0The bigger picture — three strategic roles
Skill is the only module that plays three distinct strategic roles at once. Reviewing it under any single lens (open-standard runtime, BRAIN integration enabler, or vertical-pack moat) misses two-thirds of its value. The three roles must be held simultaneously.
Role 1 · Open-standard citizen
🌐
Day-1 distribution reach
Every CyberOS skill loads unmodified in Claude Code, Codex, Cursor, VS Code+Copilot, Goose, Amp, Gemini CLI. The standard is open; we don't invent. Distribution via local cache · OCI registry · agentskills.io.
12+ clients · Anthropic Agent Skills spec · OCI + cosign verifiable
Role 2 · BRAIN-protocol enabler
🧠
Capability broker → audit chain
Every skill declares allowed_brain_scopes. The capability broker enforces — first-use approval, scope-limited reads against Personal BRAIN + Lumi's BRAIN, every invocation emits a memory row. The capture daemon is a skill bundle. The synthesis sub-skill is a skill bundle.
Per AGENTS.md §3.6 + §11 · BRAIN_AUTOSYNC_DESIGN.md Stages 1–5
Role 3 · Vertical-pack moat
🇻🇳
Locally-defensible differentiation
cyberskill-vn (6 skills: MST · VAT · VietQR · CCCD · legal · tax) is the proof-of-pattern. The same recipe produces cyberskill-sg / -id / -th / -eu / -us packs. Each pack is a defensible local moat a global vendor cannot easily replicate.
Strategy doc §4 Level-4 · vertical packs as the actual compounding asset
Where Skill sits in the CyberOS dependency graph
graph TB
BRAIN["🧠 BRAIN
Personal + Lumi's
shipped + Stages 1–5"]
AUTH["🔐 AUTH
tenant + subject identity
planned"]
AI["⚡ AI Gateway
LLM cost ledger
planned"]
MCP["🔌 MCP Gateway
tool federation
planned"]
SKILL["🛠 SKILL
this module"]
CUO["🎯 CUO
router · 10 C-level skills"]
ANY["any tenant module"]
EXT["external Agent Skills clients
Claude / Codex / Cursor / etc."]
BRAIN --> SKILL
AUTH --> SKILL
AI --> SKILL
MCP --> SKILL
SKILL --> CUO
SKILL --> ANY
SKILL --> EXT
SKILL -. allowed_brain_scopes .-> BRAIN
CUO -. uses .-> SKILL
classDef shipped fill:#f5ede6,stroke:#45210e,stroke-width:2px
classDef self fill:#f9c64f,stroke:#45210e,stroke-width:2.5px
classDef planned fill:#f0eee9,stroke:#9c9286,stroke-dasharray:4 3
class BRAIN,CUO,EXT shipped
class SKILL self
class AUTH,AI,MCP,ANY planned
Skill is the only module that touches the open external ecosystem (the right-hand "external Agent Skills clients" node) and produces consumable artefacts for it. This is what makes the OSS distribution surface real — a CyberOS skill is an Agent Skills skill, not a CyberOS-proprietary thing.
Pre-2026, every "skills module" in every product is a proprietary container that re-invents discovery, lifecycle, capability grants, and authoring. The result is universal: eager activation O(N) cold-start tax, ambient-authority sandbox holes, bespoke manifests no one else can read. In December 2025 Anthropic released Agent Skills as an open standard at agentskills.io; within six months Microsoft, GitHub, OpenAI, Cursor, Goose, Amp, Gemini CLI, Mistral, Databricks, Letta, and 15+ others adopted it. Inventing a competing format in 2026 is value-destroying. The 13 May 2026 architectural audit (AUDIT.md) made the call: adopt the standard verbatim, rebuild the host as a Rust core with Wasmtime, ship the Bun toolchain for TypeScript skill authors, and use the saved engineering to publish a defensible Vietnamese-market skill collection.
🌐
Open standard, day-1 reach
Every CyberOS skill loads in Claude Code / Codex / Cursor / VS Code unchanged. Distribution is OCI registry or agentskills.io.
🛡
Capability-based sandbox
No ambient authority. Skills declare allowed-tools; the host translates to WASI grants. First-use approval; grants persisted by content hash.
🇻🇳
VN-market collection as moat
Six high-quality Vietnamese-market skills (MST, VAT, VietQR, CCCD, legal, tax) — defensible differentiation a global vendor can't easily replicate.
