nullware

back to blog

Skillfile: a ledger for what your agents can do

2 min read

Every capability you give an AI agent is a grant of access. A skill that reads a repository. An MCP tool that queries a database. A script that can push to production or read a secret. Useful — and, added up across a team, a large and growing surface that almost no one is actually watching.

The grants land wherever they happen to land: a .mcp.json here, a .cursorrules there, an environment variable, a teammate’s local config. They are copied from marketplaces unverified, re-tuned by hand for each agent, and rarely written down. The result is the quiet problem of this moment in software:

Agent access is growing faster than anyone can review it.

The people accountable for that access — security, platform, whoever signs off on what touches company data — usually can’t see it at all. It isn’t in one place, it isn’t scanned, and there’s no record of who approved what, or when.

What Skillfile is

Skillfile is a control plane for agent capabilities. It takes the skills and MCP tools your agents reach for and turns each one into a signed .skill manifest:

  • Scanned for risk — injection, rogue egress, secret access, dangerous operations.
  • Optimized into one token-efficient file that behaves the same on every agent.
  • Approved by a human, with permissions that can be allowed, gated, or blocked.
  • Tracked from the first session to the deployed result, with a full chain of custody.

Instead of permissions buried across five config formats, you get one ledger: every capability a signed, scanned record, approved on purpose, and auditable after the fact.

One portable standard

A .skill is an open, versioned manifest — not a proprietary lock-in. The point is that you own your capabilities in a format no single vendor controls, and that the same approved capability can be distributed to Claude Code, Cursor, Codex, and an MCP gateway without being rebuilt by hand for each one. Skillfile is the control plane on top of that standard, not a walled garden around it.

Why it needs to exist

The honest version: agents are now writing to repos, calling internal services, and reaching for secrets, and the tooling for governing that has lagged badly behind the tooling for enabling it. “Move fast” is easy; “move fast and be able to prove what you allowed” is the hard part, and it’s the part that decides whether agents make it past a pilot inside a company that has anything to lose.

Skillfile is the boring, necessary layer: scan it, approve it, sign it, sync it, keep the receipt. Not a silver bullet — a place to put the access so it stops being invisible.

It’s live and in active development at skillfile.ai. If the problem sounds familiar, that’s the point.