ayrisdev/app-store-optimization
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ayrisdev:v1.0.0
Branches Tags
ayrisdev:main ayrisdev:copilot/fix-css-parsing-error
ayrisdev:v5.6.0 ayrisdev:v5.5.0 ayrisdev:v5.4.0 ayrisdev:v5.3.0 ayrisdev:v5.2.0 ayrisdev:v5.1.0 ayrisdev:v5.0.0 ayrisdev:v4.11.0 ayrisdev:v4.10.0 ayrisdev:v4.9.0 ayrisdev:v4.8.0 ayrisdev:v4.7.0 ayrisdev:v4.6.0 ayrisdev:v4.5.0 ayrisdev:v4.4.0 ayrisdev:v4.3.0 ayrisdev:v4.2.0 ayrisdev:v4.1.0 ayrisdev:v4.0.0 ayrisdev:v3.5.0 ayrisdev:v3.4.0 ayrisdev:v3.3.0 ayrisdev:v3.2.0 ayrisdev:v3.1.0 ayrisdev:v3.0.0 ayrisdev:v2.15.0 ayrisdev:v2.14.0 ayrisdev:v2.13.0 ayrisdev:v2.12.0 ayrisdev:v2.11.0 ayrisdev:v2.10.0 ayrisdev:v2.9.0 ayrisdev:v2.8.0 ayrisdev:v2.7.0 ayrisdev:v2.6.0 ayrisdev:v2.5.0 ayrisdev:v2.4.0 ayrisdev:v2.3.0 ayrisdev:v1.0.0 ayrisdev:v0.7.0 ayrisdev:v0.6.0 ayrisdev:v0.5.0 ayrisdev:v0.4.0 ayrisdev:v0.3.0 ayrisdev:v0.2.0 ayrisdev:v0.1.0
...
compare: ayrisdev:v3.5.0
Branches Tags
ayrisdev:main ayrisdev:copilot/fix-css-parsing-error
ayrisdev:v5.6.0 ayrisdev:v5.5.0 ayrisdev:v5.4.0 ayrisdev:v5.3.0 ayrisdev:v5.2.0 ayrisdev:v5.1.0 ayrisdev:v5.0.0 ayrisdev:v4.11.0 ayrisdev:v4.10.0 ayrisdev:v4.9.0 ayrisdev:v4.8.0 ayrisdev:v4.7.0 ayrisdev:v4.6.0 ayrisdev:v4.5.0 ayrisdev:v4.4.0 ayrisdev:v4.3.0 ayrisdev:v4.2.0 ayrisdev:v4.1.0 ayrisdev:v4.0.0 ayrisdev:v3.5.0 ayrisdev:v3.4.0 ayrisdev:v3.3.0 ayrisdev:v3.2.0 ayrisdev:v3.1.0 ayrisdev:v3.0.0 ayrisdev:v2.15.0 ayrisdev:v2.14.0 ayrisdev:v2.13.0 ayrisdev:v2.12.0 ayrisdev:v2.11.0 ayrisdev:v2.10.0 ayrisdev:v2.9.0 ayrisdev:v2.8.0 ayrisdev:v2.7.0 ayrisdev:v2.6.0 ayrisdev:v2.5.0 ayrisdev:v2.4.0 ayrisdev:v2.3.0 ayrisdev:v1.0.0 ayrisdev:v0.7.0 ayrisdev:v0.6.0 ayrisdev:v0.5.0 ayrisdev:v0.4.0 ayrisdev:v0.3.0 ayrisdev:v0.2.0 ayrisdev:v0.1.0

