By Xi Weng
After AI Agents enter the enterprise, Skill is no longer a toy on a programmer's desk, but a productivity tool the team uses every day. But the reality is harsh — most enterprises' Skill management still stays at the stage of 'whoever wrote it manages it, and when needed, ask around for it.'
We've talked with a lot of teams, and their pain points are surprisingly consistent. In short, there are four main ones.
Pain point 1: Self-developed Skills are scattered everywhere, and team reuse depends entirely on asking for them
Colleague A wrote a customer-service Q&A Skill, and it worked really well. Colleague B heard about it and wanted to use it too, so he could only message A privately for the code package. A sent a ZIP file; B downloaded it, unzipped it, changed the config, tuned the environment, and only got it running after a lot of work.
A month later, A optimized a new version and added new features. B had no idea and was still using the old version. Then C came to A for another copy, and A sent it again — as for how many people on the team were actually using this Skill, and which version they were using, A couldn't even say clearly.
Even worse, A left the company. The code for this Skill was on his computer, and nobody knew the full contents, so the team suddenly lost a core capability.
Pain point 2: When multiple people share one Skill set, anyone can change it and the changes take effect immediately
Some teams that are a bit more mature put Skills on a shared drive or in a Git repository. Git does have version traceability, but the problem is that permissions are too coarse — anyone can submit changes directly.
A core business Skill was casually changed by a new intern who adjusted a parameter, merged it into the main branch, and sent it straight to production. By the time the customer service system started giving chaotic answers, everyone had spent ages investigating before discovering that this change caused the problem. Although commit history can help assign accountability afterward, the incident has already happened and users have already been affected. Git can help you find the person later, but it can't stop mistakes before they happen.
It gets even more troublesome when different project teams share one Skill library. Team A changed their Skill and accidentally affected Team B's business because the underlying dependencies got mixed up. The two sides argued for ages, and in the end it turned out to be a naming conflict.
Pain point 3: Enterprises don't dare use Skills from the public market directly
The public market has plenty of Skills. You can download and use them right away, which looks great. But would enterprises really dare to put them straight into production?
One team told me they downloaded a 'data analysis' Skill from the community. Just before going live, the security team detected unusual traffic — it turned out that during the trial run, the Skill had already started secretly sending request data to an external server. Fortunately, it was discovered and blocked in time, so no real loss occurred. But after that, the team made a rule: all external Skills must pass a security review before going live.
But the question is: how do you review it? Read the code line by line by hand? A Skill can easily be thousands of lines long, and you also have to inspect its dependency chain. There's simply no way to review it all. Without tool support, that rule is just a piece of scrap paper.
Pain point 4: After iterating a new version, you don't know how to validate it or roll it back
Skill, like business code, needs continuous optimization. You change an internal data-processing Skill, think the logic is more complete, and replace it directly in production. But then users report that the output format has become messy instead — it turns out the new version handled certain edge cases incorrectly.
You want to roll back to the previous version, only to find that it wasn't kept at all. You can only rely on memory to change it back piece by piece, and it takes most of the day to recover. The next time you iterate, you start to worry: will something go wrong again this time? Without a validation mechanism and rollback capability, every update feels like gambling.
At the end of the day, these four pain points come down to one issue: enterprises lack a private, controllable, and secure Skill management center.
Skills Registry is here to solve these problems.
Skills Registry is a private Skill repository for enterprises. Its relationship with the public market (Skills Hub) is simple: the public market is responsible for providing, Registry is responsible for gatekeeping. Enterprises find the Skills they need in the public market, import them into Registry, and after security review and permission configuration, distribute them for Agents inside the team to use.
The four capabilities below correspond to the four pain points above, one by one.
Building your own Skill management system isn't cheap. You need to configure servers, storage, and networking, and when something goes wrong, you have to troubleshoot it yourself. Many teams want to manage this, but the very first step — simply getting the environment running — is enough to discourage them.
Skills Registry's approach is: the foundation is already built for you; you just move in.
Create a namespace and you're ready to go; no need to maintain your own instance
The platform is built on Nacos, and the underlying capabilities are already in place. Create a namespace in the console, and you can start managing Skills right away. You don't need to configure servers, storage, or networking, and you don't need to maintain the health of the Registry instance. For enterprises without a dedicated operations team, the barrier to managing Skills drops from 'weeks' to 'minutes'.
Compatible with standard protocols, with public market Skills directly importable
Registry follows the open-source Skill protocol and connects seamlessly with the public market. You can browse Skills in the public market directly and import whichever ones you like into the enterprise. When a Skill in the public market releases a new version, Registry can detect it automatically, and you can choose whether to follow the upgrade. You get both the rich ecosystem of the public market and the strict control of the enterprise environment.
