Sharing my first project I built as a learning project for ICP: skillsic.com
Absolutely Beta right now, there is more work to be done!
Problem
AI coding assistants (Opencode, Claude Code, Cursor, Windsurf, Cline) can install “skills” instruction files that modify their behavior. 100k+ skills exist, zero security vetting. A malicious skill could instruct your AI to exfiltrate code or install backdoors.
i took meta now, write app this week for my learning project.
right now it is configured that a model can do 1 audit and you cant access model config, these configs & prompt are locked down in the canister → model list and executed in TEE (which holds some other configs)
i wanted to prevent abusive redo behaviour (redo until good score I could lower temp of model)
thus you can provide a API key but not change anything else (I m just working on platform payment using ckUSD and stripe credits 100=1USD).
each model can make a analysis (aggregation is not solved yet but will come tonight)
if a skill is changed on github you can do a refetch and reanalysis (i check the checksums, also the node package checks content of skill file but there is a bit work to do)
added ckUSD payment for using my platform API keys which i stored encrypted in the canister
also added that multiple models can analyse (like you suggested)
next up integrating more models
but as my first ICP project, I must say this Internet Identity stuff is a nightmare, how should a normal user handle sending funds to every app he visits. Also UX for swapping. Is there something I’m missing?
henlo fren
you have to integrate wallets to your frontend (recommended for fast development/gotomarket)
…
or you can integrate with an alternative solution which i’m building rn
which allow users to have one master internet identity principal to send tokens to their other internet identity principals on other icp apps without ever learning about the other principals (which will boost the UX)
tho i gotta say with my solution, the dev must do some extra work (integrate it with the backend - just one intercanister call) which i think most devs dont want it unless they’re some kind of anti-wallets + pro internetidentity only (like me)
the reason why my canisters are dead rn is because i killed them to redesign the whole thing. old design was of custodial nature, but the new one is non-custodial… i will try to finish it at the end of february
you know i just talk about the UX and how it felt for a crypto native… it is already implemented, don’t worry bout my skillset (maybe check the app first) and no I would not use your solution as it would be no problem to e.g. use a signature derived address from solana or ethereum and handle the funding via bridging. As @codecustard already explained this is the traditional logic and I accept that but there is no problem for me to add more auths.
