← all repositories
modiqo/skillspec

Your agent skipped the safety rule at line 400

SkillSpec audits prose skill files for hidden risks and compiles them into structured contracts that agents must follow and prove.

567 stars Rust LLMOps · EvalAgents
skillspec
Collecting fresh signals — velocity needs a few days of history.
collecting data…
star history

What it does SkillSpec is a Rust CLI that treats your SKILL.md as a liability. Its doctor command scans for structural risks—buried obligations, undeclared dependencies, bloated context, and missing proof surfaces—then returns a scored risk report. If the prose is too flaky, it imports the skill into a typed skill.spec.yml contract with explicit routes, forbidden actions, and test expectations, compiling a thin loader to keep the harness prompt small. After a run, it emits an alignment summary showing what actually happened versus what was promised.

The interesting bit Instead of replacing your agent harness, SkillSpec makes the instructions followable and auditable. It translates the “hope the model reads the right part” phase into a conformance suite backed by a typed Rust model and JSON Schema, while the hosted skillspec.sh scanner lets you vet public skills without installing anything.

Key highlights

  • doctor surfaces agent drift risks—like obligations buried deep in context or undeclared tools—with scores tied to published research on context-position effects and instruction following.
  • Imports existing SKILL.md prose into a structured skill.spec.yml contract, then compiles a minimal loader to reduce active prompt bloat.
  • Emits durable alignment summaries after runs, recording selected routes, completed steps, forbidden-action status, and token usage instead of a bare “done.”
  • Ships plugins for Claude Code and Codex, plus a router mode to limit harness skill-list noise.
  • The contract spec is backed by a typed Rust model, JSON Schema, and an open conformance suite.

Caveats

  • It audits boundaries but does not enforce them; tool sandboxing is still the harness’s responsibility.
  • The public GitHub Actions Doctor reporter only inspects public repositories; private skills need a local CLI install.
  • Execution trace capture relies on an external tool called Rote, which is not part of the core open-source CLI.

Verdict Worth a look if you maintain non-trivial agent skills and are tired of debugging “done” messages that lack evidence. Skip it if you only write throwaway prompts or expect the tool to sandbox your agent’s tool access.

Frequently asked

What is modiqo/skillspec?
SkillSpec audits prose skill files for hidden risks and compiles them into structured contracts that agents must follow and prove.
Is skillspec open source?
Yes — modiqo/skillspec is open source, released under the Apache-2.0 license.
What language is skillspec written in?
modiqo/skillspec is primarily written in Rust.
How popular is skillspec?
modiqo/skillspec has 567 stars on GitHub.
Where can I find skillspec?
modiqo/skillspec is on GitHub at https://github.com/modiqo/skillspec.

heatdrop uses Google Analytics to see which pages get read — nothing else. Your call. How we handle data.