Skip to content
Tank
13
Get Started
Open Source · MIT Licensed

The Package Manager
for AI Agent Skills

Integrity verification, permission budgets, and 6-stage security scanning. What npm did for JavaScript, Tank does for agent skills.

$curl -fsSL https://tankpkg.dev/install | sh
View Docs·Browse Skills·Star on GitHub (13)

Works with

Claude Code
Cursor
GitHub Copilot
Codex
Windsurf

Why Tank Exists

Agent skills today have zero security infrastructure.

Today's Reality

No versioning

Skills update silently. No lockfiles, no pinning, no rollback. What you installed yesterday might be different today.

No permissions

Every skill runs with the agent's full access — files, API keys, shell commands. No sandboxing, no boundaries.

No scanning

341 malicious skills (12% of a major marketplace) went undetected. ClawHavoc shipped credential-stealing malware.

With Tank

Locked versions + integrity

SHA-512 hashes pin every skill. Tampered content fails on install. Enforced semver with permission escalation detection.

Permission budgets

Declare network, filesystem, and subprocess limits. Skills that exceed the budget are rejected before they run.

6-stage security pipeline

Every skill is scanned at publish time: ingestion, validation, static analysis, injection detection, secrets scanning, dependency audit.

Self-host for your organization

Run your own registry internally. Keep skills in your network with the same security guarantees.

How Tank Works

Three steps from install to verified.

1

Publish with scanning

Every skill passes through a 6-stage security pipeline. Malware, secrets, and permission escalation are caught at publish time.

2

Install with integrity

Every skill is pinned with SHA-512 hashes. If the content changes after install, the next install fails. No silent tampering.

3

Run with permissions

Declare what your agent can do — network, filesystem, subprocess. Skills exceeding the budget are rejected before they run.

Declare what your agent is allowed to do

tank.json is like package.json — but with permissions.

tank.jsonverified
{
  "skills": {
    "@vercel/next-skill": "^2.1.0",
    "@community/seo-audit": "3.0.0"
  },
  "permissions": {
    "network": {
      "outbound": ["*.anthropic.com"]
    },
    "filesystem": {
      "read": ["./src/**"],
      "write": ["./output/**"]
    },
    "subprocess": false
  }
}

Built by the community

Thank you to everyone who has contributed.

View all contributorsBecome a contributor

Ready to secure your agent skills?

Tank is open source and free. Install with confidence.

Browse SkillsStar on GitHub (13)

Command Palette

Search skills, docs, and navigate Tank