214 Commits
v1.0.0 ... v3.5.0

Author SHA1 Message Date
sck_0
13c5b2dae1 docs: sync README stats to 257 (verified by release_cycle.sh) 2026-01-28 11:06:36 +01:00
sck_0
6905ea89d5 docs: move PR contributors to bottom of Repo Contributors list 2026-01-28 10:57:19 +01:00
github-actions[bot]
d6d18b7962 chore: sync generated registry files [ci skip] 2026-01-28 09:55:42 +00:00
sck_0
b5d2b4f3f0 docs: correct placement of PR contributors in README 2026-01-28 10:55:29 +01:00
sck_0
e2698696ff fix: add missing name to infinite-gratitude frontmatter 2026-01-28 10:48:59 +01:00
sck_0
258d46c7a4 fix: move infinite-gratitude to own folder (sync stats to 257) 2026-01-28 10:48:58 +01:00
sck_0
600628df56 feat: add infinite-gratitude as skill (total 257) and fix credits 2026-01-28 10:48:58 +01:00
github-actions[bot]
437e01ee1f chore: sync generated registry files [ci skip] 2026-01-28 09:39:02 +00:00
sck_0
3a454d7084 docs: add community contributors from PR #36 2026-01-28 10:38:50 +01:00
sck_0
1ffbe63e93 style: fix markdown lints in FAQ.md 2026-01-28 10:36:52 +01:00
sck_0
67474bf79d chore: add release artifacts and sync stats (v3.5.0 compliance) 2026-01-28 10:36:52 +01:00
github-actions[bot]
7b65390400 chore: sync generated registry files [ci skip] 2026-01-28 09:29:16 +00:00
sck_0
f0ba079b66 chore: release v3.5.0 (PRs #35, #36) 2026-01-28 10:29:03 +01:00
github-actions[bot]
333d5d7237 chore: sync generated registry files [ci skip] 2026-01-28 09:26:33 +00:00
sickn33
5ed47d4490 Merge pull request #35 from IanJ332/fix/readme-daily-news-desc 
docs: translate daily-news-report description to English
 2026-01-28 10:26:20 +01:00
github-actions[bot]
f9096c3565 chore: update star history chart 2026-01-28 06:32:50 +00:00
Ianj332
d409f629ee docs: translate daily-news-report skill and README entry to English 2026-01-27 15:43:15 -06:00
Ianj332
e190ad7ddc chore: fix path separators from backslash to slash 2026-01-27 15:40:29 -06:00
Ianj332
a96592b85b docs: use Chinese desc in README but English body in skill 2026-01-27 15:38:04 -06:00
Ianj332
98e4811114 chore: force update registry files via script execution 2026-01-27 15:33:48 -06:00
Ianj332
2a92eba60e docs: translate daily-news-report skill and update registry files 2026-01-27 15:29:04 -06:00
Ianj332
3446382851 docs: translate daily-news-report description to English 2026-01-27 15:09:12 -06:00
sck_0
44d6277b69 chore: sync generated files (validation chain) 2026-01-27 18:38:04 +01:00
sck_0
531818043f docs: remove Vietnamese link from English README 2026-01-27 18:35:48 +01:00
sck_0
b03f929948 docs: move Vietnamese translations to docs/vi/ 2026-01-27 18:33:18 +01:00
Đỗ Khắc Gia Khoa
a3acb446fb docs: add complete Vietnamese translation for core documentation (Phase 2) 2026-01-27 20:06:26 +07:00
sck_0
2917fd235d chore: make README update idempotent 
Prevent CI from re-introducing duplicate Curated Collections sections by normalizing headers and de-duping inserts.
 2026-01-27 10:54:19 +01:00
github-actions[bot]
de26b1a161 chore: sync generated registry files [ci skip] 2026-01-27 09:38:20 +00:00
sickn33
1bf7d5cdb6 Remove duplicate Curated Collections section 
Removed duplicate section for Curated Collections in README.
 2026-01-27 10:38:10 +01:00
github-actions[bot]
3aa5c303d6 chore: sync generated registry files [ci skip] 2026-01-27 09:37:05 +00:00
sck_0
911b59253f chore: fix curated collections anchor 2026-01-27 10:36:52 +01:00
sck_0
a644b154c3 chore: remove duplicate curated collections heading 2026-01-27 10:34:21 +01:00
sck_0
210213d7c1 chore: unify curated collections heading 2026-01-27 10:28:44 +01:00
github-actions[bot]
b99dac3a7c chore: sync generated registry files [ci skip] 2026-01-27 09:24:24 +00:00
sck_0
b9fcf5701b chore: remove duplicate curated collections section 2026-01-27 10:24:10 +01:00
sck_0
a5781c5cef chore: use star history svg badge 2026-01-27 10:22:20 +01:00
github-actions[bot]
440375bcb7 chore: update star history chart 2026-01-27 09:13:44 +00:00
sck_0
65e4a798be chore(ci): commit star history png when untracked 2026-01-27 10:13:07 +01:00
sck_0
db5b978d1b chore: render star history chart as png 2026-01-27 10:11:21 +01:00
github-actions[bot]
5862c73f4d chore: update star history chart 2026-01-27 09:08:16 +00:00
sck_0
7db9aedc66 chore: auto-update star history chart 
Add a scheduled workflow that refreshes assets/star-history.svg daily and updates README to reference the local asset.
 2026-01-27 10:06:05 +01:00
sck_0
95e9a72442 chore: restore star history chart embed 2026-01-27 10:03:49 +01:00
sck_0
60da1a4330 chore: embed star history chart without secrets 2026-01-27 10:01:00 +01:00
github-actions[bot]
258ad1ed80 chore: sync generated registry files [ci skip] 2026-01-27 08:50:23 +00:00
sck_0
1fcefe1082 chore(ci): grant contents write permission for auto-sync 2026-01-27 09:50:11 +01:00
sck_0
3fd063cdd9 chore: allow CI auto-sync of registry using GITHUB_TOKEN 2026-01-27 09:48:00 +01:00
sck_0
fdb9f7eae9 chore: improve CI drift messaging and allow manual runs 2026-01-27 09:45:30 +01:00
sickn33
6326b8dba8 Remove duplicate Curated Collections section 
Removed duplicate section for Curated Collections in README.
 2026-01-27 09:40:06 +01:00
sck_0
1a7ed5257c chore: add latest PR authors to Repo Contributors 2026-01-27 09:38:42 +01:00
sck_0
3e172b817a chore: clarify validation chain to avoid CI drift 2026-01-27 09:32:28 +01:00
sck_0
b40ff8308d Update registry table and related docs [ci skip] 2026-01-27 09:28:26 +01:00
sck_0
c33204e23e chore: sync maintenance docs and counts 
- allinea conteggi skill a 256 in README/GETTING_STARTED
- corregge anchor e TOC per Full Skill Registry
- rimuove emoji dagli H2 e unifica Repo Contributors
- sistema il blocco Regenerate Index in MAINTENANCE
 2026-01-27 09:26:50 +01:00
sck_0
3dded33731 chore: finalize v3.4.0 versioning in README 2026-01-27 09:20:39 +01:00
sck_0
cc0f4a2ec4 chore: sync generated files (fix CI drift in v3.4.0) 2026-01-27 09:18:26 +01:00
sck_0
1b606d851d chore(release): v3.4.0 - Voice AI & Categorization 2026-01-27 09:16:41 +01:00
sck_0
7e2f243bfa chore: fixes CI drift (sync generated files +1 skill) 2026-01-27 09:11:06 +01:00
sck_0
3688425884 chore: sync generated files and apply categorization 2026-01-27 08:59:59 +01:00
sickn33
8801592bd2 Merge pull request #33 from taksrules/feat/voice-ai-engine-development 
feat: add voice-ai-engine-development skill for building real-time co…
 2026-01-27 08:54:35 +01:00
taksrules
d972c4fa3a feat: add voice-ai-engine-development skill for building real-time conversational AI 2026-01-27 07:24:06 +02:00
sck_0
e9783892c1 chore: fixes ci drift in generated files 2026-01-26 20:06:02 +01:00
sck_0
d8d8e70ebb chore: standardize maintenance rules and sync docs (v3.3.0 audit) 2026-01-26 20:04:54 +01:00
sck_0
deafaa6e77 chore: fix drift in generated files (CI sync) 2026-01-26 19:28:32 +01:00
sck_0
790573472c chore: sync generated files and stats 2026-01-26 19:25:20 +01:00
sck_0
66b777a937 chore: move new contributors to community section 2026-01-26 19:23:09 +01:00
sck_0
63d98348d2 chore: fix skill count in readme intro 2026-01-26 19:22:14 +01:00
sck_0
79f2642f4e chore: fix readme title and contributors 2026-01-26 19:19:29 +01:00
sck_0
48d458ce0b chore: fix ci drift in generated files 2026-01-26 19:12:38 +01:00
sck_0
9df73a8e56 chore: release v3.3.0 2026-01-26 19:09:09 +01:00
sck_0
2d7529b613 chore: formatting fixes 2026-01-26 19:07:27 +01:00
sck_0
283c4e6ae7 chore: sync generated files 2026-01-26 19:06:44 +01:00
sck_0
c7f7f23bd7 feat: integrate last30days and daily-news-report skills 2026-01-26 19:05:37 +01:00
sck_0
d2569f2107 chore(release): prepare for v3.2.0 2026-01-26 18:39:10 +01:00
sck_0
4c272bfcbf chore: sync generated files 2026-01-26 18:35:10 +01:00
sck_0
256bfeee73 Merge branch 'pr-31' into main 2026-01-26 18:34:39 +01:00
sck_0
f57a068782 fix(skills): repair invalid YAML frontmatter in SEO skills 2026-01-26 18:33:39 +01:00
Munir Abbasi
0c93e28ace Update SKILL.md 2026-01-26 13:53:07 +05:00
sck_0
899c8a01da docs: detailed v3.1.0 changelog with specific registry restores 2026-01-26 08:52:29 +01:00
sck_0
4ff7187be6 docs: use CHANGELOG.md for release notes and cleanup 2026-01-26 08:50:13 +01:00
sck_0
d19edbebfb docs: add critical CI drift fixation guide and update maintenance routine 2026-01-26 08:46:15 +01:00
sck_0
