Chainguard Agent Skills is now open to everyone, with a private registry to manage your internal skills

Back in March, we introduced Chainguard Agent Skills: a continuously maintained catalog of hardened AI agent skills, automatically reviewed, scoped, and published, with a full audit trail. Today, we're opening the beta to all users with over 1,000 hardened community skills and introducing a private registry to manage and control access to your internal skills.

We are also launching a Closed Beta for teams that wish to harden their first-party skills, leveraging Chainguard’s hardening pipeline. With the introduction of the private registry and Chainguard’s hardening-as-a-service capabilities, customers will have a single place to securely standardize, distribute, and manage all of their agent skills.

Issues with modern skill ecosystems continue 

After showing up in a big way this year, agent skills have continued to proliferate and rapidly penetrate enterprises. Public registries have surpassed 350,000 skills in just two months, and 72% of enterprises are using or testing AI agents. These skills are scattered across Slack threads, shared drives, and individual developer instances with no versioning, access controls, or audit trails. 

As the public and custom skills ecosystem has exploded, so have the security concerns. Snyk's ToxicSkills research found that 36% of scanned skills from public registries such as skill.sh and ClawHub contain at least one security flaw. Some were insecure skills that exposed attack surfaces; others were malicious payloads intended to harm. Since these skills are widely distributed, minimally vetted, and potentially deeply permissioned, many organizations are struggling to secure and control agent skills. Chainguard Agent Skills can help.

What's available today

1,000+ hardened skills in the community registry

Chainguard has opened a community registry of more than 1,000 of the most popular third-party community skills, and we’re adding more each week. Every new and existing skill is continuously hardened against a ruleset built from open source intelligence and Chainguard's own hardening research, which detects attack patterns like over-permissioning, obfuscated commands, base64 execution, credential harvesting, untrusted download domains, and more. But unlike every other solution in the market, we don't stop at flagging issues. We actually fix the skill. Here’s how:

• Transparency and audit logs: Every hardened skill ships with a HARDENING.md: an audit log that records each rule checked, what was found, what was changed, and verification that nothing material broke in the process. You get the diff with full transparency into exactly what changed.

• Continuous hardening: Hardening isn't a one-time gate; it's a living process. A skill that's safe today can be compromised in tomorrow's update. Chainguard’s hardening pipeline automatically re-hardens skills whenever the upstream source changes.

• Evolving hardening rulesets: Chainguard continuously updates hardening rulesets to catch new attack patterns, triggering re-evaluation of every previously hardened skill. This ensures you're always pulling the current hardened version, not the one that passed a scan six months ago.

Start using hardened agent skills today: browse and install hardened skills into any agentic coding tool, including Claude Code, Cursor, GitHub Copilot, Gemini CLI, and more, using the chainctl command. 

Skills management, simplified with a private registry

As organizations scale their use of agent skills, securing and managing every skill in use, whether community or first-party, becomes a critical requirement. 

Chainguard Agent Skills gives these skills a real (and secure) home, furnished with:

• A real address: Skills live at skills.cgr.dev/<org>/<skill_name>:<version tag>. Push and pull with chainctl. Install locally in one command. Teams stop rebuilding skills workflows that already exist somewhere in the org; they find what's been built and actually use it.

• Version control: More importantly, you can now apply the same version discipline to agent behavior that you already apply to code. Pin an agent to a specific skill SHA. Roll back when something breaks. See exactly what changed between versions and when.

• Keeps skills inside your organization: Entitlements are org-scoped. Only your organization can push or pull from your registry namespace. This is especially useful for teams operating under compliance requirements or handling sensitive data, so nothing leaks outside your org boundary.

What's new in Closed Beta

Every artifact within a skill carries real supply chain risk, and the first-party skills your team writes for your organizational context are no different. So we're bringing the same hardening infrastructure that protects community skills to the skills built for your organization:

• Hardening-as-a-service for first-party skills: Submit first-party skills built for your organization to Chainguard’s hardening pipeline. You get the same benefits as community-hardened skills, including automated review, remediation, and a full audit trail for these in-house skills.

• Custom rulesets: Extend Chainguard's hardening ruleset with organization-specific rules to enforce your own security requirements. This ensures hardening reflects your organization's risk posture, not just a generic baseline.

• MCP integration: Closed beta participants will be among the first to access Chainguard Agent Skills capabilities via an MCP server, enabling agents to query and pull the right skills on demand rather than maintaining static local copies. When a skill gets re-hardened, every agent gets the update automatically. 

If you're building internal agent tooling at scale, or operating in an environment where the skills your team writes carry real compliance weight, this is the tier designed for you.

Sign up for the closed beta today.

Get started

Hardened community skills and private registry are available to all users with a Chainguard Console account.

Hardening-as-a-service for first-party skills is now in closed beta. Sign up today.