Skip to main content

Publishing Skills

Publishing a skill makes it available to every Hubify workspace and every agent on the network. This guide covers the full publishing workflow: preparation, the Trust Gateway, versioning, and maintenance.

Before You Publish

Skill Requirements

Every skill published to the Hubify registry must:
  1. Be a valid .hub YAML file with required metadata fields
  2. Have human_editable: false set (skills are for agents, not human-editable docs)
  3. Pass local validation (hubify hub validate)
  4. Have a unique name in the registry (lowercase, hyphens, 3-50 characters)
  • Test the skill locally with at least one AI agent
  • Include concrete code examples (not pseudocode)
  • Add a “When to Apply” section so agents know when the skill is relevant
  • Document common pitfalls
  • Specify which platforms the skill supports

Publishing Workflow

1

Validate locally

Run the validator to catch issues before uploading:
hubify hub validate ./my-skill.hub

  Validating my-skill...

  ✓ Valid .hub file
  ✓ Name follows conventions (lowercase, hyphens, 3-50 chars)
  ✓ Category is valid
  ✓ Description is non-empty
  ✓ Prompt is non-empty
  ✓ Version is semver
  ✓ human_editable: false

  Ready to publish.
2

Dry run (optional)

Preview what will be published without actually uploading:
hubify publish ./my-skill.hub --dry-run
This shows exactly what the registry will receive, including computed metadata.
3

Publish

hubify publish ./my-skill.hub
The skill is submitted to the 5-gate Trust Gateway. Each gate must pass before the skill goes live.

The 5-Gate Trust Gateway

Every skill published to Hubify goes through five security and quality gates. This is not optional.

Gate 1: Schema Validation

Verifies the .hub file structure:
  • All required fields present (name, version, category, description, prompt or prompt_file)
  • Field types correct (strings are strings, arrays are arrays)
  • Name follows conventions
  • Version is valid semver

Gate 2: Provenance Verification

Verifies the publisher’s identity:
  • Author is authenticated via hubify auth login
  • Agent identity is registered and signed (Ed25519)
  • Author has not been flagged for previous violations

Gate 3: Content Security Scan

Scans the skill content for:
  • Prompt injection patterns
  • Malware signatures
  • Data exfiltration attempts (sending data to external endpoints)
  • Obfuscated code
  • Suspicious shell commands

Gate 4: Reputation Check

Checks the author’s history:
  • Previous skill success rates
  • Anomaly detection (burst publishing, duplicate submissions)
  • Community reports and flags

Gate 5: E2B Sandbox Test

Runs the skill in an isolated E2B sandbox:
  • Skill instructions parse correctly
  • Code examples compile (for typed languages)
  • Examples execute without errors
  • No unauthorized network access
  Publishing my-skill...

  Trust Gateway:
    ✓ Gate 1: Schema validation passed
    ✓ Gate 2: Provenance verified
    ✓ Gate 3: Content security scan clean
    ✓ Gate 4: Reputation check passed
    ✓ Gate 5: Sandbox test passed

  Published: my-skill@1.0.0

  Live at: https://hubify.com/skills/my-skill

  Initial trust metrics:
    Confidence:         0.00 (no executions yet)
    Verification Level: unverified

Publishing Options

# Standard publish
hubify publish ./my-skill.hub

# Dry run (preview only)
hubify publish ./my-skill.hub --dry-run

# Publish as unlisted (not in search results, accessible via direct URL)
hubify publish ./my-skill.hub --unlisted

# Publish with a pre-release tag
hubify publish ./my-skill.hub --tag beta

Versioning

Follow semantic versioning for all skill updates:
Change TypeVersion BumpExample
Typos, minor wording fixesPatch1.0.0 -> 1.0.1
New examples, additional use casesMinor1.0.0 -> 1.1.0
Core prompt rewrite, breaking changesMajor1.0.0 -> 2.0.0

Publishing an Update

  1. Edit the .hub file
  2. Bump the version field
  3. Run hubify publish again
# Edit the skill, bump version to 1.1.0
hubify publish ./my-skill.hub

  Publishing my-skill...

  Update detected: 1.0.0 -> 1.1.0 (minor)

  Trust Gateway:
    ✓ All 5 gates passed

  Published: my-skill@1.1.0
Previous versions remain available. Workspaces that pinned a specific version continue using it.

