MFKVault Technical Paper Β· v1.0 Β· 2026-05-13

Verifying the AI-skill ecosystem

An open methodology for telling developers which Claude / Cursor / Codex / Windsurf skills are safe to install.

01

The AI-skill discoverability gap

Developers spend hours sifting through GitHub stars and Reddit threads to find a working Claude/Cursor/Codex skill. Existing search surfaces optimise for popularity, not correctness.

02

A standard, not a marketplace

MFKVault Verified is an open standard. Any registry, IDE plugin, or agent runtime can integrate via the free /api/v1/verify endpoint and produce identical results.

03

Five-signal scoring

Each skill is scored on five binary signals worth 20 points each. The result is a 0–100 score with deterministic reproduction.

04

Crawler topology

A network of 10+ specialised crawlers collects skill candidates from GitHub repos, gists, Hacker News, Reddit (when keys are configured), Stack Overflow, ArXiv, dev.to and product changelogs.

05

License conformance

Skills without a discoverable OSS-compatible license are gated from publication. SPDX identifiers are normalised at ingest.

06

Continuous monitoring

Weekly cron re-evaluates every approved skill. Failures demote within 24h to the public /unverified list.

07

Public artifact

Every assessed skill has a public report at /skill/[slug]. The widget at /widget.js renders the live badge anywhere on the web.

08

Limitations

Verification is automated. It is not a code review or pentest. Skills are still third-party software β€” install with the same caution as any package.

Specification β†’Standard overview β†’Integrate β†’

AI-generated content disclaimer: descriptive prose was authored with AI assistance. All claims are factual and derived from MFKVault's own crawlers and database.