grtninja/skill-installer-plus
skill-candidates/skill-installer-plus/SKILL.md
Run local-first skill installation with lockdown admission and a learning recommendation loop. Use when adding/updating skills so installs are evidence-gated and future install choices improve from prior outcomes.
$ install --global
skillsauthnpx skillsauth add grtninja/skill-arbiter skill-installer-plusInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 2:42 PM30.3s4 files scanned
SKILL.md
- name:
- skill-installer-plus
- description:
- Run local-first skill installation with lockdown admission and a learning recommendation loop. Use when adding/updating skills so installs are evidence-gated and future install choices improve from prior outcomes.
Skill Installer Plus
Use this skill to streamline safe skill installs and continuously improve install decisions.
Workflow
- Generate a recommendation plan from local candidates and prior outcomes.
- Evaluate usage guardrails with
$usage-watcher,$skill-cost-credit-governor, and$skill-cold-start-warm-path-optimizerbefore final admit decisions. - Admit selected skills through
skill-arbiterin personal-lockdown mode. - Persist outcomes to the installer ledger and optionally ingest trust-ledger events.
- Record manual post-install feedback after real usage.
Plan Recommendations
python3 "$CODEX_HOME/skills/skill-installer-plus/scripts/skill_installer_plus.py" \
--ledger "$CODEX_HOME/skills/.skill-installer-plus-ledger.json" \
plan \
--skills-root skill-candidates \
--dest "$CODEX_HOME/skills" \
--trust-report /tmp/skill-trust-report.json \
--json-out /tmp/skill-installer-plus-plan.json
Admit Skills
python3 "$CODEX_HOME/skills/skill-installer-plus/scripts/skill_installer_plus.py" \
--ledger "$CODEX_HOME/skills/.skill-installer-plus-ledger.json" \
admit \
--skill skill-installer-plus \
--source-dir skill-candidates \
--dest "$CODEX_HOME/skills" \
--window 10 --baseline-window 3 --threshold 3 --max-rg 3 \
--arbiter-json /tmp/skill-installer-plus-arbiter.json \
--json-out /tmp/skill-installer-plus-admit.json
Batch admit from a curated list:
python3 "$CODEX_HOME/skills/skill-installer-plus/scripts/skill_installer_plus.py" \
--ledger "$CODEX_HOME/skills/.skill-installer-plus-ledger.json" \
admit \
--skills-file /tmp/candidate-skills.txt \
--source-dir skill-candidates \
--dest "$CODEX_HOME/skills" \
--window 10 --baseline-window 3 --threshold 3 --max-rg 3 \
--arbiter-json /tmp/skill-installer-plus-arbiter-batch.json \
--json-out /tmp/skill-installer-plus-admit-batch.json
Record Manual Feedback
python3 "$CODEX_HOME/skills/skill-installer-plus/scripts/skill_installer_plus.py" \
--ledger "$CODEX_HOME/skills/.skill-installer-plus-ledger.json" \
feedback \
--skill skill-installer-plus \
--event success \
--note "real workflow stable" \
--json-out /tmp/skill-installer-plus-feedback.json
Show Ledger State
python3 "$CODEX_HOME/skills/skill-installer-plus/scripts/skill_installer_plus.py" \
--ledger "$CODEX_HOME/skills/.skill-installer-plus-ledger.json" \
show \
--recent 10 \
--json-out /tmp/skill-installer-plus-show.json
Scope Boundary
Use this skill only for the skill-installer-plus lane and workflow defined in this file and its references.
Do not use this skill for unrelated lanes; route those through $skill-hub and the most specific matching skill.
Admission decision is incomplete without usage guardrail evidence paths from usage-watcher, skill-cost-credit-governor, and skill-cold-start-warm-path-optimizer.
Evidence Contract
For each admit cycle, keep:
plan_jsonadmit_jsonarbiter_jsontrust_ingest_status- optional
feedback_json
If any required artifact is missing, installation governance is incomplete.
References
references/learning-loop.md
Loopback
If this lane is unresolved, blocked, or ambiguous:
- Capture current evidence and failure context.
- Route back through
$skill-hubfor chain recalculation. - Resume only after the updated chain returns a deterministic next step.
Related Skills
grtninja/white-hat
tools
VerifiedTrustedCommunity
Run a defender-first security sweep on code, configs, prompts, model/tooling surfaces, or third-party contribution lanes. Use when a request involves safe bug, leak, zero-day-class, exploit, or hack hunting for protection, when contributing to outside repositories and you want a focused security pass, or when touching auth, secrets, permissions, network exposure, prompt/tool boundaries, data flow, or update/build surfaces. This skill is defensive only and must never be used for weaponization or unauthorized access.
2SKILL.mdUpdated Apr 22, 2026
grtninja/vrm-sandbox-startup-acceptance
development
VerifiedTrustedCommunity
Validate and repair VRM Sandbox startup acceptance with shim-first local model authority, frontend/backend bring-up, and avatar-runtime launch proof. Use when launch behavior, chat handoff, voice fallback, or runtime bridge acceptance must be verified end to end.
2SKILL.mdUpdated Apr 22, 2026
grtninja/voice-catalog-runtime-alignment
documentation
VerifiedTrustedCommunity
Align documented voice-command catalogs, endpoint action allowances, and live runtime handlers so operator-visible voice surfaces match what the stack can actually execute. Use when voice command docs, parser matrices, endpoint permissions, or runtime action routing drift apart.
2SKILL.mdUpdated Apr 22, 2026
grtninja/skillhub-trend-radar
development
VerifiedTrustedCommunity
Track SkillHub trend and topic drift, maintain a bounded rewrite watchlist, and surface emerging gaps worth turning into repo-owned skills. Use when the marketplace query set shows new families or when the current shortlist has gone stale.
2SKILL.mdUpdated Apr 22, 2026