Install a skill
Two installation paths depending on whether you're scripting or coding.
CLI (one-shot, agent-agnostic)
For dropping a skill into a directory an agent can read:
npx @amitte-ai/cli install claude-code/launch-checklist
This writes:
./skills/claude-code/launch-checklist/
├── manifest.json # canonical metadata
└── skill.md # the instruction content
Pin to a version:
npx @amitte-ai/cli install claude-code/launch-checklist@0.1.0
Custom output path:
npx @amitte-ai/cli install claude-code/launch-checklist --out-dir ./agents/qa
Skip the manifest, just get the markdown:
npx @amitte-ai/cli install claude-code/launch-checklist --skill-only
SDK (programmatic, in-process)
For consuming inside an agent process. Handles caching, signature verification, freshness checks, and revocation gracefully:
npm install @amitte-ai/sdk
import { Skills } from '@amitte-ai/sdk';
const skills = new Skills({
registry: 'https://registry.amitte.com',
trustFloor: 'verified', // reject unverified results
freshnessMaxAge: '30d', // require recent re-eval
});
// Find a skill semantically
const matches = await skills.search('publish iOS app to TestFlight');
// Pull the full content
const skill = await skills.fetch(matches[0].id);
// Inject into your agent's system prompt / context
await agent.inject(skill);
Compose multiple skills into a single artifact:
const pkg = await skills.compose({
ids: ['mobile/ios-publishing', 'mobile/android-play-release'],
constraints: { resolve_conflicts: 'trust-tier' },
});
console.log(pkg.artifact); // merged markdown with provenance comments
Raw HTTP
If you're not in JS-land, hit the JSON-RPC directly:
curl -X POST https://registry.amitte.com/rpc \
-H 'content-type: application/json' \
-d '{
"jsonrpc": "2.0", "id": 1,
"method": "fetch",
"params": { "id": "claude-code/launch-checklist" }
}'
Full reference: API reference.
Trust signals to honor
When wiring the SDK into a production agent, set sensible defaults:
| Setting | Recommended | Why |
|---|---|---|
trustFloor | verified for prod, unverified for exploration | Filters out anonymous publishes |
freshnessMaxAge | 90d | Catches stale skills that haven't been re-evaluated |
onRevoked | 'reject' | Hard-fail if the registry has revoked a pinned version |
Revocation feed: GET https://registry.amitte.com/v1/revocations.json — poll periodically, cache locally.
Frequently asked
- How do I install an Amitte skill?
- Run `npx @amitte-ai/cli install <publisher>/<skill>`. The CLI fetches the signed manifest, verifies the Sigstore signature, downloads the artifact, and writes it under `./skills/<publisher>/<skill>/`.
- Do I need an account to install a skill?
- No. Installation is anonymous — no sign-in, no API key. Only publishing requires authentication (GitHub OAuth).
- Can I pin a specific version?
- Yes. Append `@<version>` to the id, e.g. `claude-code/launch-checklist@0.1.0`. Without a version the latest published release is installed.
- How does Amitte verify the skill I install hasn’t been tampered with?
- Every published version is signed at the source via Sigstore and recorded in the Rekor transparency log. The CLI checks both before writing the artifact to disk.