github numman-ali/openskills v1.3.0
v1.3.0 - CI/CD, Local Development & Security
on GitHub

latest releases: v1.5.0, v1.4.0, v1.3.2...
one month ago

What's New in v1.3.0

This release focuses on making OpenSkills more useful for CI/CD pipelines, local skill development, and improving security.

Highlights

  • Install from anywhere - Local paths, private git repos, or any GitHub repo
  • Sync to any file - New --output flag for custom output paths
  • Fully non-interactive - --yes flag now skips all prompts for CI/CD
  • Symlink support - Develop skills locally with symlinks
  • Security hardening - Path traversal protection and safe symlink handling

New Features

🔗 Symlink Support (#3)

Skills can now be symlinked into the skills directory. This enables:

  • Git-based skill updates (clone repo, symlink skills)
  • Local development workflows
  • Sharing skills across multiple projects 
ln -s ~/dev/my-skills/custom-skill .claude/skills/custom-skill
openskills list  # Shows custom-skill

📁 Configurable Output Path (#5)

New --output / -o flag for the sync command: 

openskills sync --output .ruler/AGENTS.md
openskills sync -o custom-rules.md
  • Auto-creates the file with a heading if it doesn't exist
  • Auto-creates nested directories if needed
  • Works with any .md file

📂 Local Path Installation (#10)

Install skills from your local filesystem: 

openskills install /path/to/skill
openskills install ./local-skills/my-skill
openskills install ~/my-skills/custom-skill

🔐 Private Git Repository Support (#10)

Install from private repositories using SSH: 

openskills install git@github.com:your-org/private-skills.git
openskills install https://gitlab.com/group/skills.git

🤖 Fully Non-Interactive Mode (#6)

The --yes flag now skips all prompts, including overwrites: 

openskills install anthropics/skills -y  # Overwrites existing without prompting
openskills sync -y                        # Non-interactive sync

Perfect for CI/CD pipelines and automation scripts.

Security Improvements

  • Path traversal protection - Validates installation paths stay within target directory
  • Symlink dereference - cpSync uses dereference: true to safely copy symlink targets
  • Non-greedy YAML regex - Prevents potential ReDoS in frontmatter parsing

Test Coverage

Added 77 new tests across 5 test files (88 total):

Test File Tests Coverage
tests/utils/skills.test.ts 13 Symlink detection, deduplication
tests/commands/install.test.ts 27 Local paths, git URLs, security
tests/commands/sync.test.ts 17 XML generation, --output flag
tests/integration/e2e.test.ts 16 Full CLI workflows
tests/utils/yaml.test.ts 10 YAML parsing, regex security

Upgrading

npm update -g openskills
# or
npm install -g openskills@1.3.0

Full Changelog: v1.2.1...v1.3.0

Check out latest releases or
releases around numman-ali/openskills v1.3.0

Don't miss a new openskills release

NewReleases is sending notifications on new releases.

Get notifications