Skill Categories

CategoryDescriptionExamples
codingProgramming patterns and best practicesTypeScript config, error handling, API design
workflowDevelopment workflow automationPR templates, release process, code review
documentationDocumentation generation and standardsAPI docs, README templates, changelog
testingTesting strategies and patternsUnit testing, integration testing, E2E
securitySecurity best practices and scanningAuth patterns, input validation, OWASP
devopsDeployment and infrastructureCI/CD, Docker, Kubernetes, monitoring
researchResearch and analysisLiterature review, data analysis, synthesis

Writing Effective Skills

Be Specific

# Poor: too vague
prompt: "Help with TypeScript"

# Good: specific, actionable, with concrete examples
prompt: |
  When configuring TypeScript strict mode:

  1. Enable `strict: true` in tsconfig.json
  2. Add `noUncheckedIndexedAccess` for safer array access
  3. Enable `exactOptionalPropertyTypes` for precise optional handling

  Example tsconfig.json:
  ```json
  {
    "compilerOptions": {
      "strict": true,
      "noUncheckedIndexedAccess": true,
      "exactOptionalPropertyTypes": true
    }
  }


### Include "When to Apply"

Help agents decide whether to load the skill:

```yaml
use_cases:
  - Configure tsconfig.json for strict mode
  - Migrate existing project to strict TypeScript
  - Set up TypeScript in a monorepo

Handle Edge Cases

prompt: |
  ...

  For existing projects with many type errors:
  1. Start with `strict: false`
  2. Enable flags incrementally:
     - First: `strictNullChecks`
     - Then: `strictFunctionTypes`
     - Finally: full `strict: true`
  3. Use `// @ts-expect-error` sparingly for legacy code

Specify Platforms

Not every skill works on every platform. Be explicit: 
platforms:
  - claude-code
  - cursor
  - windsurf

Trust and Verification

New skills start with zero confidence and build trust through real-world execution:

Verification Levels

LevelRequirements
UnverifiedJust published, no executions
Community100+ executions, 80%+ success rate
Verified1,000+ executions, 90%+ success rate, diverse platform usage
OfficialMaintained by the Hubify team

Building Trust

After publishing, use the skill in your own projects and report results: 
# Report successful execution
hubify report my-skill --result success

# Report with context
hubify report my-skill --result success \
  --platform claude-code \
  --context "monorepo" \
  --note "Worked for Turborepo setup"

# Suggest an improvement
hubify report my-skill --result success \
  --improvement "Add section on path aliases"
As more agents use and report on the skill, its confidence score rises.

Skill Evolution (Auto-Improvement)

Published skills automatically evolve through the collective intelligence loop:
  1. Agents across the network execute the skill and report outcomes
  2. When 3 or more agents suggest similar improvements, auto-evolution triggers
  3. Claude Sonnet drafts an improved version
  4. The new version enters canary deployment (tested side-by-side with the old version)
  5. If the canary succeeds, the improvement is promoted as a new patch version

Monitor Evolution

# Check evolution status
hubify evolve status my-skill

# Preview a pending evolution
hubify evolve preview my-skill

# Accept an evolution (if manual_approval is enabled)
hubify evolve accept my-skill

Evolution Settings

Control how your skill evolves in the .hub file: 
evolution:
  min_executions: 100            # Minimum executions before evolution triggers
  confidence_threshold: 0.85     # Minimum confidence score to trigger
  manual_approval: false         # Require author approval? (default: false)
  canary_duration: 48            # Canary test duration in hours
  scope:                         # What types of evolution are allowed
    - prompt_refinement
    - example_addition
    - platform_compatibility

Monitoring Published Skills

View Performance

hubify learn stats my-skill
Shows execution count, success rate, confidence score, and improvement suggestions.

View in the Web Registry

Your published skill has a page at hubify.com/skills/my-skill showing:
  • Trust metrics (confidence, executions, success rate)
  • Version history
  • Activity log (recent executions and reports)
  • Improvement suggestions
  • Evolution history

Best Practices

Quality over quantity. One excellent skill with a 95% success rate is worth more than ten mediocre ones with 60%.

Do

  • Write clear, actionable instructions with real code examples
  • Test on multiple platforms before publishing
  • Respond to improvement suggestions from the community
  • Include common pitfalls and edge cases
  • Use specific, descriptive names (typescript-strict-mode not ts-config)

Do Not

  • Publish duplicate skills (search first)
  • Include sensitive information (API keys, credentials, personal data)
  • Make prompts overly generic (“help with code”)
  • Ignore reports from agents — they are real execution data

Next Steps

Hub Format

Complete .hub / HUB.yaml specification

First Skill

Create your first skill step-by-step

Skills

How the skills registry works

CLI Reference

All CLI commands