2001965e52 fix(ci): sync README.md with generation scripts to resolve drift 2026-01-26 08:44:51 +01:00
sck_0
866d6954f7 chore(release): prepare v3.1.0 artifacts 2026-01-26 08:39:45 +01:00
sck_0
7e5d8d52a1 fix(ci): update README.md to match deterministic index sorting 2026-01-26 08:36:58 +01:00
sck_0
b55e7e39cc fix(ci): make index sorting deterministic (sort by name + id) 2026-01-26 08:35:32 +01:00
sck_0
f728d0d816 fix(ci): install pyyaml dependency for index generation 2026-01-26 08:33:41 +01:00
Munir Abbasi
c8de7f50f8 Update SKILL.md 2026-01-26 12:32:22 +05:00
sck_0
9891cb28ed fix(ci): update generate_index.py to support YAML frontmatter and sync skills_index.json 2026-01-26 08:30:16 +01:00
Munir Abbasi
4d32a3e2af Revise frontend development guidelines description 
Updated the description to clarify the guidelines and standards for frontend development in React and TypeScript applications. Enhanced the structure and content for better readability and understanding.
 2026-01-26 12:29:00 +05:00
Munir Abbasi
53927c5aec Revise frontend design skill description and guidelines 
Updated the description and guidelines for frontend design to emphasize intentional aesthetics and high craft. Enhanced clarity on design thinking, implementation standards, and anti-patterns.
 2026-01-26 12:26:39 +05:00
sck_0
699ceabd57 fix(skills): correct YAML frontmatter syntax and remove debris from PR #30 2026-01-26 08:26:16 +01:00
Munir Abbasi
c8e7424ea6 Revise marketing psychology skill description and content 
Updated the description to clarify the application of behavioral science and mental models in marketing. Revised the content structure to enhance clarity and usability for users seeking psychological insights in marketing.
 2026-01-26 12:22:55 +05:00
Munir Abbasi
14fb3b5159 Update SKILL.md 2026-01-26 12:20:25 +05:00
Munir Abbasi
691b02c817 Add related skills section to SKILL.md 
Added related skills for pricing strategy.
 2026-01-26 12:17:28 +05:00
Munir Abbasi
acc6dbc84f Update SKILL.md 2026-01-26 12:02:37 +05:00
Munir Abbasi
d8453057df Revise popup-cro skill description and content 
Updated the description and content structure for the popup-cro skill to enhance clarity and user engagement strategies.
 2026-01-26 11:59:25 +05:00
Munir Abbasi
f45abe634d Refactor SKILL.md for clarity and conciseness 
Removed unnecessary lines and improved formatting.
 2026-01-26 11:47:08 +05:00
Munir Abbasi
85480f4ce4 Refactor SKILL.md by removing YAML block 
Removed YAML code block formatting from SKILL.md.
 2026-01-26 11:44:16 +05:00
Munir Abbasi
e5d2a7e1ec Refactor SKILL.md by removing YAML block 
Removed YAML code block from SKILL.md and adjusted formatting.
 2026-01-26 11:42:31 +05:00
Munir Abbasi
c04d59d91d Refactor SKILL.md for form optimization clarity 
Removed YAML code block and adjusted formatting.
 2026-01-26 11:41:57 +05:00
Munir Abbasi
7d061238e6 Revise SKILL.md for form optimization guidance 
Updated the description for form optimization and revised the structure of the document for clarity and effectiveness. Added sections on core principles, field-by-field optimization, and measurement metrics.
 2026-01-26 11:09:05 +05:00
Munir Abbasi
805ef578f4 Revise analytics tracking skill for clarity and focus 
Updated the analytics tracking skill description and structure to focus on measurement strategy, signal quality, and validation. Removed outdated sections and streamlined content for clarity.
 2026-01-26 10:58:45 +05:00
Munir Abbasi
0792c9a505 Revise page-cro skill description and structure 
Updated the description for the page-cro skill to focus on analyzing and optimizing conversion performance. Added YAML metadata for clarity and structured the content for better readability.
 2026-01-26 10:53:03 +05:00
Munir Abbasi
86c74656aa Revise schema-markup documentation for clarity 
Updated schema-markup documentation to enhance clarity and detail regarding schema implementation, eligibility, and validation processes.
 2026-01-26 10:47:40 +05:00
Munir Abbasi
a11280426c Enhance programmatic SEO guidelines in SKILL.md 
Add detailed guidelines and principles for programmatic SEO strategies, including feasibility assessments, core principles, and playbooks for creating SEO-driven pages at scale.
 2026-01-26 10:41:23 +05:00
Munir Abbasi
99fbad717f Revise SEO fundamentals skill content and structure 
Updated the SEO fundamentals skill document to enhance descriptions, clarify principles, and improve formatting.
 2026-01-26 10:35:22 +05:00
Munir Abbasi
706a84b873 Revise SEO audit skill description and framework 
Updated the SEO audit skill description and framework for clarity and detail. Enhanced the structure and content of the SEO audit guidelines.
 2026-01-26 10:31:50 +05:00
sck_0
0f4a1b2fd7 docs: update visual guide and skill anatomy for V3 specs [skip ci] 2026-01-25 20:25:44 +01:00
sck_0
c0348ca1b5 docs: add Changelog update to post-merge maintenance steps [skip ci] 2026-01-25 20:23:32 +01:00
sck_0
441189cd90 docs: create comprehensive V3 Maintenance Guide (TOC rules, Contributors sync, Quality Bar) [skip ci] 2026-01-25 20:19:44 +01:00
sck_0
e242186fe2 docs: restore VERY detailed documentation while keeping V3 updates [skip ci] 2026-01-25 20:17:00 +01:00
sck_0
45e2049663 docs: restore detailed guides mixed with V3 updates (reverting aggressive pruning) [skip ci] 2026-01-25 20:15:44 +01:00
sck_0
c96815ed7c docs: update CONTRIBUTING and FAQ for V3 Quality Bar and Security [skip ci] 2026-01-25 20:14:27 +01:00
sck_0
1e03172075 docs: rewrite Getting Started guide for V3 (bundles, safety badges, updated counts) [skip ci] 2026-01-25 20:12:26 +01:00
sck_0
7280be2d63 docs: add missing contributor Munir Abbasi [skip ci] 2026-01-25 20:10:39 +01:00
sck_0
b3c75a3ab0 docs: remove remaining emojis from headers to fix TOC anchors [skip ci] 2026-01-25 20:09:22 +01:00
sck_0
0b9d17a95f docs: reorder TOC to match document flow (License before Contributors) [skip ci] 2026-01-25 20:08:25 +01:00
sck_0
c51ca4a4bf docs: fix TOC anchors by simplifying headers and add missing sections [skip ci] 2026-01-25 20:06:15 +01:00
sck_0
f155a8ff24 docs: fix broken TOC links (remove emoji anchors) [skip ci] 2026-01-25 20:03:48 +01:00
sck_0
f7b16b436b docs: modernize TOC and Start Here section for V3 [skip ci] 2026-01-25 20:00:54 +01:00
sck_0
79ed5ead64 docs: fix README inconsistencies (duplicate topics, broken links, footer) [skip ci] 2026-01-25 19:59:22 +01:00
sck_0
d75824bfd0 chore: move Code of Conduct to docs/COMMUNITY_GUIDELINES.md to hide from repo header [skip ci] 2026-01-25 19:57:55 +01:00
sck_0
173c634b46 docs: consolidate Release Notes into Changelog and remove temp file [skip ci] 2026-01-25 19:56:09 +01:00
sck_0
41309cfd7d feat: add 6 new bundles (Game Dev, DevOps, Data, Testing, Design, Creative) [skip ci] 2026-01-25 19:50:28 +01:00
sck_0
36107a5cae chore: enable Soft Launch mode (disable strict CI for legacy skills) [skip ci] 2026-01-25 19:37:45 +01:00
sck_0
238cfc6933 feat: implement Phase 5 Documentation (EXAMPLES.md, README details) [skip ci] 2026-01-25 19:33:27 +01:00
sck_0
f28591e648 feat: implement Phase 4 Security & Compliance (SOURCES.md, SECURITY.md) [skip ci] 2026-01-25 19:30:51 +01:00
sck_0
d38e2eeab1 feat: implement Phase 3 Experience & Usability (BUNDLES.md, README collections, Risk column) [skip ci] 2026-01-25 19:24:24 +01:00
sck_0
4fe8a1e6a4 feat: implement Phase 2 Automation & CI (validate_skills, generate_index, ci.yml) [skip ci] 2026-01-25 19:19:51 +01:00
sck_0
1557826c5d feat: implement Phase 1 Foundation & Governance (Quality Bar, Security, CoC) [skip ci] 2026-01-25 19:13:00 +01:00
sck_0
bec54d7abb chore: move MAINTENANCE.md to .github/ 2026-01-25 19:04:57 +01:00
sck_0
23f9ad547c docs: update MAINTENANCE.md with strict SOP/Push protocols 2026-01-25 19:01:09 +01:00
sck_0
28def60eec docs: add Star History chart to README 2026-01-25 18:27:51 +01:00
sck_0
902063fd0a docs: add release management procedure to MAINTENANCE.md 2026-01-25 18:01:02 +01:00
sck_0
9ff0cc0b74 fix: adjust heading level in ab-test-setup 2026-01-25 17:54:13 +01:00
sck_0
ae3d038711 feat: integrate PR #28 and #29 (multi-agent brainstorming, design orchestration) 2026-01-25 17:53:35 +01:00
sck_0
af57b96721 Merge remote-tracking branch 'GuppyTheCat/feat-obsidian-clipper-template-creator' 2026-01-25 17:52:00 +01:00
GuppyTheCat
