Skills Manager is built for teams that need isolation, approval, and control over what their AI agents can do. Security is structural, not an add-on.
Last updated: June 6, 2026
Every organization's data is isolated at the database row level using Supabase Row-Level Security (RLS). Queries are constrained to the caller's organization, so one tenant can never read or write another tenant's skills, grants, or tokens.
The credentials used to sync your private skill repositories are stored encrypted in Supabase Vault. Keys are never exposed in plaintext to the application layer beyond the moment they are needed to perform a Git pull.
Desktop clients (claude.ai, Claude Desktop) connect through a standards-based OAuth 2.1 custom connector with PKCE. There are no shared static secrets embedded in the client, and authorization is tied to the signed-in user.
CLI clients (Claude Code, Codex) authenticate with personal access tokens. A token can be scoped to a specific subset of skills, so an automated agent only ever gets the minimum access it needs — and tokens can be revoked at any time.
Your skills live in your own Git repositories. The hub publishes a curated view of them; it does not become a lock-in store. You always retain the canonical, version-controlled copy.
Skills are granted explicitly — org-wide, per team, or per person. Nothing is shared implicitly. Combined with scoped tokens, this gives you defense-in-depth control over what every agent and user can do.
The platform runs on Supabase (auth + Postgres) and Vercel (application hosting), benefiting from their managed security, patching, and network controls.