StackMap
Subscribe

asm vs autoskills

Scriptable skill manager for AI coding agents — install, search, dedupe-audit and security-scan skills across 19 providers, with --json/--yes on every command so agents and CI can drive it. — versus — One command installs your project's AI skill stack: scans package.json/Gradle/configs, detects the tech stack, and pulls matching skills from an audited, hash-verified registry.

The curated verdict

Same category — skill installation tooling. asm is scriptable and provider-spanning with audit commands; autoskills trades all knobs for one command and a curated, hash-pinned registry.

asmautoskills
Stars7306.5k
Forks61597
LanguageTypeScriptRuby
LicenseMITNOASSERTION
Last activity5 days ago11 days ago
Topicscoding, skillsskills
Curated connections53

asm — the curator's take

Pick it when the CLI consumer is a machine: every command is non-interactive and JSON-emitting, so your agent or CI pipeline can inventory, install, and dedupe skills without a human — that plus `asm audit` (finds duplicate/stale skills scattered across 19 providers' hidden dirs) is the differentiator. NOT the breadth play: ~4.3K curated skills vs skillkit's 400K firehose, and no format translation between agent dialects. Solo-maintainer project — fine for personal/team tooling, but if you need org-level reproducibility and governance, apm's manifest+policy model is the grown-up answer.

autoskills — the curator's take

The zero-config on-ramp for agent skills: `npx autoskills` detects your stack and installs only the matching skills — and the security model is the standout, a maintainer-synced registry scanned for prompt injection with SHA-256 manifests and a lockfile, instead of live-downloading from random repos. NOT for hand-picking: you get the registry's opinion of what a Next.js or Go project needs, and the registry's coverage is web/mobile-stack-shaped — niche stacks fall through. No standard license file at the time of review; check before corporate adoption.