diff --git a/registries/toolhive/skills/agentic-actions-auditor/icon.svg b/registries/toolhive/skills/agentic-actions-auditor/icon.svg
new file mode 100644
index 000000000..782b13374
--- /dev/null
+++ b/registries/toolhive/skills/agentic-actions-auditor/icon.svg
@@ -0,0 +1 @@
+
diff --git a/registries/toolhive/skills/agentic-actions-auditor/skill.json b/registries/toolhive/skills/agentic-actions-auditor/skill.json
new file mode 100644
index 000000000..ae05ad226
--- /dev/null
+++ b/registries/toolhive/skills/agentic-actions-auditor/skill.json
@@ -0,0 +1,31 @@
+{
+ "namespace": "io.github.stacklok",
+ "name": "agentic-actions-auditor",
+ "title": "Agentic Actions Auditor",
+ "description": "Audit GitHub Actions workflows for security vulnerabilities in AI agent integrations (Claude Code Action, Gemini CLI, Codex) — detects prompt injection, env-var intermediary patterns, and wildcard user allowlists. Packaged from the upstream trailofbits/skills repository.",
+ "version": "0.1.0",
+ "status": "active",
+ "license": "CC-BY-SA-4.0",
+ "repository": {
+ "url": "https://github.com/trailofbits/skills",
+ "type": "git"
+ },
+ "icons": [
+ {
+ "src": "icon.svg",
+ "type": "image/svg+xml"
+ }
+ ],
+ "packages": [
+ {
+ "registryType": "oci",
+ "identifier": "ghcr.io/stacklok/dockyard/skills/agentic-actions-auditor:0.1.0"
+ },
+ {
+ "registryType": "git",
+ "url": "https://github.com/trailofbits/skills",
+ "ref": "e8cc5baf9329ccb491bfa200e82eacbac83b1ead",
+ "subfolder": "plugins/agentic-actions-auditor/skills/agentic-actions-auditor"
+ }
+ ]
+}
diff --git a/registries/toolhive/skills/codeql/icon.svg b/registries/toolhive/skills/codeql/icon.svg
new file mode 100644
index 000000000..782b13374
--- /dev/null
+++ b/registries/toolhive/skills/codeql/icon.svg
@@ -0,0 +1 @@
+
diff --git a/registries/toolhive/skills/codeql/skill.json b/registries/toolhive/skills/codeql/skill.json
new file mode 100644
index 000000000..cfb88b039
--- /dev/null
+++ b/registries/toolhive/skills/codeql/skill.json
@@ -0,0 +1,31 @@
+{
+ "namespace": "io.github.stacklok",
+ "name": "codeql",
+ "title": "CodeQL",
+ "description": "Scan a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking — supports security-and-quality suites or high-precision findings, plus SARIF output handling. Packaged from the upstream trailofbits/skills repository.",
+ "version": "0.1.0",
+ "status": "active",
+ "license": "CC-BY-SA-4.0",
+ "repository": {
+ "url": "https://github.com/trailofbits/skills",
+ "type": "git"
+ },
+ "icons": [
+ {
+ "src": "icon.svg",
+ "type": "image/svg+xml"
+ }
+ ],
+ "packages": [
+ {
+ "registryType": "oci",
+ "identifier": "ghcr.io/stacklok/dockyard/skills/codeql:0.1.0"
+ },
+ {
+ "registryType": "git",
+ "url": "https://github.com/trailofbits/skills",
+ "ref": "e8cc5baf9329ccb491bfa200e82eacbac83b1ead",
+ "subfolder": "plugins/static-analysis/skills/codeql"
+ }
+ ]
+}
diff --git a/registries/toolhive/skills/constant-time-analysis/icon.svg b/registries/toolhive/skills/constant-time-analysis/icon.svg
new file mode 100644
index 000000000..782b13374
--- /dev/null
+++ b/registries/toolhive/skills/constant-time-analysis/icon.svg
@@ -0,0 +1 @@
