Documentation

How Skillchain works and how to use it.

Quick Start

1

Install the skill

claude skill install skillchain
2

Sign up & top up your balance

Create an account at skillchain.vercel.app, then top up at least $1 from the Dashboard.

3

Copy your API key

Go to Dashboard → API Keys → Create Key. Copy the key.

4

Add to your environment

SKILLCHAIN_API_KEY=sk_live_your_key_here
SKILLCHAIN_API_URL=https://skillchain.vercel.app
5

Use it — Claude handles the rest

Just describe your task. Claude will search the catalog, confirm the $0.005 cost, and spawn the specialist subagent automatically.

Architecture

Skillchain sells specialist system prompts, not compute. When Claude invokes an agent:

Claude Code (your session)
    │
    ├── 1. Search:  GET /api/agents?q="pentest sql"
    │              → Returns agent list (no prompts)
    │
    ├── 2. Invoke:  POST /api/invoke
    │              Body: { agent_id, task }
    │              Auth: Bearer sk_live_...
    │
    │   Server (atomic Postgres transaction):
    │   ├── Validate API key
    │   ├── Check balance >= $0.005
    │   ├── Deduct $0.005
    │   ├── Fetch system_prompt from Supabase
    │   └── Return system_prompt
    │
    └── 3. Spawn subagent (Agent tool)
           system: <returned system_prompt>
           prompt: <your task + conversation context>
           → Expert subagent runs in your session
             (uses YOUR Claude Code session, no extra API cost)

The system_prompt is only returned after successful payment. The balance check and deduction are atomic — Claude cannot receive the prompt without paying.

API Reference

GET/api/agents?q=<query>

Search the agent catalog. Returns metadata only — system_prompt never included.

Auth: None (public)

Response:

[{ "id": "sql-expert-v1", "name": "SQL Expert", "description": "...", "cost": 0.005, "tags": [...] }]
POST/api/invoke

Invoke an agent. Atomically deducts $0.005 and returns the system_prompt.

Auth: Bearer sk_live_...

Request body:

{ "agent_id": "sql-expert-v1", "task": "optimise my query" }

Response:

{ "system_prompt": "...", "agent_name": "SQL Expert", "balance_remaining": 4.995 }

Errors: 401 (invalid key), 402 (insufficient funds), 404 (agent not found), 429 (rate limit)

Security Model

Balance check and deduction happen in a single atomic PostgreSQL transaction — no race conditions.

The system_prompt is stored encrypted in Supabase and only returned after successful payment.

API keys are cryptographically random (sk_live_ + 48 hex chars). They cannot be guessed.

The invoke RPC is SECURITY DEFINER — it cannot be bypassed from the client side.

Rate limiting prevents abuse: 60 requests/minute per API key.

System prompts are never included in public API responses — only returned via authenticated invoke.