Supports uploading enterprise self-developed Skills, with no dependence on external vendors
In addition to importing from the public market, Registry also supports direct uploads of enterprise self-developed Skills. After local development is complete, package it as a ZIP file and upload it through the page, or import it in bulk through an OSS channel, and it enters Registry's unified management flow. The enterprise's core capabilities remain completely self-controlled, with no need to be tied to any external vendor.
nacos-cli one-click upload and installation, zero-barrier team distribution
After a Skill enters Registry, team members can use the nacos-cli command-line tool to install it into their own Agents with one click. No more manual downloading, unzipping, and configuring — one command is enough to distribute it. On the flip side, a Skill developed locally can also be uploaded to Registry with one click through nacos-cli, without opening a web page. For scenarios where you need to update Skills in bulk across many servers, this saves a huge amount of repetitive work.
In the past, if colleague A wrote a great Skill, it had to be sent around as ZIP files. Now, once it's uploaded to Registry and set to public, the whole team can search for it and install it directly from the repository. When A updates the version, everyone receives it, and nobody is stuck using an old version anymore.
Skills are no longer scattered everywhere; instead, they are centrally gathered into the enterprise's private repository. Create a namespace and you're ready to go, import Skills directly from the public market, and distribute them to the team with one command.
As teams grow, Skills become shared resources. Without boundaries and permissions, collaboration is bound to get messy.
Skills Registry solves this on three levels.
Namespace-level data isolation keeps teams from interfering with each other
You can divide namespaces by project, by team, or by business line. Skills in each space are completely independent. Team A can tinker in its own space, while Team B is completely unaffected. Data for different business lines is naturally isolated, eliminating cross-talk at the source.
Visibility can be set freely: public sharing without tampering
Each Skill can be set to public or private:
Most Skills are 'open for everyone to use, but only I can edit' — achieving sharing while still keeping control of editing rights.
Permissions are applied down to the individual Skill, with the owner in charge
Registry's permission control is fine-grained all the way down to the individual Skill level. If you are the Skill's owner, you can modify it, delete it, and initiate a review. If you authorize a colleague to help with iteration, they can also make changes, but after the changes are made, they must still go through security scanning and the review process, and whether it can be released in the end is still up to you.
This enables team collaboration while avoiding the out-of-control situation where anyone can change something and it takes effect immediately.
Each team's data is isolated and doesn't interfere with the others; public Skills are available to the whole team but protected from tampering; permissions are applied to each individual Skill, with the owner in control.
External Skills do carry security risks — that's a fact. But 'risky' doesn't mean 'can't be used'; the key is having a mechanism to block those risks.
Skills Registry's approach is: every Skill goes through security checks before entering, and the owner makes the final call.
Integrated with Alibaba Cloud AI Security Guardrails, with customizable scan dimensions
The platform integrates Alibaba Cloud's security guardrail technology, a protection system designed by Alibaba Cloud security engineers specifically for AI scenarios. The scanning engine covers the following detection dimensions:
More importantly, enterprises can customize scanning policies — adjust the strictness of detection items, set risk thresholds, add custom filtering words, and configure dedicated security rules. Different industries and different company sizes have very different security requirements, and Registry lets you apply your own standards.
When a scan fails, the owner can decide whether to proceed with release based on the actual situation
After the scan is complete, the system generates a clear risk report. For Skills that fail the scan, ordinary users cannot continue publishing them. But the Skill owner, as the person who knows the Skill best, can make a judgment based on the actual situation: if the risks reported by the scan are false positives or within an acceptable range, the owner can choose to proceed with release; if there really is a problem, they can send it back for changes.
This mechanism is very practical. Machine scanning is responsible for 'flagging risks', while the owner is responsible for 'making judgment in the context of the business'. It protects the security baseline without blocking business progress because of machine false positives.
In addition, every step from upload to release is recorded. If something goes wrong, you can trace it back to the specific person, version, and operation.
Integrated with Alibaba Cloud AI Security Guardrails, with customizable scan dimensions; when a scan fails, the owner can decide whether to proceed with release based on the actual situation, while other users cannot move it forward.
Skills need continuous optimization, but optimization can't rely on gambling. Registry gives teams a complete set of version governance tools, so every iteration is traceable and every release has a fallback.
Semantic versioning + version locking keep production from being affected by surprises
Each Skill follows semantic versioning, and differences between versions can be compared. More importantly, when an Agent binds to a Skill, it locks to a specific version. When a colleague releases a new version, your production environment won't automatically change — you fully control when to upgrade and to which version. Published versions cannot be modified, so what you see is what you use, and there won't be surprises where today and yesterday are different.
Gray release increases traffic gradually, with automatic rollback if something goes wrong
Registry supports gray release. A new version can first be tried by a small number of Agents, and you can observe whether key metrics (success rate, response latency) are normal before gradually expanding the rollout. If the metrics deteriorate during the gray release, the system automatically rolls back to the previous stable version. This 'small steps, quick moves, stop the bleeding anytime' approach lets teams confidently try optimizations without worrying about breaking production.
Skills and versions can be enabled and disabled independently, enabling more precise control
Registry separates 'whether a Skill is enabled' and 'whether a specific version is online' into two independent control dimensions. You can disable an entire Skill globally, or take a problematic version offline on its own and let Agents automatically fall back to the previous online version. When problems arise, you can hit the target precisely instead of taking a one-size-fits-all approach.
After a version change, Agents can detect and load the new version within seconds, with no restart required.