+
diff --git a/registries/toolhive/skills/constant-time-analysis/skill.json b/registries/toolhive/skills/constant-time-analysis/skill.json
new file mode 100644
index 000000000..55880872a
--- /dev/null
+++ b/registries/toolhive/skills/constant-time-analysis/skill.json
@@ -0,0 +1,31 @@
+{
+ "namespace": "io.github.stacklok",
+ "name": "constant-time-analysis",
+ "title": "Constant-Time Analysis",
+ "description": "Detect timing side-channels in cryptographic code — covers C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JS/TS, Python, and Ruby; flags division on secrets and secret-dependent branches. Packaged from the upstream trailofbits/skills repository.",
+ "version": "0.1.0",
+ "status": "active",
+ "license": "CC-BY-SA-4.0",
+ "repository": {
+ "url": "https://github.com/trailofbits/skills",
+ "type": "git"
+ },
+ "icons": [
+ {
+ "src": "icon.svg",
+ "type": "image/svg+xml"
+ }
+ ],
+ "packages": [
+ {
+ "registryType": "oci",
+ "identifier": "ghcr.io/stacklok/dockyard/skills/constant-time-analysis:0.1.0"
+ },
+ {
+ "registryType": "git",
+ "url": "https://github.com/trailofbits/skills",
+ "ref": "e8cc5baf9329ccb491bfa200e82eacbac83b1ead",
+ "subfolder": "plugins/constant-time-analysis/skills/constant-time-analysis"
+ }
+ ]
+}
diff --git a/registries/toolhive/skills/differential-review/icon.svg b/registries/toolhive/skills/differential-review/icon.svg
new file mode 100644
index 000000000..782b13374
--- /dev/null
+++ b/registries/toolhive/skills/differential-review/icon.svg
@@ -0,0 +1 @@
+
diff --git a/registries/toolhive/skills/differential-review/skill.json b/registries/toolhive/skills/differential-review/skill.json
new file mode 100644
index 000000000..fda74ece1
--- /dev/null
+++ b/registries/toolhive/skills/differential-review/skill.json
@@ -0,0 +1,31 @@
+{
+ "namespace": "io.github.stacklok",
+ "name": "differential-review",
+ "title": "Differential Review",
+ "description": "Security-focused differential review of PRs, commits, and diffs — uses git history for context, calculates blast radius, checks test coverage, and flags security regressions. Packaged from the upstream trailofbits/skills repository.",
+ "version": "0.1.0",
+ "status": "active",
+ "license": "CC-BY-SA-4.0",
+ "repository": {
+ "url": "https://github.com/trailofbits/skills",
+ "type": "git"
+ },
+ "icons": [
+ {
+ "src": "icon.svg",
+ "type": "image/svg+xml"
+ }
+ ],
+ "packages": [
+ {
+ "registryType": "oci",
+ "identifier": "ghcr.io/stacklok/dockyard/skills/differential-review:0.1.0"
+ },
+ {
+ "registryType": "git",
+ "url": "https://github.com/trailofbits/skills",
+ "ref": "e8cc5baf9329ccb491bfa200e82eacbac83b1ead",
+ "subfolder": "plugins/differential-review/skills/differential-review"
+ }
+ ]
+}
diff --git a/registries/toolhive/skills/fp-check/icon.svg b/registries/toolhive/skills/fp-check/icon.svg
new file mode 100644
index 000000000..782b13374
--- /dev/null
+++ b/registries/toolhive/skills/fp-check/icon.svg
@@ -0,0 +1 @@
+
diff --git a/registries/toolhive/skills/fp-check/skill.json b/registries/toolhive/skills/fp-check/skill.json
new file mode 100644
index 000000000..5dda0508c
--- /dev/null
