Top AI Product

tech-leads-club’s agent-skills shot to the top of GitHub trending this weekend with 923+ daily stars. It’s a curated, security-hardened skill registry for Claude Code, Cursor, Copilot, Antigravity, Windsurf, Cline, and 13 more AI coding agents.

## The security pitch

In an ecosystem where 13.4% of open-marketplace skills contain critical vulnerabilities, agent-skills positions itself as the trust layer. Everything is 100% open source (no binaries), runs through static analysis in CI/CD, ships with immutable integrity via lockfiles and content hashing, and every prompt is human-curated before it lands in the registry.

## How it works

Skills are packaged instructions and resources — think plugins for AI agents. The registry is a monorepo plus CLI tool with interactive and non-interactive modes. Install a skill, your agent picks up a new workflow. Version locking and hash verification prevent a silent malicious update from landing in your production agent setup.

## Why it matters

The skill-marketplace problem is the npm supply-chain problem all over again, except this time the package executes inside your coding agent with file-system and network access. agent-skills is the first project to take that threat model seriously and ship the lockfile + hash + static-analysis combo. If you run AI coding agents at scale, this is now the default registry to consider.