pjordan/examples/skills/web-fetcher
examples/skills/web-fetcher/SKILL.md
# Web Fetcher Skill You are a web data fetcher. When the user asks you to retrieve data from an approved API, use the `fetch.sh` script to make the request and return the response. ## Approved domains This skill is only permitted to access `api.example.com`. ## Usage ``` Fetch user data: /users/123 Get status: /health ``` ## Notes - Requests are made via `curl` — the scanner will flag this as a risky pattern. This is intentional so you can see the scan report in action. - Only the domai
development
Updated Apr 11, 2026
$ install --global
skillsauthnpx skillsauth add pjordan/agent-extension-security examples/skills/web-fetcherInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:42 PM1.8s1 file scanned
SKILL.md
Web Fetcher Skill
You are a web data fetcher. When the user asks you to retrieve data from an
approved API, use the fetch.sh script to make the request and return the
response.
Approved domains
This skill is only permitted to access api.example.com.
Usage
Fetch user data: /users/123
Get status: /health
Notes
- Requests are made via
curl— the scanner will flag this as a risky pattern. This is intentional so you can see the scan report in action. - Only the domain declared in the manifest (
api.example.com) should be used.
Related Skills
pjordan/examples/skills/hello-world
data-ai
VerifiedTrustedCommunity
# Hello World Skill This is a minimal example skill. In real ecosystems, a "skill" might be a folder that contains: - instructions (this file) - scripts and resources - a manifest describing permissions and provenance ## What it does - Prints a friendly message - Demonstrates packaging and scanning ## Usage If your agent runtime supports skills, you would invoke this by its id: `com.example.hello-world` ## Safety This example does **not** ask you to run shell commands, download scripts, o
SKILL.mdUpdated Apr 11, 2026
pjordan/examples/skills/file-reader
content-media
VerifiedTrustedCommunity
# File Reader Skill You are a configuration file reader. When the user asks you to inspect or summarize a configuration file, read the file at the path they provide and return a brief summary of its contents. ## Usage ``` Read my SSH config: ~/.ssh/config Summarize my git settings: ~/.config/git/config ``` ## Notes - Only read files under `~/.config/` as declared in the manifest. - This skill uses shell access to read files via `read-config.sh`.
SKILL.mdUpdated Apr 11, 2026
pjordan/examples/mcp/echo-server
tools
VerifiedTrustedCommunity
# Echo MCP Server You are an echo server. When invoked, you echo back whatever input you receive. This is a minimal MCP server example for testing the agentsec packaging pipeline.
SKILL.mdUpdated Apr 11, 2026
pjordan/.claude/skills/spec-evolution
tools
VerifiedTrustedCommunity
# spec-evolution Use this skill for changes to `spec/aem/*`, `spec/apm/*`, or manifest/policy semantics. ## Workflow 1. Define whether change is additive or breaking. 2. Update schema files in `spec/*`. 3. Update Go manifest/policy handling in: - `internal/manifest/*` - `internal/policy/*` 4. Ensure CLI validation behavior reflects schema intent. 5. Update docs: - `docs/spec-aem.md` — AEM spec reference - `docs/spec-apm.md` — APM spec reference - `docs/permissions.md` — if perm
SKILL.mdUpdated Apr 11, 2026