Run any agent skill. Safely. Without installing it.
skillx is a CLI tool that runs Agent Skills without permanently installing them. One command fetches a skill from Git hosts and other supported sources, scans it for risky patterns, injects it into your agent, and cleans everything up when the session ends. No files are left behind.
skillx run github:skillx-run/skillx/examples/skills/name-poem "Ada Lovelace"- No install needed. Tools like
skillsandskillfishdrop files into your agent and leave them there. skillx runs skills ephemerally by default — fetch, use, auto-clean. When you want persistence,skillx installis there, but it's opt-in. - Security first. Every skill is scanned before injection. 31 built-in rules look for prompt injection, credential access, destructive operations, and disguised binaries. Dangerous patterns are blocked — you never run untrusted code silently.
- One command. No config files, no setup.
skillx runhandles the entire lifecycle: fetch → scan → inject → run → clean.
# Shell installer (macOS / Linux)
curl -fsSL https://skillx.run/install.sh | sh
# Homebrew (macOS / Linux)
brew install skillx-run/tap/skillx
# Cargo (any platform with Rust toolchain)
cargo install skillx
# Cargo binstall (prebuilt binaries, no build step)
cargo binstall skillxWindows binaries are on the Releases page.
# Run a skill from GitHub (temporary — auto-cleans when done)
skillx run github:skillx-run/skillx/examples/skills/name-poem "Ada Lovelace"
# Paste a full URL — skillx recognizes 20+ platforms
skillx run https://github.com/skillx-run/skillx/tree/main/examples/skills/code-review
# Scan a skill before running
skillx scan github:skillx-run/skillx/examples/skills/name-poem
# Want persistence? Opt in explicitly
skillx install github:skillx-run/skillx/examples/skills/name-poemBrowse examples/skills/ for runnable demos (name-poem, hello-world, code-review, testing-guide, commit-message) and skills/ for first-party skills (currently setup-skillx).
┌───────┐ ┌──────┐ ┌────────┐ ┌─────┐ ┌───────┐
│ fetch │ → │ scan │ → │ inject │ → │ run │ → │ clean │
└───────┘ └──────┘ └────────┘ └─────┘ └───────┘
- Fetch — Resolves the source (local path,
github:, full URL, archive, …) and downloads with caching. - Scan — Runs 31 security rules across Markdown, scripts, and bundled resources.
- Inject — Copies or inlines skill files into the detected agent's expected location (e.g.
.claude/skills/,.cursor/skills/). - Run — Launches the agent with the skill invocation prefix (e.g.
/name-poem) prepended to your prompt. - Clean — Removes injected files and archives the session manifest to
~/.skillx/history/.
Tools like skills and skillfish drop skill files into your agent and leave them there. skillx fetches, scans, runs once, and cleans up.
Install-based managers — 4 steps per skill:
- Install the skill onto your machine
- Link it into your agent's folder
- Audit the files yourself (nothing scans before injection)
- Uninstall it when you're done
skillx — 1 command:
skillx run <url> "prompt"skillx does the rest: scan → inject → run → clean. Persistent installation is still available via skillx install, but it's opt-in.
Core
| Command | Description |
|---|---|
skillx run <source> [prompt] |
Run a skill temporarily (fetch, scan, inject, run, clean) |
skillx install [sources...] |
Install skills persistently (opt-in) |
Manage installed skills
| Command | Description |
|---|---|
skillx list |
List installed skills |
skillx update [names...] |
Update installed skills |
skillx uninstall <name...> |
Remove installed skills |
skillx init |
Initialize skillx.toml |
Utilities
| Command | Description |
|---|---|
skillx scan <source> |
Security scan a skill |
skillx info <source> |
Show skill metadata |
skillx agents |
List detected agent environments |
skillx cache ls|clean |
Manage local cache |
skillx upgrade |
Check for and upgrade skillx itself |
32 built-in agents plus custom support:
- Tier 1: Claude Code, Codex, GitHub Copilot, Cursor
- Tier 2: Gemini CLI, OpenCode, Amp, Windsurf, Cline, Roo
- Tier 3: 21 additional agents via a data-driven generic adapter
- Custom agents via
[[custom_agents]]in~/.skillx/config.toml - Universal fallback for unrecognized environments
Run skillx agents --all to list every built-in adapter.
skillx recognizes local paths, shorthand prefixes, and full URLs across Git hosts and other sources:
| Source | Example |
|---|---|
| Local | ./my-skill/ |
| GitHub | github:org/repo/path@ref |
| GitLab | https://gitlab.com/org/repo/-/blob/main/skill.md |
| Bitbucket | https://bitbucket.org/org/repo/src/main/skill.md |
| Gitea / Forgejo / Codeberg | https://codeberg.org/org/repo/src/branch/main/skill.md |
| Gist | gist:username/id |
| SourceHut | https://git.sr.ht/~user/repo/tree/main/item/skill.md |
| HuggingFace | https://huggingface.co/org/model/blob/main/skill.md |
| Archive | https://example.com/skill.tar.gz |
skillx also keeps compatibility with selected skill-directory sites when they resolve cleanly to underlying Git repositories. Custom URL patterns can be added via [[url_patterns]] in config.toml.
Three built-in analyzers, 31 rules total, 5 risk levels:
- Markdown analyzer — prompt injection, sensitive directory access, hidden zero-width text, disguised data URIs, missing frontmatter fields.
- Script analyzer —
eval,rm -rf, base64 / hex decode, environment-variable exfiltration, binary blobs masquerading as text. - Resource analyzer — disguised file types, oversized files, executable files under
references/, symlinks anywhere in the skill tree (never followed).
Risk levels gate the run interactively:
| Level | Behavior |
|---|---|
| Pass / Info | Auto-pass |
| Warn | Prompt (y/n) |
| Danger | Confirmation required (yes + acknowledge details) |
| Block | Refuses to run |
skillx scan github:org/skills/data-pipeline # Text report
skillx scan --format sarif ./my-skill/ # SARIF 2.1.0 for CI
skillx scan --format json ./my-skill/ # JSON for scriptingA GitHub Action (.github/actions/scan/action.yml) is available for CI. See SECURITY.md for reporting vulnerabilities.
For teams that want reproducible skill sets, declare them in skillx.toml:
[project]
name = "my-project"
[agent]
preferred = "claude-code"
[skills]
name-poem = "github:skillx-run/skillx/examples/skills/name-poem"
code-review = { source = "github:skillx-run/skillx/examples/skills/code-review", scope = "project" }skillx init # Create skillx.toml
skillx init --from-installed # Create from currently installed skills
skillx run # Run all skills declared in skillx.toml- Full docs: https://skillx.run
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- Security reporting: SECURITY.md
Code under Apache-2.0; documentation under CC-BY-4.0.