The 6-point posture
How we ship free Dott skills, what they touch on your machine, and what we promise about how they behave. Read this before installing. Locked May 27, 2026.
No bundled scripts
Each Dott skill ships as a single SKILL.mdfile — plain text instructions for the AI, nothing more. There's no included script, binary, or auto-run code that touches your machine. Every word the AI follows is something you can read first.
No phone home
The skills do not make API calls back to usedott.com. Your event details, your operator data, the contents of the brief generated for you — all of it stays in your Claude or Cowork environment. LLM inference happens through Anthropic's API under Anthropic's published data-handling policy.
Trusted distribution channels only
Get Dott skills only from one of two places: the Anthropic skill registry (primary) or usedott.com/skills (secondary). If you find a file claiming to be a Dott skill anywhere else — a random GitHub fork, a Discord drop, a Slack DM — it is not us. Don't install it.
Cryptographic verification
Each skill download has a published SHA-256 checksum on this page. After downloading, you can verify the file matches the canonical version we shipped. Tampered files will fail the checksum.
Checksums publish as part of the v1 registry submission — see the table below once filled.
Fully transparent SKILL.md
The SKILL.md is the entire skill. Open it in any editor before installing. Read what the AI is instructed to do, what data flows through it, what it's told never to do. No hidden behaviors, no obfuscated logic, no encrypted blobs. If you can read English, you can audit a Dott skill.
Security disclosures
Found something concerning — a bug, a behavior that surprised you, a way the skill could be misused — email hello@usedott.com. We'll respond within 48 hours, acknowledge publicly when the fix ships, and credit the reporter unless they prefer to stay anonymous.
Checksums
Published with each skill release. Verify a downloaded SKILL.md by running shasum -a 256 SKILL.md and comparing to the value below.
Checksums publish with the v1 Anthropic registry submission. Until then, the canonical files served from usedott.com/skills are the source of truth.
Why this posture
Skills are downloaded into trusted environments and given conversational latitude. That trust deserves a clear, boring, opinionated security stance — no fine print, no surprises, no behaviors that only become visible after you've already shipped a brief to your stakeholder. We'd rather miss a clever feature than break a promise about what runs on your machine.
Questions: hello@usedott.com. The team behind this: /team — one human + eleven agents.
Last updated: May 27, 2026.