Four Rust crates form the canonical host. A Bun toolchain handles authoring. Skills are distributed as .skill bundles (zip of the directory + content hash) resolvable from local cache, OCI registries, or HTTPS URLs.
graph TB
subgraph AUTHORING ["Authoring (Bun toolchain)"]
AUTH_BUN["Bun 1.3 + esbuild
cyberos skill new --lang ts"]
AUTH_BUILD["build.ts
TS → wasm32-wasi component"]
AUTH_TEST["bun test"]
end
subgraph HOST ["Rust host (4 crates)"]
MANI_C["crates/manifest
serde model for SKILL.md frontmatter"]
HOST_C["crates/host
loader · registry · activator · invoker"]
RES_C["crates/resolver
OCI + HTTPS + local cache"]
CLI_C["crates/cli
cyberos-skill-cli"]
end
subgraph RUNTIME ["Runtime"]
REG["DashMap registry
sharded · read-mostly"]
WT["Wasmtime engine
WASI Preview 2 + Component Model"]
POOL["Pool
per-skill"]
BROKER["Capability broker
allowed-tools → WASI grants"]
SCRIPT["Native-script executor
(scripts/*.py / *.sh)"]
end
subgraph DIST ["Distribution"]
LOCAL["~/.cyberos/skills/"]
OCI["OCI registry
ghcr.io/cyberskill/*"]
HTTPS["HTTPS URL"]
REG_OPEN["agentskills.io"]
end
subgraph CONSUMERS ["Consumers"]
CUO_S["🎯 CUO router"]
AGENT_S["Claude / Codex / Cursor"]
CHAT_S["💬 CHAT / IDE host"]
end
AUTH_BUN --> AUTH_BUILD
AUTH_BUILD --> LOCAL
AUTH_TEST --> AUTH_BUILD
CLI_C --> HOST_C
HOST_C --> MANI_C
HOST_C --> RES_C
RES_C --> LOCAL
RES_C --> OCI
RES_C --> HTTPS
LOCAL --> REG_OPEN
HOST_C --> REG
HOST_C --> WT
WT --> POOL
HOST_C --> BROKER
HOST_C --> SCRIPT
CUO_S --> CLI_C
AGENT_S --> CLI_C
CHAT_S --> CLI_C
classDef shipped fill:#f5ede6,stroke:#45210e
classDef pending fill:#f0eee9,stroke:#9c9286,stroke-dasharray:4 3
class AUTH_BUN,AUTH_BUILD,AUTH_TEST,MANI_C,HOST_C,RES_C,CLI_C,REG,WT,POOL,BROKER,SCRIPT,LOCAL,CUO_S,AGENT_S shipped
class OCI,HTTPS,REG_OPEN,CHAT_S pending
Crate responsibilities
| Crate | Path | Responsibility |
|---|
cyberos-skill-manifest | crates/manifest/ | Serde model for SKILL.md frontmatter (name, description, license, compatibility, metadata, allowed-tools). parse_frontmatter returns manifest + body offset. |
cyberos-skill-host | crates/host/ | Two-phase loader (boot index → lazy activate). DashMap registry. Invoker with capability checks. Activator pulling Wasmtime Stores from a pool. |
cyberos-skill-resolver | crates/resolver/ | Resolver trait — local cache + OCI + HTTPS. Cosign signature verification (refuses unsigned bundles unless --allow-unsigned). |
cyberos-skill-cli | crates/cli/ | cyberos-skill-cli binary: list, install, validate, run, build, audit. Single entrypoint for users and CUO. |
Three-level progressive disclosure
| Level | When | What's read | Cost |
|---|
| L1 · Startup | Host boot | SKILL.md frontmatter only · DashMap shard populated | ~100 tokens/skill · parallel · < 100 ms over 1,000 skills |
| L2 · Activation | Agent or activation event fires | SKILL.md body (up to ~5,000 tokens) · referenced references/ files | One-time per skill instance · cached for session |
| L3 · Execution | Skill is invoked | scripts/*.py or dist/skill.wasmassets/* | WASM cold-start sub-millisecond with AOT cache · native script: process-spawn cost |
3.5BRAIN integration — the capability broker enforces against Personal & Lumi's BRAIN
Per BRAIN_AUTOSYNC_DESIGN.md, every skill bundle declares allowed_brain_scopes in its SKILL.md frontmatter. The Skill module's capability broker (Phase 6 — shipped for legacy scopes; Phase 8 — designed for the universal-protocol BRAIN scopes) enforces these declarations at invocation time: first-use approval, scope-narrowing, audit-chain emission on every read/write, refusal when out-of-scope. The broker is the single point of integration between the open Agent Skills standard and the closed BRAIN protocol; nothing else needs to know about BRAIN to consume the platform's audit-grade memory.
