Summary
Currently, skills support a single .aam.sig file, meaning only one signature can exist per skill. A web-of-trust model would benefit from multiple endorsements.
Proposal
Allow multiple entities to sign/endorse a skill:
- Original author signature proves authorship
- Additional endorsers add trust (security reviewers, trusted community members, etc.)
- More signatures = higher confidence in the skill
Possible Implementation
- Store multiple signatures (e.g.,
.aam.sig becomes an array, or use .aam.sigs/ directory)
- Each signature is a separate Nostr kind 31337 event with the same skill hash but different pubkeys
aam skills verify could show all endorsersaam skills sign could append rather than overwrite
Use Cases
- Package maintainers endorse skills they've reviewed
- Organizations endorse skills for internal use
- Community builds reputation through endorsement chains
This aligns with how trust works in GPG key signing, Linux package repos, and the broader Nostr ecosystem.
Summary
Currently, skills support a single
.aam.sigfile, meaning only one signature can exist per skill. A web-of-trust model would benefit from multiple endorsements.Proposal
Allow multiple entities to sign/endorse a skill:
Possible Implementation
.aam.sigbecomes an array, or use.aam.sigs/directory)aam skills verifycould show all endorsersaam skills signcould append rather than overwriteUse Cases
This aligns with how trust works in GPG key signing, Linux package repos, and the broader Nostr ecosystem.