Yes. You can just point sx add at your existing skill directories and it will put them into the git vault which you can easily share via Github access control.
That all my users have different mental models for what goes into making/customization an agent, so the first step was establishing a shared vocabulary. Packs are like plugins, but more inclusive
The sx vault also stores things in git, I agree that it's a pretty good medium for storage.
My main argument is that just using vanilla git where you store it in the directory that the AI coding agent expects means that you can't share across teams or orgs.
Also, not every kind of team is comfortable with git. How would you distribute these assets to a Marketing team?
we are in the world where everyone is doing things differently now, but here is my 5 cents.
I almost 100% sure everything that you described is part of nested harness of your company, not some external registry.
what would you like to share? there a few generic skills, that are optional , e.g. tdd, etc. sure. Maybe environment related items, like going to db , how to use secrets etc, the surface of that is very very thin.
you place them in git, and vibe code a tiny script on how to pull it in. done?
the rest are debugging scripts, very specific skills, that are very coupled to the root repo. I tried a few similar "external" systems. Anything beyond ralph loop/use tdd skills, feels hostile in your internal system.
The short version: sx treats skills, MCP server configs, slash commands, agents, hooks, and rule files as versioned packages. You define them once, push them to a vault (a local folder, a git repo, or our hosted backend), and install them where they belong. There's a lockfile so installs are reproducible, scope levels for org / team / repo / individual, and the CLI translates the same asset into the format each AI client expects.
Supported clients today: Claude Code, Cursor, GitHub Copilot, Cline, Codex, Gemini (CLI / VS Code / JetBrains / Android Studio), Kiro, claude.ai, chatgpt.com. The last two are what let non-engineering teams (marketing, legal, ops) use the same primitive instead of being locked out of the AI-assets ecosystem.
The thing I'd most like feedback on is whether the scope model is the right shape. Org → team → repo → path → individual is what's emerged from talking to ~60 teams over the last six months, but I expect bigger orgs will surface scopes we haven't modeled (sub-team, environment, etc.).
Why this and not just plugins / vendor marketplaces? Claude Code plugins are real and a good step up over raw git-checked-in CLAUDE.md files. The limitations show up at scale: each plugin is scoped to its publishing repo, so teams duplicate skills across plugins, and you're still locked to a single vendor's client. Full writeup with the technical details: https://www.sleuth.io/post/there-s-an-npm-shaped-hole-in-the...
not sure if this premise is valid. In most cases, skills (and other assets) are not independent of each other. Take gstack por example; it would be weird to install skill A without installing skill B. They work together.
So, it is true that some skills are independent, but not all. IN my company, we ship assets by domain and workflows (development, discovery, data science, etc)
We added the idea of dependencies for exactly that reason. However, honestly, I've not see any usage of it in the wild. Seems like most folks are ok with either bundling them and calling it a day or not really worrying about it.
Very interesting about the domain and workflows. Do you think domain could map to a team or is it different?
At your company how are you shipping your assets? How do you do the domain and workflow grouping?
we have a internal cli that creates the plugin on the fly after you select the domains you want to work with. This cli is a standalone cli + wizard that does it all.
Generally speaking, we have skills that are code related and mostly independent (ex: a skill to teach python how to log in our tech stack). Another type are skills related to our workflow (a skill to plan that outputs a file that is used in the next step "implement", together with a dev agent and so on)
the problem we have right now is the repository (where to store the documents).
lets say i'm a business expert and want to use a skill to create a md file with all the info about some area. It is ok to learn claude/cursor, but to upload this generated material to git is another level of problem...
Makes sense. Would a tool that let non-tech people easily share and distribute skills without needing git be worth adoption? Would the info being shared just be skills or something else?
We are already distributing the skills without Git. We package everything (skills, assets, CLI, wizard) into a single file and distribute it.
The problem is collaboration without Git.
For example: I am a business person, someone sends me the skills/plugins, and I install them effortlessly. I use Claude Cowork to generate some financial information related to my area, and I need to share this information with the development team.
Right now, since I am not familiar with Git, I would probably upload it to Google Drive. The developers would then download it and push it to the repository in order to use it for coding.
Gotcha. What would the ideal look like? Someone could create a financial doc they want to share then tell their agent to "Share foo.md with my team", and it would via mcp? On the backend, that mcp server takes the file and packages it into the plugin, which hopefully auto-updates?
Say more, what kind of tools are you thinking about?
The tool support is certainly one of the key pillars of the project so we're open to any tool additions that will help people get value from the project.
I have a tool that I built in Go[0], so it has its own binary, would this help to facilitate helping people install those? I have seen tools coded in Rust and Go distributed by npm install and it always bothers me, especially with npm repeatedly being a hotbed of hacked accounts.
Tools that come to mind:
RTK (Rust Token Killer since googling the acronym yields terrible results, asking an LLM without spelling it out too)
Beads (what GuardRails was inspired by)
... and an endless list of tools people have made in place of making an MCP.
I too thought about having a "AI Package manager" just found the message I sent a friend several months back.
At some of the larger orgs that I've worked at each individual system had some level of RBAC. Often they would try to centralize around an Okta-style system, but the roles in there infrequently matched what was needed. In the places you are describing what have they done around security? Even without AI it sounds like they didn't have a feasible solution?
I think the author's whole point was that "some level of RBAC" is not good enough. And that assumes silos. Once you try to integrate, you wind up falling back on God accounts belonging to the integration layer and/or the database. It is surprising how many people still do not realize what a huge antipattern that is.
You're right, I used AI to help organize the content but we have spoken to almost 50 companies over the last 5 months and the messages and pains they have conveyed are real.
How are you handing distributing your Agent Skills and MCP's? Is this a problem you're seeing?
I hear you, results is a gray area. However, with the companies we spoke to results looks like increased productivity for their developers.
It was a constant with all that they felt like 2 - 7 percent of their developers had made huge productivity gains but that the rest were not really seeing any, despite having access to the same tools.
