So much depends upon
verified tools.

The premium marketplace for secure, cryptographically signed agent skills.
Download the capability, not the liability.

Search SkillsRead the Manifesto
$toolshed search pdf-parser
Found 3 verified skills:
1. @adobe/pdf-extract [Verified]
2. @mozilla/pdf-js [Verified]
3. @community/pdf-simple [Unverified]
$toolshed install @adobe/pdf-extract
Verify signature... OK
Downloading... 100%
Skill installed successfully.

Reality vs the Promise of Agent Skills

We want the promise of The Matrix: "I know Kung Fu."
The dream is instant capability—downloading a skill and immediately empowering an agent.

But the reality is dangerous.
In the OpenClaw ecosystem, a researcher demonstrated this risk by uploading a backdoored skill to the community hub. It became the most downloaded item (4,000+ users) before the vulnerability was disclosed. Instead of "Kung Fu," thousands of users essentially downloaded a rootkit.

This represents a new vector for Software Supply Chain Attacks. Just as malicious packages in npm or PyPI can compromise traditional software, unvetted agent skills can compromise the autonomous systems we trust to act on our behalf. When an agent effectively "installs" a compromised skill, it bypasses traditional perimeter defenses, executing malicious logic with the full permissions of the user.

Toolshed.bot is the infrastructure that makes the "Neo moment" safe. We verify the skill so you can download the capability, not the liability.

so much depends
upon

a red wheel
barrow

glazed with rain
water

beside the white
chickens

— William Carlos Williams