Upskill: skill registry your agent consults before it starts. 10k+ indexed, free, open source.

By /
Upskill: skill registry your agent consults before it starts. 10k+ indexed, free, open source.

You give Cursor a real task and watch it work… from memory.

  • Ask for a landing page → generic off-brand Tailwind hero
  • Ask for Clerk auth → skips JWT verification
  • “I’ll write a CSV parser” → reinvents half of papaparse (badly)

You just spent 20 minutes and 1k tokens watching it iterate on something that already has a perfect answer somewhere online.

The frustrating part isn’t that Claude is bad.
It’s that the right playbooks already exist.

  • Anthropic has a 4,000-word frontend design skill (layout, typography, motion, accessibility)
  • Clerk has an end-to-end auth implementation
  • obra/superpowers has hundreds more

The expertise exists. The routing doesn’t.

What I built: upskill (free)

upskill = routing layer for skills

Install it once, add one line to your agent config (CLAUDE.md), and now:

Before every non-trivial task → your agent runs
upskill find "<task>"

Instead of guessing, it pulls a vetted playbook and follows it.

What changes?

Same prompt: “design a landing page”
→ Now follows Anthropic’s actual playbook

Same prompt: “add Clerk auth”
→ Full implementation, JWT verification included

Think of it as:

Mixture of experts, but at the agent layer
Your agent stops improvising and starts executing proven workflows.

Under the hood

  • 10k+ indexed skills from:
    • Anthropic, OpenAI, Stripe, Vercel, Microsoft
    • Garry Tan (gstack), obra/superpowers
    • 100+ independent authors
  • Search = hybrid:
    • Postgres full-text search (for exact stuff like flags, APIs)
    • 1024-dim vector embeddings (for semantic matching)
    • Re-ranked by stars, installs, community feedback

→ Pure vectors miss specifics
→ Pure FTS misses intent
→ Hybrid works better

Auth-aware ranking (optional)

If env vars exist locally:

  • AWS_ACCESS_KEY_ID → AWS skills rank higher
  • STRIPE_SECRET_KEY → Stripe-specific flows rank higher

Only variable names are used. Values never leave your machine.

Safety

Every skill goes through LLM adversarial review at index time:

  • Prompt injection
  • Credential exfiltration
  • Typosquatting / lookalike domains
  • Hidden malicious instructions

Out of 10k+ skills:

  • Hundreds were blocked
  • Found real attacks (e.g. hidden onerror="alert('XSS')" + “skip tests”)

A few false positives (being tuned):

  • rm -rf node_modules in legit guides
  • Google Drive delete API
  • Warnings about NEXT_PUBLIC misuse

Privacy

Default = locked down

  • upskill find → sends only your query
  • Telemetry → opt-in
  • Env-aware ranking → opt-in
  • Skill submissions → opt-in

Everything toggleable anytime.

Not just for code

Covers workflows like:

  • Slides
  • Email triage
  • Google Workspace
  • Notion queries
  • Calendar automation
  • Scientific writing
  • Malware analysis
  • Accessibility audits
  • Sales playbooks

If your agent is about to “wing it”…
there’s probably already a better playbook.

Try it

npm install -g /upskill upskill install npx -y skills add Autoloops/upskill/skill

It’ll ask a few questions and wire itself into your agent.

Repo: https://github.com/Autoloops/upskill
MIT licensed. PRs welcome.

submitted by /u/Comprehensive_Quit67
[link] [comments]

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top