A lightweight AI Agent Skills secure engine built in Rust, featuring a built-in native system-level sandbox, zero dependencies, and fully local execution. Provides three-layer security defense (install-time scan, pre-execution authorization, runtime sandbox) with 100% security test score, 40ms hot start, and ~10MB memory footprint.
Project Overview#
SkillLite is a lightweight AI Agent Skills secure engine addressing security risks when LLMs call external tool/skill code, including malicious behavior, supply chain attacks, and resource abuse.
Core Capabilities#
Three-Layer Security Defense#
- Layer 1 - Install-time Scan: Static rule scanning (regex matching), LLM-assisted analysis, supply chain audit (PyPI/OSV vulnerability databases)
- Layer 2 - Pre-execution Authorization: Two-phase confirmation (scan → user confirmation → execute), integrity check (hash tampering detection)
- Layer 3 - Runtime Sandbox: OS-native isolation (Seatbelt/bwrap), process execution whitelist, filesystem/network/IPC lockdown, resource limits
Security Comparison (20-item test suite)#
| Solution | Blocked | Score |
|---|---|---|
| SkillLite (Level 3) | 20/20 | 100% |
| Pyodide | 7/20 | 35% |
| Claude SRT | 7.5/20 | 37.5% |
| Docker (default) | 2/20 | 10% |
Performance Metrics#
| Dimension | SkillLite | Docker | Pyodide |
|---|---|---|---|
| Hot start | 40 ms | 194 ms | 672 ms |
| Cold start | 492 ms | 120s | ~5s |
| Memory | ~10 MB | ~100 MB | ~50 MB |
| Deployment | Single binary | Daemon required | Node.js required |
Architecture#
Dual-Layer Design#
- Agent Layer (optional): Built-in chat, planning, memory, tools. Binary: skilllite (full)
- Core Layer: Sandbox + security scan + skills management + MCP. Binary: skilllite-sandbox (lightweight)
Core Modules#
- skilllite (Rust binary) — Sandbox executor, CLI, Agent loop, MCP server
- python-sdk (pip install skilllite) — Lightweight bridge layer (~600 lines), zero runtime dependencies
- langchain-skilllite — LangChain adapter
Tech Stack#
- Core engine: Rust (74.4%), single binary deployment
- Sandbox tech: Seatbelt (macOS) + bubblewrap (Linux)
- Platform support: macOS, Linux, Windows (via WSL2 Bridge)
Installation & Quick Start#
pip install skilllite
skilllite init # Download sandbox binary + create .skills/ + download default skills
skilllite quickstart # Zero-config quick start
Python API#
from skilllite import chat, run_skill
result = chat("Calculate 15 * 27", skills_dir=".skills")
result = run_skill("./.skills/calculator", '{"operation": "add", "a": 15, "b": 27}')
LangChain Integration#
from langchain_skilllite import SkillLiteToolkit
from langgraph.prebuilt import create_react_agent
tools = SkillLiteToolkit.from_directory(
"./skills",
sandbox_level=3, # 1=no sandbox, 2=sandbox only, 3=sandbox+scan
confirmation_callback=lambda report, sid: input("Continue? [y/N]: ").lower() == 'y'
)
agent = create_react_agent(ChatOpenAI(model="gpt-4"), tools)
CLI Commands#
skilllite chat # Interactive chat with LLM
skilllite add owner/repo # Add skills from GitHub
skilllite list # List installed skills
skilllite mcp # Start MCP server (for Cursor/Claude)
skilllite run/exec/bash # Execute skills
skilllite init-cursor # Initialize Cursor IDE integration
Ecosystem Integration#
- LangChain:
pip install langchain-skilllite - Claude Desktop: Via
skilllite mcpMCP Server - Cursor IDE:
skilllite init-cursorone-click integration - OpenCode: One-click AI coding assistant integration
Supported LLM Providers#
OpenAI / DeepSeek / Qwen / Moonshot / Ollama (Local)
Use Cases#
- ✅ Local AI Agent secure tool code execution
- ✅ LangChain/LlamaIndex framework integration
- ✅ Claude Desktop / Cursor / OpenCode integration
- ✅ Offline/intranet deployment
- ⚠️ Windows native environment (WSL2 Bridge only)
Binary Specs (macOS ARM64)#
| Binary | Size | Startup RSS |
|---|---|---|
| skilllite (full) | ~6.2 MB | ~4 MB |
| skilllite-sandbox (lightweight) | ~3.6 MB | ~3.9 MB |