Combined with AgentLoop, Skill iteration goes from gambling to being evidence-based
The biggest challenge in Skill optimization is: after making a change, is it actually better? In the past, you could only judge by intuition. Skills Registry is already planning deep integration with AgentLoop — Alibaba Cloud's AI Agent performance optimization platform, which provides full-chain observability and an evaluation system based on LLM-as-Judge.
In the future, you will be able to use AgentLoop to evaluate Skills quantitatively: whether tool selection is correct, whether parameter filling is accurate, and whether the Agent trajectory is reasonable. Bad cases will automatically accumulate into a dataset, creating a data flywheel of 'find problems → optimize the Skill → verify the result'. Skill iteration will no longer be 'I think it's better, so ship it', but a scientific process supported by data and evaluation evidence.
Version locking keeps production stable; gray release verifies gradually and automatically rolls back when metrics deteriorate; Skills and versions can be enabled and disabled independently; combined with AgentLoop, Skill iteration will be backed by data.
The public market and Skills Registry don't replace each other; they each play their own role. The core differences between the two can be summarized as follows:
| Comparison dimension | Public market (Skills Hub) | Enterprise private repository (Skills Registry) |
|---|---|---|
| Who it's for | All developers on the public internet | Internal enterprise teams |
| Where Skills come from | Official, community, and third-party contributions | Enterprise self-developed + imported from the public market |
| How security is handled | Basic platform-level review | Enterprise-defined policies + AI scanning + manual review |
| How versions are managed | Release means immediate go-live | Full lifecycle governance (gray release, rollback, locking) |
| Who can see it | Public or paid | Visibility controlled separately by namespace and by Skill |
| How issues are traced | Basic download statistics | Full-chain audit traceability from upload to invocation |
| How it's deployed | Public SaaS | Multiple deployment modes available: public cloud, public internet, and private cloud |
To use an analogy: the public market is like a supermarket — the products are plentiful, and you can pick whatever you like. Registry is like your home kitchen — the ingredients you buy from the supermarket still need to be washed, processed, and seasoned to your family's taste before they can be served. Both are indispensable.
Enterprises can discover and browse Skills in the public market, but after importing them into Registry, they must go through internal security review and permission configuration before the team can use them. When a Skill in the public market releases a new version, Registry will detect it automatically, and the enterprise can choose whether to sync the upgrade.
The key principle is: once an external Skill enters the enterprise, it must pass internal security review before it can be used. This is not about distrusting the public market; it's about adding an extra layer of enterprise-specific security policy on top of general-purpose review.
Skills Registry is now in public beta, and joining is simple:
Step 1: Enable access
You only need an Alibaba Cloud account and an enabled MSE product to participate.
Step 2: Create and upload your first Skill
Go to the MSE product page, find the AI Registry entry, create a workspace, and upload your first Skill. You can set it to be public for the team or private. Run through the full registration flow and experience the platform's capabilities.
Step 3: Invite colleagues to use it together
After making the Skill public, invite other teammates to use it. They can install your Skill into their own Agents with one-click using nacos-cli, without manual downloads or configuration.
During the public beta, feedback on issues and suggestions is welcome. Your real-world usage experience will directly influence the direction of future feature iterations.
Honestly, many enterprises already realize how important Skill management is. Beyond just asking 'how do we make Agents smarter?', people are also starting to think further: when a team has dozens or even hundreds of Skills, how do you make sure they're safe, controllable, and traceable?
Skills Registry starts from a simple idea: when enterprises use AI capabilities, they shouldn't only care about 'can it be used?', but also about 'can it be managed?'. External Skills should be safe to use, internal Skills should be easy to reuse, and iterative updates should be both doable and reversible.
If you and your team are also dealing with these problems — Skills scattered everywhere and hard to find, external Skills too risky to use, fear of accidental changes in multi-person collaboration, and no confidence in version updates — why not try Skills Registry during the public beta and see whether it can help you truly bring your AI capabilities under control?
Build Alibaba Cloud API Gateway Monitoring with Realtime Compute for Apache Flink and SLS
703 posts | 57 followers
FollowAlibaba Cloud Native Community - April 20, 2026
Alibaba Cloud Native Community - March 13, 2026
Alibaba Cloud Native Community - April 10, 2026
Alibaba Cloud Community - May 16, 2024
CloudSecurity - March 27, 2026
Alibaba Cloud Native Community - February 3, 2026
703 posts | 57 followers
Follow
Microservices Engine (MSE)
MSE provides a fully managed registration and configuration center, and gateway and microservices governance capabilities.
Learn More
Managed Service for Prometheus
Multi-source metrics are aggregated to monitor the status of your business and services in real time.
Learn More
Cloud-Native Applications Management Solution
Accelerate and secure the development, deployment, and management of containerized applications cost-effectively.
Learn More
Lindorm
Lindorm is an elastic cloud-native database service that supports multiple data models. It is capable of processing various types of data and is compatible with multiple database engine, such as Apache HBase®, Apache Cassandra®, and OpenTSDB.
Learn MoreMore Posts by Alibaba Cloud Native Community
