You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been thinking about how we identify and trust skill bundles as the ecosystem grows. With skills coming from everywhere now, how do we know what we're actually installing?
So I wrote up an RFC exploring this: Skill Bundle Attestation (SBA), which is basically a way to give skill bundles verifiable identities using content hashes, semantic versioning, and optional cryptographic signatures.
The core idea: deterministic URNs (like urn:sba:sha256-abc123:1.0.0) that uniquely identify a skill bundle's exact contents. Add optional signatures for author verification.
This was just a passion project while exploring how skills could work in larger deployments, so I'm genuinely curious whether something like this could be useful as skills proliferate. I don't have bandwidth to actively maintain it, but if anyone finds the ideas interesting and wants to take them further, that would be amazing.
Would love to hear what you think - even if it's "this already exists" or "here's why this wouldn't work" (or "this is a terrible idea" 😄)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hi everyone,
I've been thinking about how we identify and trust skill bundles as the ecosystem grows. With skills coming from everywhere now, how do we know what we're actually installing?
So I wrote up an RFC exploring this: Skill Bundle Attestation (SBA), which is basically a way to give skill bundles verifiable identities using content hashes, semantic versioning, and optional cryptographic signatures.
PDF | GH Repo
The core idea: deterministic URNs (like urn:sba:sha256-abc123:1.0.0) that uniquely identify a skill bundle's exact contents. Add optional signatures for author verification.
This was just a passion project while exploring how skills could work in larger deployments, so I'm genuinely curious whether something like this could be useful as skills proliferate. I don't have bandwidth to actively maintain it, but if anyone finds the ideas interesting and wants to take them further, that would be amazing.
Would love to hear what you think - even if it's "this already exists" or "here's why this wouldn't work" (or "this is a terrible idea" 😄)
Thanks in advance,
Jase
Beta Was this translation helpful? Give feedback.
All reactions