Getting Started
Publish your first licensed skill in under 5 minutes.
What is a skill?
A skill is an instruction file — usually a SKILL.md — that tells an AI agent how to perform a specific task. It contains prompts, workflows, decision logic, and domain knowledge packaged for distribution.
SkillVault encrypts your skill at publish time and distributes it as a licensed vault file. Customers install it with one command. The skill decrypts on-demand at runtime, gated by a license check on every load. You control who has access and can revoke it anytime.
Publish with your agent
Paste this into Claude Code (or any agent) and it will handle everything — account creation, skill writing, and publishing. The only manual step is clicking a verification link in your email.
I want to set up a SkillVault publisher account and publish my first skill. 1. Register: npx skillvault-publisher register --email MY_EMAIL --name "MY_NAME" --server https://api.getskillvault.com (I'll click the verification link in my email — the CLI will wait for me) 2. After verification, scaffold a new skill: npx skillvault-publisher init 3. Help me write the SKILL.md content for a skill that [DESCRIBE WHAT YOUR SKILL DOES] 4. Publish it: npx skillvault-publisher publish ./[skill-name]/ 5. Show me how to invite a customer
Quickstart
Create a publisher account
Sign up from the dashboard. You'll get a publisher ID and access to the CLI.
Create Account →Install the publisher CLI
Install globally or run via npx — no install needed.
npm install -g skillvault-publisherLog in
Run login --email and the CLI sends you a verification email. The two-step magic-link flow keeps anyone else from minting a session for your email.
skillvault-publisher login --email you@example.com- Open the email and click the magic link — it signs you into the dashboard.
- In the dashboard, go to Settings → CLI Token and click Copy.
- Paste the token back into the CLI:
skillvault-publisher login --token <paste-from-dashboard>Tokens last 24 hours. Sign out of the dashboard to invalidate everywhere.
Scaffold and write your skill
This creates a directory with a SKILL.md template. Edit it with your instructions, prompts, and logic.
skillvault-publisher init my-skill
# Edit my-skill/SKILL.md with your skill contentPublish
One command encrypts your skill with AES-256 and publishes it to the registry.
skillvault-publisher publish ./my-skill/Invite customers
Create invite codes from the dashboard or API. Your customer runs one command in the project folder where they want the skill installed:
cd ~/projects/their-app
npx skillvault --invite YOUR_INVITE_CODEThe customer agent shows a [Y/n/g] confirmation prompt with the exact files it's about to write, then installs the encrypted stub into ./.skillvault/ and ./.claude/ by default (project-scoped). The customer's identity (credentials.json) is the only file that lives globally at ~/.skillvault/. Customers can pass --global for the old all-user install, or --dry-run to preview without writing anything. The skill decrypts on-demand with a valid license — checked on every load.
Two CLIs, two roles
skillvault-publisher
For publishers (you). Publish skills, manage versions, check analytics.
npx skillvault-publisher publish ./skill/skillvault
For customers. Install skills, sync updates, load into their agent.
npx skillvault --invite CODEWorkspaces
A workspace is a skill source directory that's been anchored to your publisher account. Linking writes a small .skillvault-publisher/workspace.json file (mode 0644, designed to be committed to git alongside your skill source) that records this directory belongs to publisher X and produces skill Y.
With a workspace linked, three things become reliable:
- →Cross-account safety. If you're logged in as a different account than the one the workspace is linked to,
publishrefuses with a clear error and three suggested fixes. No silent publishes to the wrong account. - →Rename detection. Editing the
name:field in yourSKILL.mdfrontmatter no longer silently creates a new server skill — the CLI catches the drift and refuses to publish without--force. - →Team onboarding. A teammate clones the repo, runs
skillvault-publisher publish, and the manifest tells the CLI exactly which server skill to update — under the organization'spublisher_id, not theirs.
Recommended workflow:
# Scaffold a new skill, link it, edit, publish
skillvault-publisher init my-skill
cd my-skill
skillvault-publisher login --email you@example.com
skillvault-publisher publish # auto-links on first publish
git add SKILL.md references/ .skillvault-publisher/workspace.json
git commit -m "Add my-skill"From any directory, list every linked workspace with skillvault-publisher workspaces or jump to one with cd $(skillvault-publisher workspaces find my-skill). CI runners can pass --workspace <path> to target a specific skill from anywhere, or --no-link to publish with zero side effects on the runner's filesystem.
Teams & per-skill access
A SkillVault account isn't one user — it's a publisher with a team. Invite collaborators with one of three account-level roles, then control which team members can manage which skills with per-skill access grants.
Account roles
| Role | Can do |
|---|---|
| Owner | Everything. Founding identity. Only role that can change publisher name/email or upgrade tier. |
| Admin | Manage every skill, the team, webhooks, alerts, and enforcement policy. Cannot change founding owner identity. |
| Member | By default sees only the skills they publish themselves (auto-granted owner ACL on first publish) or are explicitly granted access to. No team or billing access. |
Inviting team members
Owners and admins invite collaborators by email. The invite is delivered as a magic link — clicking it activates the membership.
