Nemo Skill Marketplace: Build, Share & Sell AI Automation Skills

What Is the Skill Marketplace

The Nemo Skill Marketplace is a curated store where developers and automation enthusiasts can discover, install, buy, and sell AI automation skills that plug directly into Nemo's agent runtime. Think of it as an app store, but instead of standalone applications, you are extending the intelligence and capabilities of your personal AI agent.

Every skill in the marketplace follows the same architecture as Nemo's built-in skills: a set of tool handlers that the AI agent can invoke, schema definitions for the LLM to understand what tools are available, and metadata that governs permissions, consent levels, and PII policies. When you install a marketplace skill, it becomes a native part of your agent — indistinguishable from built-in skills in terms of how the AI reasons about and uses it.

The marketplace launched in February 2026 alongside Nemo's cloud infrastructure. It is accessible both from within the Nemo desktop app (under the Marketplace tab in the sidebar) and through a web interface. The key differentiator from other automation marketplaces is safety: every skill undergoes automated security scanning and human review before it reaches your machine.

At launch, the marketplace features listings across all 12 skill categories — email, documents, finance, scheduling, development, social media, research, data, health, creative, system integration, and more. Both free and paid skills are available, and the community is actively building new ones every week.

How It Works

Installing a skill from the marketplace is designed to be effortless. The entire process takes fewer than 30 seconds and requires no technical knowledge:

1. Browse or search: Open the Marketplace tab in Nemo's sidebar. You can browse by category, search by keyword, or filter by price (free or paid), rating, and installation count.
2. Preview the skill: Each listing includes a description, the developer's name, the skill's permission requirements, PII policy, which consent levels it uses (execute, draft, or observe), a changelog, and user reviews.
3. One-click install: Click "Install" (for free skills) or "Buy" (for paid skills). The skill package is downloaded, its Ed25519 signature is verified against the marketplace's public manifest, and it is deployed to your local ~/.nemo/skills/ runtime directory.
4. Immediate use: The skill is loaded by Nemo's SkillRegistry on the next agent task. You can start using it immediately by asking Nemo to perform tasks that fall within the skill's domain.

Behind the scenes, the marketplace maintains a signed manifest file at /manifest/stable.json. This manifest contains the cryptographic hash and Ed25519 signature for every published skill. When you install a skill, Nemo verifies the downloaded package against this manifest to ensure it has not been tampered with in transit. If the signature does not match, the installation is blocked.

Skill updates work similarly. When a developer publishes a new version, it goes through the same review process. Once approved, the updated manifest is signed and published. Nemo checks for updates periodically and notifies you when new versions are available. You always control when updates are applied — nothing is auto-updated without your consent.

Safety First: Security Scanning

Security is the most critical aspect of any marketplace that distributes executable code. The Nemo Marketplace employs a multi-layer security review process that goes significantly beyond what most platforms offer:

Layer 1: AST-Based Static Analysis

Every skill submitted to the marketplace is first analyzed by an automated AST (Abstract Syntax Tree) security scanner. This scanner parses the Python source code into its syntax tree and inspects it for dangerous patterns without actually executing any code. The scanner checks for:

• Arbitrary code execution: Calls to eval(), exec(), compile(), subprocess, or os.system()
• Network exfiltration: Unauthorized HTTP requests, socket connections, or DNS lookups that could leak user data to external servers
• File system abuse: Attempts to read or write outside the skill's designated working directory, access system files, or modify Nemo's configuration
• Credential harvesting: Patterns that attempt to access environment variables, vault entries, or credential stores beyond what the skill's CREDENTIAL_MAP declares
• Obfuscation: Base64-encoded strings, dynamic imports, or other techniques commonly used to hide malicious payloads

Each finding is classified by severity: CRITICAL, HIGH, MEDIUM, or LOW. Skills with any CRITICAL or HIGH findings are automatically rejected with a detailed report explaining which lines of code triggered the rejection and why. Developers can fix the flagged issues and resubmit.

Layer 2: Human Review

Skills that pass the automated scanner enter a human review queue. A member of the Nemo team manually inspects the code, verifies that the skill does what it claims to do, checks for subtle issues that static analysis might miss (such as data exfiltration via legitimate API calls), and confirms that permissions, consent defaults, and PII policies are appropriate for the skill's functionality.

Layer 3: Cryptographic Signing

Once a skill passes both automated and human review, it is cryptographically signed using Ed25519 digital signatures. The signed manifest is published to the marketplace's stable channel. When users install the skill, Nemo verifies the signature before loading the code. This ensures that the code running on your machine is exactly the code that was reviewed — no tampering is possible between review and installation.

Layer 4: Runtime Safety

Even after installation, marketplace skills run within Nemo's existing safety sandbox. The Sentinel safety layer (powered by SmolLM2-360M) monitors all tool actions in real time. All write operations require explicit user approval (draft consent). Strict PII policies block sensitive data types. And every action is logged in an encrypted audit trail for full accountability.

