Every skill is automatically scanned, filtered through policy, and given a clear verdict — on every change, before any merge.
AI skills can do a lot — which means a malicious or misconfigured skill can do a lot of damage. SkillGate runs on every change: static scan, noise filtering, policy check, and a scored verdict. No human gate needed — the pipeline is the guardrail.
The gate exists to block risky merges quietly. A skill that touches secrets, phones home, or hides behavior in obfuscated code never reaches production — it gets a BLOCK verdict before anyone can ship it by accident.
🔒 The concept is the product: scan → filter → policy → verdict. Client policy files, secret formats, and exfil endpoints are never shown here.