# Invite a member (default role)
skillvault-publisher team add bob@example.com --role member
# Invite an admin
skillvault-publisher team add carol@example.com --role admin
# List the team
skillvault-publisher team
# Remove someone (use email or member id)
skillvault-publisher team remove bob@example.com --yesPer-skill access grants
Account-level members start with no skill visibility. To collaborate on a specific skill, grant them one of three skill-level roles:
- readSees the skill in their list and can fetch its details. Cannot publish new versions or delete.
- writeRead + can publish new versions. Cannot delete, archive, rollback, or grant other ACLs.
- ownerFull control of this one skill. Delete, archive, rollback, and sub-grant other team members. Members get this automatically on the skills they publish themselves.
Owners and admins always have implicit owner access on every skill — they don't need ACL rows. ACLs are only meaningful for account-level members.
# Inside a linked workspace, the skill name is inferred:
skillvault-publisher skill-acl add bob@example.com --role read
# Or specify the skill explicitly:
skillvault-publisher skill-acl pdf-extractor add bob@example.com --role write
# List who has access:
skillvault-publisher skill-acl pdf-extractor list
# Revoke access:
skillvault-publisher skill-acl pdf-extractor remove bob@example.com --yesYou can also manage skill access from the dashboard — every skill detail page has an Access section with the same grant/revoke controls. Per-skill grants require the target email to already be a team member; cross-account sharing is not supported.
Publisher CLI reference
All commands are available via npx skillvault-publisher <command> or install globally with npm i -g skillvault-publisher. Run any command with --help for full options.
Account
| register --email <email> | Create a new publisher account |
| login --email <email> | Send a magic-link verification email |
| login --token <token> | Complete login with the CLI token from Settings → CLI Token |
| logout | Remove stored credentials |
| whoami | Show current publisher, role, per-skill ACLs, and device fingerprint |
Team & access control
| team | List members of your publisher team |
| team add <email> --role member|admin | Invite a collaborator (sends a magic-link email) |
| team remove <email-or-id> --yes | Remove a team member |
| skill-acl <skill> list | List per-skill access grants on a skill |
| skill-acl <skill> add <email> --role read|write|owner | Grant a team member access to a specific skill |
| skill-acl <skill> remove <email-or-id> --yes | Revoke a per-skill access grant |
Skill lifecycle
| init <name> | Scaffold a new skill directory with starter SKILL.md |
| publish [dir] | Encrypt and publish a skill to the registry |
| publish-all [dir] | Discover and publish every SKILL.md under a directory tree |
| update [dir] | Push a new version of an existing skill |
| list | List your published skills |
| info <source> | Show metadata from a .vault file (no key required) |
| changelog [skill-name] | View version history and release notes |
| skill-status [skill-name] | Show detailed status for a skill |
| skill-delete [skill-name] | Permanently delete a skill and free its tier slot |
| skill-unarchive [skill-name] | Restore an archived skill to active status |
Workspaces
| link [dir] | Anchor a skill source directory to your account (writes .skillvault-publisher/workspace.json) |
| unlink [dir] | Remove the workspace link from a skill source directory |
| workspaces | List every linked skill source directory on this machine |
| workspaces find <name> | Print the absolute path of a linked workspace by skill name |
Customers & licensing
| invite | Manage customer invites (send, bulk, list, revoke) |
| customers | List your customers |
| licenses | List active skill licenses |
| grants | List capability grants issued to customers |
| revoke-grant <grant-id> | Revoke a capability grant by ID |
Analytics & security
| analytics | View publisher analytics |
| audit | View audit log events |
| watchtower | Watchtower security dashboard |
| investigate <skill-name> | Investigate a suspected skill leak |
| watermark-decode | Analyze leaked content for forensic watermarks (local-only) |
| webhook <action> | Manage publisher webhook (set, test, status) |
How it works
- 1.You write a skill — a
SKILL.mdfile with instructions, prompts, and logic. - 2.You publish it. The CLI encrypts it with AES-256 and uploads the ciphertext to the registry.
- 3.You create an invite and send it to a customer.
- 4.Customer runs
npx skillvault --invite CODE— the skill installs as an encrypted stub. - 5.When the agent triggers the skill, it decrypts on-demand. The license is checked on every load.
- 6.You can revoke access anytime from the dashboard. The skill stops working immediately.
Publisher dashboard
Your dashboard at app.getskillvault.com is where you manage skills, monitor usage, control customer access, and configure integrations. It also includes a CLI reference and prompt templates you can paste directly into your agent sessions.
Ready to publish?
Free tier includes 1 skill with unlimited licenses.
Create Publisher Account →