Developer quickstart

SkillHub Developer Quickstart

Discover and inspect public agent skills in five minutes. Runtime invocation requires a signed-in project key.

Browse marketplace Publish a skill MCP setup

What works without login

Search public skills.
Inspect public manifests, schemas, permissions, runtime type, pricing intent, review state, and publisher profile.
Copy public REST inspection commands.
Compare verified and submitted skills before adopting them.

What requires login

Save or install a verified skill to a project.
Create project runtime keys.
Run login-gated runtime tests through project policy checks.
Approve project policy, budget, subscription, billing, or ledger actions where the paid-preview role allows them.
Submit feedback or trust reports.

Live public API

5-minute developer quickstart

Discovery and inspection work without login. Runtime invocation requires a signed-in project key and policy checks.

quickstart.shno login inspect

# 1. Search public skills
curl "https://api.useskillhub.com/v1/skills/search?tag=research"

# 2. Inspect a public manifest
curl "https://api.useskillhub.com/v1/skills/browser-research"

# 3. Read MCP service metadata
curl "https://api.useskillhub.com/mcp"

01Search public skills

02Inspect one public manifest

03Confirm whether install/runtime is unlocked

MCP over POSTUse POST /mcp for MCP clients. Browser GET /mcp returns a public service description.

CLI / SDK previewCLI and SDK packages are present in the monorepo but are not presented as public copy-and-run installs yet.

Three P0 journey operating references

The P0 product is judged by whether these paths connect, but anonymous visitors should start with public discovery, inspection, MCP setup, and clear sign-in gates.

Developer / Agent Builder

Discover, inspect, then sign in to test

01Search/filter

02Inspect trust

03Sign in

04Add to project

05Run gated test

Listing -> public inspection -> sign-in -> project install -> governed runtime test -> logs and cost follow-up

Start in marketplace

Publisher / Skill Author

Upload, submit, prepare paid-readiness metadata, and improve

01Paste manifest

02Save draft

03Submit version

04Repair checks

05Prepare paid metadata

Draft -> exact version review -> checks -> paid-readiness metadata -> feedback and future paid-marketplace readiness

Start publishing

Review / Finance / Superadmin

Review, govern, and launch operations

01Triage review priority

02Govern risk

03Review prelaunch paid-state

04Deliver notifications

05Audit launch

Review queue -> trust action -> incident -> prelaunch paid-marketplace state -> launch readiness and audit

Read operating reference

Reference domains

Each domain must give the user a reason to come back: developers return to manage safer runtime, publishers return to fix reviews, address buyer demand, and prepare paid metadata, admins return to govern real operations.

Registry and marketplace

SkillHub skills are versioned contracts. Public discovery should prioritize approved versions and never silently replace installed behavior.

draft -> submitted -> in_review -> verified/rejected
Verified and installed versions are immutable
Similar and alternative skill paths

Runtime gateway

Whether the agent uses REST, MCP, SDK, or the console test, runtime invocation follows the same governance path.

Project API key
Install and policy checks
Budget, rate-limit, subscription, logs, and metering

Review and trust

Publishers need a precise repair loop, not vague rejection reasons. Automated checks must carry blocker, field, category, and next step.

Manifest/runtime/example/security checks
3-business-day review SLA
Review notes and audit trail

Future paid-marketplace ledger model

In developer preview, usage does not directly pay publishers. Billable usage and subscription cycles only generate immutable commercial records after paid-marketplace launch gates pass.

Transaction -> split -> balance
Refunds and disputes generate adjustment records
Future payout reviews will reserve qualifying balances

Notifications and webhooks

In-app notifications, email rows, and webhook outbox must stay separate; personal preferences must not suppress org-level webhook delivery.

Template-rendered delivery
Retry and provider metadata
Signed webhook fan-out

Operating reference

Admins need one console view of non-leaking launch readiness, identity, review, risk, finance, payouts, delivery, webhooks, and audit.