SKILL.md frontmatter — BRAIN-aware fields
---
name: fr-author
version: 0.2.2
description: Generate audited Feature Request backlog from product brief / spec docs.
persona: cuo-cpo
# === BRAIN scopes — enforced by capability broker ===
allowed_brain_scopes:
read:
- personal:project:* # this user's project memories (Personal BRAIN)
- personal:module:* # this user's module memories
- lumi:org:locked-decisions # org-wide locked decisions (Lumi's BRAIN)
- lumi:org:shared-rfcs # team RFCs
- lumi:synthesis:weekly-* # synthesised wisdom artefacts
write:
- personal:project:* # write back project memories
- lumi:fr-decisions # the FR row itself lands on Lumi's BRAIN if sync_class shareable+
# === MCP tools — orthogonal to BRAIN scopes ===
allowed_mcp_tools:
- kb.read
- kb.search
- brain.search # search Personal BRAIN body content
- brain.write_memory # canonical put through Writer
- brain.lumi_search # search Lumi's BRAIN within tenant scope
- audit.append # explicit audit row emission
# === Escalation policy ===
escalation:
to_persona_on_legal: cuo-clo
to_persona_on_security: cuo-cseco
to_persona_on_compliance: cuo-clo
to_human_on_irreversible: true
---
Capability broker enforcement flow
sequenceDiagram
autonumber
participant C as Caller (CUO / agent / CLI)
participant S as Skill host (Rust)
participant B as Capability broker
participant BR as BRAIN protocol
participant BC as Personal BRAIN
(~/.cyberos-memory/)
participant LB as Lumi's BRAIN
(cloud tenant)
participant W as Wasmtime / script runtime
participant A as audit-chain writer
C->>S: invoke(skill_id, input)
S->>S: lookup SKILL.md header (DashMap O(1))
S->>B: check_grants(skill, allowed_brain_scopes, allowed_mcp_tools)
alt first invocation
B->>C: surface approval UI (Cowork inline / desktop notif)
C-->>B: approved · grants persisted by content hash
end
B-->>S: grants OK
S->>W: instantiate Wasmtime Store with grants applied
W->>W: execute skill body
W->>BR: read(personal:project:my-rfc)
BR->>BC: filesystem read · seqlock
BC-->>BR: body + frontmatter
BR-->>W: memory record
W->>BR: write(lumi:fr-decisions:FR-AUTH-001)
BR->>BC: local put (becomes pending-push)
BR->>LB: sync orchestrator pushes (next window)
LB-->>BR: pushed · confirmed · lumi_chain_hash
BR->>A: emit audit row {skill, persona-version, brain ops, mcp tools used}
A-->>S: chain advanced
W-->>S: skill_output
S-->>C: {output, persona_version_stamp, audit_seq}
Universal-protocol skills shipped by CyberOS
Two skills are part of the BRAIN protocol surface itself, not just consumers of it. Both ship as SKILL.md bundles to honour the "everything is a skill" architectural rule.
