# SuperSkill > Community hub for reusable AI-agent resources: skills, plugins, workflows, MCP servers, runtimes, guides, directories, and native harness-format packages. Search resources, open upstream sources, and pull native harness packages when a resource is actually packaged as one. SuperSkill is built for agents as much as for humans. Everything below works without a browser. Reads are anonymous; managed actions use the existing confirmed account and workspace identity. Repo guidance: https://superskill.sh/AGENTS.md ## HTTP API Base URL: https://superskill.sh/api OpenAPI: https://superskill.sh/api/openapi.json MCP Registry metadata: https://superskill.sh/server.json OAuth protected-resource metadata: https://superskill.sh/.well-known/oauth-protected-resource Universal install link to paste into Codex or Claude Code: https://superskill.sh/api/superskill/install Crawler-visible share links use website paths instead of hash routes: `/r/{base64url-resource-id}` for the current public resource, `/r/{base64url-resource-id}/{version}` for an exact release, `/c/{capability-id}` for a managed skill, and `/w/{invite-id}#invite={raw-code}` for a private workspace invitation. Matching PNG cards are under `/og/r/*`, `/og/c/*`, and `/og/w/*`. Workspace invite secrets always remain after `#` and are never sent to preview endpoints. SuperSkill does not advertise a vanity OAuth authorization server. The project-local `superskill_local` MCP owns interactive account authorization: the first protected action opens the SuperSkill Connect page, waits for explicit browser approval, and retries the same idempotent action in the same client task. Access credentials stay only in local process memory; a rotating refresh credential may be kept only in the OS credential store for at most 30 days. This broker is not OAuth, and `/.well-known/oauth-authorization-server` intentionally returns 404 until a separate protected MCP endpoint passes complete standards-valid Codex and Claude verification. ## SuperSkill internal alpha Human-readable SuperSkill docs: https://superskill.sh/#/superskill/docs Agent-facing browser guide: https://superskill.sh/#/superskill/agent-guide - Public showroom: GET /showroom/capabilities and GET /showroom/capabilities/{id}. These are cached public-safe projections only; they never accept task text or return archive/activation controls. - Public selected shelf: GET /showroom/selected returns current intake candidates labelled `selected_unreviewed`. These cards fill discovery only and cannot be used as approval, recommendation or managed activation evidence. - Managed recommendation, exact release/archive, hosted publish, workspace and managed-event routes accept a scoped agent session resolved to the confirmed Supabase user. New plugin config never inherits environment credentials; never put credentials or connect proofs in a manifest, tool argument/result, prompt, URL query, log, analytics event or browser storage. `HH_TOKEN` remains non-interactive/paid compatibility only. - The checked-in managed catalog currently has 12 exact candidates and zero approved releases. The approved lane and managed recommendation remain empty/no-match until real Claude Code, Codex, and human review evidence exists; the selected shelf is discovery-only. - `onlyharness@0.2.14` is published but known-bad for one-link because its exact-version npm metadata request is rejected. - Current public transition hotfix `onlyharness@0.3.1` is pinned to official npm integrity after publication. It keeps the local browser-auth broker, binds hosted skills to immutable release tuples, and adds anonymous native-harness installation bound to exact version, digest, complete snapshot and passing static scan. `0.3.0` is the previous transition release. `0.2.18` is a known-bad one-link release with a stale universal-skill digest; do not substitute `latest`, a remote script pipe, or an unscoped `superskill` npm package. - Approved current releases use one canonical URL: `https://superskill.sh/api/superskill/install/{capability-id}/{version}/{sha256-hex}`. It returns a signed-by-digest JSON contract, not executable script. Local install selects exactly one detected Codex/Claude client or fails closed; installation never implies activation. - SuperSkill Daylight is the locked human-facing surface on `superskill.sh` and `www.superskill.sh`; legacy skins are compatibility-only and cannot be