How the Registry Works

Two-tier registry architecture — proxied indexing from GitHub and hosted publishing

Overview

The APM registry serves as the central discovery and distribution hub for agent skills. It operates in two tiers:

Proxied tier — APM indexes public GitHub repos containing valid SKILL.md files. Skills are discoverable and installable immediately, with no action required from authors.
Hosted tier — Authors publish directly to APM via apm publish. Packages are hosted by the registry for faster installs, versioned snapshots, and guaranteed availability.

Both tiers are searchable on apm.orthg.nl and installable via apm install @scope/name.

Scoped names

All packages use scoped names in the format @scope/name:

Proxied packages — the scope is derived from the GitHub repo owner. A skill at github.com/anthropics/skills/code-review becomes @anthropics/code-review.
Hosted packages — authors claim their scope during publishing.

Scopes prevent naming collisions. Multiple authors can publish a code-review skill without conflict — @anthropics/code-review and @myorg/code-review coexist.

Proxied tier (live today)

The proxied tier solves the cold-start problem. Instead of launching with an empty registry, APM indexes every public GitHub repository with a valid SKILL.md file.

How indexing works

A daily indexer searches the GitHub Code Search API for files named SKILL.md
For each result, APM checks for a .apm-exclude marker file in the repo root — if present, the repo is skipped
APM fetches repository metadata (stars, license, default branch)
APM fetches the SKILL.md content and validates it against the specification
Only skills with valid frontmatter (name and description) are indexed
The scope is set to the lowercase GitHub repo owner
Valid skills are upserted into the registry database

What gets indexed

A skill is indexed if all of the following are true:

The repository is public
The file is named SKILL.md
The frontmatter contains valid name and description fields
The name field passes validation (lowercase alphanumeric + hyphens, max 64 chars)
There is no .apm-exclude file in the repository root

What doesn't get indexed

Private repositories
Files named something other than SKILL.md
Files with missing or invalid frontmatter
Repos that have opted out via .apm-exclude

When you apm install @scope/name, the CLI fetches the skill content from the registry (which mirrors it from the source repository). The registry stores the full SKILL.md content, so installs don't hit GitHub directly.

Hosted tier (coming soon)

The hosted tier lets authors publish packages directly to APM:

apm publish ./my-skill

Hosted packages get:

Faster installs — served from the registry, not proxied from GitHub
Version history — publish multiple versions, pin to specific releases
Guaranteed availability — no dependency on the source repo staying public
Namespace claims — first-come-first-serve, npm-style

Migration path

Proxied packages naturally migrate to hosted as authors claim their scope and publish directly. There's no disruption — the scoped name stays the same, and existing apm install commands continue to work.

Search

The registry provides full-text search powered by PostgreSQL. Search covers scopes, package names, and descriptions.

On the web: Use the search bar at apm.orthg.nl

From the CLI:

apm search "code review"

From the API:

curl "https://apm.orthg.nl/api/search?q=code+review"

The public indexing model

APM's proxied tier follows the same model as Go's module proxy (proxy.golang.org) — it indexes all public modules without requiring opt-in. This is a win for the community:

Skill authors get discovery without any publishing step
Users get a single search destination for all available skills
The ecosystem grows organically as more people create skills

If you'd rather not be indexed, see Opting Out.