+++ b/registries/toolhive/skills/fp-check/skill.json
@@ -0,0 +1,31 @@
+{
+ "namespace": "io.github.stacklok",
+ "name": "fp-check",
+ "title": "False Positive Check",
+ "description": "Systematically verify suspected security bugs to eliminate false positives — produces TRUE POSITIVE or FALSE POSITIVE verdicts with documented evidence per bug, with mandatory gate reviews. Packaged from the upstream trailofbits/skills repository.",
+ "version": "0.1.0",
+ "status": "active",
+ "license": "CC-BY-SA-4.0",
+ "repository": {
+ "url": "https://github.com/trailofbits/skills",
+ "type": "git"
+ },
+ "icons": [
+ {
+ "src": "icon.svg",
+ "type": "image/svg+xml"
+ }
+ ],
+ "packages": [
+ {
+ "registryType": "oci",
+ "identifier": "ghcr.io/stacklok/dockyard/skills/fp-check:0.1.0"
+ },
+ {
+ "registryType": "git",
+ "url": "https://github.com/trailofbits/skills",
+ "ref": "e8cc5baf9329ccb491bfa200e82eacbac83b1ead",
+ "subfolder": "plugins/fp-check/skills/fp-check"
+ }
+ ]
+}
diff --git a/registries/toolhive/skills/insecure-defaults/icon.svg b/registries/toolhive/skills/insecure-defaults/icon.svg
new file mode 100644
index 000000000..782b13374
--- /dev/null
+++ b/registries/toolhive/skills/insecure-defaults/icon.svg
@@ -0,0 +1 @@
+
diff --git a/registries/toolhive/skills/insecure-defaults/skill.json b/registries/toolhive/skills/insecure-defaults/skill.json
new file mode 100644
index 000000000..f1a16c247
--- /dev/null
+++ b/registries/toolhive/skills/insecure-defaults/skill.json
@@ -0,0 +1,31 @@
+{
+ "namespace": "io.github.stacklok",
+ "name": "insecure-defaults",
+ "title": "Insecure Defaults Detector",
+ "description": "Detect fail-open insecure defaults — hardcoded secrets, weak auth, permissive security settings, and misconfigured environment variable handling that let apps run insecurely in production. Packaged from the upstream trailofbits/skills repository.",
+ "version": "0.1.0",
+ "status": "active",
+ "license": "CC-BY-SA-4.0",
+ "repository": {
+ "url": "https://github.com/trailofbits/skills",
+ "type": "git"
+ },
+ "icons": [
+ {
+ "src": "icon.svg",
+ "type": "image/svg+xml"
+ }
+ ],
+ "packages": [
+ {
+ "registryType": "oci",
+ "identifier": "ghcr.io/stacklok/dockyard/skills/insecure-defaults:0.1.0"
+ },
+ {
+ "registryType": "git",
+ "url": "https://github.com/trailofbits/skills",
+ "ref": "e8cc5baf9329ccb491bfa200e82eacbac83b1ead",
+ "subfolder": "plugins/insecure-defaults/skills/insecure-defaults"
+ }
+ ]
+}
diff --git a/registries/toolhive/skills/property-based-testing/icon.svg b/registries/toolhive/skills/property-based-testing/icon.svg
new file mode 100644
index 000000000..782b13374
--- /dev/null
+++ b/registries/toolhive/skills/property-based-testing/icon.svg
@@ -0,0 +1 @@
+
diff --git a/registries/toolhive/skills/property-based-testing/skill.json b/registries/toolhive/skills/property-based-testing/skill.json
new file mode 100644
index 000000000..59e378044
--- /dev/null
+++ b/registries/toolhive/skills/property-based-testing/skill.json
@@ -0,0 +1,31 @@
+{
+ "namespace": "io.github.stacklok",
+ "name": "property-based-testing",
+ "title": "Property-Based Testing",
