x402 Trust Index

Is that skill safe to run?

A SKILL.md is an unsigned binary — you install it and an agent runs whatever it says. Heron analyzes a skill's manifest and scripts for remote code execution, secret access, data exfiltration, wallet draining and prompt-injection, and returns a 0-100 trust score with a wallet-signed, independently verifiable attestation. Not a popularity vote — a substantive analysis.

160
skills analyzed
137
trusted
8
caution
15
dangerous
86
avg trust
secret_access 114broad_perms 78hidden_download 14raw_ip_net 7eval_exec 6suspicious_host 5
Analyze a skill
Paste a GitHub link to a skill — repo, folder or SKILL.md (Heron pulls the manifest + its scripts). Or paste the manifest text. Free.
or paste the manifest

Recently analyzed

SkillScoreVerdictWhen
JuliusBrussee/caveman/cavecrew94trusted38m ago
addyosmani/agent-skills/browser-testing-with-devtools95trusted38m ago
bergside/awesome-design-skills/basic94trusted56m ago
bergside/awesome-design-skills/artistic96trusted56m ago
bergside/awesome-design-skills/ant96trusted56m ago
bergside/awesome-design-skills/agentic96trusted56m ago
FrancyJGLisboa/agent-skill-creator/weekly-crm-report100trusted56m ago
FrancyJGLisboa/agent-skill-creator/stock-analyzer95trusted56m ago
FrancyJGLisboa/agent-skill-creator/pr-blocker-summarizer94trusted56m ago
FrancyJGLisboa/agent-skill-creator/root82trusted56m ago
elementalsouls/Claude-OSINT/osint-methodology21dangerous56m ago
elementalsouls/Claude-OSINT/offensive-osint0dangerous56m ago
SnailSploit/Claude-Red/offensive-exploit-dev-course0dangerous56m ago
SnailSploit/Claude-Red/offensive-crash-analysis0dangerous56m ago
SnailSploit/Claude-Red/offensive-basic-exploitation53dangerous57m ago
SnailSploit/Claude-Red/offensive-cloud46dangerous57m ago
SnailSploit/Claude-Red/offensive-oauth62caution57m ago
SnailSploit/Claude-Red/offensive-jwt94trusted57m ago
SnailSploit/Claude-Red/offensive-ai-security69caution57m ago
SnailSploit/Claude-Red/offensive-active-directory94trusted57m ago
microsoft/SkillOpt/openclaw0dangerous57m ago
microsoft/SkillOpt/skillopt-sleep95trusted57m ago
microsoft/SkillOpt/skillopt-sleep95trusted57m ago
alchaincyf/huashu-design/root82trusted57m ago
Donchitos/Claude-Code-Game-Studios/brainstorm96trusted57m ago
Donchitos/Claude-Code-Game-Studios/balance-check96trusted57m ago
Donchitos/Claude-Code-Game-Studios/asset-spec94trusted57m ago
Donchitos/Claude-Code-Game-Studios/asset-audit96trusted58m ago
Donchitos/Claude-Code-Game-Studios/art-bible94trusted58m ago
Donchitos/Claude-Code-Game-Studios/architecture-review95trusted58m ago
Donchitos/Claude-Code-Game-Studios/architecture-decision94trusted58m ago
Donchitos/Claude-Code-Game-Studios/adopt94trusted58m ago
mukul975/Anthropic-Cybersecurity-Skills/analyzing-apt-gr95trusted58m ago
mukul975/Anthropic-Cybersecurity-Skills/analyzing-api-ga98trusted58m ago
mukul975/Anthropic-Cybersecurity-Skills/analyzing-androi95trusted58m ago
mukul975/Anthropic-Cybersecurity-Skills/analyzing-active94trusted58m ago
mukul975/Anthropic-Cybersecurity-Skills/acquiring-disk-i91trusted58m ago
mukul975/Anthropic-Cybersecurity-Skills/achieving-cmmc-l94trusted58m ago
mukul975/Anthropic-Cybersecurity-Skills/abusing-shadow-c95trusted58m ago
mukul975/Anthropic-Cybersecurity-Skills/abusing-dpapi-fo95trusted58m ago

For agents · API

POST /skill/scan  {"skill_md":"..."} → score + findings + signed attestation
GET /trust/index  the live index (JSON)
GET /trust/stats  aggregate volume
GET /skill/verify  check an attestation signature yourself (EIP-191)