Your agent skipped the safety rule at line 400
SkillSpec audits prose skill files for hidden risks and compiles them into structured contracts that agents must follow and prove.
What it does
SkillSpec is a Rust CLI that treats your SKILL.md as a liability. Its doctor command scans for structural risks—buried obligations, undeclared dependencies, bloated context, and missing proof surfaces—then returns a scored risk report. If the prose is too flaky, it imports the skill into a typed skill.spec.yml contract with explicit routes, forbidden actions, and test expectations, compiling a thin loader to keep the harness prompt small. After a run, it emits an alignment summary showing what actually happened versus what was promised.
The interesting bit
Instead of replacing your agent harness, SkillSpec makes the instructions followable and auditable. It translates the “hope the model reads the right part” phase into a conformance suite backed by a typed Rust model and JSON Schema, while the hosted skillspec.sh scanner lets you vet public skills without installing anything.
Key highlights
doctorsurfaces agent drift risks—like obligations buried deep in context or undeclared tools—with scores tied to published research on context-position effects and instruction following.- Imports existing
SKILL.mdprose into a structuredskill.spec.ymlcontract, then compiles a minimal loader to reduce active prompt bloat. - Emits durable alignment summaries after runs, recording selected routes, completed steps, forbidden-action status, and token usage instead of a bare “done.”
- Ships plugins for Claude Code and Codex, plus a router mode to limit harness skill-list noise.
- The contract spec is backed by a typed Rust model, JSON Schema, and an open conformance suite.
Caveats
- It audits boundaries but does not enforce them; tool sandboxing is still the harness’s responsibility.
- The public GitHub Actions Doctor reporter only inspects public repositories; private skills need a local CLI install.
- Execution trace capture relies on an external tool called Rote, which is not part of the core open-source CLI.
Verdict Worth a look if you maintain non-trivial agent skills and are tired of debugging “done” messages that lack evidence. Skip it if you only write throwaway prompts or expect the tool to sandbox your agent’s tool access.
Frequently asked
- What is modiqo/skillspec?
- SkillSpec audits prose skill files for hidden risks and compiles them into structured contracts that agents must follow and prove.
- Is skillspec open source?
- Yes — modiqo/skillspec is open source, released under the Apache-2.0 license.
- What language is skillspec written in?
- modiqo/skillspec is primarily written in Rust.
- How popular is skillspec?
- modiqo/skillspec has 567 stars on GitHub.
- Where can I find skillspec?
- modiqo/skillspec is on GitHub at https://github.com/modiqo/skillspec.