d5d420d2e1 Merge branch 'sickn33:main' into feat-obsidian-clipper-template-creator 2026-01-25 18:07:45 +03:00
GuppyTheCat
e053fd0eb7 fix: Tighten css selector verification rules 2026-01-25 17:31:51 +03:00
Munir Abbasi
ee5511fc59 Update reporting requirements in review criteria 
Clarified reporting requirements for skill invocation by routing or orchestration layer.
 2026-01-25 17:16:35 +05:00
Munir Abbasi
f54c340851 Update workflow instructions for design review outcomes 
Clarified workflow routing based on design review outcomes.
 2026-01-25 17:15:16 +05:00
Munir Abbasi
ad83399403 Specify reporting requirements for skill invocation 
Added requirement to report final disposition for skill invocation.
 2026-01-25 17:13:24 +05:00
Munir Abbasi
40fd263b4e Revise copywriting skill for improved clarity and structure 
Refactor copywriting skill description and guidelines for clarity and effectiveness. Update structure and principles to enhance usability.
 2026-01-25 17:11:56 +05:00
Munir Abbasi
0405d4a577 Add handoff requirement for high-impact designs 
Added a note about handing off designs for high-impact or high-risk projects.
 2026-01-25 17:03:41 +05:00
Munir Abbasi
00079b5bff Add multi-agent brainstorming skill documentation 
Document the multi-agent brainstorming skill for structured design reviews, detailing roles, processes, and exit criteria.
 2026-01-25 16:48:14 +05:00
Munir Abbasi
27ce8af114 Enhance A/B test setup documentation with new guidelines 
Added a Hypothesis Quality Checklist and detailed guidelines for designing A/B tests, including sections on hypothesis formulation, test types, metrics selection, and common mistakes.
 2026-01-25 16:41:24 +05:00
Munir Abbasi
5e888ef6bb Revise brainstorming skill for clarity and structure 
Updated the brainstorming skill description and structure for clarity and detail. Enhanced the purpose and process sections to better guide users in transforming ideas into validated designs.
 2026-01-25 16:37:52 +05:00
sck_0
1134e1e735 docs: update skill counts to 251+ 2026-01-25 08:18:05 +01:00
sck_0
4803af0b95 docs: hyperlink contributors in README 2026-01-25 08:13:48 +01:00
sck_0
df0f084ac6 docs: add contributors section to README 2026-01-25 08:11:23 +01:00
sck_0
d962bb21ea release: v2.14.0 - Web Intelligence & Windows, merge PRs #24 #25 #26 #27 2026-01-25 08:00:50 +01:00
sck_0
807f72a5be Merge branch 'pr-25' 2026-01-25 07:59:09 +01:00
sck_0
c29f87c2a9 Merge branch 'pr-27' 2026-01-25 07:59:02 +01:00
sck_0
06e8811af6 Merge branch 'pr-26' 2026-01-25 07:59:01 +01:00
GuppyTheCat
afafa37a2e docs: Update credits for obsidian-clipper-template-creator 2026-01-25 08:09:09 +03:00
GuppyTheCat
c69b033ada feat: add obsidian-clipper-template-creator for creating Obsidian Web Clipper templates 2026-01-25 07:52:26 +03:00
Viktor Ferenczi
2f01e2b267 Added skill busybox-on-windows 2026-01-25 05:07:32 +01:00
BenedictKing
91f46351be feat: add BenedictKing skills (context7, tavily, exa, firecrawl, codex-review) 2026-01-25 11:04:28 +08:00
krisnasantosa15
910cbeb8e0 fix: YAML frontmatter quoting in lint-and-validate skill 2026-01-25 09:36:49 +07:00
sck_0
2e835b9d66 chore: release v2.13.0 2026-01-24 21:07:58 +01:00
sck_0
4057e379d9 chore: update skills index and readme after merging PR #23 2026-01-24 21:05:49 +01:00
Ianj332
2d5a9a3e85 docs: remove meta-commentary from skill body 2026-01-23 20:08:06 -06:00
Ianj332
5d01094479 feat: add nosql-expert skill for distributed database patterns 2026-01-23 19:40:43 -06:00
sck_0
3c38ec509d docs: fix OpenCode skills directory path (issue #22) 2026-01-23 20:18:58 +01:00
sck_0
4365fba248 docs: remove individual contributors from credits 2026-01-23 19:48:34 +01:00
sck_0
2885b4ebaa chore: release v2.12.0 2026-01-23 19:42:52 +01:00
sck_0
63074bc2b7 docs: update hardcoded skill count in README intro 2026-01-23 19:35:17 +01:00
sck_0
33d8f93c7f feat: integrate PR #20 and #21 (Avalonia and Audit skills) 2026-01-23 19:33:36 +01:00
sck_0
c688c5e0fa Merge branch 'pr-21' 2026-01-23 19:31:03 +01:00
Mohammad Faiz
590ea1e5b3 Revise production code audit skill for clarity and depth 
Updated the production code audit skill to enhance its description and functionality, focusing on autonomous analysis and transformation of codebases to meet enterprise-grade quality standards.
 2026-01-23 21:00:06 +05:30
Mohammad Faiz
33908288f1 Merge branch 'sickn33:main' into main 2026-01-23 20:49:21 +05:30
Mohammad Faiz
831d87605a Add files via upload 2026-01-23 20:49:11 +05:30
SuperJMN
c6df6cee4c feat: add Avalonia Zafiro development, layout, and viewmodel skills 2026-01-23 15:24:41 +01:00
sck_0
8c8bae5e98 docs: bump version to 2.11.0 and update changelog 2026-01-23 10:49:39 +01:00
sck_0
a10633744d fix: correct skill count from 235 to 239 2026-01-23 10:49:04 +01:00
sck_0
10f00a45dd chore: auto-update index and readme for postgres-best-practices skill 2026-01-23 10:41:31 +01:00
Ahmed Rehan
29b45dd234 feat(skills): add supabase postgres best practices skill and update the Official Sources to include supabase/agent-skills repo 
- Adds `skills/postgres-best-practices/`: A new skill containing comprehensive Postgres performance optimization rules and guidelines from Supabase.
- The skill includes rules for query performance, connection management, security (RLS), and schema design.
- Updates `README.md` to include the new skill in the directory.
 2026-01-23 14:02:37 +05:00
sck_0
81ecf7cec3 fix: ensure case-insensitive alphabetical order in skill registry 2026-01-22 16:41:09 +01:00
sck_0
f6cdf4dc59 docs: bump version to 2.10.0 and update changelog 2026-01-22 16:35:07 +01:00
sck_0
fef11a8059 chore: auto-update index and readme for 4 new/updated skills 2026-01-22 16:33:58 +01:00
Mohammad Faiz
ebdc51708c Add files via upload 2026-01-22 19:05:34 +05:30
Mohammad Faiz
41fa3734ba Merge branch 'sickn33:main' into main 2026-01-22 17:16:40 +05:30
sck_0
b64c73015c docs: update CHANGELOG versions to match v2.8.0 and add v2.9.0 2026-01-22 12:44:26 +01:00
sck_0
a02afe1d72 docs: update CHANGELOG for v2.7.0 and repo improvements 2026-01-22 12:43:14 +01:00
sck_0
408f188262 feat: automated README updates and better maintenance docs 2026-01-22 12:41:32 +01:00
Mohammad Faiz
23f58f8705 Merge branch 'sickn33:main' into main 2026-01-22 17:02:00 +05:30
Mohammad Faiz
90cf84b8bb Add files via upload 2026-01-22 17:01:49 +05:30
Mohammad Faiz
4ee8a0361f Add files via upload 2026-01-22 17:00:22 +05:30
sck_0
e0fdc4e263 feat: add api-documentation-generator skill (PR #13) 2026-01-22 12:27:19 +01:00
Mohammad Faiz
993775eb4d Merge branch 'sickn33:main' into main 2026-01-22 16:49:06 +05:30
Mohammad Faiz
d672808990 Delete skills/api-documentation-generator/README.md 2026-01-22 16:48:33 +05:30
Mohammad Faiz
13bdb4970c Add files via upload 2026-01-22 16:46:43 +05:30
sck_0
2db2ca8220 feat: integrate and rename agent-memory to agent-memory-mcp 2026-01-22 12:16:01 +01:00
arathiesh
9720f75ebe docs: add author credit 2026-01-21 12:52:14 -05:00
arathiesh
e56affd8c8 feat: add agent-memory skill 2026-01-21 12:35:01 -05:00
sickn33
518edc9a3c Merge pull request #11 from Mohammad-Faiz-Cloud-Engineer/main 
docs: Improve skills/README.md - translate to English and simplify
 2026-01-21 18:13:08 +01:00
sck_0
57ce2dd084 docs: update skill counts to 233 and fix typos in descriptions 2026-01-21 18:09:38 +01:00
sck_0
1bd7db87b9 chore: correct release version to v2.6.0 2026-01-21 18:03:22 +01:00
sck_0
41576e7664 chore: update changelog for v2.4.0 2026-01-21 18:02:35 +01:00
sck_0
c3e5876b7c chore: remove WALKTHROUGH.md from git (was ignored) 2026-01-21 18:01:08 +01:00
sck_0
da230d00b0 docs: add walkthrough of skills import 2026-01-21 17:59:48 +01:00
sck_0
674fa7703d chore: revert unwanted imports from everything-claude-code 
- Remove cc-agent-*, cc-cmd-*, cc-rule-* (27 items)
- Keep cc-skill-* (8 items)
- Update README.md skill count to 233
- Clean up README registry and credits
- Regenerate skills_index.json
 2026-01-21 17:54:22 +01:00
sck_0
a9ff10d511 feat: import 35 skills from affaan-m/everything-claude-code 
- Add 9 agent skills (cc-agent-*)
- Add 10 command skills (cc-cmd-*)
- Add 8 skill files (cc-skill-*)
- Add 8 rule skills (cc-rule-*)
- Update README.md skill count from 225 to 260
- Add new skills to Full Skill Registry
- Add credit to affaan-m in Credits section
- Regenerate skills_index.json

