draft: example skills for proposed catalog restructuring#51
Closed
draft: example skills for proposed catalog restructuring#51
Conversation
…er-security) Two draft SKILL.md files demonstrating the proposed skill structure from the RFC analysis. These use spec-compliant Agent Skills frontmatter (metadata:, license, compatibility) and cross-reference each other. - _drafts/icp-cli/SKILL.md: CLI tooling skill (276 lines) - _drafts/canister-security/SKILL.md: Security patterns skill (391 lines) Both are drafts for review — not ready for skills/ directory until Issue #45 (frontmatter alignment) is resolved.
15 tasks
The endpoints field is a manually maintained count that easily drifts out of sync. No agent or discovery mechanism uses it. The site can compute operation counts from content at build time if needed.
The "Frontend — Safe Agent Configuration" section used the deprecated @dfinity/agent package and is out of scope for a canister security skill. The fetchRootKey warning remains in pitfall #6.
Replace deprecated fetchRootKey() advice with: - icp network status --json for local dev agents - ic_env cookie + getCanisterEnv() for frontends - Generic language covering all agents, not just frontends
The root key is not baked into @icp-sdk/core. Asset canisters provide it via ic_env cookie (since SDK v0.32.0). Non-frontend agents must obtain it via icp network status --json.
raymondk
reviewed
Feb 28, 2026
_drafts/canister-security/SKILL.md
Outdated
|
|
||
| ## Prerequisites | ||
|
|
||
| - `icp-cli` >= 0.2.0 — see [icp-cli](../icp-cli/SKILL.md) for setup |
Contributor
There was a problem hiding this comment.
I'm not sure if this type of link is ok.
From the spec it sounds like the directory should be self contained: https://agentskills.io/specification
https://agentskills.io/specification#file-references
- icp-cli
- SKILL.md
- references
- canister-security.md
Member
Author
There was a problem hiding this comment.
Agreed — this cross-link violated the spec's self-contained directory requirement. It's been removed in 25cbe9f.
All cross-skill file links (../other-skill/SKILL.md) are now gone from both drafts. Where a link previously pointed to essential info (e.g., freezing threshold command, saga pattern), we inlined the key content directly. Where it was just a "see also" convenience, we dropped it.
Regarding the references/ subdirectory approach you suggested — that makes sense when a skill needs to progressively disclose its own detailed content (e.g., icp-cli/references/recipes.md). But we didn't go that route here because the referenced content (canister-security) is a separate skill with its own scope. Duplicating it as a reference file inside icp-cli/ would create content that drifts out of sync. Instead, the agent runtime handles the connection — when a user's task involves both CLI usage and security patterns, the agent loads both skills based on their description triggers.
- Remove all cross-skill file links (../other-skill/SKILL.md) - Inline essential info where links were removed (saga pattern, freezing threshold, backup controller commands) - Drop status and dependencies from metadata (no real consumer) - Follow existing skill convention for prerequisites format
marc0olo
added a commit
that referenced
this pull request
Mar 2, 2026
Covers IC-specific security patterns: access control, anonymous principal rejection, TOCTOU/reentrancy, pre_upgrade traps, cycles monitoring, controller backup, fetchRootKey risks, admin guards, secret storage, storage exhaustion, callback trap inconsistency, and unbounded wait calls. Both Motoko and Rust implementations. Reviewed against IC interface specification, DFINITY security best practices, and recent audit findings. Adds @dfinity/security as CODEOWNER. Based on the draft from #51, with corrections: - inspect_message: specify boundary node bypass, not generic node - freezing_threshold: default is already 30 days, canister is uninstalled not deleted - fetchRootKey: not deprecated, required for local dev - Added pitfalls: pre_upgrade trap, storage exhaustion, callback trap after state mutation, unbounded wait calls - Links to official security best practices documentation
marc0olo
added a commit
that referenced
this pull request
Mar 2, 2026
Covers IC-specific security patterns: access control, anonymous principal rejection, TOCTOU/reentrancy, pre_upgrade traps, cycles monitoring, controller backup, fetchRootKey risks, admin guards, secret storage, storage exhaustion, callback trap inconsistency, and unbounded wait calls. Both Motoko and Rust implementations. Reviewed against IC interface specification, DFINITY security best practices, and recent audit findings. Adds @dfinity/security as CODEOWNER. Based on the draft from #51, with corrections: - inspect_message: specify boundary node bypass, not generic node - freezing_threshold: default is already 30 days, canister is uninstalled not deleted - fetchRootKey: not deprecated, required for local dev - Added pitfalls: pre_upgrade trap, storage exhaustion, callback trap after state mutation, unbounded wait calls - Links to official security best practices documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
This PR contains two draft SKILL.md files that demonstrate the proposed skill structure from the skills catalog restructuring analysis — see RFC Issue #52 for the full analysis and discussion.
These are not ready to merge into
skills/— the frontmatter uses the new Agent Skills spec-compliant format (metadata:,license,compatibility) which requires #45 to be resolved first.What's included
_drafts/icp-cli/SKILL.md(273 lines)icp-cliv0.2.0 command syntax_drafts/canister-security/SKILL.md(366 lines)inspect_message, anonymous caller rejection, async TOCTOU, freezing threshold, controller backup, root key handling (ic_envcookie,icp network status --json)system func inspectand#[inspect_message]Key design decisions demonstrated
metadata:,license: Apache-2.0,compatibilityreplacesrequires. Lean metadata: onlytitle,category,version(droppedstatus,dependencies,endpoints,tags)tool >= version (install: \command`)`Related
skills/)