Revert "feat(skills): integrate NVIDIA/skills as a trusted skills hub tap"

This reverts commit 9992e32db3.

tests/tools/test_skills_guard.py

@@ -54,14 +54,6 @@ class TestResolveTrustLevel:
         assert _resolve_trust_level("anthropics/skills") == "trusted"
         assert _resolve_trust_level("openai/skills/some-skill") == "trusted"
 
-    def test_nvidia_skills_is_trusted(self):
-        # NVIDIA/skills ships NVIDIA-verified skills with detached OMS
-        # signatures and governance skill cards. It's wired through the
-        # same trust path as the OpenAI / Anthropic / HuggingFace taps.
-        assert _resolve_trust_level("NVIDIA/skills") == "trusted"
-        assert _resolve_trust_level("NVIDIA/skills/aiq-deploy") == "trusted"
-        assert _resolve_trust_level("skills-sh/NVIDIA/skills/cuopt") == "trusted"
-
     def test_trusted_repo_sibling_prefixes_are_not_trusted(self):
         assert _resolve_trust_level("openai/skills-evil") == "community"
         assert _resolve_trust_level("anthropics/skills-foo/frontend-design") == "community"

tests/tools/test_skills_hub.py

@@ -103,36 +103,6 @@ class TestTrustLevelFor:
         # No path part — still resolves repo correctly
         assert result in {"trusted", "community"}
 
-    def test_nvidia_skills_tap_is_registered_and_trusted(self):
-        # Invariant: every trusted repo in TRUSTED_REPOS that we want
-        # browseable/searchable through `hermes skills browse` must also
-        # appear as a default tap on GitHubSource. Without the tap, the
-        # repo's skills don't show up in search results or the docs-site
-        # Skills Hub page even though the trust level is correct.
-        from tools.skills_guard import TRUSTED_REPOS
-
-        assert "NVIDIA/skills" in TRUSTED_REPOS
-        tap_repos = {tap["repo"] for tap in GitHubSource.DEFAULT_TAPS}
-        assert "NVIDIA/skills" in tap_repos
-
-        src = self._source()
-        assert src.trust_level_for("NVIDIA/skills/aiq-deploy") == "trusted"
-
-    def test_browseable_trusted_repos_have_taps(self):
-        # General invariant covering all current and future trusted repos
-        # that publish under a single `skills/`-style path. openai/skills
-        # is the deliberate exception — it has two taps (`.curated/` and
-        # `.system/`) — so we just assert membership not path equality.
-        from tools.skills_guard import TRUSTED_REPOS
-
-        tap_repos = {tap["repo"] for tap in GitHubSource.DEFAULT_TAPS}
-        for repo in TRUSTED_REPOS:
-            assert repo in tap_repos, (
-                f"Trusted repo {repo!r} is in TRUSTED_REPOS but missing "
-                "from GitHubSource.DEFAULT_TAPS — its skills will not be "
-                "browsable via `hermes skills browse`."
-            )
-
 
 # ---------------------------------------------------------------------------
 # SkillsShSource

tools/skills_guard.py

@@ -36,16 +36,7 @@ from typing import List, Tuple
 # Hardcoded trust configuration
 # ---------------------------------------------------------------------------
 
-TRUSTED_REPOS = {
-    "openai/skills",
-    "anthropics/skills",
-    "huggingface/skills",
-    # NVIDIA-verified skills: each entry ships a signed `skill.oms.sig`
-    # and a governance `skill-card.md` (sync pipeline drops anything
-    # missing the signature or card). Catalog details:
-    # https://github.com/NVIDIA/skills
-    "NVIDIA/skills",
-}
+TRUSTED_REPOS = {"openai/skills", "anthropics/skills", "huggingface/skills"}
 
 INSTALL_POLICY = {
     #                  safe      caution    dangerous

tools/skills_hub.py

@@ -401,14 +401,6 @@ class GitHubSource(SkillSource):
         {"repo": "openai/skills", "path": "skills/.system/"},
         {"repo": "anthropics/skills", "path": "skills/"},
         {"repo": "huggingface/skills", "path": "skills/"},
-        # NVIDIA/skills: NVIDIA-verified skills for CUDA-X, AIQ, cuOpt,
-        # cuPyNumeric, DeepStream, NeMo, NemoClaw, etc. Each skill ships
-        # alongside a signed `skill.oms.sig`, an OMS-signed `skill-card.md`
-        # (governance card), and an `evals/` directory — synced daily from
-        # the NVIDIA product repos. Treated as `trusted` (see
-        # `tools/skills_guard.py::TRUSTED_REPOS`). Sample layout:
-        # https://github.com/NVIDIA/skills/tree/main/skills
-        {"repo": "NVIDIA/skills", "path": "skills/"},
         {"repo": "garrytan/gstack", "path": ""},
     ]
 

