This approach seems useful for validating certain kinds of skills, but I worry that it provides a false sense of security. It is a bit like antivirus software. It might be better than nothing, but it is hard to know how much better.

Skills are ultimately just prompts, and agents execute code based on what is in them. If agents running skills can write code, execute commands, and reach the internet, it is virtually impossible to prove they are trustworthy.

When we download programs, we trust that the companies who wrote them did not add malicious code. We do have some ways of detecting malicious code, but software distribution is still mostly a trust-based system.

My recommendation is not to run skills from any source you would not download and execute code from.