Skip to content

Document skill trust model and operator security warnings#212

Merged
rosspeili merged 3 commits into
ARPAHLS:mainfrom
0x-AO-Protocol:docs/issue-109-skill-trust-model
Jul 8, 2026
Merged

Document skill trust model and operator security warnings#212
rosspeili merged 3 commits into
ARPAHLS:mainfrom
0x-AO-Protocol:docs/issue-109-skill-trust-model

Conversation

@mrmasa88

@mrmasa88 mrmasa88 commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Summary

Resolves #109 (Phase 0 — docs only). Adds an operator-facing document explaining Skillware's skill trust model, and wires links to it from the security-relevant files.

This is documentation only. It does not change SkillLoader, add flags, or implement sandboxing (those remain in #110#114). It documents the current state honestly.

Fixes #109

What's included

Acceptance bar

The doc leads with "None of these tiers are sandboxed today," and a new operator comes away understanding: no default sandbox, where code came from matters, and constitution ≠ isolation. No claim that sandboxing exists today.

Naming

The provenance tiers are labeled A/B/C in the doc, but Bundled / Project / External may read more clearly. Happy to rename to whichever you prefer before merge — flagged here rather than in the doc body so the page stays clean.

Made with Cursor

@rosspeili

Copy link
Copy Markdown
Contributor

Hey @mrmasa88 thanks a lot for picking this up, and for staying strictly in Phase 0 scope, this is a strong starting point.

A few small notes before merge:

  1. Rebase on current main, there’s a loader/docs entry in [Unreleased] from [Feat]: Loader validates manifest.name matches skill folder path (#101 Option A) #200/feat(loader): validate manifest name against registry path (#200) #213, so CHANGELOG.md will need a quick merge.
  2. Cross-links, consider a one-liner from README.md or docs/introduction.md pointing operators at docs/security/skill-trust-model.md (not sure it woudl be needed everywhere, but maybe would make sense).
  3. Flat vs registry layout, a short note that private skills can live as skills/<name>/ (flat) as well as skills/<category>/<name>/, and that skillware list only discovers the two-level layout, might help operators who wonder why a local skill loads but doesn’t appear in list.
  4. Tier labels, Bundled / Project / External reads clearly, I would go with that.

Happy to merge as-is after rebase, or with the optional doc tweaks if you want them in this PR. I’ll pin a link from #17 once this lands. Thanks again <3

@mrmasa88

mrmasa88 commented Jul 8, 2026

Copy link
Copy Markdown
Contributor Author

Thanks for the review @rosspeili — addressed all four:

  1. Synced with current main (merge), so the [Feat]: SkillLoader.load_skill() should auto-discover and expose the BaseSkill subclass #89/[Feat]: Loader validates manifest.name matches skill folder path (#101 Option A) #200/[Feat]: Update supported-version policy / security #192/[Feat]: Migrate legacy short manifest names to category/skill_name paths #201 loader and docs entries in [Unreleased] are all kept alongside the [Docs]: Document skill trust model and operator security warnings (sub-issue of #17) #109 doc entry.
  2. Added a cross-link from docs/introduction.md (Step 1: Discovery & Loading) to the trust doc.
  3. Added a short "Flat vs registry layout" note in the resolution section: flat skills (<root>/<name>/) load fine but don't show up in skillware list (which only walks the two-level layout) — the usual reason a local skill loads but is missing from list.
  4. Renamed the tiers to Bundled / Project / External throughout — agreed it reads clearer.

Still Phase 0 docs only, no loader/CLI changes. Ready for your re-review whenever. Thanks again <3

@rosspeili

Copy link
Copy Markdown
Contributor

LGTM @mrmasa88, all review notes addressed. Merging, I'll pin from #17 after this lands. Thanks again!

@rosspeili rosspeili merged commit f52b357 into ARPAHLS:main Jul 8, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Docs]: Document skill trust model and operator security warnings (sub-issue of #17)

2 participants