Source: https://github.com/affaan-m/everything-claude-code
Author attribution: affaan-m, version 1.0
 2026-01-21 17:49:56 +01:00
Mohammad Faiz
a61c0ed79b Update README.md 2026-01-21 21:10:02 +05:30
sck_0
1f753cd190 docs: add remotion-dev/skills to Credits section 2026-01-21 13:07:27 +01:00
sck_0
87671ce026 feat: add remotion-best-practices skill from remotion-dev/skills 
Imported official Remotion skill for video creation in React:
- 28 modular rule files covering animations, audio, video, captions, 3D, etc.
- Added author (remotion-dev) and version (1.0) metadata
- Updated skill count: 224 → 225
- Regenerated skills_index.json

Source: https://github.com/remotion-dev/skills
 2026-01-21 13:01:36 +01:00
sck_0
582828237b feat: add research-engineer skill from Tiger-Foxx (PR #9) 
- Merged PR #9 from Tiger-Foxx adding research-engineer skill
- Regenerated skills_index.json with correct Unix path separators
- Updated README count to 224 skills
- Added research-engineer to Full Skill Registry
 2026-01-20 16:09:45 +01:00
sickn33
e78acd582e Merge pull request #9 from Tiger-Foxx/feat/add-research-engineer-skill 
Feat/add research engineer skill
 2026-01-20 16:08:31 +01:00
Tiger-Foxx
33e0d7d22e refactor(research-engineer): enhance academic rigor and remove language constraints 2026-01-20 12:56:02 +01:00
Tiger-Foxx
fee1d98d5c feat: add research-engineer skill for rigorous scientific implementation 2026-01-20 09:38:36 +01:00
sck_0
56e2ccf719 docs: add 33 new skills to Full Skill Registry table 2026-01-20 08:56:40 +01:00
sck_0
c299e36360 chore: regenerate skills_index.json (223 skills) 2026-01-20 08:51:56 +01:00
sck_0
4e8e5069fa feat: add 33 skills from vudovn/antigravity-kit 
- Added: api-patterns, app-builder, architecture, bash-linux, behavioral-modes,
  clean-code, code-review-checklist, database-design, deployment-procedures,
  docker-expert, documentation-templates, game-development, geo-fundamentals,
  i18n-localization, lint-and-validate, mobile-design, nestjs-expert,
  nextjs-best-practices, nodejs-best-practices, parallel-agents,
  performance-profiling, plan-writing, powershell-windows, prisma-expert,
  python-patterns, react-patterns, red-team-tactics, seo-fundamentals,
  server-management, tailwind-patterns, tdd-workflow, typescript-expert,
  vulnerability-scanner
- Updated README: skill count 179 → 223
- Added credit for vudovn/antigravity-kit (MIT License)

