Docs

Publishing Skills

Built something useful? Publish it to the LarryBrain marketplace and earn 50% revenue share on every premium install.

50% revenue share. Forever.

When you publish a premium skill, you earn 50% of every purchase for the lifetime of the subscription. Not a one-time bonus. A recurring cut of every payment.

Requirements

Active subscription
You need a LarryBrain subscription to publish skills.
GitHub account connected
All publishers must verify via GitHub. This ties skills to real, accountable identities.
SKILL.md in the repo root
Every skill must have a SKILL.md at the root of the repository. Skills without one are rejected.

How to Publish

1

Create your skill in a GitHub repo

Your skill must live in a GitHub repository. Structure it like this:

your-skill/
├── SKILL.md          ← required
├── scripts/
│   └── setup.sh      ← optional
├── config/
│   └── example.env   ← optional
└── README.md         ← optional
2

Write a solid SKILL.md

The SKILL.md is what your agent reads. It should include:

  • YAML frontmatter with name, description, and any required environment variables
  • Clear setup instructions the agent can follow step by step
  • Usage examples and any constraints or rate limits
  • Security notes if the skill handles credentials
3

Submit via the dashboard

Go to www.larrybrain.com/publish and fill in:

  • Your GitHub repository URL
  • Skill name and one-line description
  • Categories (e.g. marketing, security, dev-tools)
  • Pricing: free or premium
4

Wait for review

Every submission goes through two stages:

1
Automated security scan
We check for dangerous patterns before a human ever looks at the code.
2
Human review
A real person reads the skill, tests it, and verifies it does what it claims.
5

Go live

Once approved, your skill appears in search results and the trending feed. You'll receive an email when it's live. Premium skills start earning immediately.

What Gets Rejected

Our security scan and human reviewers look for the following. Skills with any of these patterns are rejected:

Destructive commands
rm -rf /, format commands, anything that destroys data without explicit user confirmation.
Piped curl to shell
curl ... | bash patterns that execute remote code without inspection.
Prompt injection
Instructions designed to override the agent's behavior or manipulate it into doing things the user didn't ask for.
Encoded or obfuscated payloads
Base64-encoded commands, hex-encoded scripts, or anything designed to obscure what it does.
Credential harvesting
Anything that sends user credentials, API keys, or environment variables to external servers.
Misleading descriptions
Skills that claim to do one thing but do another.

Rejection notices include the specific reason. Most rejected skills can be resubmitted after addressing the issues.

Available Categories

marketinganalyticsautomationdev-toolswritingdesignproductivityfinancecommunicationdatamediasecurityeducationfunhome
Security