Programmatically rewrite and scan skills using the SkillSea API.
All API endpoints require a Bearer token. Create tokens in the Portal → API Tokens page.
Authorization: Bearer sk_live_your_token_here
Rate limit: 5 calls per month per endpoint per token. Usage resets on the 1st of each month (UTC).
https://skillsea.droidtech.ai
/api/skills/scanScan a SKILL.md for security issues using the SISCO (Skill Security Scanner). Runs static analysis including YARA pattern detection, prompt injection checks, and code safety analysis.
{
"content": "---\nname: my-skill\ndescription: What it does and when to use it\n---\n# My Skill\nInstructions..."
}{
"status": "PASSED", // PASSED | WARNED | BLOCKED
"findings": [
{
"rule_id": "prompt_injection_safety_override",
"severity": "HIGH",
"title": "Prompt injection detected",
"description": "Skill contains instructions to ignore safety rules",
"remediation": "Remove the instruction override",
"line_number": 12,
"file_path": "SKILL.md"
}
],
"findings_count": 1,
"is_safe": false,
"scan_duration_ms": 342.1,
"usage": { "remaining": 4 }
}curl -X POST https://skillsea.droidtech.ai/api/skills/scan \
-H "Authorization: Bearer sk_live_YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"content": "---\nname: my-skill\ndescription: Test skill\n---\n# Test"}'/api/skills/rewriteImprove a SKILL.md using Claude AI. Analyzes the skill against Anthropic's official skill-creator best practices and returns an improved version with a diff of changes.
{
"content": "---\nname: my-skill\ndescription: Does things\n---\n# My Skill\nSome instructions"
}{
"original": "---\nname: my-skill\n...",
"improved": "---\nname: my-skill\ndescription: Comprehensive description of what the skill does and when to use it...\n---\n# My Skill\n...",
"diff": [
"- description: Does things",
"+ description: Comprehensive description..."
],
"changes": [
"Expanded description to include trigger scenarios",
"Added structured sections with examples"
],
"issues_found": [
"Description too vague - doesn't explain when to invoke",
"Missing concrete examples"
],
"usage": { "remaining": 4 }
}curl -X POST https://skillsea.droidtech.ai/api/skills/rewrite \
-H "Authorization: Bearer sk_live_YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"content": "---\nname: my-skill\ndescription: Does things\n---\n# My Skill\nInstructions"}'These endpoints require a NextAuth session (browser login), not a Bearer token.
/api/tokensCreate a new API token. Max 5 active tokens per user.
/api/tokensList your active tokens with usage counts.
/api/tokens/{id}Revoke a token. Cannot be undone.
The SkillSea MCP server includes tools that call this API directly:
improve_skillReads an active skill's SKILL.md, sends it to the rewriter API, and shows the diff.
check_skill_remoteSends an active skill's SKILL.md to the scanner API and displays findings.
Set SKILLSEA_API_TOKEN in your environment to authenticate MCP tools with your API token.
| Code | Meaning |
|---|---|
| 400 | Invalid request body or content too large (>50KB) |
| 401 | Missing or invalid API token |
| 429 | Monthly rate limit exceeded (5/month) |
| 500 | Internal server error |
| 503 | Service temporarily unavailable (missing API key) |