Security & audit
A skill is a piece of software your AI agent will execute on your machine. Recipes treats it that way. Below is exactly what happens between a creator pushing code and an install command landing on your laptop.
Every published skill ships with a positive-allowlist manifest. The linter blocks merge if a skill reads, writes, or sends anything not on the list — credentials, environment variables, network destinations, file paths. We don't try to enumerate "bad" patterns; we explicitly enumerate the "good" ones.
proof: github.com/wisechef-ai/recipes-skill/blob/main/MANIFEST.allowlist.yaml
Before a skill goes live, it runs in an ephemeral container with no outbound network except the explicitly allowlisted domains. The runner records every syscall, every fetch, every disk write, and replays it for a human reviewer. Skills that touch surfaces they didn't declare are rejected.
proof: recipes-api/app/security_scan.py
Each skill is signed (Ed25519) by its creator. The signature, the published tarball SHA-256, and the source commit URL are stamped on the public skill page. Bad actors can't quietly replace a tarball — the hash mismatch is detectable by every install.
proof: recipes verify <slug>
You can read, fork, audit, or replace anything you install.
Skills run on your machine. We see install events; we do not see your data.
Mtime/uid/gid stripped. Two packs of the same source produce byte-identical archives.
Every audit decision is in the GitHub issue/PR history of the awesome-agent-recipes monorepo.
Verify a skill yourself
recipes verify client-reporter The CLI re-downloads the tarball, recomputes its SHA-256, and prints the source URL + signature. If anything ever drifts from what we published, this command fails loudly.
Last full audit pass: · Source on GitHub · Apache-2.0 licensed
Quick check
Anonymous. Five questions, ~30 seconds.