| Skill bundle | Role | Stage | Description |
|---|
brain-capture@1
skill/skills/system/brain-capture/ | The capture daemon as a skill | 2 | Watches filesystem + Cowork session + Claude Code tool calls. Emits memory rows through the canonical Writer. Long-running activation via WASI host call rather than per-invocation execution. allowed_brain_scopes = write to personal:* only. |
brain-sync@1
skill/skills/system/brain-sync/ | The sync orchestrator | 4 | Tails the local audit chain, filters by sync_class, pushes shareable+ to Lumi's BRAIN over JWT-authenticated HTTP. Pulls inbound via the same envelope. allowed_brain_scopes = read all local + write lumi:<tenant>:*. |
cuo/personas/synthesis-author@1
skill/skills/cuo/personas/synthesis-author/ | Multi-brain auto-evolve | 5 | Runs nightly on Lumi's BRAIN tenant compute window. Walks prior 24 h of memories, clusters by topic via BGE-M3 embeddings, deduplicates cross-person decisions, emits synthesis@1 artefacts (daily / weekly / decisions-pending). allowed_brain_scopes = read lumi:<tenant>:shareable + write lumi:<tenant>:synthesis. |
cuo/cpo/fr-author@0.2.2
skill/skills/cuo/cpo/fr-author/ | Canonical FR creation | shipped + integrating | Per FR_AUTHORING_WORKFLOW.md. Standalone-mode interview or chained-from-RFC; emits feature_request@1 markdowns to docs/feature-requests/<module>/ with audit-chain rows. Already ships; integrates with Lumi's BRAIN at Stage 4. |
cuo/cpo/fr-audit@0.1.0
skill/skills/cuo/cpo/fr-audit/ | FR quality gate | shipped | Chains from fr-author. Audits each FR against the AUDIT_RUBRIC for atomicity, BCP-14 compliance, verification method, acceptance criteria. Emits audit_response@1 alongside the FR. Decision states: PASS / PASS_WITH_REVISIONS / FAIL. |
3.7Distribution roadmap — local → agentskills.io → marketplace
Skill distribution is staged so that each rung has a clear consumer cohort and a clear next-tier graduation criterion. Per the strategy doc §4 (productization levels) and the research review §7.3 verdict ("marketplace is premature; the moat is the memory + the packs"), the marketplace rung is intentionally deferred to ≥ 50 paying tenants.
| Rung | Distribution mechanism | Consumer cohort | Status | Graduation criterion |
|---|
| R0 · Local cache | ~/.cyberos/skills/ filesystem discovery (per Anthropic Agent Skills spec) | Developer · author iteration | Shipped | — |
| R1 · .skill bundles | zip of the skill folder + content hash; loadable via cyberos-skill-cli install <file> | Single-machine distribution; teams without registry | Shipped | OCI registry available |
| R2 · OCI registry | Push to any OCI v1.0-conformant registry (GHCR, ECR, ACR, Harbor); pull by digest; cosign signature verification | CyberSkill internal team · OSS contributors | Partial · cosign-verify pending | cosign verify-by-default ships |
| R3 · agentskills.io | Submit to the open Anthropic Agent Skills directory at agentskills.io/cyberskill/<pack>/ | Anthropic Agent Skills ecosystem (Claude products, Cursor, Cline, Codex, VS Code, Goose, Amp, Gemini CLI — 12+ clients via open Agent Skills + MCP standards) | Planned · waits for registry API | registry API stable; cyberskill-vn submitted |
| R4 · marketplace.cyberskill.world | CyberSkill's own marketplace UI — vetted-by-CyberSkill badge, revenue share (70/30), per-skill or per-pack pricing, in-tenant install | Lumi's BRAIN paying tenants | Deferred | ≥ 50 paying Lumi's BRAIN tenants |
| R5 · enterprise private marketplace | White-label per-enterprise. ISVs publish into the enterprise's private marketplace (not the public one); the enterprise vets + curates | Level-5 Ecosystem-as-a-Service customers (P4+24) | Aspirational | first white-label enterprise deal signed |
Why each rung is gated
R3 (agentskills.io) waits on the registry API: Anthropic's directory accepts submissions today but lacks programmatic publishing. We don't want to gate cyberskill-vn distribution on manual upload-and-wait. Once the API is stable (target Q3 2026 per Anthropic roadmap), we ship.
R4 (own marketplace) waits on tenant density: Salesforce AppExchange (~5,000 apps) took 7 years and a buyer-side ecosystem of millions to reach critical mass. Atlassian Marketplace took ~5 years. CyberOS at P4 · GA with 10 paying tenants has no buyer-side density — 3rd-party developers will not contribute. Until paying tenants exceed 50 (per the research review §7.3), the OSS Skill catalog is the marketplace story. Build it as PR/recruiting; don't invest in tooling.
R5 (enterprise private marketplace) is the Level-5 endgame: sells the CyberOS framework itself as a private-cloud branded platform. "Acme Corp Operating System, powered by CyberOS." 80%+ margins on multi-year contracts. Not before P4+24.
8The 6 cyberskill-vn skills
The Vietnamese-market collection. Each is a valid Agent Skill that loads unchanged in Claude Code / Codex / Cursor / VS Code. All are MIT- or Apache-2.0-licensed, network-free where possible, and ship with a parity-tested Python reference implementation for audit.
