CLI tools designed for agents.

Trust, orchestration, and productivity primitives for an agent-native world.

$ skill-issue scan --remote github.com/example/my-skill --format json

Found 3 issue(s): 1 error, 2 warnings

SL-INJ-001SKILL.md:12Prompt injection: "ignore previous"

SL-SEC-006config.yml:7GitHub token detected (ghp_...)

SL-NET-002fetch.sh:3Curl command with external URL

View on GitHubRead the Thesis

Agents are becoming the primary users of software. OpenClaw collected 150K GitHub stars in weeks. Agents negotiate purchases, file legal documents, and operate across every service on a user's device. The demand is real and accelerating.

But the infrastructure wasn't built for them. Agents can't verify a tool is safe before running it. They can't report when something breaks. They can't validate that two tools in a pipeline are compatible. Every feedback mechanism we've built — analytics, NPS, support tickets — assumes a human on the other end.

agent-clis is an open-source ecosystem that fills these gaps. Every tool is structured I/O, zero GUI, single binary where possible, and composable by default. Humans benefit too, but agents are the design target.

The Stack

Trust

Can the agent safely do what it’s about to do?

skill-issueReleased

Static security scanning for skill directories

cage.shPlanned

Sandboxed execution for untrusted scripts

contract.shPlanned

Input/output contract validation

Orchestration

How does the agent compose and execute work?

atomic-dag.shPlanned

Multilingual DAG runner

mcp2cliPlanned

Convert any MCP server into a CLI

MCP Progressive DisclosurePlanned

Context-aware tool discovery proxy

mock-api.shPlanned

Instant fake API from OpenAPI spec

Productivity

What does the agent actually produce?

gripe.shIn Development

Structured feedback as GitHub issues

diagrams.shIn Development

Architecture diagrams from YAML

decks.shPlanned

Slide decks from atomic snippets

next-on-railsPlanned

Fully wired Next.js project bootstrap

Design Principles

Structured I/O

Every tool accepts and emits JSON. Human-readable output is secondary.

Zero runtime dependencies

Single binaries. No Python conflicts, no node_modules, no Docker.

Composable by default

Output of one tool is the input of another. contract.sh validates the seams.

Feedback loops built in

When tools fail, gripe.sh gives agents a voice. Consent-based, not spam.

$ skill-issue scan ./untrusted-skill --format json \

| gripe submit --stdin --repo agent-clis/skill-issue

Issue created: https://github.com/agent-clis/skill-issue/issues/42

[skill-issue] 3 findings in untrusted-skill scan