Source: https://github.com/vudovn/antigravity-kit
 2026-01-20 08:51:02 +01:00
sck_0
36f99442fe fix: correct broken documentation links 
- CONTRIBUTING_GUIDE.md → CONTRIBUTING.md (12 refs)
- QUICK_START_VISUAL.md → VISUAL_GUIDE.md (2 refs)
 2026-01-20 08:39:30 +01:00
Mohammad Faiz
13f16b7585 docs: Add comprehensive beginner-friendly documentation (#7) 
* Add files via upload

* Standardize section headers in CONTRIBUTING.md

* Remove emojis from GETTING_STARTED.md headings

* Update section headings in FAQ.md

* Remove emojis from example section headers

* Remove emoji from SKILL_ANATOMY.md headings

* Remove emojis from Visual Quick Start Guide
 2026-01-20 08:37:50 +01:00
zebbern
ebb8f19937 feat: add author metadata to zebbern security skills (#8) 
Added metadata block with author: zebbern and version: 1.1 to all 29 security skills originally from claude-code-guide repository:
- active-directory-attacks, api-fuzzing-bug-bounty, aws-penetration-testing
- broken-authentication, burp-suite-testing, cloud-penetration-testing
- ethical-hacking-methodology, file-path-traversal, html-injection-testing
- idor-testing, linux-privilege-escalation, linux-shell-scripting
- metasploit-framework, network-101, pentest-checklist, pentest-commands
- privilege-escalation-methods, red-team-tools, scanning-tools
- shodan-reconnaissance, smtp-penetration-testing, sql-injection-testing
- sqlmap-database-pentesting, ssh-penetration-testing, top-web-vulnerabilities
- windows-privilege-escalation, wireshark-analysis, wordpress-penetration-testing
- xss-html-injection
 2026-01-20 08:27:53 +01:00
365 changed files with 57804 additions and 6369 deletions
Expand all files Collapse all files