🇻🇳 vn-mst-validate v0.2.0 · region:VN · MIT
Validate a Vietnamese tax code (Mã số thuế). Per General Department of Taxation regulations, an MST is either 10 digits (legal entity) or 13 digits (branch — 10 digits + '-' + 3 digits). The skill returns a structured {ok, format, reason?}.
Quickstart
$ cyberos-skill-cli run vn-mst-validate --input '{"mst":"0123456789-001"}'
{"ok": true, "format": "13-digit-branch"}
When to use
User says "kiểm tra MST", "validate tax code", "mã số thuế 0123...". Routed automatically by CUO via the mst, tax code, ma so thue keywords.
Capabilities
read_file · no network
🇻🇳 vn-vat-invoice v0.3.0 · region:VN · Apache-2.0
Generate Vietnamese VAT-compliant electronic invoices (Hoá đơn GTGT điện tử) from a structured JSON line-item list. Produces XML conforming to General Department of Taxation schema v3.0. Validates buyer MST via the vn-mst-validate dependency (Phase 3 chain).
Quickstart
$ cyberos-skill-cli run vn-vat-invoice --input '{
"buyer_mst": "0123456789",
"seller_mst": "9876543210",
"lines": [{"item":"Consulting", "qty":1, "unit_price":10000000, "tax_rate":0.10}]
}'
<Invoice xmlns="urn:vn:gdt:v3">
<BuyerTaxCode>0123456789<BuyerTaxCode>
<LineItem>...<TaxAmount>1000000<TaxAmount><LineItem>
<Invoice>
When to use
User says "tạo hoá đơn", "xuất hoá đơn GTGT", "e-invoice Vietnam". CUO keywords: invoice, hoa don, vat, gtgt, e-invoice, xuat hoa don.
Capabilities
read_filewrite_file · no network. Round-half-up VAT per line.
🇻🇳 vn-bank-transfer v0.1.0 · region:VN · MIT
Napas 24/7 + VietQR generator. Given a bank short-code, an account number, and an amount, produces (a) a VietQR EMVCo string for client-side QR rendering and (b) a Napas 24/7 transfer instruction payload. Does NOT execute transfers — that always defers to human approval.
Quickstart
$ cyberos-skill-cli run vn-bank-transfer --input '{
"bank": "VCB", "account":"0011001234567", "amount_vnd": 5000000,
"memo": "Refund INV-2026-014"
}'
{
"vietqr_emv": "00020101021238540010A0000007270124000697040401120011001234567...",
"napas_payload": {...},
"render_url": "https://img.vietqr.io/image/VCB-0011001234567-..."
}
When to use
User says "tạo QR chuyển khoản", "VietQR", "Napas 247". CUO keywords: transfer, qr, chuyen khoan, vietqr, napas, ma qr.
Capabilities
No filesystem · no network. Deterministic generation only.
🇻🇳 vneid-integration v0.1.0 · region:VN · MIT
CCCD validator + VNeID API scaffolding. Validates 12-digit Citizen Identification Card (Căn cước công dân) checksums and shapes an API request to the VNeID gateway for downstream identity verification (gateway access requires PDPL Decree 13/2023 consent — out of scope for this skill, which only prepares the request).
Quickstart
$ cyberos-skill-cli run vneid-integration --input '{"cccd":"079203012345"}'
{
"valid": true,
"structure": {"province_code":"079", "year_of_birth_century":"2", "gender_code":"0"},
"vneid_request_payload": {...},
"next_action": "POST to https://vneid.gov.vn/api/v2/verify (requires consent flow)"
}
When to use
User says "kiểm tra CCCD", "validate citizen ID", "VNeID lookup". CUO keywords: cccd, citizen id, can cuoc, vneid, id card, danh tinh.
Capabilities
No filesystem · no network (scaffolds the request; caller is responsible for the call + consent record).
🇻🇳 vn-legal-compliance v0.1.0 · region:VN · CC-BY-SA-4.0
Reference-only procedural knowledge for Vietnamese legal/compliance: PDPL Law 91/2025 (incl. Art. 38 SME grace) · Decree 13/2023 (Personal Data) · Decree 53/2022 (Cyber Security) · Decree 356/2025 (PDPL implementing). Markdown-only skill (no executable code) that loads procedural guidance into the agent's context on activation.
Quickstart
$ cyberos-skill-cli run vn-legal-compliance --input '{"topic":"DSAR fulfilment under PDPL Art. 14"}'
{
"level": "instructions",
"guidance": "# DSAR fulfilment under PDPL Art. 14\n\n1. Verify identity via VNeID or...\n2. Within 30 days:...\n3. Encryption envelope review (Decree 13/2023 Art. 17)..."
