We've audited the dependencies, scanned the code, and pinned the supply chain. You bring the build — we'll keep the surprise CVEs out of it.
60,000+ audited skills · 12 MCP servers · MITRE ATT&CK & NIST CSF 2.0 mapped
Search the registry by what you're trying to do — security scanning, SEO checks, deployment, and more. Every skill shows a safety tier, not just a star rating.
Read the audit report, the dependency tree, and exactly what the skill touches. No black boxes. Pro unlocks the full report — not a teaser.
Pull a single skill, or grab a Blueprint — a pre-tested stack of skills that already work together. From install to production in a few hours, not a few sprints.
Most teams in 2026 are shipping LLMs on a vibe, a held-out test set, and Slack approvals. Promptfoo is the open-source MIT-licensed framework that turns LLM evaluation into a real CI gate — 6,500 stars, ~150 contributors, used in production by Anthropic, Shopify, Discord, and Brex. It runs as a YAML config, gates the deploy, and ships a red-team scanner that covers the OWASP LLM Top 10 out of the box. If you are not running it in your build pipeline, you are not shipping AI. You are shipping a vibe with a version number.
Most AI registries are basically link farms. We actually look at the code.
Every skill in the registry has been scanned for supply-chain risk, exposed credentials, and unsafe API calls. Pro users get the full report, not a TL;DR.
Dependency tree, deterministic hashes, and a plain-English summary of what the skill does and what it touches on your machine.
Tired of stitching tools together and hoping? A Blueprint is a pre-tested stack of skills that already play nice — install once, ship faster.
Start with the free tier to scope things out. Move to Pro when you need the audits. Scale to Enterprise when you need API access. No new vendor process each step.
Catch supply-chain attacks before they reach production. Scans your lockfiles, transitive deps, and known CVE exploit paths.
Ship your first Model Context Protocol server this week. Comes with the template project, auth, and tool registration wired up.
Technical SEO findings with developer-grade specificity. Not generic recommendations — output you can actually paste into your codebase.
Stop babysitting your own infrastructure. This assistant handles gateway throughput, audits system security, and keeps your local pipelines running — so you can focus on the actual work.
Start free. Upgrade when you need the audits or the stacks. Cancel anytime.
Free. Browse the registry, peek at the safety tiers, and try things out.
For builders who want the full audit, the safe-config scripts, and a clean env to work in.