In the past, developers exchanged prompt templates.
Now, the trend has changed. People are asking each other, "Which skill should you install?"
Behind this lies a bigger shift: AI programming tools are starting to "install packages."
On the morning of January 17th this year, Guillermo Rauch, founder and CEO of Vercel, posted on X: We are launching skills—the "npm" for AI skills.
所谓「npm」, is the package manager front-end engineers use every day, where one command can install others' work into their own project.
Rauch's implication was: This experience of "installing others' work with one command" is now being brought to AI.

Peter Steinberger, the "Father of Lobster," replied immediately: "Cool! Gotta sync this with ClawHub."

ClawHub is another skill marketplace for the agent ecosystem, not affiliated with Vercel. Yet Peter's first reaction was "to align."
Three days later, Vercel officially announced it in an update log: a command-line tool for installing and managing capability packages for AI agents.
The official repository, vercel-labs/skills, reached 24,000 GitHub stars in just five months after its release.

Why is it so popular? It's as simple as one command:
npx skills add .
In short, it's a package manager for AI agents.
Like npm, used daily by front-end engineers, one command installs others' work into a project—except this time it's not code libraries, but "capabilities."
Even better, it's tool-agnostic. Claude Code, Cursor, Codex, Gemini CLI... over 68 officially supported agents. One capability package runs on any tool.
Vercel also launched skills.sh, a skill directory with an installation leaderboard, showing which skills are popular and how many times they've been installed at a glance.
The top package, called find-skills, has already been installed 2.3 million times.

skills.sh skill directory installation leaderboard. find-skills leads with 2.3 million (2.3M) installs, followed by frontend-design, vercel-react-best-practices, etc. (Source: skills.sh)
For the first time, AI programming capabilities have a "Top Downloads" chart.
One Command
AI Learns a New Skill
First, let's see what it actually does.
npx skills add vercel-labs/agent-skills, enter.
Seconds later, your Claude Code gains a set of React and Next.js engineering standards, plus a set of design principles. Next time it writes code, it automatically follows these rules.
This is officially called a "skill package." Essentially, it's a folder, with a SKILL.md file with a YAML header at its core, clearly stating two things: what this skill is, and when to use it.
The folder can also contain reference docs, templates, and a dedicated scripts/ directory containing executable scripts.
It solves a very practical pain point.
Models understand general programming languages and frameworks, but they don't know your project's "local conventions": your code style, naming habits, pitfalls you've encountered.
Before, you had to repeat these in every new conversation. Now, they're packaged into a skill, installed once, and remain effective long-term.
After installation, you can manage it like npm packages: list to see what's installed, update with one click, remove to delete.
Underlying it is a shared specification. What you install for Claude Code runs just the same when switched to Cursor.
If even installing is too much trouble, there's an even lighter way: use it without installing.
A single npx skills use temporarily pulls the skill over, pipes it to Claude to run, and discards it after use, without even "soiling" the local directory.
In the past, the boundary of AI's capabilities depended on how you described them verbally. Now, capabilities have become packages that can be directly taken off the shelf.
The "npm-ification" of the AI Tool Layer
Many might mistake it for a new Claude feature. But it comes from Vercel, not an innate capability of Anthropic.
Claude Code, Cursor, Codex, GitHub Copilot, Windsurf... all are supported targets. The skills CLI connects them all, unifying the entry point.
Behind this entry point lies the "npm-ification" of the AI tool layer.
Vercel packages these fragmented experiences into reusable, distributable, version-managed modules.
AI capabilities are shifting from "prompt engineering" to "capability engineering." The former solves "how to say it this time," the latter solves "how to do this thing every time from now on."
Vercel has played this game before.
Back then, it used Next.js to lock down the deployment gateway for the entire front-end ecosystem; front-end developers couldn't avoid it.
Now it wants to tell the same story again, but at the AI agent layer.
Find Skills
AI Gets Its First "Capability Search Engine"
The most futuristic touch is Find Skills, a "skill for finding skills."

The official definition of the find-skills skill—when users ask "how to do X" or "is there a skill that can...", or want to expand capabilities, it is responsible for discovering and installing the corresponding AI agent skills.
You say "help me do X," and it runs the entire process for you: search, filter, and install the most suitable one.
Even better, it comes with built-in quality checks. When selecting skills, it checks installation counts, compares sources, prioritizes popular and official ones, and warns you to be cautious about dubious ones.

