skillimage · April 2026

Skills Are Applications.
Distribute Them Like Images.

Package, version, and lifecycle-manage AI agent skills as standard OCI images — using podman, skopeo, and the registries you already run.

OCI Images Lifecycle Management skillctl CLI Image Volumes

Pavel Anni · Office of CTO · Red Hat

The Problem

Today's Skill Distribution Is Ad-Hoc

Copy from a Friend

Slack messages, email, shared drives. "Can you send me that skill?"

No versioning. No provenance. No audit trail.

Clone from GitHub

git clone, copy the directory. Common for personal agents.

No signing. No atomic versioning. Auth is coarse.

Mount a ConfigMap

Embed skill text in a K8s ConfigMap. Natural first step.

1 MiB limit. No versioning. Mixes config with content.

None of these provide the versioning, signing, and lifecycle governance that enterprise deployments require.

Key Insight

Skills Are OCI Images,
Not ORAS Artifacts

Skills are packaged as standard OCI images (FROM scratch equivalent). This gives us:

K8s ImageVolumes work — kubelet mounts the rootfs as read-only
Standard tools work — podman pull, skopeo copy, crane pull
Any registry works — Quay, GHCR, Zot, Harbor

OCI Image (FROM scratch)

↓

podman

skopeo

crane

ImageVolumes

Differentiator

Skills Have a Lifecycle

draft1.0.0-draft

⟶

testing1.0.0-testing

⟶

published1.0.0 + latest

⟶

deprecated1.0.0

⟶

archiveddigest only

Immutable content

Promotion updates OCI annotations and retags — the image layers never change. The layer digest from draft is the same digest in production.

Transition gates

draft → testing requires schema validation. testing → published will require signing (phase 2, RHTAS integration).

Working CLI

The Workflow: Pack, Promote, Install

        # Validate and pack into a local OCI image

        $ skillctl validate ./my-skill/

        ✓ my-skill/skill.yaml is valid

        $ skillctl pack ./my-skill/

        Packed ./my-skill/ · Digest: sha256:4edc2af0...

        # Promote through lifecycle stages

        $ skillctl promote acme/my-skill:1.0.0-draft --to testing --local

        $ skillctl promote acme/my-skill:1.0.0-testing --to published --local

        # Push to registry

        $ skillctl push quay.io/acme/my-skill:1.0.0

        # Install to an agent's skill directory

        $ skillctl install acme/my-skill:1.0.0 --target claude

        Installed to ~/.claude/skills/my-skill

Agent-Agnostic

Install Skills to Any Agent

One CLI installs skills to any agent that supports the Agent Skills spec. No agent-specific tooling needed.

            $ skillctl install my-skill:1.0.0 \
  --target claude

            $ skillctl install my-skill:1.0.0 \
  --target cursor

            $ skillctl install my-skill:1.0.0 \
  -o ~/custom/skills/

Supported targets

Claude Code — ~/.claude/skills/
Cursor — ~/.cursor/skills/
Windsurf — ~/.codeium/windsurf/skills/
OpenCode — ~/.config/opencode/skills/
OpenClaw — ~/.openclaw/skills/

Production

Mount Skills as Image Volumes

On OpenShift 4.20+ / K8s 1.33+, the kubelet mounts skill images as read-only volumes — no init container needed.

Kubelet pulls and caches skill images
Read-only — immutable at runtime
No emptyDir, no PVC overhead

volumes:
- name: hr-onboarding
image:
reference: quay.io/acme/
hr-onboarding:1.0.0
pullPolicy: IfNotPresent

containers:
- name: agent
volumeMounts:
- name: hr-onboarding
mountPath: /skills/hr-onboarding
readOnly: true

KEP-4639 · Kubernetes 1.33+ · OpenShift 4.20+

Status

10

CLI Commands, Shipped and Tested

Author

validate · pack

Distribute

push · pull · install

Manage

list · inspect · promote · prune

Library-first Go architecture. Core logic in pkg/ — importable by agent runtimes, CI/CD pipelines, and the future server API.

Landscape

Unique Position in the Ecosystem

Others

ToolHive: 3 lifecycle states
Vitale spec: no lifecycle at all
JFrog: Artifactory-only, commercial
AWS: cloud-locked
SkillsMP, ClawHub: no signing, no governance

skillimage

5-state lifecycle with semver gates
OCI images (not artifacts) — ImageVolumes work
Library-first Go architecture
Agent-agnostic install (5 agents)
Open source, any registry, any cloud

Impact

From Ad-Hoc to Supply Chain

Before

git clone or manual copy
No versioning beyond branch/tag
No cryptographic signing
No audit trail for downloads
Auth at repo level only
Mutable at runtime

After (skillimage)

Push/pull with standard OCI tooling
Semver tags + immutable digests
Cosign / sigstore signing (phase 2)
Registry access logs
Per-namespace RBAC + pull secrets
Read-only image volume mount

Next Steps

What's Next

Signing with RHTAS: Keyless signing via Trusted Artifact Signer, integrated into the promote workflow
REST API server: Search, browse, and promote skills via API — enables UI and programmatic access
Skill bundles: Multi-skill images for curated enterprise skill packs
Community alignment: Engage Thomas Vitale on SkillCard schema convergence with the OCI Skills spec

github.com/redhat-et/skillimage

Thank You