selected on those hosts. - Health check: GET /healthz - Search the registry: GET /registry?q={terms}&job={job}&sort={trending|stars|forks|threads|new} Multi-word queries AND-match against name, title, summary, job and tags. `outcome` remains a legacy alias for the job filter. Response: { items: [{ owner, name, title, summary, tags, job, outcome, runtime, stars, forks, threads, runs, installConfirms, signalCount, heatQualified, heat, evalScore, evalStatus, riskScore, riskTier, contextCost, badge, cliCommand, updatedAt }] } - Search mixed resources: GET /resources?q={terms}&type={skill|plugin|workflow|mcp_server|harness|directory}&sort={popular|github-stars|new|source-checked|onlyharness} Response: { resources, counts }. Resources include source provenance, optional SuperSkill-hosted archive/mirror metadata, GitHub stars snapshot/current fields, sourceCheckedAt, sourceCheckStatus, raw installability/availability state, licenseStatus and actions. Source checked is not Verified install. - Resource detail: GET /resources/{url-encoded-id} Example id: `github:obra/superpowers` must be requested as `/resources/github%3Aobra%2Fsuperpowers`. - Resource archive: GET /resources/{url-encoded-id}/archive Returns a tar.gz hosted by SuperSkill when the resource has been materialized into SuperSkill storage. It must not redirect clients to GitHub. - Harness detail: GET /repos/{owner}/{name}/harness Returns the manifest (agents, workflow stages, tools, permissions, quality_gates), README, example input/output, eval results, risk report, contextCost, file list, versions[] archive history and prReview. Registry/detail never expose server filesystem paths; forgeUrl is present only for public forge/upstream URLs. prReview.source=local-demo means generated preview, not an open forge PR. - Download files: GET /repos/{owner}/{name}/archive?version={optional semver} Response: { owner, repo, version, snapshot, files: [{ path, content, truncated }] } — write the files to disk to get a runnable harness directory. Treat snapshot:true as immutable; snapshot:false is the current live manifest row. Paid harnesses return HTTP 402 with { code: "PAYMENT_REQUIRED", checkout_url, pricing, payments_enabled, x402, next }. Retry with Authorization: Bearer {HH_TOKEN} after entitlement. If x402.enabled=true, the response also includes a base64 JSON PAYMENT-REQUIRED header; `hh install --pay` or `hh pull --pay` signs with HH_WALLET_KEY/EVM_PRIVATE_KEY and enforces HH_MAX_PAY_USD before retrying. The API returns archive files only after facilitator verify/settle succeeds via X402_FACILITATOR_URL. Directory shelf entries use owner `directories` and manifest content.type=directory. They are link-only discovery indexes: search results expose `open `, and archive returns HTTP 409 { code: "DIRECTORY_LINK_ONLY", url, next } instead of files. - Create local remix draft: POST /repos/{owner}/{name}/remixes Auth required. Body { name?, title?, summary?, sourceVersion? }. Creates only a free unverified `local/{name}` copy from archive files, strips `.harnesshub/*`, records a privacy-safe `applied` event with target `server-remix`, and records a source -> fork graph edge. Paid, org/private, directory, link-only and `UNSPECIFIED` license sources fail closed. Copied fallback recipes do not count as forks. - Security report: GET /repos/{owner}/{name}/security-report Read before installing/applying when detail.security is missing or failing; plugin/autopilot flows must not bypass a failed report. - Stars: POST /repos/{owner}/{name}/star Auth required. Body { starred?: boolean }. Records or removes the caller's star through the API so browser and agent clients share one heat-signal path. - Thread: GET /repos/{owner}/{name}/thread and POST /repos/{owner}/{name}/thread POST auth required. Body { kind, body }, where kind is question, recipe, result, proposal, or bug/risk. - Forge PR semantic diff: GET /prs/{owner}/{name}/{number}/semantic-diff Org visibility is enforced, but real forge PR diffing is not connected yet. The endpoint returns 501 PR_SEMANTIC_DIFF_NOT_AVAILABLE with a local-demo preview and next steps; use detail.prReview only as a maintainer-review shape preview. - Checkout: POST /billing/checkout Auth required. Body { owner, repo, version?, ref? }. Requires PAYMENTS_ENABLED=true and creates a pending manual checkout session for paid harnesses. Only PAYMENT_PROVIDER unset/manual is supported; other