid broad patterns like
* - Never access ~/.ssh/, ~/.aws/, /etc/
network:https
Specify which hosts your skill needs to contact.
- List specific domains in constraints
- Explain why network access is needed
- Don't make requests to user-controlled URLs
shell:execute
This capability receives extra scrutiny. Use sparingly.
- Only use for well-known, safe commands
- Never construct commands from user input
- Consider if there's an alternative approach
Registry Security
The Asterism registry includes multiple protections against supply chain attacks.
Typosquatting Protection
When publishing a skill, names are checked against existing popular skills to prevent confusingly similar names:
- Levenshtein distance analysis for similarity detection
- Lookalike character detection (0→o, 1→i, 5→s)
- Pattern matching for common typo variations
Reserved Names
Certain words are reserved to prevent impersonation:
- anthropic, claude
- openai, chatgpt
- google, gemini
- microsoft, copilot
- admin, system
- official, verified
- askskills, agentskills
- root, sudo
- shell
Skill Deprecation
Skills with security issues can be marked as deprecated with warnings shown to users. Deprecated skills include a message explaining the issue and a link to a recommended replacement when available.
Common Scanner Issues
False Positives
Sometimes the scanner flags patterns that look suspicious but are actually safe. If you believe you've received a false positive, you can add comments explaining the context, or contact us for review.
Example URLs
Use example.com for documentation URLs. Don't include real API endpoints in examples that might be mistaken for hardcoded credentials.
Test Credentials
Use obvious placeholder values like "YOUR_API_KEY_HERE" instead of realistic-looking fake keys that might trigger the scanner.
Skill Protection
The platform includes multiple protections to prevent skill copying and plagiarism.
Similarity Detection
When publishing, content is compared against existing skills using TF-IDF and Jaccard similarity algorithms. Skills with 80%+ similarity to existing skills are blocked.
- 0-50% similarity: Passes without warnings
- 50-80% similarity: Warning, requires acknowledgment
- 80-100% similarity: Blocked, must use fork feature
Content Fingerprinting
Downloads include invisible watermarks using zero-width Unicode characters. If content is leaked, fingerprints can trace it back to the original downloader.
Premium Hosted Execution
Premium skills can be configured for hosted-only execution where the content never leaves the server. Users execute skills via API without accessing the source.
Author Reputation
Authors have reputation scores based on trust, quality, and helpfulness. Verified publishers receive badges and higher visibility. Copy reports and DMCA takedowns negatively impact reputation.
DMCA Process
We support the DMCA takedown process for copyright infringement. See our DMCA page for details on submitting takedown requests or counter-notices.
Reporting Security Issues
If you discover a security vulnerability in a skill:
- Email security@joinasterism.com with details
- Include the skill name and specific concerns
- We'll investigate and take appropriate action
For vulnerabilities in the Asterism platform itself, please follow responsible disclosure practices.