SKILL.md
- A markdown file at the root of a GitHub repository that describes an AI skill — its name, purpose, capabilities, installation instructions, and supported AI assistants. Anthropic's emerging standard for packaging modular AI capabilities.
Model Context Protocol (MCP)
- An open standard from Anthropic that connects AI assistants to external tools, databases, APIs, and file systems. MCP defines how an AI client and a context-providing server exchange tool calls and resource reads over a standardized protocol.
MCP Server
- A program that implements the Model Context Protocol and exposes tools (callable functions) and resources (readable data) to MCP-aware AI assistants. Examples: Postgres MCP server, GitHub MCP server, Linear MCP server.
AI Agent Skill
- A reusable instruction package that extends an AI coding assistant with specialized capabilities — a workflow, tool integration, prompt template, or domain knowledge. May be packaged as SKILL.md, an MCP server, a CLI tool, or an IDE extension.
AI Coding Assistant
- A general-purpose LLM-based developer tool that reads code, writes code, runs commands, and uses tools to complete software-engineering tasks. Examples: Claude Code, Codex CLI, ChatGPT (with code interpreter), GitHub Copilot agents.
Claude Code
- Anthropic's official CLI for the Claude model family. An interactive agent that performs software-engineering tasks via tool use (file edits, shell commands, search, web fetches). Loads skills from SKILL.md files in a workspace's skills directory.
Codex CLI
- OpenAI's command-line coding assistant built on the Codex/GPT model family. Performs file edits, shell commands, and tool use similar to Claude Code. Compatible with many of the same skill patterns.
Semgrep
- An open-source static analysis engine that scans source code for known vulnerability patterns (SQL injection, XSS, hardcoded secrets, insecure deserialization, etc.). SkillsLLM runs Semgrep on every indexed skill as part of its daily security scan pipeline.
Security Scanning
- Automated analysis of an AI skill's source code and dependencies for known vulnerabilities. SkillsLLM combines Semgrep (static analysis), npm audit (JavaScript dep CVEs), and pip-audit (Python dep CVEs). Results are surfaced as PASS, WARNING, or FAIL on each skill page.
Agent Loop
- The repeated cycle of plan → tool call → observation that an AI agent performs to accomplish a task. Each iteration produces a tool call (file edit, shell command, search), an observation of the result, and a planning step that decides the next action.
Tool Use
- The mechanism by which an LLM-based agent invokes external functions — file system operations, shell commands, database queries, web fetches. The model emits a structured tool call; the runtime executes it and returns the result for the model to reason over.
AI Skills Marketplace
- A curated directory of reusable AI skills that developers can browse, install, and submit. Differs from raw GitHub search by adding categorization, security scanning, community signals (votes, comments), and editorial quality filters.