The source code of find-skills' SKILL.md explicitly includes three quality verification rules before recommendation: prioritize 1000+ installs, be wary of those below 100, prioritize official sources like Vercel, Anthropic, Microsoft, and question repositories with fewer than 100 stars.
This means AI has its first "capability search engine." You don't need to know what skills exist or their names; just say what you want to do, and let it find the rest.
More importantly, it's not just useful for programmers.
The ones most tormented by "fragmented capabilities" are actually designers, product managers, and content creators who rely on AI to write code.
They lack engineering habits, relying on AI for git commits, documentation standards, making them the ones who most need ready-made skill packages for support.
Find Skills essentially gives them an entry point to deploy capabilities without needing to understand the details.
Behind the Hype
An Unbacked Liability
It sounds great, but don't get carried away just yet.
Let's go back to that scripts directory. Skills contain execution logic, not just harmless descriptions; they actually run commands on your computer.
But most people don't check which files a third-party package they casually installed might have touched.
How many landmines could be hidden within?
Snyk's ToxicSkills research conducted the first systematic audit of 3984 skills on ClawHub and skills.sh: over 30% had security flaws, 13.4% (534) were critical severity, covering malware distribution, prompt injection, and key leakage.
This means, on average, one out of every 7 or 8 could directly harm you.

Snyk's "ToxicSkills" research audited 3984 skills: 1467 (36.82%) had any security flaw, of which 534 (13.4%) were critical severity, with 76 malicious payloads confirmed, and another 8 still existing on ClawHub. (Source: Snyk)
Another organization, Koi Security, audited 2857 skills and found 341 malicious ones.
The main methods follow two paths.
One is through scripts, making your AI download things from unfamiliar IPs and execute them locally, or stealing to read your SSH, AWS configurations.
The other is more subtle, directly poisoning the text within SKILL.md, where AI reads the attacker's hidden instructions as legitimate work descriptions and acts accordingly.
The most severe ones specifically steal memory files where agents store private conversations.
You might say, npm also has constant poisoning incidents, but the risk here is on another level.
npm installs pure code, separating data and instructions; skill blurs this boundary. It combines prompts, code, and full permissions; a single SKILL.md can rewrite the agent's behavior, with direct access to your filesystem, network, and shell.
npm's risks at most affect build artifacts; skill's risks directly access your local credentials and entire codebase.
Of course, this isn't to advise against installing. Vercel itself reminds: treat skills like code, read them before installing, and be especially careful with the scripts directory.
The simplest rule of thumb is: high download count doesn't equal safety. What you should really look at is the source and permissions. Why would a weather-checking skill need to read your server's SSH key?
The long-awaited "npm moment" for AI capabilities has truly arrived.
But it didn't just bring convenience; it also bundled in all the pitfalls npm has stepped on over the years, arriving even before the ecosystem matured.
Installing capabilities with one command is certainly satisfying, but this road has just begun. It lets you reuse peers' accumulated expertise, but also requires you to bring judgment to the table.
Selecting packages, checking sources, verifying permissions—this old craft of developers must still be brought along this time.
Twenty Years
One Command
Ultimately, the origin of all this is still Vercel founder Guillermo Rauch.
He comes from Lanús in Buenos Aires, Argentina. In his own words, much of his life's work is thanks to the Web and open source.
In his youth, he was passionate about promoting Linux, teaching people how to use it, later diving headfirst into JavaScript; after joining the core team of the open-source project MooTools, he got his first full-time front-end engineering job at 18 and moved to San Francisco.

Guillermo Rauch
One of his famous works is Socket.io: a widely used real-time communication library. The real-time sync in Notion, Coinbase's earliest trading products—they all run on it underneath.
Later, he focused on a direction: building tools and cloud infrastructure to make the Web faster and maximize developer experience. Next.js and Vercel were born.
Today, this platform supports the online operations of companies like The Washington Post, Porsche, Under Armour, and Nintendo.
And Vercel's real killer app lies here: code, preview, deploy—all done with one command. Once developers use it, it's hard to leave this ecosystem.
Ultimately, Rauch has done one thing for twenty years: compress originally complex engineering into that one command developers dare to run with their eyes closed.
From one line `now` to spin up a server, to Next.js, to today's `npx skills add`, the same craft, now applied to AI agents.
References:
https://github.com/vercel-labs/skills#supported-agents
https://www.skills.sh/
https://snyk.io/blog/toxicskills-malicious-ai-agent-skills-clawhub/
This article is from the WeChat public account "Xin Zhi Yuan" (New Wisdom Source), author: ASI Apocalypse, editor: Yuan Yu






