CLI Reference

v0.4.16

Complete reference for every vskill command. Run npx vskill --help or npx vskill <command> --help for inline usage in your terminal.

vskill install <source>

Install a skill after running a full security scan. The source can be a skill name from the verified-skill.com registry, a GitHub repository, or a local file path. Every install triggers a security scan — there is no way to skip it.

bash

npx vskill install <source>

FlagDescription

--yes, -yAccept scan results and install without confirmation prompt

--global, -gInstall the skill globally instead of to the current project

--copyCopy the skill file instead of symlinking it

--skill <name>Install a specific skill from a multi-skill repository

--plugin <name>Install a specific plugin by name from a repository

--repo <owner/repo>Install from a GitHub repository

--agent <id>Install to a specific agent only (e.g. cursor, claude)

--forceOverwrite an existing installation

--allInstall all skills from a multi-skill repository

Source types:

Registry namenpx vskill install remotion-best-practices

GitHub reponpx vskill install remotion-dev/skills

Repo + pluginnpx vskill install --repo anton-abyzov/vskill --plugin frontend

Local pathnpx vskill install ./my-skill

ℹAuto-detection

vskill detects all installed AI agents (Claude Code, Cursor, Copilot, Windsurf, etc.) and installs the skill to all of them. Use --agent cursor to target a single agent.

vskill find <query>

Search the verified-skill.com registry for skills matching a keyword or category. Returns skill names, descriptions, trust tiers, and install counts.

bash

npx vskill find <query>

bash

# Search by keyword
npx vskill find react

# Search by category
npx vskill find --category frontend

vskill scan <path>

Run a security scan on a skill without installing it. Useful for skill authors who want to check their skill before submitting. Reports pattern matches, severity scores, and the overall verdict (PASS / CONCERNS / FAIL).

bash

npx vskill scan <path>

bash

# Scan a local skill
npx vskill scan ./my-skill

# Verbose output with pattern details
npx vskill scan --verbose ./my-skill

ℹPre-submission check

Always run vskill scan before vskill submit. The scan is identical to what the registry runs — if it passes locally, it will pass on submit.

vskill list

Show all installed skills with their trust tier, version, source, and install location. Displays both project-level and global installations.

bash

npx vskill list

vskill remove <skill>

Remove an installed skill. Cleans up symlinks and config entries from all detected agents, or a specific agent with --agent.

bash

npx vskill remove <skill>

bash

npx vskill remove remotion-best-practices

vskill update [skill]

Update an installed skill to its latest version. Diffs the new version against the locked version, re-scans for security issues, and shows a summary of changes before applying. If the scan fails, the update is blocked.

bash

npx vskill update [skill]

FlagDescription

--allUpdate all installed skills at once

bash

# Update a single skill
npx vskill update remotion-best-practices

# Update all installed skills
npx vskill update --all

vskill audit [path]

Run a full security audit on all skills in a project directory. Scans every installed skill, checks for blocklisted skills, and produces a consolidated report. Supports CI mode for pipeline integration and SARIF output for GitHub code scanning.

bash

npx vskill audit [path]

FlagDescription

--ciCI mode — exit with non-zero code on findings above threshold

--report sarifOutput results in SARIF format for GitHub code scanning

--severity <levels>Filter by severity levels (comma-separated: high,critical)

bash

# Audit current project
npx vskill audit

# CI pipeline with SARIF output
npx vskill audit --ci --report sarif

# Only show high and critical findings
npx vskill audit --severity high,critical

⚠CI integration

In CI mode, the audit exits with code 1 if any findings match the severity filter. Add npx vskill audit --ci to your CI pipeline to block deployments with untrusted skills.

vskill info <skill>

Display detailed information about a skill, including its description, author, verification status, trust tier, scan history, and install count. Works for both installed skills and registry skills.

bash

npx vskill info <skill>

bash

npx vskill info remotion-best-practices

vskill submit <source>

Submit a skill to the verified-skill.com registry for verification. The source must be a public GitHub repository containing a SKILL.md file. The skill goes through the full verification pipeline (static scan, LLM analysis, provenance check) before being listed.

bash

npx vskill submit <source>

bash

npx vskill submit owner/repo

ℹBefore submitting

Run npx vskill scan ./your-skill locally first. See the Security Guidelines for the full list of patterns and the pre-submission checklist.

vskill blocklist

View and manage the local blocklist of known malicious skills. Blocked skills cannot be installed. The blocklist is seeded from the verified-skill.com registry and updated automatically.

bash

npx vskill blocklist

vskill init

Initialize vskill in the current project. Creates the configuration files and vskill.lock needed to manage skills at the project level. Run this once in a new project before installing skills.

bash

npx vskill init

Related resources

Getting Started→Security Guidelines→Submitting Skills→