skill-install

Name: skill-install - Agent Skill
Rating: 5.0 (1998 reviews)
Author: cexll

1,998

Install Claude skills from GitHub repositories with automated security scanning. Triggers when users want to install skills from a GitHub URL, need to browse available skills in a repository, or want to safely add new skills to their Claude environment.

Download Folder View on GitHub

CLI Install

Recommended

Use the skills CLI to install this skill with one command. Auto-detects all installed AI assistants.

Method 1 - skills CLI

npx skills i cexll/myclaude/skills/skill-install

Method 2 - openskills (supports sync & update)

npx openskills install cexll/myclaude

Auto-detects Claude Code, Cursor, Codex CLI, Gemini CLI, and more. One install, works everywhere.

Installation Path

Download and extract to one of the following locations:

~/.claude/skills/skill-install/

SKILL.md

references

Skill Instructions

Back

Run with Cloud Agent

No setup needed. Let our cloud agents run this skill for you.

Select Provider

Select Model

Claude Sonnet 4.5

$0.20/task

Best for coding tasks

Environment setup included

Skill Install

Overview

Install Claude skills from GitHub repositories with built-in security scanning to protect against malicious code, backdoors, and vulnerabilities.

When to Use

Trigger this skill when the user:

Provides a GitHub repository URL and wants to install skills
Asks to "install skills from GitHub"
Wants to browse and select skills from a repository
Needs to add new skills to their Claude environment

Workflow

Step 1: Parse GitHub URL

Accept a GitHub repository URL from the user. The URL should point to a repository containing a skills/ directory.

Supported URL formats:

https://github.com/user/repo
https://github.com/user/repo/tree/main/skills
https://github.com/user/repo/tree/branch-name/skills

Extract:

Repository owner
Repository name
Branch (default to main if not specified)

Step 2: Fetch Skills List

Use the WebFetch tool to retrieve the skills directory listing from GitHub.

GitHub API endpoint pattern:

https://api.github.com/repos/{owner}/{repo}/contents/skills?ref={branch}

Parse the response to extract:

Skill directory names
Each skill should be a subdirectory containing a SKILL.md file

Step 3: Present Skills to User

Use the AskUserQuestion tool to let the user select which skills to install.

Set multiSelect: true to allow multiple selections.

Present each skill with:

Skill name (directory name)
Brief description (if available from SKILL.md frontmatter)

Step 4: Fetch Skill Content

For each selected skill, fetch all files in the skill directory:

Get the file tree for the skill directory
Download all files (SKILL.md, scripts/, references/, assets/)
Store the complete skill content for security analysis

Use WebFetch with GitHub API:

https://api.github.com/repos/{owner}/{repo}/contents/skills/{skill_name}?ref={branch}

For each file, fetch the raw content:

https://raw.githubusercontent.com/{owner}/{repo}/{branch}/skills/{skill_name}/{file_path}

Step 5: Security Scan

CRITICAL: Before installation, perform a thorough security analysis of each skill.

Read the security scan prompt template from references/security_scan_prompt.md and apply it to analyze the skill content.

Examine for:

Malicious Command Execution - eval, exec, subprocess with shell=True
Backdoor Detection - obfuscated code, suspicious network requests
Credential Theft - accessing ~/.ssh, ~/.aws, environment variables
Unauthorized Network Access - external requests to suspicious domains
File System Abuse - destructive operations, unauthorized writes
Privilege Escalation - sudo attempts, system modifications
Supply Chain Attacks - suspicious package installations

Output the security analysis with:

Security Status: SAFE / WARNING / DANGEROUS
Risk Level: LOW / MEDIUM / HIGH / CRITICAL
Detailed findings with file locations and severity
Recommendation: APPROVE / APPROVE_WITH_WARNINGS / REJECT

Step 6: User Decision

Based on the security scan results:

If SAFE (APPROVE):

Proceed directly to installation

If WARNING (APPROVE_WITH_WARNINGS):

Display the security warnings to the user
Use AskUserQuestion to confirm: "Security warnings detected. Do you want to proceed with installation?"
Options: "Yes, install anyway" / "No, skip this skill"

If DANGEROUS (REJECT):

Display the critical security issues
Refuse to install
Explain why the skill is dangerous
Do NOT provide an option to override for CRITICAL severity issues

Step 7: Install Skills

For approved skills, install to ~/.claude/skills/:

Create the skill directory: ~/.claude/skills/{skill_name}/
Write all skill files maintaining the directory structure
Ensure proper file permissions (executable for scripts)
Verify SKILL.md exists and has valid frontmatter

Use the Write tool to create files.

Step 8: Confirmation

After installation, provide a summary:

List of successfully installed skills
List of skipped skills (if any) with reasons
Location: ~/.claude/skills/
Next steps: "The skills are now available. Restart Claude or use them directly."

Example Usage

User: "Install skills from https://github.com/example/claude-skills"

Assistant:

Fetches skills list from the repository
Presents available skills: "skill-a", "skill-b", "skill-c"
User selects "skill-a" and "skill-b"
Performs security scan on each skill
skill-a: SAFE - proceeds to install
skill-b: WARNING (makes HTTP request) - asks user for confirmation
Installs approved skills to ~/.claude/skills/
Confirms: "Successfully installed: skill-a, skill-b"

Security Notes

Never skip security scanning - Always analyze skills before installation
Be conservative - When in doubt, flag as WARNING and let user decide
Critical issues are blocking - CRITICAL severity findings cannot be overridden
Transparency - Always show users what was found during security scans
Sandboxing - Remind users that skills run with Claude's permissions

Resources

references/security_scan_prompt.md

Contains the detailed security analysis prompt template with:

Complete list of security categories to check
Output format requirements
Example analyses for safe, suspicious, and dangerous skills
Decision criteria for APPROVE/REJECT recommendations

Load this file when performing security scans to ensure comprehensive analysis.