provider config fails closed before purchase creation. Checkout URLs land on /checkout. If provider_ref is absent, the web UI only prompts the buyer to log on and create a manual checkout session. If provider_ref is present, it shows pending manual handoff state. The page never grants entitlement. - Receipt: GET /billing/receipt?provider_ref={ref} Auth required. Returns the caller's own pending/paid purchase status, amount, harness ref and entitlement flag. Read-only only: this endpoint must not settle payments or grant access. - Gate receipt verification: POST /receipts Body is the JSON written by `hh gate --receipt`. Verifies the ed25519 signature over harness ref, version, resultsHash, verdict and timestamp. Side-effect-free: does not store prompts, local paths, payments or entitlements. - Gate escrow settle: POST /billing/escrow/receipt Auth required. Body { provider_ref, receipt }. For `pricing.model=gate_escrow`, captures a reserved purchase when the signed receipt verdict is passed, refunds when it is failed. POST /receipts remains read-only. - Gate escrow timeout: POST /billing/escrow/timeout Auth required. Body { provider_ref }. Refunds only after the 72h receipt window expires. - Bounties: GET /bounties, POST /bounties, POST /bounties/{id}/claim, POST /bounties/{id}/deliver, POST /bounties/{id}/accept Auth required except list. Local bounty state is work-state only: open -> claimed -> delivered -> paid. Delivery and acceptance require a signed passing `hh gate --receipt`; accept also requires a matching reserved/captured `gate_escrow` purchase with the same target, amount and currency. The API blocks escrow reuse and marks paid only after capture. - Hosted execution: not live. `hh run` is local sample preview only and never proves gate success; HTTP/MCP archive routes deliver files and do not execute author code server-side. `pricing.model=per_call` returns 409 `HOSTED_EXECUTION_NOT_AVAILABLE`; do not use it as a live payment path yet. - Entitlement check: GET /entitlements/check?subject=user:{id}&harness={owner}/{name}&version={optional semver} Bot-facing read-only decision. Requires ORGS_ENABLED=true and Authorization: Bearer {org token with entitlements:read}. Response includes { entitled, status } and never returns archive files. - Community invite code: POST /community/invite-code Auth required. Body { harness: "owner/name", version?, ttl_seconds? }. The API checks the authenticated user's entitlement live, then returns a short-lived signed code. Requires COMMUNITY_INVITE_SECRET. - Community code verify: POST /community/verify-code Bot-facing decision. Requires ORGS_ENABLED=true and Authorization: Bearer {org token with entitlements:read}. Body { code }. The API HMAC/TTL-checks the code, re-checks entitlement live and returns { allowed, status }; bots should grant Discord/Telegram access only when allowed=true. - Payment webhook: POST /webhooks/payments Internal only. Requires x-harness-token matching HARNESS_WEBHOOK_TOKEN; marks a manual purchase paid and grants entitlement idempotently. - Storefront profile: PUT /me/storefront and GET /me/storefront Auth required. Body { handle, display_name?, bio? }. Creates a safe public creator handle and referral_code; email is not exposed. - Public storefront: GET /storefront/{handle} Returns { profile, referralCode, items }. Use referralCode as checkout ref for creator attribution. - Org setup bundle: GET /orgs/{slug}/bundle Requires ORGS_ENABLED=true and Authorization: Bearer {org token}. Response: { organization, bundle: { version, harnesses, configs } }. Use `HH_ORG_TOKEN=... hh setup @slug` instead of hand-writing files. - Org workspace: GET /orgs/{slug}/workspace Requires ORGS_ENABLED=true and Authorization: Bearer {org token}. Response: { organization, items, permissions, audit }. The audit rows are sanitized and permissions include riskMarkdown for the highest-risk org harness. - Workspace create: POST /workspaces Requires WORKSPACES_ENABLED=true and a confirmed signed-in account. Body: { slug, name, type?, visibility? }. Atomically creates or replays the caller-owned workspace, owner membership, invite policy and default approved collection. Another owner's slug returns 409. - Workspace catalog: GET /workspaces/{slug}/workspace Requires WORKSPACES_ENABLED=true and either Authorization: Bearer {workspace token} or an active signed-in workspace member session. Response: { workspace, resources, items, joinPolicies, permissions, audit }. Use `HH_WORKSPACE_TOKEN=... hh resources search --workspace slug` for private workspace resources. CLI remains token-based; legacy org tokens are accepted as a migration fallback. - Workspace setup bundle: GET/PUT /workspaces/{slug}/setup-bundle GET requires workspace setup access and returns { workspace, bundle, next }. Use `HH_WORKSPACE_TOKEN=... hh workspace setup slug --target claude-code --json`. Setup installs workspace-hosted packages and writes instructions for approved public resources; it must not invent workspace archives for public listings that are only approved by the workspace. PUT stores bounded config snippets and requires publish/collection-write access. - Workspace members and invites: GET/POST /workspaces/{slug}/members, DELETE /workspaces/{slug}/members/{userId}, POST /workspaces/{slug}/invites, POST /workspaces/{slug}/join Manage workspace access. Member and invite writes require `member:write`, `invite:write`, `workspace:admin`, or matching admin membership. Invite raw codes are returned once and stored only as hashes. The SuperSkill web UI can copy a bounded fragment-only invite link; the fragment is not sent in HTTP requests. - Workspace join gates: GET/PUT /workspaces/{slug}/join-policies, POST /workspaces/{slug}/join-code, POST /workspaces/{slug}/join-code/verify, POST /workspaces/{slug}/join-grants Join policies cover invite, email domain, Telegram, Discord, entitlement and disabled future paid-subscription gates. A signed-in user mints a short-lived `ohwj_` code with `/join-code`. Bots verify it read-only with `gate:verify`; only `/join-grants` creates membership after the external Telegram/Discord/entitlement check passes. Active `paid_subscription` policies fail closed until subscription lifecycle is implemented. - Workspace resources: GET /workspaces/{slug}/resources, GET /workspaces/{slug}/resources/{id}, GET /workspaces/{slug}/resources/{id}/archive Search, inspect, and download workspace-hosted resource packages. Resource refs are `@workspace/name`; archives are served from SuperSkill workspace archive storage and never redirect to upstream GitHub. - Workspace resource package publish: POST /workspaces/{slug}/imports/resource-package Requires WORKSPACES_ENABLED=true and a workspace token with publish scope. Use `HH_WORKSPACE_TOKEN=... hh publish-resource --workspace slug --name my-agent-tool --type command_pack`. This is the full-package path for private skills/plugins/workflows/MCP servers/commands/scripts/docs/source bundles; it is not the markdown scaffold path and does not grant a Verified harness badge. - Org publish: POST /orgs/{slug}/imports/markdown-to-harness Requires ORGS_ENABLED=true and an org token with publish scope. Use `HH_ORG_TOKEN=... hh publish workflow.md --org slug --name team-workflow`. The generated harness is `visibility: org` and archive/detail require an org token. - Org verified publish: POST /orgs/{slug}/imports/harness-dir Requires ORGS_ENABLED=true and an org token with publish scope. Use `HH_ORG_TOKEN=... hh eval && hh gate --dir && hh publish --org slug --name team-harness`. The server rechecks schema, security, eval and gate, then stores the harness as `visibility: org`. - Org repo sync: `HH_ORG_TOKEN=... hh sync --org slug` First version clones or scans a repo, imports markdown skills/runbooks/prompts through the org publish endpoint, and prints a report. It does not install webhooks. - Events: POST /events Body may include { kind, owner, repo, version, target, client }. The API stores only whitelisted fields; do not send prompts, paths or credentials. Managed lifecycle kinds re-check the confirmed/granted SuperSkill principal on every request. An exact eventId replay is idempotent; reusing an eventId with a different subject or payload returns `EVENT_CONFLICT`. `kind=install&client=claude-code` with an authenticated subject contributes to the "works in Claude Code: N confirms" badge. `kind=eval|gate&target=passed&client=hh` contributes to verification.lastVerifiedAt in harness detail. Passed `gate` events also count as registry `runs`; `hh run` sample preview does not. `kind=suggested|accepted|applied&client=hh` records CLI autopilot funnel usage without prompts or local paths. `accepted` means the user chose `--apply`; `applied` is recorded only after local files are written. - Leaderboard: GET /leaderboard?limit=10 Returns only