}
When to use
User says "compliance check", "decree review", "PDPL question". CUO keywords: compliance, law, decree, nghi dinh, thong tu, pdpl, cybersecurity.
Capabilities
Markdown-only — zero runtime cost.
🇻🇳 vn-tax-filing v0.1.0 · region:VN · Apache-2.0
Monthly + quarterly VAT return helper. Aggregates vn-vat-invoice-emitted XML invoices across a reporting period, sums output VAT and input VAT credits, and shapes the tax return XML for the GDT online filing portal. The skill never submits — submission is a deferred-to-human action.
Quickstart
$ cyberos-skill-cli run vn-tax-filing --input '{
"period":"2026-Q2", "invoices_dir":"./invoices/2026-Q2/"
}'
{
"period": "2026-Q2",
"output_vat_total": 25_000_000,
"input_vat_total": 18_000_000,
"net_vat_due": 7_000_000,
"gdt_xml_path": "./returns/2026-Q2.xml",
"ready_for_submission": true,
"next_action": "human review then upload to https://thuedientu.gdt.gov.vn"
}
When to use
User says "monthly VAT return", "quarterly tax filing", "kê khai thuế". CUO keywords: filing, return, to khai, ke khai thue, monthly vat, quarterly vat.
Capabilities
read_file (invoices) · write_file (return XML) · no network.
9Audit phases 0–7 — outcomes
The 13 May 2026 architectural audit (skill/docs/AUDIT.md) prescribed a seven-phase migration from the legacy in-house format to the open Anthropic Agent Skills standard. All seven phases are now done; Phase 7 is a 30-day soak window before legacy code deletion.
0Phase 0 — Inventory & freeze shipped
Catalogued every legacy skill. Froze the legacy format — no new bespoke skills accepted past Day 0. Stood up cyberos-skill-cli validate that parses both legacy and SKILL.md formats and emits a diff.
1Phase 1 — Rust + Bun scaffold · spec validator shipped
Stood up the 4-crate Rust workspace (manifest · host · resolver · cli) and the Bun + esbuild authoring toolchain. Added the SKILL.md loader alongside the legacy loader behind a --skills-format=both|legacy|standard flag. Audited deltas vs the open spec.
2Phase 2 — Parity harness (Python ↔ Rust) shipped · 12/12 green
Built a property-test harness that asserts byte-identical agent outputs across both runners for the entire catalogue. 12/12 fixtures pass. This is the single objective gate for Phase 7.
3Phase 3 — Executor selection flag · default to Rust shipped
Flipped the default from legacy Python to Rust host. Legacy runner remains compiled in for the soak window. Announced deprecation; the cyberskill-vn collection is now resolvable from the open registry.
4Phase 4 — DashMap registry + Criterion benchmarks shipped · ≥ 2× at contention
Replaced the legacy global Mutex<HashMap> with Arc<DashMap> (64 shards). Criterion microbenchmarks show ≥ 2× throughput at 4+ concurrent invocations on a commodity laptop. Registry hot path is no longer a bottleneck.
5Phase 5 — Wasmtime engine + AOT cache + componentize scaffolded · runtime gated
Wasmtime executor lands behind --exec=script|wasm|auto. Auto selects WASM when dist/skill.wasm is present. AOT artifacts cached on disk by content hash. Bun toolchain compiles TS skills to wasm32-wasi components. Runtime is feature-gated on user install per docs/PHASE_5_ACTIVATION.md.
6Phase 6 — Capability broker GA shipped
Capability enforcement flipped from warn to deny. Operators approve each skill's allowed-tools on first use; the grant is recorded in ~/.cyberos/grants.json bound to the skill's content hash. cyberos-skill-cli audit reports grants.
7Phase 7 — Legacy retirement runbook ready · 30-day soak
Runbook ready (docs/PHASE_7_RETIREMENT.md). Executes after a 30-day soak with zero P0 incidents on the new defaults. Deletes the legacy loader, registry primitive, and executor; tags a new major version.
