Trust & Security

Every helper shows its safety status.

We label each helper so you know what you're adding. Verified helpers passed our safety checks. Scanned helpers passed automated checks. Awaiting-review helpers are new — use them carefully until review completes.

Updated 5/6/2026, 4:54:50 AM.

Zero malware ever0/ 1644Malicious code found across every skill ever audited.

Total audited1644Live approved skills on MFKVault.

Audited this week1022Newly approved in the last 7 days.

Active security alerts

Skills flagged right now.

Rejected total

Submissions blocked before publication.

Team reviews

Skills with a signed MFKVault team audit.

Review turnaround

< 24h

From submission to live on marketplace.

Security status breakdown

VerifiedPassed all four audit checks with a signed team review.

546 / 1644 (33%)

ScannedAutomated scan passed — pending final team review.

960 / 1644 (58%)

UnvettedCommunity submission awaiting first automated scan.

138 / 1644 (8%)

How we audit every skill

Four independent checks — every skill, every time.

Step 1

Malware scan

Every skill is scanned against a deny-list of malicious shell commands, credential-exfiltration patterns, and obfuscated payloads.

Step 2

Permission audit

We verify that the permissions a skill requests (filesystem access, network calls, shell exec) match the behavior it declares in plain English.

Step 3

Content review

A human reads every approved skill to confirm the instructions are safe, clear, and actually do what the title claims.

Step 4

Prompt-injection resilience

We test against known prompt-injection vectors — external web content, cross-skill interference, instruction override attempts.

Found something suspicious?

We treat every security report as high-priority. Responsible disclosures are acknowledged within one business day and published here once fixed.

Read our security policy Email [email protected]