Trust & Security

Every skill, security-vetted
before you install it.

Our audit pipeline blocks malware, validates permissions, and confirms that every skill does exactly what it claims. Live stats, updated every minute.

Updated 4/22/2026, 5:49:05 PM.

Zero malware ever0/ 462Malicious code found across every skill ever audited.
Total audited462Live approved skills on MFKVault.
Audited this week431Newly approved in the last 7 days.
Active security alerts
0
Skills flagged right now.
Rejected total
3
Submissions blocked before publication.
Team reviews
20
Skills with a signed MFKVault team audit.
Review turnaround
< 24h
From submission to live on marketplace.

Security status breakdown

VerifiedPassed all four audit checks with a signed team review.
40 / 462 (9%)
ScannedAutomated scan passed β€” pending final team review.
231 / 462 (50%)
UnvettedCommunity submission awaiting first automated scan.
191 / 462 (41%)

How we audit every skill

Four independent checks β€” every skill, every time.

Step 1

Malware scan

Every skill is scanned against a deny-list of malicious shell commands, credential-exfiltration patterns, and obfuscated payloads.

Step 2

Permission audit

We verify that the permissions a skill requests (filesystem access, network calls, shell exec) match the behavior it declares in plain English.

Step 3

Content review

A human reads every approved skill to confirm the instructions are safe, clear, and actually do what the title claims.

Step 4

Prompt-injection resilience

We test against known prompt-injection vectors β€” external web content, cross-skill interference, instruction override attempts.

Found something suspicious?

We treat every security report as high-priority. Responsible disclosures are acknowledged within one business day and published here once fixed.

Read our security policy Email [email protected]