website/docs/user-guide/features/skills.md

@@ -467,7 +467,6 @@ Default taps (browsable without any setup):
 - [openai/skills](https://github.com/openai/skills)
 - [anthropics/skills](https://github.com/anthropics/skills)
 - [huggingface/skills](https://github.com/huggingface/skills)
-- [NVIDIA/skills](https://github.com/NVIDIA/skills) — NVIDIA-verified skills (signed `skill.oms.sig` + governance `skill-card.md`)
 - [garrytan/gstack](https://github.com/garrytan/gstack)
 
 - Example:
@@ -578,7 +577,7 @@ Important behavior:
 |-------|--------|--------|
 | `builtin` | Ships with Hermes | Always trusted |
 | `official` | `optional-skills/` in the repo | Builtin trust, no third-party warning |
-| `trusted` | Trusted registries/repos such as `openai/skills`, `anthropics/skills`, `huggingface/skills`, `NVIDIA/skills` | More permissive policy than community sources |
+| `trusted` | Trusted registries/repos such as `openai/skills`, `anthropics/skills`, `huggingface/skills` | More permissive policy than community sources |
 | `community` | Everything else (`skills.sh`, well-known endpoints, custom GitHub repos, most marketplaces) | Non-dangerous findings can be overridden with `--force`; `dangerous` verdicts stay blocked |
 
 ### Update lifecycle

website/i18n/zh-Hans/docusaurus-plugin-content-docs/current/user-guide/features/skills.md

@@ -467,7 +467,6 @@ Hermes 可以直接从 GitHub 仓库和基于 GitHub 的 tap 安装。当你已
 - [openai/skills](https://github.com/openai/skills)
 - [anthropics/skills](https://github.com/anthropics/skills)
 - [huggingface/skills](https://github.com/huggingface/skills)
-- [NVIDIA/skills](https://github.com/NVIDIA/skills) — NVIDIA 官方验证的技能（带签名 `skill.oms.sig` 与治理用 `skill-card.md`）
 - [VoltAgent/awesome-agent-skills](https://github.com/VoltAgent/awesome-agent-skills)
 - [garrytan/gstack](https://github.com/garrytan/gstack)
 
@@ -579,7 +578,7 @@ hermes skills install skills-sh/anthropics/skills/pdf --force
 |-------|--------|--------|
 | `builtin` | 随 Hermes 附带 | 始终受信任 |
 | `official` | 仓库中的 `optional-skills/` | 内置信任，无第三方警告 |
-| `trusted` | 受信任的注册表/仓库，如 `openai/skills`、`anthropics/skills`、`huggingface/skills`、`NVIDIA/skills` | 比社区来源更宽松的策略 |
+| `trusted` | 受信任的注册表/仓库，如 `openai/skills`、`anthropics/skills`、`huggingface/skills` | 比社区来源更宽松的策略 |
 | `community` | 其他所有来源（`skills.sh`、well-known 端点、自定义 GitHub 仓库、大多数市场） | 非危险性发现可用 `--force` 覆盖；`dangerous` 结论保持阻止 |
 
 ### 更新生命周期

website/scripts/extract-skills.py

@@ -95,7 +95,6 @@ GITHUB_TAP_LABELS = {
     "openai/skills": "OpenAI",
     "anthropics/skills": "Anthropic",
     "huggingface/skills": "HuggingFace",
-    "NVIDIA/skills": "NVIDIA",
     "VoltAgent/awesome-agent-skills": "VoltAgent",
     "garrytan/gstack": "gstack",
     "MiniMax-AI/cli": "MiniMax",

website/src/pages/skills/index.tsx

@@ -163,13 +163,6 @@ const SOURCE_CONFIG: Record<
     border: "rgba(251, 191, 36, 0.2)",
     icon: "\u{1F917}",
   },
-  NVIDIA: {
-    label: "NVIDIA",
-    color: "#76b900",
-    bg: "rgba(118, 185, 0, 0.08)",
-    border: "rgba(118, 185, 0, 0.25)",
-    icon: "\u{25B6}",
-  },
   VoltAgent: {
     label: "VoltAgent",
     color: "#facc15",
@@ -214,7 +207,6 @@ const SOURCE_ORDER = [
   "Anthropic",
   "OpenAI",
   "HuggingFace",
-  "NVIDIA",
   "skills.sh",
   "ClawHub",
   "browse.sh",