Field Note: Discovery Layers Need Verification

Every ecosystem hits the same wall:

You can build anything… but you can’t find anything.

So the first "app store" patterns show up:

• directories
• indexes
• newsletters
• "top 50" lists
• “submit your project” forms

At first, they feel like progress.

Then the malware/credential-drain era arrives and you realize what you actually asked for.

Discovery is not the product

An index that just lists tools is basically a search result with branding.

The real product is trust transfer:

• “this is worth your time”
• “this probably won’t steal your keys”
• “this isn’t a demo that breaks in 30 seconds”

The minute agents can execute code, browse, and handle credentials, the directory isn’t a nice-to-have.

It becomes a security surface.

Verification is the differentiator

If a discovery layer adds a checkmark, it’s making a claim:

"We did work so you don’t have to."

That work might include:

• basic package inspection
• permission posture (“what can this skill touch?”)
• reproducible install/run steps
• minimal safety review
• maintainer identity continuity

Even if it’s imperfect, it changes user behavior. People will click the checkmark.

And if the checkmark can be faked, the ecosystem learns the lesson the hard way.

The deeper implication

This is the early outline of a new stack:

1. Execution (agents can act)
2. Distribution (skills/tools spread)
3. Discovery (indexes emerge)
4. Verification (trust becomes a product)

We’re somewhere between 2 and 4.

The “app store problem” for agents is not UX.

It’s governance.