+ "description": "Property-based testing guidance across multiple languages and smart contracts — use when writing tests, designing features with serialization/validation/parsing, or when stronger coverage than example-based tests is needed. Packaged from the upstream trailofbits/skills repository.",
+ "version": "0.1.0",
+ "status": "active",
+ "license": "CC-BY-SA-4.0",
+ "repository": {
+ "url": "https://github.com/trailofbits/skills",
+ "type": "git"
+ },
+ "icons": [
+ {
+ "src": "icon.svg",
+ "type": "image/svg+xml"
+ }
+ ],
+ "packages": [
+ {
+ "registryType": "oci",
+ "identifier": "ghcr.io/stacklok/dockyard/skills/property-based-testing:0.1.0"
+ },
+ {
+ "registryType": "git",
+ "url": "https://github.com/trailofbits/skills",
+ "ref": "e8cc5baf9329ccb491bfa200e82eacbac83b1ead",
+ "subfolder": "plugins/property-based-testing/skills/property-based-testing"
+ }
+ ]
+}
diff --git a/registries/toolhive/skills/sarif-parsing/icon.svg b/registries/toolhive/skills/sarif-parsing/icon.svg
new file mode 100644
index 000000000..782b13374
--- /dev/null
+++ b/registries/toolhive/skills/sarif-parsing/icon.svg
@@ -0,0 +1 @@
+
diff --git a/registries/toolhive/skills/sarif-parsing/skill.json b/registries/toolhive/skills/sarif-parsing/skill.json
new file mode 100644
index 000000000..085e1fdd6
--- /dev/null
+++ b/registries/toolhive/skills/sarif-parsing/skill.json
@@ -0,0 +1,31 @@
+{
+ "namespace": "io.github.stacklok",
+ "name": "sarif-parsing",
+ "title": "SARIF Parsing",
+ "description": "Parse, filter, deduplicate, and convert SARIF files from CodeQL, Semgrep, and other scanners — for CI/CD integration and findings aggregation (does not run scans — pair with the codeql or semgrep skills for that). Packaged from the upstream trailofbits/skills repository.",
+ "version": "0.1.0",
+ "status": "active",
+ "license": "CC-BY-SA-4.0",
+ "repository": {
+ "url": "https://github.com/trailofbits/skills",
+ "type": "git"
+ },
+ "icons": [
+ {
+ "src": "icon.svg",
+ "type": "image/svg+xml"
+ }
+ ],
+ "packages": [
+ {
+ "registryType": "oci",
+ "identifier": "ghcr.io/stacklok/dockyard/skills/sarif-parsing:0.1.0"
+ },
+ {
+ "registryType": "git",
+ "url": "https://github.com/trailofbits/skills",
+ "ref": "e8cc5baf9329ccb491bfa200e82eacbac83b1ead",
+ "subfolder": "plugins/static-analysis/skills/sarif-parsing"
+ }
+ ]
+}
diff --git a/registries/toolhive/skills/semgrep-rule-creator/icon.svg b/registries/toolhive/skills/semgrep-rule-creator/icon.svg
new file mode 100644
index 000000000..782b13374
--- /dev/null
+++ b/registries/toolhive/skills/semgrep-rule-creator/icon.svg
@@ -0,0 +1 @@
+
diff --git a/registries/toolhive/skills/semgrep-rule-creator/skill.json b/registries/toolhive/skills/semgrep-rule-creator/skill.json
new file mode 100644
index 000000000..8d8e404eb
--- /dev/null
+++ b/registries/toolhive/skills/semgrep-rule-creator/skill.json
@@ -0,0 +1,31 @@
+{
+ "namespace": "io.github.stacklok",
+ "name": "semgrep-rule-creator",
+ "title": "Semgrep Rule Creator",
+ "description": "Create custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns — use when writing Semgrep rules or building tailored static analysis detections. Packaged from the upstream trailofbits/skills repository.",