240
.github/MAINTENANCE.md vendored Normal file
View File

@@ -0,0 +1,240 @@
# 🛠️ Repository Maintenance Guide (V3)
> **"If it's not documented, it's broken."**
This guide details the exact procedures for maintaining `antigravity-awesome-skills`.
It covers the **Quality Bar**, **Documentation Consistency**, and **Release Workflows**.
---
## 0. 🤖 Agent Protocol (THE BIBLE)
**AGENTS MUST READ AND FOLLOW THIS SECTION BEFORE MARKING ANY TASK AS COMPLETE.**
There are 3 things that usually fail/get forgotten. **DO NOT FORGET THEM:**
### 1. 📤 ALWAYS PUSH (Non-Negotiable)
Committing is NOT enough. You must PUSH to the remote.
- **BAD**: `git commit -m "feat: new skill"` (User sees nothing)
- **GOOD**: `git commit -m "..." && git push origin main`
### 2. 🔄 SYNC GENERATED FILES (Avoid CI Drift)
If you touch **any of these**:
- `skills/` (aggiungi/rimuovi/modifichi skill)
- la sezione **Full Skill Registry** di `README.md`
- i **conteggi/claim** sul numero di skill (`256+ Agentic Skills...`, `(256/256)`, ecc.)
…allora **DEVI** eseguire la Validation Chain **PRIMA** di committare.
- Eseguire `validate_skills.py` **NON è opzionale**.
- Eseguire `generate_index.py` **NON è opzionale**.
- Eseguire `update_readme.py` **NON è opzionale**.
Se la CI fallisce con:
> `❌ Detected uncommitted changes in README.md or skills_index.json`
significa che **non hai eseguito o committato** correttamente la Validation Chain.
### 3. 📝 EVIDENCE OF WORK
- You must create/update `walkthrough.md` or `RELEASE_NOTES.md` to document what changed.
- If you made something new, **link it** in the artifacts.
### 4. 🚫 NO BRANCHES
- **ALWAYS use the `main` branch.**
- NEVER create feature branches (e.g., `feat/new-skill`).
- We commit directly to `main` to keep history linear and simple.
---
## 1. 🚦 Daily Maintenance Routine
### A. Validation Chain
Before ANY commit that adds/modifies skills, run the chain:
1. **Validate Metadata & Quality**:
```bash
python3 scripts/validate_skills.py
```
_Must return 0 errors for new skills._
2. **Regenerate Index**:
```bash
python3 scripts/generate_index.py
```
3. **Update Readme**:
```bash
python3 scripts/update_readme.py
```
4. **COMMIT GENERATED FILES**:
```bash
git add skills_index.json README.md
git commit -m "chore: sync generated files"
```
> 🔴 **CRITICAL**: If you skip this, CI will fail with "Detected uncommitted changes".
> See [docs/CI_DRIFT_FIX.md](../docs/CI_DRIFT_FIX.md) for details.
### B. Post-Merge Routine (Must Do)
After multiple PR merges or significant changes:
1. **Sync Contributors List**:
- Run: `git shortlog -sn --all`
- Update `## Repo Contributors` in README.md.
2. **Verify Table of Contents**:
- Ensure all new headers have clean anchors.
- **NO EMOJIS** in H2 headers.
3. **Draft a Release**:
- Go to [Releases Page](https://github.com/sickn33/antigravity-awesome-skills/releases).
- Draft a new release for the merged changes.
- Tag version (e.g., `v3.1.0`).
---
## 2. 📝 Documentation "Pixel Perfect" Rules
We discovered several consistency issues during V3 development. Follow these rules STRICTLY.
### A. Table of Contents (TOC) Anchors
GitHub's anchor generation breaks if headers have emojis.
- **BAD**: `## 🚀 New Here?` -> Anchor: `#--new-here` (Broken)
- **GOOD**: `## New Here?` -> Anchor: `#new-here` (Clean)
**Rule**: **NEVER put emojis in H2 (`##`) headers.** Put them in the text below if needed.
### B. The "Trinity" of Docs
If you update installation instructions or tool compatibility, you MUST update all 3 files:
1. `README.md` (Source of Truth)
2. `GETTING_STARTED.md` (Beginner Guide)
3. `FAQ.md` (Troubleshooting)
_Common pitfall: Updating the clone URL in README but leaving an old one in FAQ._
### C. Statistics Consistency (CRITICAL)
If you add/remove skills, you **MUST** ensure the total count is identical in ALL locations.
**Do not allow drift** (e.g., 356 in title, 354 in header).
Locations to check:
1. **Title of `README.md`**: "356+ Agentic Skills..."
2. **`## Full Skill Registry (356/356)` header**.
3. **`GETTING_STARTED.md` intro**.
### D. Credits Policy (Who goes where?)
- **Credits & Sources**: Use this for **External Repos**.
- _Rule_: "I extracted skills from this link you sent me." -> Add to `## Credits & Sources`.
- **Repo Contributors**: Use this for **Pull Requests**.
- _Rule_: "This user sent a PR." -> Add to `## Repo Contributors`.
### E. Badges & Links
- **Antigravity Badge**: Must point to `https://github.com/sickn33/antigravity-awesome-skills`, NOT `anthropics/antigravity`.
- **License**: Ensure the link points to `LICENSE` file.
---
## 3. 🛡️ Governance & Quality Bar
### A. The 5-Point Quality Check
Reject any PR that fails this:
1. **Metadata**: Has `name`, `description`?
2. **Safety**: `risk: offensive` used for red-team tools?
3. **Clarity**: Does it say _when_ to use it?
4. **Examples**: Copy-pasteable code blocks?
5. **Actions**: "Run this command" vs "Think about this".
### B. Risk Labels (V3)
- ⚪ **Safe**: Default.
- 🔴 **Risk**: Destructive/Security tools. MUST have `[Authorized Use Only]` warning.
- 🟣 **Official**: Vendor mirrors only.
---
## 4. 🚀 Release Workflow
When cutting a new version (e.g., V4):
1. **Run Full Validation**: `python3 scripts/validate_skills.py --strict`
2. **Update Changelog**: Create `RELEASE_NOTES.md`.
3. **Bump Version**: Update header in `README.md`.
4. **Tag Release**:
```bash
git tag -a v3.0.0 -m "V3 Enterprise Edition"
git push origin v3.0.0
```
### 📋 Release Note Template
All changeslogs/release notes MUST follow this structure to ensure professionalism and quality:
```markdown
# Release vX.Y.Z: [Theme Name]
> **[One-line catchy summary of the release]**
[Brief 2-3 sentence intro about the release's impact]
## 🚀 New Skills
### [Emoji] [Skill Name](skills/skill-name/)
**[Bold high-level benefit]**
[Description of what it does]
- **Key Feature 1**: [Detail]
- **Key Feature 2**: [Detail]
> **Try it:** `(User Prompt) ...`
---
## 📦 Improvements
- **Registry Update**: Now tracking [N] skills.
- **[Component]**: [Change detail]
## 👥 Credits
A huge shoutout to our community contributors:
- **@username** for `skill-name`
- **@username** for `fix-name`
---
_Upgrade now: `git pull origin main` to fetch the latest skills._
```
---
## 5. 🚨 Emergency Fixes
If a skill is found to be harmful or broken:
1. **Move to broken folder** (don't detect): `mv skills/bad-skill skills/.broken/`
2. **Or Add Warning**: Add `> [!WARNING]` to the top of `SKILL.md`.
3. **Push Immediately**.

21
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -1,17 +1,22 @@
## Description
# Pull Request Description
Please describe your changes. What skill are you adding or modifying?
Please include a summary of the change and which skill is added or fixed.
## Checklist
## Quality Bar Checklist
- [ ] My skill follows the [creation guidelines](https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/skill-creator)
- [ ] I have run `validate_skills.py`
- [ ] I have added my name to the credits (if applicable)
**All items must be checked before merging.**
- [ ] **Standards**: I have read `docs/QUALITY_BAR.md` and `docs/SECURITY_GUARDRAILS.md`.
- [ ] **Metadata**: The `SKILL.md` frontmatter is valid (checked with `scripts/validate_skills.py`).
- [ ] **Risk Label**: I have assigned the correct `risk:` tag (`none`, `safe`, `critical`, `offensive`).
- [ ] **Triggers**: The "When to use" section is clear and specific.
- [ ] **Security**: If this is an _offensive_ skill, I included the "Authorized Use Only" disclaimer.
- [ ] **Local Test**: I have verified the skill works locally.
- [ ] **Credits**: I have added the source credit in `README.md` (if applicable).
## Type of Change
- [ ] New Skill
- [ ] Bug Fix
- [ ] New Skill (Feature)
- [ ] Documentation Update
- [ ] Infrastructure

74
.github/workflows/ci.yml vendored Normal file
View File

@@ -0,0 +1,74 @@
name: Skills Registry CI
permissions:
contents: write
on:
push:
branches: ["main", "feat/*"]
pull_request:
branches: ["main"]
workflow_dispatch:
jobs:
validate-and-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Install dependencies
run: |
pip install pyyaml
- name: 🔍 Validate Skills (Soft Mode)
run: |
python3 scripts/validate_skills.py
- name: 🏗️ Generate Index
run: |
python3 scripts/generate_index.py
- name: 📝 Update README
run: |
python3 scripts/update_readme.py
- name: Set up GitHub credentials (for auto-sync)
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
run: |
git config --global user.name 'github-actions[bot]'
git config --global user.email 'github-actions[bot]@users.noreply.github.com'
git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git
- name: Auto-commit registry drift (main only)
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
run: |
# Se non ci sono cambi, esci senza errore
git diff --quiet && exit 0
git add README.md skills_index.json || true
# Se non c'è niente da committare, esci senza errore
git diff --cached --quiet && exit 0
git commit -m "chore: sync generated registry files [ci skip]"
git push origin HEAD
- name: 🚨 Check for Uncommitted Drift
run: |
if ! git diff --quiet; then
echo "❌ Detected uncommitted changes produced by registry/readme scripts."
echo
echo "To fix locally, run the FULL Validation Chain, then commit and push:"
echo " python3 scripts/validate_skills.py"
echo " python3 scripts/generate_index.py"
echo " python3 scripts/update_readme.py"
echo " git add README.md skills_index.json"
echo " git commit -m \"chore: sync generated registry files\""
echo " git push"
exit 1
fi