17CLI usage — real examples
1. List installed skills
$ cyberos-skill-cli list
╭──────────────────────────────────────┬─────────┬────────┬───────────╮
│ name │ version │ region │ executor │
├──────────────────────────────────────┼─────────┼────────┼───────────┤
│ cuo/cpo/prd-author │ 0.4.1 │ — │ inline │
│ cuo/cpo/fr-author │ 0.3.0 │ — │ inline │
│ cuo/cto/srs-author │ 0.2.0 │ — │ inline │
│... │ │ │ │
│ cyberskill-vn/vn-mst-validate │ 0.2.0 │ VN │ script │
│ cyberskill-vn/vn-vat-invoice │ 0.3.0 │ VN │ script │
│ cyberskill-vn/vn-bank-transfer │ 0.1.0 │ VN │ wasm │
│ cyberskill-vn/vneid-integration │ 0.1.0 │ VN │ script │
│ cyberskill-vn/vn-legal-compliance │ 0.1.0 │ VN │ inline │
│ cyberskill-vn/vn-tax-filing │ 0.1.0 │ VN │ script │
╰──────────────────────────────────────┴─────────┴────────┴───────────╯
20 skills indexed · cold-start 65 ms · all parity-verified
2. Install from OCI registry (with cosign verification)
$ cyberos-skill-cli install ghcr.io/cyberskill/vn-mst-validate:0.2.0
[resolver] pulling ghcr.io/cyberskill/vn-mst-validate:0.2.0... OK (842 KB)
[cosign] verifying signature... OK (key=cyberskill-release)
[manifest] parsing SKILL.md frontmatter... OK
[manifest] name=vn-mst-validate version=0.2.0 region=VN
[registry] inserting header into DashMap (shard 14)
[install] cached at ~/.cyberos/skills/vn-mst-validate-0.2.0/
[install] content_hash sha256:a3b8d4...
3. Validate a skill manifest
$ cyberos-skill-cli validate./skills/cyberskill-vn/vn-tax-filing/
[validate] reading SKILL.md... OK (1.3 KB)
[validate] frontmatter parse... OK
[validate] field: name=vn-tax-filing OK (dir-match)
[validate] field: description (412 chars) OK
[validate] field: license=Apache-2.0 OK (SPDX)
[validate] field: metadata.version=0.1.0 OK (SemVer)
[validate] field: metadata.region=VN OK
[validate] field: allowed-tools=read_file,write_file OK (declared)
[validate] referenced files: references/gdt-q-return-schema-v3.md OK
[validate] ✅ valid Agent Skill · would load in Claude Code, Codex, Cursor, VS Code
4. Run a skill
$ echo '{"mst":"0123456789-001"}' | cyberos-skill-cli run vn-mst-validate --executor script
[invoke] skill=vn-mst-validate executor=script
[broker] declared allowed-tools: [read_file]
[broker] requested: -- no caps needed for this invocation
[broker] ok (within declared set)
[invoke] script: scripts/validate_mst.py
[invoke] elapsed_ms=24 exit_code=0
{"ok": true, "format": "13-digit-branch"}
5. Audit capability grants
$ cyberos-skill-cli audit --since 7d
╭───────────────────────────────────┬────────────────────────┬──────────────┬──────────╮
│ skill │ capability │ granted_by │ valid? │
├───────────────────────────────────┼────────────────────────┼──────────────┼──────────┤
│ vn-mst-validate │ read_file │ stephen │ ✓ │
│ vn-vat-invoice │ read_file │ stephen │ ✓ │
│ vn-vat-invoice │ write_file │ stephen │ ✓ │
│ vn-tax-filing │ read_file │ stephen │ ✓ │
│ vn-tax-filing │ write_file │ stephen │ ✓ │
│ vn-bank-transfer │ (none — pure compute) │ — │ ✓ │
│ vneid-integration │ (none — pure compute) │ — │ ✓ │
│ vn-legal-compliance │ (inline · no exec) │ — │ ✓ │
╰───────────────────────────────────┴────────────────────────┴──────────────┴──────────╯
8 grants on file · 0 stale · 0 revoked
6. Build a TypeScript skill (Bun toolchain)
$ cd skills/my-new-skill/
$ cyberos-skill-cli build --lang ts./src/
[bun] installing deps... OK (240 ms)
[esbuild] bundling src/index.ts... OK (12 ms)
[wasm] wasm32-wasi component target... OK (1.4 MB)
[component] wit-bindgen output... OK
[aot] wasmtime compile · cache key sha256:b9e2c8...
[build] dist/skill.wasm ✓
[build] ready for: cyberos-skill-cli install./skills/my-new-skill/