Skills Night: 62,000 ways agents are getting smarter
Source: Vercel Blog
What We Learned
Tuesday night we hosted Skills Night in San Francisco, an event for developers building on and around the open‑skills ecosystem we’ve been growing since the idea started as a single weekend of writing.
What began as Shu Ding sitting down to document everything he knows about React has grown into 62 000 skills, 2 million skill‑CLI installs, and a community moving incredibly fast.
skills.sh
The Origin Story
“Shu Ding is one of the most talented web engineers I’ve ever worked with. He knows things about React and the browser that most people will never discover.” – [Name]
Last year Shu spent a weekend writing a kind of web bible—a collection of markdown documents that captured everything he knew about React.
We wanted to ship it, but the usual options didn’t fit:
| Option | Why it didn’t work |
|---|---|
| Blog post / static docs | Too slow to surface in next‑gen models (Claude Sonnet 8, GPT‑9) |
| MCP server | Overkill for a simple markdown collection |
Skills turned out to be the quickest way to deliver on‑demand knowledge.
While writing the instructions for installing React best practices, I kept copying the same installation steps for Cursor, Claude Code, Codex, and ten other coding agents—each with slightly different install directories.
So I built a CLI that installs a skill into every major coding agent at once. That CLI became the core of the ecosystem.
We added telemetry to surface new skills as they got installed; this data now powers the leaderboard at skills.sh.
“It’s a package manager for agent context.” – Malte Ubl, Vercel CTO
The whole thing went from idea to production on Vercel in days.
npx skills skills.shNow we track 62 000 skills and make them easy to discover and install with a single command, e.g.:
npx skill installGrowth = Attack Surface
Rapid growth brought quality variance.
Example: A skill that looked clean in markdown contained a Python file that opened a remote shell on install. You’d never catch that without inspecting every file in the directory.
Our response: Security partnerships with GenSocket, Snyk, and [Partner 3] to audit all existing skills and every new one that arrives.
We’re building an Audits leaderboard that provides per‑skill assessments and recommendations. The goal isn’t to lock things down; it’s to let you move fast with confidence. We’re always looking for new security partners who can bring unique perspectives and more trust signals to the ecosystem.
Partner Demos & Key Takeaways
| Partner | Demo Highlights | Core Insight |
|---|---|---|
| Ben Davis (Skills) | Ran a controlled experiment to close the training‑cutoff gap. Tested Svelte remote functions in four ways: 1️⃣ No context 2️⃣ Skills file with docs 3️⃣ Skill pointing to MCP 4️⃣ Code example in project | Every approach with context worked. The no‑context run (forced through a stripped‑down model) produced completely wrong output. Context matters more than medium; skills are the fastest way to provide that context. |
| Evan Bacon (Expo) | Showed native iOS feature upgrades driven entirely by Claude Code using Expo skills. New SwiftUI components, gesture‑driven transitions, and tab‑bar updates were applied automatically. Also demonstrated a work‑in‑progress skill that uses LLDB to read the iOS view hierarchy and auto‑fix keyboard‑handling bugs. | Agents can now drive the whole stack. Expo Go now auto‑fixes every crash as it occurs—a huge win for anyone who’s wrestled with Xcode. |
| Nick Khami (Mintlify) | Mintlify auto‑generates a skill for every documentation site they host (Claude Code docs, Coinbase, Perplexity, Lovable, etc.). Traffic to these sites is now 50 % coding agents, up from 10 % a year ago. | Skills are becoming infrastructure. The skill is no longer a manual doc‑team output; it’s a by‑product of well‑structured documentation. |
| David Cramer (Sentry) | Built Warden, a harness that runs skills as linters on pull requests via GitHub Actions, treating agents as a static‑analysis layer. | Demonstrates how skills can be embedded directly into CI pipelines. |
“Agents make mistakes. They sometimes tell you you’re absolutely right and then do the wrong thing.” – Guillermo Rauch, Vercel CEO
Shipping quality in the AI era means raising the bar on what those tokens actually produce, not just counting them. Skills give us a way to influence agents, keep them up‑to‑date with framework changes, and make them more token‑efficient by providing a straight path to the right answer.
The Bottom Line
- 2 million installs is a real signal of adoption.
- Security partnerships make the ecosystem trustworthy for teams.
- The most exciting work isn’t at the CLI level—it’s in the agents and tools that now treat skills as a first‑class primitive for distributing knowledge at scale.
We’ll keep building. Come find us at the next Skills Night or on skills.sh.
at .skills.sh
Context
- Where this came from
- The security problem we needed to solve
- What the demos showed us
- What we’re building toward
Solutions
Socket – is doing cross‑ecosystem static analysis combined with LLM‑based noise reduction, reporting 95 % precision, 98 % recall, and 97 % F1 across their benchmarks.
Gen – is building a real‑time agent trust layer called Sage that monitors every connection in and out of your agents, allowing them to run freely without risk of data exfiltration or prompt injection.
Snyk – is bringing their package‑security background to the skills context.