{"id":"iflytek-skillhub","name":"skillhub","homepage":null,"repo_url":"https://github.com/iflytek/skillhub","category":"ai-ml","subcategories":[],"tags":["self-hosted","open-source","skill-registry","rbac","audit-logs","versioning","cli-first","rest-api","docker","kubernetes","java","postgresql","redis","s3-minio"],"what_it_does":"SkillHub is a self-hosted, open-source agent skill registry that lets organizations publish, version, govern, and distribute reusable “skill packages” within private namespaces. It provides a Web UI and CLI-first workflows plus a backend REST API, with RBAC and audit logging, and supports pluggable storage (filesystem, S3/MinIO).","use_cases":["Private, governed internal registry for agent/robot skill packages","Namespace-based discovery and installation of versioned skills (team/global scopes)","Enterprise publishing workflows with review, promotion gates, and audit logs","Integrating agent platforms/skill CLIs that can use a registry endpoint (e.g., OpenClaw/ClawHub-compatible)","Hosting behind a firewall with control over storage backends (local, S3/MinIO)"],"not_for":["Public untrusted multi-tenant deployments without strong operational hardening (networking, secrets, backups, patching)","If you need hosted SaaS with turnkey SLA/support (it’s self-hosted)","If you need real-time/streaming APIs (no indication of websockets/streaming)"],"best_when":"You need an on-prem registry with RBAC, auditability, versioning, and controlled distribution of reusable agent skills across teams.","avoid_when":"You cannot provide the required infrastructure (Docker/K8s, PostgreSQL/Redis, object storage) or you need a fully managed SaaS experience.","alternatives":["Other self-hosted artifact/registry patterns for skills (e.g., generic package registries plus custom governance)","Self-hosted package registries with custom packaging and policy layers","Cloud-hosted registries (if acceptable for your privacy/compliance needs)"],"af_score":50.0,"security_score":71.2,"reliability_score":30.0,"package_type":"skill","discovery_source":["openclaw"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:25:20.841927+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":true,"sdk_languages":["TypeScript (generated from OpenAPI for frontend client)"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["OAuth2 (referenced as OAuth identity merging)","API tokens (scoped tokens for CLI/programmatic access)","RBAC roles (Owner/Admin/Member) for namespaces"],"oauth":true,"scopes":true,"notes":"README mentions OAuth identity merging and scoped API tokens for CLI/programmatic access, plus RBAC with audit logging. Local development uses mock-auth via X-Mock-User-Id header; production auth details beyond tokens/OAuth are not fully specified in the provided text."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted open-source; no pricing or hosted tiers described."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":["Self-hosted/on-premises deployment (implied)"],"compliance":["Audit logs for governance/compliance (mentioned)"],"min_contract":null},"agent_readiness":{"af_score":50.0,"security_score":71.2,"reliability_score":30.0,"mcp_server_quality":0.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":70.0,"rate_limit_clarity":10.0,"tls_enforcement":80.0,"auth_strength":75.0,"scope_granularity":85.0,"dependency_hygiene":50.0,"secret_handling":60.0,"security_notes":"Security-relevant signals from README: HTTPS is implied for a production entrypoint; it includes RBAC, audit logs, scoped API tokens, and mention of password bootstrap defaults that must be changed/rotated. Explicit guidance on TLS enforcement, token hashing details, secure secret storage practices, rate limiting, and dependency vulnerability posture are not fully verifiable from the provided text.","uptime_documented":0.0,"version_stability":55.0,"breaking_changes_history":30.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"unknown","retry_guidance_documented":false,"known_agent_gotchas":["Local development uses mock auth via X-Mock-User-Id; agents should not assume this works in production.","Bootstrap admin exists by default in release template and local profile—agents should rotate/disable it before operating in real environments.","The README references OpenAPI contract sync and SDK regeneration; tooling drift can occur if clients/SDKs are not regenerated when contracts change."]}}