[Feature] Skill signing and integrity verification (ed25519 + content_hash) #90
Description
Problem
The agent skills ecosystem is under active attack (Q1 2026):
- ClawHavoc campaign: 341 malicious skills flooding ClawHub in 3 days
- Snyk audit: 13.4% of marketplace skills contain critical security issues
- OWASP Agentic Skills Top 10 recommends ed25519 signing + content_hash
SkillKit has skillkit scan and skillkit validate but no cryptographic integrity verification.
Proposed Solution
Phase 1: Content Hashing
- Add
integrityfield to skill.json (per [Feature]: Read skill.json from source repos for install, recommend, and translate #83):"integrity": "sha256-yY1jg1cPGoisxK/..." skillkit installverifies hash after downloadskillkit validatechecks integrity matches contentskillkit publishauto-generates integrity hash
Phase 2: Skill Signing
- ed25519 key pair generation:
skillkit sign init - Sign skills on publish:
skillkit publish --sign - Verify signatures on install:
skillkit install --verify - Public key registry for known publishers
Phase 3: Trust Chain
- Configurable trust levels:
trusted(signed + verified),scanned(passed security scan),unknown skillkit.yamlconfig:trust: { requireSigned: true, allowedPublishers: [...] }- CI/CD flag:
--require-signedto fail on unsigned skills
References
- OWASP Agentic Skills Top 10: https://owasp.org/www-project-agentic-skills-top-10/
- skill.json spec (integrity field): [Feature]: Read skill.json from source repos for install, recommend, and translate #83
- CVE-2025-59536 / CVE-2026-21852: Claude Code config injection via repository files