Buying Skills

Purchasing a paid skill from the marketplace is straightforward and secure. Nemo uses Stripe for all payment processing, which means your credit card information is never handled by Nemo's servers — it goes directly to Stripe, one of the world's most trusted payment processors.

When you click "Buy" on a paid skill, Nemo opens a Stripe checkout session in your browser. You complete the payment on Stripe's hosted checkout page, and upon success, Stripe redirects back to Nemo via the nemo:// protocol handler. Your entitlement is recorded on the marketplace server, the skill is downloaded and installed, and you are ready to go.

Every paid purchase includes a 48-hour refund window. If the skill does not work as advertised, does not meet your needs, or you simply change your mind, you can request a full refund within 48 hours. Refunds are processed back to your original payment method with no questions asked.

The entitlement system tracks which skills you have purchased. Your entitlements are tied to your Nemo Cloud account, so if you reinstall Nemo or set it up on a new machine, you can re-download any skills you have already purchased. There are no device limits — a single purchase covers all your personal devices.

Marketplace skills run with strict safety defaults that cannot be overridden:

• All writes = draft: Any action that creates, modifies, or deletes data is queued for your explicit approval
• Strict PII: SSN, credit card numbers, and API keys are blocked from being processed by marketplace skills
• Empty credential map: Marketplace skills cannot access your vault credentials unless you explicitly grant access after installation
• Sentinel monitoring: The safety AI layer monitors every tool invocation in real time
• Encrypted audit trail: Every action taken by a marketplace skill is logged and auditable

Building and Selling Skills

The marketplace is open to all developers. Whether you are building a skill to solve your own problem and want to share it with the community, or you are a professional developer looking to monetize your automation expertise, the marketplace provides the infrastructure to do so.

Developer Registration

To sell skills on the marketplace, you first register as a developer through the Nemo Cloud API. Registration involves creating an Ed25519 key pair — this key pair is used to sign your skill submissions, establishing a cryptographic link between you and your code. You register your public key with the marketplace via POST /api/v1/dev/keys.

Skill Submission Flow

The submission process follows a deliberate pipeline designed to protect users:

1. Upload: You package your skill directory (containing __init__.py, skill.json, and any helper modules) and upload it to the marketplace
2. Automated scan: The AST security scanner analyzes your code immediately. If CRITICAL or HIGH findings are detected, the submission is rejected with a detailed report. You can fix the issues and resubmit
3. Human review queue: If the automated scan passes, your skill enters the human review queue. Review times vary but typically take 1-3 business days
4. Approval and signing: Once the reviewer approves your skill, it is cryptographically signed with the marketplace's Ed25519 key and added to the stable manifest
5. Publication: Your skill is now live in the marketplace, visible to all Nemo users, and available for installation or purchase

Revenue Model

Developers set their own prices for paid skills. Free skills are encouraged and help build your reputation. When a paid skill is purchased, the revenue is shared between the developer and the marketplace. Stripe handles all payment processing and payouts. Developers can track their sales, revenue, and installation metrics through the marketplace dashboard.

Skill Requirements

Every skill submitted to the marketplace must follow the Nemo skill specification:

• An __init__.py file exposing TOOLS, TOOL_SCHEMAS, CREDENTIAL_MAP, and SYSTEM_PROMPT
• A skill.json file with runtime metadata including permissions, consent defaults, PII policies, and version information
• All tool handlers must be async def functions accepting **kwargs
• Credentials must never appear in tool schemas — they are injected by the bridge after the LLM makes a tool call
• The skill id must be unique and consistent across all files

Marketplace Safety vs Other Platforms

How does the Nemo Marketplace's security model compare to other platforms that distribute community-created automation extensions? The differences are substantial:

The Nemo Marketplace's approach stands out because security is not an afterthought bolted onto a distribution platform — it is baked into the architecture at every level. The combination of pre-publish scanning, human review, cryptographic signing, runtime sandboxing, PII enforcement, and encrypted audit logging creates a defense-in-depth model that no other automation marketplace currently matches.

Types of Skills Available

The marketplace covers all 12 skill categories in Nemo's taxonomy. Here is what you can find in each:

• Email & Communication: Inbox triage, smart compose, meeting summarizers, contact enrichment, follow-up reminders, and newsletter management
• Documents & Writing: Document summarizers, resume builders, citation generators, AI text humanizers, report generators, and template managers
• Finance & Tracking: Expense trackers, invoice generators, investment portfolio trackers, cryptocurrency monitors, receipt scanners, and budget analyzers
• Scheduling & Planning: Smart schedulers, event planners, habit trackers, travel planners, meeting coordinators, and deadline managers
• Development & Code: Code reviewers, Git assistants, API testers, snippet managers, documentation generators, and dependency auditors
• Social Media: Social schedulers, analytics dashboards, hashtag generators, content repurposers, engagement trackers, and trend monitors
• Research & Learning: Web researchers, video summarizers, podcast note-takers, study assistants, paper analyzers, and knowledge base builders
• Data & Productivity: Spreadsheet assistants, clipboard managers, text translators, diagram makers, data cleaners, and format converters
• Health & Life: Medication reminders, symptom checkers, nutrition trackers, workout planners, and meal planners
• Creative: Image prompt generators, color palette creators, font pairers, mockup builders, and design system assistants
• System & Integration: Google Drive organizers, Notion sync tools, backup schedulers, file system monitors, and cloud storage bridges
• Miscellaneous: Desktop launchers, form fillers, clipboard utilities, and cross-application automation bridges