+ "version": "0.1.0",
+ "status": "active",
+ "license": "CC-BY-SA-4.0",
+ "repository": {
+ "url": "https://github.com/trailofbits/skills",
+ "type": "git"
+ },
+ "icons": [
+ {
+ "src": "icon.svg",
+ "type": "image/svg+xml"
+ }
+ ],
+ "packages": [
+ {
+ "registryType": "oci",
+ "identifier": "ghcr.io/stacklok/dockyard/skills/semgrep-rule-creator:0.1.0"
+ },
+ {
+ "registryType": "git",
+ "url": "https://github.com/trailofbits/skills",
+ "ref": "e8cc5baf9329ccb491bfa200e82eacbac83b1ead",
+ "subfolder": "plugins/semgrep-rule-creator/skills/semgrep-rule-creator"
+ }
+ ]
+}
diff --git a/registries/toolhive/skills/semgrep-rule-variant-creator/icon.svg b/registries/toolhive/skills/semgrep-rule-variant-creator/icon.svg
new file mode 100644
index 000000000..782b13374
--- /dev/null
+++ b/registries/toolhive/skills/semgrep-rule-variant-creator/icon.svg
@@ -0,0 +1 @@
+
diff --git a/registries/toolhive/skills/semgrep-rule-variant-creator/skill.json b/registries/toolhive/skills/semgrep-rule-variant-creator/skill.json
new file mode 100644
index 000000000..b0bd36470
--- /dev/null
+++ b/registries/toolhive/skills/semgrep-rule-variant-creator/skill.json
@@ -0,0 +1,31 @@
+{
+ "namespace": "io.github.stacklok",
+ "name": "semgrep-rule-variant-creator",
+ "title": "Semgrep Rule Variant Creator",
+ "description": "Port existing Semgrep rules to new target languages with test-driven validation — produces independent rule and test directories for each target language. Packaged from the upstream trailofbits/skills repository.",
+ "version": "0.1.0",
+ "status": "active",
+ "license": "CC-BY-SA-4.0",
+ "repository": {
+ "url": "https://github.com/trailofbits/skills",
+ "type": "git"
+ },
+ "icons": [
+ {
+ "src": "icon.svg",
+ "type": "image/svg+xml"
+ }
+ ],
+ "packages": [
+ {
+ "registryType": "oci",
+ "identifier": "ghcr.io/stacklok/dockyard/skills/semgrep-rule-variant-creator:0.1.0"
+ },
+ {
+ "registryType": "git",
+ "url": "https://github.com/trailofbits/skills",
+ "ref": "e8cc5baf9329ccb491bfa200e82eacbac83b1ead",
+ "subfolder": "plugins/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator"
+ }
+ ]
+}
diff --git a/registries/toolhive/skills/semgrep/icon.svg b/registries/toolhive/skills/semgrep/icon.svg
new file mode 100644
index 000000000..782b13374
--- /dev/null
+++ b/registries/toolhive/skills/semgrep/icon.svg
@@ -0,0 +1 @@
+
diff --git a/registries/toolhive/skills/semgrep/skill.json b/registries/toolhive/skills/semgrep/skill.json
new file mode 100644
index 000000000..4340f5ab2
--- /dev/null
+++ b/registries/toolhive/skills/semgrep/skill.json
@@ -0,0 +1,31 @@
+{
+ "namespace": "io.github.stacklok",
+ "name": "semgrep",
+ "title": "Semgrep",
+ "description": "Run Semgrep static analysis with parallel subagents — full ruleset or high-confidence security findings only; auto-detects Semgrep Pro for cross-file taint analysis across multi-language codebases. Packaged from the upstream trailofbits/skills repository.",
+ "version": "0.1.0",
+ "status": "active",
+ "license": "CC-BY-SA-4.0",
+ "repository": {
+ "url": "https://github.com/trailofbits/skills",
+ "type": "git"
+ },
