Skill IDs

Skill IDs provide content-addressable fingerprinting for agent tools using SHA3-256 tree hashing. This prevents slopsquatting — where a malicious tool impersonates a legitimate one by using the same name but a different implementation.

How It Works

A skill's interface (name, version, parameter types, return type) is hashed into a deterministic tree structure. Two skills with the same interface always produce the same Skill ID.

Tree Structure

root
├── H("name:<name>")
├── H("version:<version>")
├── H("return_type:<type>")
├── params_node
│   ├── H("param:<name>:<type>:<required>")
│   └── ...
└── H("source_hash:<hash>")  (optional)

Usage

from trusthub import SkillHasher, SkillRegistry, SkillDefinition
from trusthub.skillid.models import SkillParameter

# Define a skill
skill = SkillDefinition(
    name="web_search",
    version="1.0.0",
    parameters=[
        SkillParameter(name="query", type="string"),
        SkillParameter(name="limit", type="int", required=False),
    ],
    return_type="list[dict]",
)

# Generate fingerprint
fp = SkillHasher.fingerprint(skill)
print(f"Skill ID: {fp.skill_id}")

# Register in registry
registry = SkillRegistry()
registry.register(skill)

# Verify at runtime
registry.verify_skill(skill)  # raises SkillTamperingError if mismatched