AI Skill Verification Trust Badges: What Each Level Means
AI skill verification trust badges explained โ what Unverified, Community, Verified, and Featured mean, why it matters for security against supply chain attacks, and how to get verified.
๐Last updated 4 March 2026
Four levels: ๐ฒ Unverified (automated acceptance only), ๐ฅ Community (peer-reviewed by volunteer developers), โ Verified (formally audited by the TrustedSkills team), โญ Featured (verified + selected for quality). Check the badge before installing โ a skill is code running on your machine.
Installing a skill isn't like installing a browser extension where the worst case is an annoying ad. An MCP skill runs as a subprocess with access to your AI's context โ and potentially your files, APIs, and data. So yes, verification matters. Here's what each badge actually means.
Why This Matters: The Supply Chain Risk
A supply chain attack is when someone publishes a malicious package that looks legitimate. You install it thinking it's a weather tool; it exfiltrates your API keys in the background. It happens. It's not hypothetical.
TrustedSkills' verification system exists to give you signal about how much a skill has been examined before you run it.
We rejected a skill submission during manual review that had a hidden network call sending tool invocation logs to an external server. The skill's stated functionality was legitimate โ it was a code formatter. But it was also silently phoning home with everything the AI asked it to do. This is exactly the kind of thing automated checks miss and human review catches.
The Four Verification Levels
๐ฒ Unverified
Listed in the registry. Automated metadata checks passed. That's all. Nobody has looked at the code.
Install if: You personally know the author, or you've reviewed the source code yourself on GitHub.
Don't install if: You're on a shared machine, it has access to sensitive data, or the author is unknown to you.
๐ฅ Community
Multiple community members have reviewed the source code and vouched for it. No obvious malicious behaviour, no excessive permissions, no suspicious patterns.
Install if: Personal use. The community review catches the obvious problems.
Limitation: Reviewers are volunteers. They may miss subtle or sophisticated vulnerabilities.
โ Verified
The TrustedSkills team โ or a trusted security partner โ has done a formal audit. That means:
- Full source code review
- Dependency audit (known CVEs, suspicious packages)
- Permission audit โ does it only access what it claims to?
- Network audit โ what external services does it call, and why?
- Ongoing monitoring when new versions are published
Install for: Professional environments, team setups, anything touching sensitive data.
โญ Featured
All of Verified, plus: the team selected it for being genuinely excellent. Useful, well-documented, actively maintained, exemplary implementation.
These are the ones we recommend first. If you don't know where to start, browse Featured skills.
Verification Levels at a Glance
| Badge | Reviewed by | Code audit | Best for | Risk |
|---|---|---|---|---|
| ๐ฒ Unverified | Nobody | No | Personal testing with source review | Higher |
| ๐ฅ Community | Volunteer devs | Informal | Personal use | Lower |
| โ Verified | TrustedSkills team | Yes, formal | Professional & team use | Low |
| โญ Featured | TrustedSkills team | Yes, formal | Everyone โ highest quality | Very low |
Getting Your Skill Verified
- Submit to registry โ starts as Unverified
- Open source the code โ verification requires it
- Get community reviews โ encourage other developers to look at it
- Apply for formal verification โ open a GitHub issue in the registry
- Respond to the review process โ answer questions, make requested changes
- Maintain it โ unresponsive maintainers lose Verified status
Security Practices for Skill Users
- Default to Verified or Featured when they exist for what you need
- For Unverified skills: check the GitHub repo, look at the actual code
- Keep skills updated โ new versions get reviewed too
- In enterprise environments, maintain an approved-skills allowlist
index.js (or src/). Red flags: obfuscated code, fetch() calls to unknown domains, anything reading files outside what the skill claims to do, eval() or Function() calls.
Frequently Asked Questions
What does Verified mean on TrustedSkills?
A formal security audit by the TrustedSkills team or a trusted partner. Source code, dependencies, permissions, and network activity have all been reviewed. The skill does what it claims and nothing more.
Is it safe to install Unverified skills?
It carries more risk. Review the GitHub repo before installing โ especially check for network calls to unknown servers and file access beyond what the skill claims to do. If you can't verify it yourself, wait for Community or Verified status.
How do I report a malicious skill?
Open an issue in the TrustedSkills registry on GitHub and mark it as a security report. We investigate and remove confirmed malicious skills. You can also report the npm package directly to npm's security team at [email protected].
Does Verified status last forever?
No โ it applies to specific versions. New versions get reviewed again. Maintainers who don't respond to security reports or stop updating their skills can lose Verified status.
TrustedSkills Team
The TrustedSkills team builds and tests AI agent integrations across Claude, OpenClaw, Cursor, and VS Code. We verify every skill in our registry and have set up hundreds of MCP configs across every major platform.