+ "icons": [
+ {
+ "src": "icon.svg",
+ "type": "image/svg+xml"
+ }
+ ],
+ "packages": [
+ {
+ "registryType": "oci",
+ "identifier": "ghcr.io/stacklok/dockyard/skills/semgrep:0.1.0"
+ },
+ {
+ "registryType": "git",
+ "url": "https://github.com/trailofbits/skills",
+ "ref": "e8cc5baf9329ccb491bfa200e82eacbac83b1ead",
+ "subfolder": "plugins/static-analysis/skills/semgrep"
+ }
+ ]
+}
diff --git a/registries/toolhive/skills/sharp-edges/icon.svg b/registries/toolhive/skills/sharp-edges/icon.svg
new file mode 100644
index 000000000..782b13374
--- /dev/null
+++ b/registries/toolhive/skills/sharp-edges/icon.svg
@@ -0,0 +1 @@
+
diff --git a/registries/toolhive/skills/sharp-edges/skill.json b/registries/toolhive/skills/sharp-edges/skill.json
new file mode 100644
index 000000000..a19230fc6
--- /dev/null
+++ b/registries/toolhive/skills/sharp-edges/skill.json
@@ -0,0 +1,31 @@
+{
+ "namespace": "io.github.stacklok",
+ "name": "sharp-edges",
+ "title": "Sharp Edges",
+ "description": "Identify error-prone APIs, dangerous configurations, and footgun designs — evaluates whether code follows 'secure by default' and 'pit of success' principles for API usability and crypto library ergonomics. Packaged from the upstream trailofbits/skills repository.",
+ "version": "0.1.0",
+ "status": "active",
+ "license": "CC-BY-SA-4.0",
+ "repository": {
+ "url": "https://github.com/trailofbits/skills",
+ "type": "git"
+ },
+ "icons": [
+ {
+ "src": "icon.svg",
+ "type": "image/svg+xml"
+ }
+ ],
+ "packages": [
+ {
+ "registryType": "oci",
+ "identifier": "ghcr.io/stacklok/dockyard/skills/sharp-edges:0.1.0"
+ },
+ {
+ "registryType": "git",
+ "url": "https://github.com/trailofbits/skills",
+ "ref": "e8cc5baf9329ccb491bfa200e82eacbac83b1ead",
+ "subfolder": "plugins/sharp-edges/skills/sharp-edges"
+ }
+ ]
+}
diff --git a/registries/toolhive/skills/supply-chain-risk-auditor/icon.svg b/registries/toolhive/skills/supply-chain-risk-auditor/icon.svg
new file mode 100644
index 000000000..782b13374
--- /dev/null
+++ b/registries/toolhive/skills/supply-chain-risk-auditor/icon.svg
@@ -0,0 +1 @@
+
diff --git a/registries/toolhive/skills/supply-chain-risk-auditor/skill.json b/registries/toolhive/skills/supply-chain-risk-auditor/skill.json
new file mode 100644
index 000000000..5dffe46d9
--- /dev/null
+++ b/registries/toolhive/skills/supply-chain-risk-auditor/skill.json
@@ -0,0 +1,31 @@
+{
+ "namespace": "io.github.stacklok",
+ "name": "supply-chain-risk-auditor",
+ "title": "Supply Chain Risk Auditor",
+ "description": "Audit a project's dependencies for supply-chain attack surface — flags libraries at heightened risk of exploitation or takeover based on health, maintainership, and activity signals. Packaged from the upstream trailofbits/skills repository.",
+ "version": "0.1.0",
+ "status": "active",
+ "license": "CC-BY-SA-4.0",
+ "repository": {
+ "url": "https://github.com/trailofbits/skills",
+ "type": "git"
+ },
+ "icons": [
+ {
+ "src": "icon.svg",
+ "type": "image/svg+xml"
+ }
+ ],
+ "packages": [
+ {
+ "registryType": "oci",
+ "identifier": "ghcr.io/stacklok/dockyard/skills/supply-chain-risk-auditor:0.1.0"
+ },
+ {
+ "registryType": "git",
