问HN:是否存在一个针对安全审计的Claude Code技能通讯的市场?
我一直在大量使用Claude Code,但总是遇到同样的烦恼:市面上有成千上万的技能,但没有可靠的方法来判断它们是否优秀或安全可安装。Snyk的ToxicSkills研究发现,36.82%的公开技能存在安全漏洞,其中13.4%是严重漏洞。
我正在建立《技能精选》——一份每两周发布的通讯,专门在技能到达订阅者之前对Claude Code技能进行评审和安全审计。每个技能都会根据六个标准进行评分,并给出明确的评判。如果未通过安全检查,该技能将不会运行。付费版包括经过审查的SKILL.md文件,随时可以安装。
我有几个问题确实不太确定:
- 这是一个真正的痛点,还是目前受众太小?
- 开发者会为经过筛选的、可直接安装的技能文件付费吗,还是人们更喜欢自己动手?
- 有没有类似领域的通讯案例值得我研究(成功或失败的)?
目前仍在预发布阶段。欢迎对我提出质疑。
查看原文
I've been using Claude Code heavily and kept running into the same frustration: there are thousands of skills out there but no reliable way to know if they're any good or safe to install. Snyk's ToxicSkills research found 36.82% of publicly available skills contain security flaws, 13.4% critical.<p>I'm building The Skill Shortlist — a bi-weekly newsletter that reviews and security-audits Claude Code skills before they reach subscribers. Every skill is scored across six criteria and gets a clear verdict. If it fails the security check, it never runs. Paid tier includes the reviewed SKILL.md file ready to install.<p>A few things I'm genuinely unsure about:
- Is this a real pain point or is the audience too small right now?
- Would developers pay for curated, ready-to-install skill files or is this something people prefer to DIY?
- Any comparable newsletters in adjacent spaces that have worked (or failed) that I should study?<p>Still pre-launch. Happy to be talked out of it.