Claude Skills needs real packaging

The real issue is not whether skills are useful, but whether they can be treated as artifacts instead of loose conventions. Anthropic’s own docs describe a skill as a folder of markdown, scripts, and references, which is enough for authoring but weak for distribution and trust.

• –OCI or ORAS would solve the boring but important parts: content addressing, registry distribution, signatures, and offline verification
• –That still leaves the hard problem unsolved: the same skill can behave differently across harness, model, runtime, and project context
• –A manifest helps declare dependencies up front, but it does not make a skill semantically portable across Claude Code, Codex, and Cursor
• –The likely split is between artifact verification and runtime policy: the harness can verify bytes, while policy decides whether those bytes may run
• –If skills become a real ecosystem, provenance and interoperability matter more than another bespoke registry format