+ "url": "https://github.com/trailofbits/skills",
+ "ref": "e8cc5baf9329ccb491bfa200e82eacbac83b1ead",
+ "subfolder": "plugins/supply-chain-risk-auditor/skills/supply-chain-risk-auditor"
+ }
+ ]
+}
diff --git a/registries/toolhive/skills/variant-analysis/icon.svg b/registries/toolhive/skills/variant-analysis/icon.svg
new file mode 100644
index 000000000..782b13374
--- /dev/null
+++ b/registries/toolhive/skills/variant-analysis/icon.svg
@@ -0,0 +1 @@
+
diff --git a/registries/toolhive/skills/variant-analysis/skill.json b/registries/toolhive/skills/variant-analysis/skill.json
new file mode 100644
index 000000000..3d14c71c4
--- /dev/null
+++ b/registries/toolhive/skills/variant-analysis/skill.json
@@ -0,0 +1,31 @@
+{
+ "namespace": "io.github.stacklok",
+ "name": "variant-analysis",
+ "title": "Variant Analysis",
+ "description": "Find similar vulnerabilities and bugs across a codebase after an initial finding — pattern-based analysis for hunting variants, building CodeQL/Semgrep queries, and systematic code audits. Packaged from the upstream trailofbits/skills repository.",
+ "version": "0.1.0",
+ "status": "active",
+ "license": "CC-BY-SA-4.0",
+ "repository": {
+ "url": "https://github.com/trailofbits/skills",
+ "type": "git"
+ },
+ "icons": [
+ {
+ "src": "icon.svg",
+ "type": "image/svg+xml"
+ }
+ ],
+ "packages": [
+ {
+ "registryType": "oci",
+ "identifier": "ghcr.io/stacklok/dockyard/skills/variant-analysis:0.1.0"
+ },
+ {
+ "registryType": "git",
+ "url": "https://github.com/trailofbits/skills",
+ "ref": "e8cc5baf9329ccb491bfa200e82eacbac83b1ead",
+ "subfolder": "plugins/variant-analysis/skills/variant-analysis"
+ }
+ ]
+}
diff --git a/registries/toolhive/skills/yara-rule-authoring/icon.svg b/registries/toolhive/skills/yara-rule-authoring/icon.svg
new file mode 100644
index 000000000..782b13374
--- /dev/null
+++ b/registries/toolhive/skills/yara-rule-authoring/icon.svg
@@ -0,0 +1 @@
+
diff --git a/registries/toolhive/skills/yara-rule-authoring/skill.json b/registries/toolhive/skills/yara-rule-authoring/skill.json
new file mode 100644
index 000000000..627d57f22
--- /dev/null
+++ b/registries/toolhive/skills/yara-rule-authoring/skill.json
@@ -0,0 +1,31 @@
+{
+ "namespace": "io.github.stacklok",
+ "name": "yara-rule-authoring",
+ "title": "YARA Rule Authoring",
+ "description": "Author high-quality YARA-X detection rules for malware identification — covers naming conventions, string selection, performance optimization, migration from legacy YARA, and false-positive reduction. Packaged from the upstream trailofbits/skills repository.",
+ "version": "0.1.0",
+ "status": "active",
+ "license": "CC-BY-SA-4.0",
+ "repository": {
+ "url": "https://github.com/trailofbits/skills",
+ "type": "git"
+ },
+ "icons": [
+ {
+ "src": "icon.svg",
+ "type": "image/svg+xml"
+ }
+ ],
+ "packages": [
+ {
+ "registryType": "oci",
+ "identifier": "ghcr.io/stacklok/dockyard/skills/yara-rule-authoring:0.1.0"
+ },
+ {
+ "registryType": "git",
+ "url": "https://github.com/trailofbits/skills",
+ "ref": "e8cc5baf9329ccb491bfa200e82eacbac83b1ead",
+ "subfolder": "plugins/yara-authoring/skills/yara-rule-authoring"
+ }
+ ]
+}