The marketplace also supports a bounty system where users can request specific skills they need. If you want a skill that does not exist yet, you can post a bounty describing what you need. Developers can browse open bounties and build skills to fulfill them, earning both the bounty reward and ongoing revenue from marketplace sales.

Pricing Model

The Nemo Marketplace operates on a simple, user-friendly pricing model designed to avoid the subscription fatigue that plagues modern software:

• Free skills: Many skills are offered for free by community developers. These are often tools that solve specific problems and the developer wants to share the solution. Free skills go through the exact same security review process as paid skills
• Paid skills: Developers set their own one-time prices. You pay once and own the skill forever. There are no recurring subscription fees, no per-use charges, and no hidden costs
• No subscription lock-in: Unlike platforms that charge monthly per integration or per automation, the marketplace is purely transactional. You buy what you need, when you need it
• 48-hour refund guarantee: Every paid purchase comes with a no-questions-asked 48-hour refund window

This pricing model reflects Nemo's core philosophy: the platform itself is free, and the marketplace is an optional extension for users who want specialized capabilities. You are never forced to buy anything — Nemo's 500+ built-in skills cover the vast majority of common automation needs.

Community and Trust

A healthy marketplace depends on trust between buyers and sellers. Nemo builds this trust through several mechanisms:

Trust Scoring

Every agent and developer in the Nemo ecosystem has a trust score. This score starts at 50 and moves up or down based on community interactions. Positive contributions (skills that work well, accurate insights shared, bugs reported) increase your score. Negative actions (malicious submissions, spam, abusive behavior) decrease it. Agents with trust scores below 10 are banned from the marketplace.

Collective Intelligence

Nemo's collective intelligence system allows anonymized insights from skill usage to be shared across the community. When a skill encounters an error and finds a fix, when a useful tool sequence is discovered, or when a platform-specific quirk is identified, these insights can be shared (with all PII stripped) to help other users. This creates a network effect where every user's experience improves as more people use the platform.

Bounty System

The bounty system creates a feedback loop between user demand and developer supply. Users can post bounties for skills they need, and developers can build skills to fulfill those bounties. This ensures the marketplace grows in directions that serve real user needs, not just what developers think might sell. Bounties can also include financial rewards to incentivize development of specialized or complex skills.

Developer Reputation

Marketplace listings display the developer's name, number of published skills, cumulative installations, average ratings, and how long they have been a registered developer. This transparency helps users make informed decisions about which skills to trust and install.

Getting Started as a Developer

If you are a developer interested in building skills for the marketplace, the fastest path from zero to published skill looks like this:

1. Study existing skills: Look at the reference implementations in Nemo's source code. email_composer is a simple single-tool skill. email_triage is a complex multi-tool skill with Gmail integration. doc_summarizer demonstrates filesystem-based skills with no authentication needed
2. Scaffold your skill: Nemo includes a ClawHub scaffolder (python -m clawhub.cli scaffold <slug>) that generates the skeleton directory structure, __init__.py, skill.json, and catalog entry. This ensures you start with the correct file structure and all required exports
3. Implement your tools: Write async handler functions for each tool your skill provides. Each handler accepts **kwargs and returns results that the LLM can interpret. Keep handlers focused — one tool per logical action
4. Write the system prompt: This is the instruction text injected into the LLM context when your skill is active. A good system prompt clearly describes what tools are available, when to use each one, and how to chain them together for multi-step tasks
5. Define permissions and safety: In skill.json, specify which consent levels your tools use (execute for safe reads, draft for writes), what PII policies apply, and what permissions your skill needs
6. Test locally: Deploy your skill to ~/.nemo/skills/<skill_id>/ and verify it loads correctly. Test all tool handlers, verify credential injection works (if applicable), and confirm the LLM uses your tools appropriately
7. Register and submit: Create your developer account, register your Ed25519 public key, and upload your skill package. The automated scanner runs immediately, and if it passes, your skill enters the review queue

The Nemo team is actively working to reduce the time from idea to published skill. Documentation, example skills, and the scaffolding tool are all designed to make the development process as smooth as possible. The goal is a world where anyone with a Python scripting ability can turn their automation knowledge into a marketplace skill in a single afternoon.

The best automation skills come from people who actually need them. The marketplace exists to connect those builders with everyone else who shares the same problem.

Frequently Asked Questions