Skip to main content
The skills.json file is the manifest for Tank skills. It defines metadata, dependencies, and permissions for your skill package.

Schema Definition

The schema enforces strict validation with no additional properties allowed.

Root Fields

name
string
required
Scoped package name in the format @org/name.Constraints:
  • Must match pattern: @[a-z0-9-]+/[a-z0-9][a-z0-9-]*
  • Must be lowercase alphanumeric and hyphens only
  • Minimum 1 character, maximum 214 characters
  • Must be scoped (namespace required)
Example: @acme/my-skill
version
string
required
Semantic version following semver specification.Constraints:
  • Must match pattern: \d+\.\d+\.\d+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?
  • Must be valid semver (MAJOR.MINOR.PATCH)
  • Supports pre-release tags (e.g., -alpha.1)
  • Supports build metadata (e.g., +build.123)
Examples:
  • 1.0.0
  • 2.1.3-beta.1
  • 1.0.0+20240215
description
string
Human-readable description of the skill.Constraints:
  • Maximum 500 characters
  • Optional but recommended for discoverability
Example: "A skill for processing JSON data with advanced filtering"
skills
object
Dependency declarations mapping skill names to version ranges.Type: Record<string, string>Format:
  • Keys: scoped skill names (e.g., @org/skill-name)
  • Values: semver ranges (e.g., ^1.0.0, >=2.0.0 <3.0.0)
Example:
{
  "@acme/json-utils": "^1.2.0",
  "@acme/validator": "~2.0.0"
}
permissions
object
Runtime permission declarations for security enforcement.See the Permissions Schema for complete documentation.Example:
{
  "network": {
    "outbound": ["*.api.example.com"]
  },
  "filesystem": {
    "read": ["data/**/*.json"],
    "write": ["output/**/*"]
  },
  "subprocess": false
}
repository
string
URL to the source code repository.Constraints:
  • Must be a valid URL
  • Typically points to GitHub, GitLab, or similar
Example: "https://github.com/acme/my-skill"
visibility
enum
Package visibility setting.Values:
  • public: Available to all users (default)
  • private: Restricted to organization members
Example: "public"
audit
object
Security audit score requirements.Fields:
  • min_score (number, required): Minimum acceptable audit score (0-10)
Constraints:
  • Score must be between 0 and 10 (inclusive)
  • Used to enforce security standards during CI/CD
Example:
{
  "min_score": 7.5
}

Complete Example

{
  "name": "@acme/data-processor",
  "version": "1.2.3",
  "description": "Advanced data processing skill with filtering and transformation",
  "skills": {
    "@acme/json-utils": "^2.0.0",
    "@acme/validator": "~1.5.0"
  },
  "permissions": {
    "network": {
      "outbound": ["api.example.com", "*.cdn.example.com"]
    },
    "filesystem": {
      "read": ["input/**/*.json", "config/*.yaml"],
      "write": ["output/**/*"]
    },
    "subprocess": false
  },
  "repository": "https://github.com/acme/data-processor",
  "visibility": "public",
  "audit": {
    "min_score": 8.0
  }
}

Validation Rules

  • Strict mode: No additional properties allowed beyond those defined in the schema
  • Name format: Must be scoped with @org/name pattern, lowercase only
  • Version format: Must be valid semver
  • URL validation: repository must be a valid URL if provided
  • Description length: Maximum 500 characters
  • Audit score range: Must be between 0 and 10

Build docs developers (and LLMs) love

Get started for freeTalk to us