Skip to content

engindearing-projects/familiar-registry

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
CONTRIBUTING.md
CONTRIBUTING.md
 
 
README.md
README.md
 
 
registry.json
registry.json
 
 

Repository files navigation

Familiar Skills Registry

Public registry of skills and hands for Familiar — a local-first AI assistant.

For Users

Browse available packages

familiar marketplace search <keyword>

Install a package

familiar marketplace install https://github.com/user/my-skill.git

Every install runs an automated security scan. Packages with suspicious code (shell execution, env var access, network exfiltration) are blocked. Use --force only for packages you trust.

Update installed packages

familiar marketplace update

For Contributors

1. Build your package

Create either a Hand (autonomous capability) or Skill (callable function):

Hand — create a directory with a HAND.json manifest:

{
  "name": "my-hand",
  "version": "1.0.0",
  "description": "What this hand does",
  "schedule": { "cron": "0 */6 * * *" },
  "phases": [
    {
      "name": "main",
      "prompt": "Do the thing",
      "tools": ["bash", "read_file"]
    }
  ]
}

Skill — create a directory with a SKILL.md:

---
name: my-skill
description: What this skill does
version: 1.0.0
triggers:
  - pattern: "do the thing"
---

\```javascript
export async function run({ input }) {
  return { result: "done" };
}
\```

2. Test locally

familiar marketplace install ./my-package
familiar hand run my-hand        # for hands

3. Generate a registry entry

familiar marketplace publish my-hand

This outputs a JSON block like:

{
  "name": "my-hand",
  "type": "hand",
  "description": "What this hand does",
  "version": "1.0.0",
  "source": "https://github.com/you/my-hand.git",
  "path": "brain/hands/my-hand",
  "author": "your-github-username",
  "tags": ["monitoring", "automation"]
}

4. Submit to the registry

  1. Fork this repo
  2. Add your entry to the packages array in registry.json
  3. Fill in the source URL (must be a public https:// git repo)
  4. Add relevant tags
  5. Open a pull request

What gets reviewed

  • Package name must be lowercase alphanumeric with hyphens/underscores
  • Source URL must be https:// (no git@ for public packages)
  • Code is scanned for suspicious patterns:
    • eval(), new Function(), child_process, exec
    • Environment variable access (process.env.ANTHROPIC_API_KEY, etc.)
    • curl | bash, wget | bash piping
    • Destructive commands (rm -rf /)
    • .env file access
  • Packages that fail the scan require manual review with justification

Package types

Type Marker file Description
hand HAND.json Autonomous capability with phases and scheduling
skill index.mjs Callable function with exports
skill-md SKILL.md Skill defined in Markdown with YAML frontmatter
skill-json *.json JSON template with embedded code

Security

All packages are scanned on install. The scanner checks for:

  • Shell command execution
  • Token/credential exfiltration
  • Network calls to unknown endpoints
  • Filesystem access outside the workspace
  • Path traversal in package names

If you believe a package in this registry is malicious, open an issue immediately.

License

MIT

About

Public skill/hand registry for Familiar (familiar.run)

Resources

Readme

Contributing

Contributing
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors