HOW TO INSTALL ANY SKILL SAFELY

Skills are powerful. Some are dangerous. The 5-minute install protocol that protects your account: vet, install, sandbox, observe, decide. Use it on every single skill before adding to production use.

THE STAKES

Most Claude skills are safe. Some aren't. The unsafe ones can:

Read your data and send it elsewhere
Inject hidden instructions that override your preferences
Modify your other installed skills
Execute code beyond what they claim

You won't catch this by reading the description. You catch it with a protocol.

THE 5-STEP PROTOCOL

STEP 1: VET (2 minutes)

Run Day 44's Skill Auditor on the SKILL.md. It checks for:

Hidden instructions / prompt injections
Data exfiltration risk (sending data to external URLs)
Code execution risk
Permission overreach
Description-vs-actual mismatch

If verdict is 🚨 DO NOT INSTALL: stop here. If verdict is ⚠️ CAUTION: address concerns before installing. If verdict is ✅ SAFE: proceed.

STEP 2: INSTALL (1 minute)

Add the skill via your platform's standard method:

Claude.ai: Settings → Skills → Upload
Claude Code: Add to ~/.claude/skills/[name]/

DON'T install during a critical work session. Test installs happen on a quiet day.

STEP 3: SANDBOX (1 minute)

First test with non-sensitive data:

Don't paste real client info
Don't paste credentials
Don't paste personal information
Use fake or anonymized data

The skill should work fine on test data. If it asks for sensitive info to "demonstrate," 🚨 red flag.

STEP 4: OBSERVE (5 days)

Use the skill 3-5 times over a week. Watch for:

Output that doesn't match what you asked for
Output that mentions external services / tools without explanation
Output that asks for credentials or sensitive data
Slowdown in your overall Claude experience
Strange behavior in OTHER conversations (skills can leak)

Any of these → uninstall and report.

STEP 5: DECIDE

After 5 days:

Working as expected → keep
Mid (mediocre, not actively harmful) → uninstall, free up the slot
Acting weird → uninstall immediately

RED FLAGS (auto-skip install)

The skill is bad if its SKILL.md contains:

🚨 "Ignore previous instructions" or similar override attempts 🚨 HTTP POST to non-Anthropic domains 🚨 Reading from your filesystem outside the skill's scope 🚨 Modifying your other skills or settings 🚨 Hidden instructions in white text or HTML comments 🚨 Promises of outcomes that sound too good ("automatic $10k/month") 🚨 Author has 0 other skills + anonymous handle + low install count

SOURCES TO TRUST (in order)

Skills published by Anthropic — green light
Skills from established companies (Vercel, Notion, etc.) — green light
Skills from individual developers with 5+ published skills + history — yellow (still vet)
Anonymous / 1-skill accounts — red (skip unless community-validated)

WHAT TO DO IF YOU INSTALLED A BAD SKILL

If you suspect a skill has done damage:

Uninstall immediately (Settings → Skills → remove)
Review your conversation history for unusual outputs
Check your connectors — did the skill add new permissions?
Change passwords for any accounts that were connected
Report the skill to the marketplace it came from

3 THINGS YOU CAN'T SKIP

1. Run the audit BEFORE installing. Not after. Once it's installed, damage may already be done.

2. Sandbox with fake data first. Especially for skills that touch email, documents, or anything personal.

3. Set a 5-day "probation." Don't fully trust a new skill until you've watched it for a week.

WHAT'S NEXT

Day 43 of 100. Tomorrow: Day 44 — The Skill Auditor (the actual skill that runs the vetting in Step 1).

SAFETY CHECK

Same as Day 1.