Security Model
Four layers of protection for every skill on SkillPort
Every skill on SkillPort is cryptographically signed, scanned by 5 security detectors, and requires permission consent before install.
SkillPort uses a defense-in-depth approach: no single layer is sufficient, but together they provide strong protection against malicious or poorly written skills.
Four Security Layers
1. Cryptographic Signatures
Every .ssp package is signed with Ed25519 keys. The CLI verifies signatures on install, ensuring the package hasn't been tampered with and comes from the registered author.
2. Security Scanner
Five specialized detectors analyze every skill before it reaches the marketplace. Skills that fail the scan cannot be published.
3. Permission System
Skills declare their required permissions: network access, filesystem read/write, shell execution, and external integrations. Buyers must consent to all permissions before install.
4. Checksum Verification
SHA-256 checksums are computed for every file in the package. On install, the CLI re-computes and verifies all checksums to detect any modification.
Security Detectors
Secrets Detector
Scans for API keys, tokens, passwords, and other credentials that should not be included in published skills.
Dangerous Code Detector
Identifies potentially dangerous patterns: eval(), exec(), shell commands, and file system operations that could harm the user's system.
PII Detector
Detects personally identifiable information such as email addresses, phone numbers, and IP addresses.
Obfuscation Detector
Flags base64-encoded strings, hex-encoded content, and other obfuscation techniques that may hide malicious behavior.
Network Detector
Identifies URLs, API endpoints, and network requests to external services.
Risk Scoring
Each detector assigns a severity level (info, warning, critical) to its findings. These are combined into a single risk score displayed on every skill page.
Skills with critical findings are blocked from publishing. Skills with warnings are published but flagged for buyer review.
Fail-Closed Design
SkillPort follows a fail-closed principle: if any verification step fails, the operation is blocked. This applies to export, publish, and install.