heatQualified items. Cold harnesses stay out of Top 10 until enough real social signals or a verified install confirm exists. - Publish (auth required): POST /imports/markdown-to-harness JSON body { name, markdown }, header Authorization: Bearer {access token from a superskill.sh account}. This creates a small markdown-derived scaffold, not a full copied GitHub repo. - Verified publish (auth required): POST /imports/harness-dir Use `hh eval && hh gate --dir && hh publish --name my-harness`, or `hh publish --path harnesses/my-harness --name my-harness` for a git repo. The CLI/server accepts bounded native package files, including `scripts/`, plus `.harnesshub/results.json`, then rechecks schema, security, eval, and gate before showing verification.lastVerifiedAt. - Resource package publish (auth required): POST /imports/resource-package Production publishing is enabled. The request requires a confirmed in-policy SuperSkill user, immutable semantic `version`, and a 16-200 character `idempotencyKey`. Accepted responses bind `resourceId`, version, archive digest/size, replay state, exact static-v2 `pass`/`warn` state and trust=`unreviewed`; static pass does not infer runtime risk, so risk stays `UNKNOWN`. Interactive agents use `superskill_local.publish_resource_package`; the broker obtains the minimum scope in the browser and automatically retries the exact idempotent call. A failed scan returns sanitized rule/file identifiers and is rejected before any archive, catalog or event mutation. Publishing does not grant a Verified or reviewed badge. - Exact hosted resource release: GET /resources/{id}/releases/{version}/archive Returns only the active immutable release matching the exact semantic version and durable digest/size metadata. The unversioned `/resources/{id}/archive` route remains a latest-version compatibility alias. - GitHub resource classify: POST /imports/github-resource Body { url, path?, action:"classify" }. Read-only. Uses GitHub API with host allowlist, redirect blocking, path traversal checks, symlink/special-file blocking and response/decompression limits. Upstream listing is allowed; use `hh publish-resource` for an explicit hosted package upload when license and ownership allow it. End-to-end example: curl -s 'https://superskill.sh/api/registry?q=market%20research' curl -s 'https://superskill.sh/api/resources?q=superpowers' curl -s 'https://superskill.sh/api/repos/harnesses/deep-market-researcher/archive' ## MCP Endpoint: https://superskill.sh/mcp Transport: Streamable HTTP. Public reads are anonymous. Interactive publishing and workspace operations use the project-local `superskill_local` broker so credentials never enter chat or project configuration. Official compatibility MCP Registry name: `com.onlyharness/registry`. The public `server.json` is remote-only and points at the canonical SuperSkill Streamable HTTP endpoint. The old coordinate is retained for installed-client compatibility. Tools: - search_harnesses: search registry items by task/job/tag, including contextCost estimates. - harness_detail: inspect manifest, trust signals, contextCost, examples, files and read-only access/payment summary. - pull_instructions: return CLI/archive commands plus entitlement-aware payment state and contextCost for a harness. - pull_harness: return archive files; paid harnesses return payment requirements unless Bearer token is entitled. - search_resources: search the mixed source-aware resource catalog. - resource_detail: return provenance, trust, popularity and actions for one resource. - resource_use_instructions: return safe use/open/install guidance; hosted skills expose an exact version/digest install command, native public harnesses expose the same digest-bound tuple through `pull_instructions`, and upstream-only resources stay open-only. - search_docs: search this llms.txt and agent guidance. - publish_markdown_to_harness: transition compatibility tool; new interactive clients call the same protected operation through `superskill_local`. - publish_resource_package: transition compatibility tool; new interactive clients call the same protected operation through `superskill_local` with semantic `version` and `idempotencyKey`; it is not a Verified harness badge. This ten-tool inventory is exact for remote MCP v0.3.1. Every successful tool result includes `structuredContent` with `code: OK` and numeric `status`. Logical failures set `isError: true` and return a stable machine code such as `AUTH_REQUIRED`, `AUTH_INVALID`, `RESOURCE_NOT_FOUND`, `ARCHIVE_STORAGE_UNAVAILABLE`, `PAYMENT_REQUIRED`, or `HOSTED_EXECUTION_NOT_AVAILABLE`; `PUBLISH_DISABLED` remains a fail-closed configuration error, not the normal production publish state. JSON-RPC transport failures use the JSON-RPC `error` envelope instead. Error results never include authorization values, local server paths, stacks, or raw provider diagnostics; successful archive delivery preserves exact package file contents. Initialize example: curl -s -X POST https://superskill.sh/mcp \ -H 'Content-Type: application/json' \ -H 'Accept: application/json, text/event-stream' \ -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-06-18","capabilities":{},"clientInfo":{"name":"curl","version":"0"}}}' ## CLI (hh) The npm CLI is published, so agents can run native harness workflows and mixed resource catalog commands without cloning the repo: npx onlyharness search market research npx onlyharness suggest market research --json npx onlyharness resources search superpowers --json npx onlyharness resources detail github:obra/superpowers --json npx onlyharness resources open github:obra/superpowers --json npx --yes onlyharness@0.3.1 resources install onlyharness:packages/my-skill --version 0.1.0 --digest sha256:<64-hex-digest> --target codex --allow-unreviewed --json npx onlyharness suggest market research --apply --out suggested-deep-market-researcher --json npx onlyharness suggest market research --apply --target claude-code --out suggested-deep-market-researcher --adapter-out .claude/skills/deep-market-researcher --json npx --yes onlyharness@0.3.1 resources install onlyharness:harnesses/deep-market-researcher --version 0.2.1 --digest sha256: --target claude-code --json npx onlyharness mcp-config deep-market-researcher --target claude-desktop --json npx onlyharness run deep-market-researcher npm i -g onlyharness # installs the hh command Resource catalog commands are live through npm, MCP and HTTP. MCP tools are `search_resources`, `resource_detail` and `resource_use_instructions`; HTTP paths are `/resources` and `/resources/{id}`. For local development from the repo: npm install npm run build -w onlyharness node packages/harness-cli/dist/hh.mjs - hh search {terms} find harnesses (--json for machine-readable output) - hh resources search {terms} --json search all resources, including skills/plugins/workflows/MCP servers - hh resources detail github:obra/superpowers --json - hh resources open github:obra/superpowers - hh resources install onlyharness:packages/{name} --version --digest sha256: --target codex|claude-code --allow-unreviewed --json install an exact immutable hosted skill after explicit review and consent - hh resources install onlyharness:{owner}/{name} --version --digest sha256: --target codex|claude-code --json install a public native harness only from the exact scan-bound tuple returned by detail/pull instructions Opens the SuperSkill resource page first; upstream GitHub stays attribution/source, not the primary use path. - hh resources import https://github.com/acme/agent-skills --json classify before adding/listing a GitHub resource - hh suggest {terms} return ranked candidates with trust fields plus selected detail trust summary; use --pick {rank}; --apply installs through the pull archive path - hh suggest {terms} --apply --target cli|claude-code|codex|cursor run the target adapter install path before recording applied - hh install {owner}/{name} --target cli|claude-code|codex|cursor primary install path; pulls files, optionally writes adapter files, then records a privacy-safe install event - hh pull {owner}/{name} download a harness into ./{name}; sends HH_TOKEN when set - hh pull {owner}/{name} --version request that registry version and write it to .harnesshub/source.json; archive snapshot:true is immutable, snapshot:false is the live current row - hh adapt [dir] --target claude-code|codex|cursor generate local adapter instruction files - hh mcp-config [dir] --target claude-desktop|claude-code|cursor generate package-backed MCP client JSON - hh install {owner}/{name} --pay pay an x402-enabled 402 with HH_WALLET_KEY/EVM_PRIVATE_KEY, capped by HH_MAX_PAY_USD - hh install {owner}/{name} --version install a specific registry version through the same payment/entitlement path; require snapshot:true when immutability matters - hh pull {owner}/{name} --pay low-level archive download with the same x402 payment behavior - hh install @org/{name} download an org-private harness; sends HH_ORG_TOKEN when set - hh pull @org/{name} low-level org-private archive download; sends HH_ORG_TOKEN when set - hh run [dir] run the bundled example locally (sample preview only: no LLM calls, no credentials, no gate claim) - hh eval [dir] score the eval cases; writes .harnesshub/results.json - hh gate --dir [dir] enforce the manifest quality gates - hh gate --dir [dir] --receipt write a signed gate receipt for POST /receipts verification - hh audit-setup audit local ~/.claude and ./.claude skills for context cost, stale triggers and overlapping descriptions - hh benchmark run a local category benchmark across candidate and analog harness paths using declared eval case scores. Suites live in `benchmarks/`; smoke runs every YAML suite. - hh extract create a private harness.v0.2 scaffold from a local skill, with candidate depends_on and redacted markdown source - hh setup @org install a token-gated team bundle; uses HH_ORG_TOKEN and writes managed setup metadata - hh publish --org publish markdown into an org-private namespace; uses HH_ORG_TOKEN - hh publish-resource --name --type publish a hosted resource package; accepts safe bounded text files under scripts, commands, tools, workflows, mcp, plugins, docs, src/lib and agent directories - hh publish-resource --workspace --name --type publish a private workspace-hosted resource package; uses HH_WORKSPACE_TOKEN, falling back to HH_ORG_TOKEN during migration - hh workspace setup --target claude-code install a workspace setup bundle locally; installs only workspace-hosted packages and writes instructions for approved public resources - hh resources search --workspace search private workspace resources; uses HH_WORKSPACE_TOKEN - hh resources detail @slug/name inspect private workspace resource detail; uses HH_WORKSPACE_TOKEN - hh validate [dir] schema and permission checks (--strict fails on warnings) - hh doctor --harness [dir] inspect registry connectivity and a local harness - hh pin [dir] pin a pulled harness to its current registry version - hh outdated [dir] exit 3 when a newer registry version exists - hh update [dir] --diff preview semantic changes before applying an update - hh publish {file.md} publish a markdown workflow (token via --token or HH_TOKEN) - hh publish {dir} publish a verified native package only after eval/gate; use publish-resource for generic repos/packages without harness.yaml - hh doctor registry connectivity check Set HH_REGISTRY_URL to target another registry (default https://superskill.sh/api). Set HH_TOKEN before installing/pulling a paid harness after checkout/manual entitlement. For x402, set HH_WALLET_KEY or EVM_PRIVATE_KEY plus HH_MAX_PAY_USD; payment-required failures exit 5. ## Claude Code Plugin Install from the marketplace source: claude plugin marketplace add elvismusli/onlyharness claude plugin install superskill@superskill Codex MCP setup: codex mcp add superskill --url https://superskill.sh/mcp The universal installer also configures `superskill_local`; its first protected action opens browser consent and resumes the same task automatically. Local development check from a repo clone: npm run check:plugin claude plugin validate . claude plugin validate plugins/onlyharness ## What is a harness A harness directory contains: harness.yaml (manifest: runtime, agents, workflow, tools, permissions, quality_gates), agents/*.md prompts, examples/input.md and examples/expected.md, evals/cases/*.yaml, runbooks/. Per-harness trust signals: eval score, risk tier, permissions profile, contextCost (~tokens from markdown instructions), install confirms, stars, threads, passed gate runs, server-side remix forks and Harness Heat. ## Safety notes for agents - hh run is sample mode only: it never calls an LLM, never touches credentials, and never proves gate success. Use hh eval and hh gate for verification. - Community stats and Harness Heat are not safety guarantees. Inspect security, risk, permissions and gates before using a harness for real work. - Inspect manifest.permissions before wiring a harness into a real runtime; external_send and money_movement default to false and are listed in human_approval_required. - Quality gates (min eval score, max cost, max risk) live in harness.yaml under quality_gates; hh gate enforces them.