Vercel's skills CLI has 220k weekly downloads, supports 38+ agents, and solves one problem cleanly: npx skills add owner/repo gets a SKILL.md into your agent's skills folder. It's well-made. But it has serious gaps.
No identity
The publisher's "identity" is a GitHub username — created in seconds, compromised regularly, controlled by Microsoft. No cryptographic signature on the skill. Git commits can be force-pushed. Tags can be moved. The content you install today might not be what was there yesterday.
On Skillpub, every skill is signed by a Nostr keypair. If modified after publication, the SHA-256 hash won't match. The identity is a key the publisher controls, not a username a corporation controls.
No trust layer
No reputation system, no reviews, no way to ask "has anyone I know vetted this?" The FAQ mentions "routine security audits" — the same centralized approach that failed ClawHub before researchers found hundreds of malicious skills in their registry.
You can audit the CLI tool itself. You can't audit the content it pulls — and that content can change between the moment you review it and the moment you install it.
Skillpub provides trust infrastructure: every skill is hash-pinned (tamper with it and the install fails), signed by a Nostr key (the publisher's reputation is permanently on the line), and open to signed attestations from auditors in your web-of-trust. Security isn't a platform feature — it's a market where auditors stake their identity on every review.
No payments
Free-only means no incentives. Write a Salesforce connector that replaces a $20/month integration? You get a GitHub star. Same deal open-source developers have had for decades.
Skillpub lets publishers price skills in sats. Cashu ecash, Lightning via NWC, autonomous agent payments. No credit card, no platform cut. This enables models that don't exist yet: per-invocation charging, agent-to-agent transactions, paid attestations.
No agent autonomy
npx skills add assumes a developer at a keyboard. An autonomous agent can't browse skills.sh, evaluate a README, or run a CLI.
An agent needs a protocol: query relays for capabilities, evaluate WoT scores, verify hashes, pay in sats, install — all programmatic, all policy-bound, no human in the loop.
The GitHub dependency
Every skill lives on GitHub. GitHub down? No installs. GitHub blocks your country? No access. No federation, no mirroring, no competing directories. Microsoft controls the namespace.
Skillpub publishes skills as Nostr events to relays. Anyone can run a relay. If one goes down, skills exist on others.
What this means
skills is a tool. Skillpub is a protocol. A tool gets a file from A to B. A protocol defines how skills are published (signed events), trust established (WoT), payment works (bitcoin), and verification happens (hashes in signed events).
When an agent needs to autonomously acquire a capability — evaluate trust, pay the publisher, verify the download — it needs more than a CLI wrapping git clone. It needs a protocol.
Skillpub is the open marketplace for agent skills. Every skill is signed by a Nostr key, hash-verified, reviewed by your web-of-trust, and payable in bitcoin.