Launch confidence threshold
Migration and schema visibility
Privileged decisions require reason field

Required before review

Manifest quality gate

Identityname, displayName, version, category, tags, changelog, support path

RuntimeHTTP, MCP, or sandboxed local execution with entrypoint and transport posture

SchemainputSchema, outputSchema, examples, required fields, and typed results

Permissionsnetwork, browser, filesystem, secrets, sensitive data, destructive, or payment flows

Paid previewpricing intent, paid blocker, publisher profile, terms acceptance, finance review metadata

Trustreview status, automated checks, incidents, feedback, deprecation, replacement advisory

skillhub.jsonschema v0.1

{
  "schemaVersion": "0.1",
  "name": "support-triage",
  "displayName": "Support Triage",
  "version": "0.1.0",
  "runtime": {
    "type": "http",
    "entrypoint": "https://api.example.com/skill"
  },
  "permissions": {
    "network": false,
    "browser": false,
    "filesystem": "none",
    "secrets": []
  },
  "inputSchema": { "type": "object" },
  "outputSchema": { "type": "object" }
}

Runtime governance path

MCP tools/call and REST runtime invoke must reuse the same governance path. The console test exists to prove this path works before an agent runs autonomously.

01Validate project key

02Resolve installed skill and pinned version

03Check policy, approval, budget, rate-limit, and subscription

04Invoke runtime and log invocation

05When billable, write usage or subscription ledger state

runtime.shgoverned invoke

curl -X POST "$SKILLHUB_API_URL/v1/runtime/invoke" \
  -H "Authorization: Bearer $SKILLHUB_PROJECT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "skillSlug": "support-triage",
    "input": { "ticket": "Customer cannot connect OAuth" }
  }'

API

API map for Developer Preview surfaces

These groups are the public and sign-in gated API surfaces that make the Developer Preview operational. Final payment capture and automated payouts stay deferred; paid-marketplace money movement remains an operating reference, not an anonymous public action.

Marketplace

Public discovery, skill detail, publisher trust, and marketplace recommendation inputs.

GET /v1/skills/searchGET /v1/skills/:slugGET /v1/publishersGET /v1/publishers/:slug

Publisher

Organization-scoped publishing, version creation, exact-version submission, and pricing readiness.

POST /v1/skillsPOST /v1/publisher/skills/:slug/versionsPOST /v1/publisher/skills/:slug/versions/:version/submitPOST /v1/prices

Developer

Project install state, saved skills, policy approval, keys, runtime tests, invoices, and updates.

GET /v1/developer/projectsPOST /v1/projects/:projectId/installed-skillsPOST /v1/projects/:projectId/api-keysPOST /v1/projects/:projectId/runtime-test

Admin

Review, trust, incidents, launch readiness, finance, payouts, notifications, webhook outbox, and audit.

GET /v1/admin/reviewsGET /v1/admin/launch-readinessGET /v1/admin/payoutsGET /v1/admin/audit-logs

Shared state language

These names must stay consistent across marketplace cards, skill detail, publish prechecks, project policy, publisher workbench, admin review, finance, and launch readiness.

Skill lifecycle

Skill version publication and review status.

draftsubmittedin_reviewverifiedrejecteddeprecatedsuspended

Runtime checks

Automated evidence state for review and repair loops.

queuedrunningpassedwarningfailed

Paid-preview balances

Prelaunch paid-marketplace readiness and money-state model.

pendingavailablelockedpaidfailedblockedreversed

Delivery

Notification and webhook delivery state before provider integrations are final.

queuedpendingprocessingsentskippedfailedretry_ready

Launch and operating guardrails

Payment capture, payout provider automation, tax/KYC automation, final legal terms, and final email delivery provider are last-mile items; paid-marketplace money movement is currently a prelaunch operating reference only.

Operating terms Agent integration

Launch readiness must run before any customer demo or public go-live.

Demo fallback is off in production by default unless controlled demo is explicitly enabled.

Prefer username/password entry first; Google and GitHub become real login after OAuth credentials and callback URLs are configured.

Resolve notification templates, migrations, runtime key salt, commission rules, and payout state blockers before paid go-live.

Never expose OAuth secrets, email provider keys, service tokens, API salt, webhook secrets, verification codes, user tokens, or passwords.

Ready to get started?

Browse available skills in the registry or publish your own.

Browse registry Publish a skill