Vettory is the approval and distribution layer for AI skills. Every skill your teams run — in chat, in documents, in the terminal — reviewed before it ships, versioned when it changes, logged when it runs.
Nothing reaches an employee's agent without passing review.
One immutable, exportable audit trail: every approval, install, and revocation.
Access follows your identity provider — personal, team, or org scope, enforced automatically.
The problem
A skill with shell access gets pasted from a blog post into fifty laptops. No one signed off.
Security asks "who can run what?" — and the honest answer is a shrug.
The prompt that handles customer data was edited last month. By whom? To say what?
Great work still dies in chat threads, while risky work spreads without review.
With Vettory
Skills pass review — automated scanning plus a human approver — before anyone can install them.
Every version is snapshotted; every install, approval, and rollback is logged with actor and timestamp.
New starters say "update my skills" on day one and get the team's approved set. Nothing else.
Usage analytics show what's actually being run — and what's quietly spreading.
How it works
Every skill follows one lifecycle: draft, review, approve, install. No governance theatre — a clear path from a good idea to a governed capability.
01
Create a SKILL.md file with a YAML frontmatter block and your instructions for Claude. Submit it to the registry.
02
Automated scanning flags risky capabilities; your designated reviewers check quality and fit. High-severity findings block approval.
03
Once approved, the skill is published to the registry at its version tag. Previous versions remain accessible.
04
Team members say "update my skills" in their agent. Vettory syncs the latest approved versions to every surface they use.
Getting connected
No copy-pasting prompts, no files to keep in sync. Your teams connect their agent to Vettory once — after that, the approved skill set arrives on demand and updates itself.
01
Add the Vettory extension in Claude (Settings → Extensions) — a one-click .mcpb install, no config files or CLI. On CLI and IDE surfaces it connects as an MCP server the same way.
02
A secure device-flow login links the agent to your Vettory org. Tokens are kept in your OS keychain, and your identity provider decides which skills you're entitled to — no separate account to manage.
03
Say "update my skills" and the agent syncs your entitled, approved skills straight into the surface — always the latest approved version, and automatically removed the moment your access changes.
Skills sync into the surface Claude already reads — nothing new to open, nothing to remember to update.
Inside the admin panel
These are the live Audit & Compliance and Access & Policy views in every org — the same ones a reviewer or security assessor gets handed.
Audit & Compliance
Every approval, distribution and lifecycle event — immutable and exportable
Access & Policy
Who gets which skills, on which surfaces — and the rules that gate every change
Require review for org-wide distribution
Any skill distributed beyond its author must pass a reviewer.
Two reviewers for shell capability
Skills requesting shell access need two distinct approvals.
Block approval on failing scan
Reviewers cannot approve while the scan reports HIGH findings.
Groups are synced from your identity provider — no local user management to maintain.
For the people doing the work
Generates optimised SQL from plain English. Supports Postgres, MySQL, and BigQuery dialects.
Thorough code review with actionable items, test suggestions, and security flag checks.
Personalised AI digest — calendar, emails, and key metrics summarised every morning.
Browse and install in plain language — always the approved version, updated the moment it clears review.
Technical spec
A skill is a SKILL.md file — YAML frontmatter, free-form body. Powerful enough to warrant review; simple enough to write in an afternoon.
Plain Markdown, no lock-in
Skills are .md files. You own them. Export everything, any time.
Semantic versioning built in
Every submission is a snapshot. Roll back at any time.
Scoped RBAC
Personal, team, or org. Admins control who publishes at each level.
Audit log
Every install, approval, and rejection logged with timestamp and actor, exportable — evidence for SOC 2 and similar programmes.
--- name: sql-query-builder description: Generate optimised SQL from plain English version: 2.1.0 scope: org tags: [sql, data, postgresql] --- # SQL Query Builder You are an expert SQL engineer. When the user describes a query in plain English, translate it into optimised SQL for the target dialect (default: PostgreSQL). ## Rules - Always use parameterised queries ($1, $2, ...) - Prefer CTEs over nested subqueries - Add an EXPLAIN comment for queries touching >100k rows - Flag any unindexed column in a WHERE clause ## Examples User: "top 10 customers by revenue last quarter" → Generate a CTE-based query with date math and LIMIT
Security & compliance
The answers your reviewers actually need — not buried three clicks deep.
Every approval, distribution, rollback, and revocation is logged with actor, timestamp, and scope. Events are retained for 7 years and tamper-evident — export the full log to CSV at any time.
Org-wide distribution requires reviewer approval, shell-capable skills require two distinct reviewers, and approval is blocked automatically while a security scan reports high-severity findings.
Groups and team membership sync from your identity provider. There is no separate local user database for Vettory to manage, or leak.
Run Vettory self-hosted on your own Postgres and Redis, or as a managed deployment — either way, skill content lives in your registry instance, data residency follows your deployment choice, and nothing is ever used to train a model.
Scanning and review reduce risk; they don't eliminate it. Your approvers decide what ships — Vettory makes sure that decision is informed, enforced, and on the record.
Pricing
You pay for governance, not for using skills. Every plan includes governance seats to get started, unlimited skills, unlimited versions, unlimited free consumers, and distribution to every agent surface your teams use — chat, knowledge work, and CLI/IDE.
Best for AI-native teams up to ~500 people
2 Governance Admins, 5 Team Managers, 1 Auditor included
Skill consumers: free, unlimited
Request accessFor organisations with compliance, security review, and audit obligations
3 Governance Admins, 10 Team Managers, unlimited Auditors included
Skill consumers: free, unlimited
Talk to sales* Self-hosted (VPC/on-premises) deployment carries a 35% platform fee premium.
FAQ
Which AI platforms does Vettory work with?
Is Vettory itself SOC 2 certified?
Can Vettory guarantee a skill is safe?
Is the content of skills visible to Vettory?
What happens to old versions?
How long does setup take?
Get started
We're onboarding design partners now — working directly with our founding team, with pricing locked for twelve months.
Request accessResponse within 24 hours. No credit card required.