44
.github/workflows/star-history.yml vendored Normal file
View File

@@ -0,0 +1,44 @@
name: Update Star History Chart
on:
workflow_dispatch:
schedule:
# Daily at 06:00 UTC
- cron: "0 6 * * *"
permissions:
contents: write
jobs:
update-star-history:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install SVG renderer
run: |
set -euo pipefail
sudo apt-get update
sudo apt-get install -y librsvg2-bin
- name: Fetch latest chart (SVG) and render PNG
run: |
set -euo pipefail
mkdir -p assets
curl -fsSL \
"https://api.star-history.com/svg?repos=sickn33/antigravity-awesome-skills&type=date&legend=top-left" \
-o /tmp/star-history.svg
rsvg-convert /tmp/star-history.svg -o assets/star-history.png
- name: Commit and push if changed
run: |
set -euo pipefail
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add assets/star-history.png
if git diff --cached --quiet; then
echo "No changes in star-history.png"
exit 0
fi
git commit -m "chore: update star history chart"
git push

2
.gitignore vendored
View File

@@ -1,5 +1,5 @@
MAINTENANCE.md
walkthrough.md
.agent/rules/
.gemini/

236
CHANGELOG.md
View File

@@ -7,6 +7,240 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
---
---
---
## [3.4.0] - 2026-01-27 - "Voice Intelligence & Categorization"
### Added
- **New Skill**: `voice-ai-engine-development` - Complete toolkit for building real-time voice agents (OpenAI Realtime, Vapi, Deepgram, ElevenLabs).
- **Categorization**: Major README update introducing a concise "Features & Categories" summary table.
### Changed
- **README**: Replaced text-heavy category lists with a high-level summary table.
- **Registry**: Synced generic skill count (256) across documentation.
### Contributors
- [@sickn33](https://github.com/sickn33) - Voice AI Engine (PR #33)
- [@community](https://github.com/community) - Categorization Initiative (PR #32)
## [3.3.0] - 2026-01-26 - "News & Research"
### Added
- **New Skills**:
- `last30days`: Research any topic from the last 30 days on Reddit + X + Web.
- `daily-news-report`: Generate daily news reports from multiple sources.
### Changed
- **Registry**: Updated `skills_index.json` and `README.md` registry (Total: 255 skills).
## [3.2.0] - 2026-01-26 - "Clarity & Consistency"
### Changed
- **Skills Refactoring**: Significant overhaul of `backend-dev-guidelines`, `frontend-design`, `frontend-dev-guidelines`, and `mobile-design`.
- **Consolidation**: Merged fragmented documentation into single, authoritative `SKILL.md` files.
- **Final Laws**: Introduced "Final Laws" sections to provide strict, non-negotiable decision frameworks.
- **Simplification**: Removed external file dependencies to improve context retrieval for AI agents.
### Fixed
- **Validation**: Fixed critical YAML frontmatter formatting issues in `seo-fundamentals`, `programmatic-seo`, and `schema-markup` that were blocking strict validation.
- **Merge Conflicts**: Resolved text artifact conflicts in SEO skills.
## [3.1.0] - 2026-01-26 - "Stable & Deterministic"
### Fixed
- **CI/CD Drift**: Resolved persistent "Uncommitted Changes" errors in CI by making the index generation script deterministic (sorting by name + ID).
- **Registry Sync**: Synced `README.md` and `skills_index.json` to accurately reflect all 253 skills.
### Added (Registry Restore)
The following skills are now correctly indexed and visible in the registry:
- **Marketing & Growth**: `programmatic-seo`, `schema-markup`, `seo-fundamentals`, `form-cro`, `popup-cro`, `analytics-tracking`.
- **Security**: `windows-privilege-escalation`, `wireshark-analysis`, `wordpress-penetration-testing`, `writing-plans`.
- **Development**: `tdd-workflow`, `web-performance-optimization`, `webapp-testing`, `workflow-automation`, `zapier-make-patterns`.
- **Maker Tools**: `telegram-bot-builder`, `telegram-mini-app`, `viral-generator-builder`.
### Changed
- **Documentation**: Added `docs/CI_DRIFT_FIX.md` as a canonical reference for resolving drift issues.
- **Guidance**: Updated `GETTING_STARTED.md` counts to match the full registry (253+ skills).
- **Maintenance**: Updated `MAINTENANCE.md` with strict protocols for handling generated files.
## [3.0.0] - 2026-01-25 - "The Governance Update"
### Added
- **Governance & Security**:
- `docs/QUALITY_BAR.md`: Defined 5-point validation standard (Metadata, Risk, Triggers).
- `docs/SECURITY_GUARDRAILS.md`: Enforced "Authorized Use Only" for offensive skills.
- `CODE_OF_CONDUCT.md`: Adhered to Contributor Covenant v2.1.
- **Automation**:
- `scripts/validate_skills.py`: Automated Quality Bar enforcement (Soft Mode supported).
- `.github/workflows/ci.yml`: Automated PR checks.
- `scripts/generate_index.py`: Registry generation with Risk & Source columns.
- **Experience**:
- `docs/BUNDLES.md`: 9 Starter Packs (Essentials, Security, Web, Agent, Game Dev, DevOps, Data, Testing, Creative).
- **Interactive Registry**: README now features Risk Levels (🔴/🟢/🟣) and Collections.
- **Documentation**:
- `docs/EXAMPLES.md`: Cookbook with 3 real-world scenarios.
- `docs/SOURCES.md`: Legal ledger for attributions and licenses.
- `RELEASE_NOTES.md`: Generated release announcement (archived).
### Changed
- **Standardization**: All 250+ skills are now validated against the new Quality Bar schema.
- **Project Structure**: Introduced `docs/` folder for scalable documentation.
## [2.14.0] - 2026-01-25 - "Web Intelligence & Windows"
### Added
- **New Skill**:
- `context7-auto-research`: Auto-research capability for Claude Code.
- `codex-review`: Professional code review with AI integration.
- `exa-search`: Semantic search and discovery using Exa API.
- `firecrawl-scraper`: Deep web scraping and PDF parsing.
- `tavily-web`: Content extraction and research using Tavily.
- `busybox-on-windows`: UNIX tool suite for Windows environments.
### Changed
- **Documentation**: Updated `obsidian-clipper-template-creator` docs and templates.
- **Index & Registry**: Updated `skills_index.json` and `README.md` registry.
### Fixed
- **Skills**: Fixed YAML frontmatter quoting in `lint-and-validate`.
## [2.13.0] - 2026-01-24 - "NoSQL Expert"
### Added
- **New Skill**:
- `nosql-expert`: Expert guidance for distributed NoSQL databases (Cassandra, DynamoDB), focusing on query-first modeling and anti-patterns.
### Changed
- **Index & Registry**: Updated `skills_index.json` and `README.md` registry.
### Contributors
- [@sickn33](https://github.com/sickn33) - PR #23
## [2.12.0] - 2026-01-23 - "Enterprise & UI Power"
### Added
- **New Skills**:
- `production-code-audit`: Comprehensive enterprise auditing skill for production readiness.
- `avalonia-layout-zafiro`: Zafiro layout guidelines for Avalonia UI.
- `avalonia-viewmodels-zafiro`: ViewModel composition patterns for Avalonia.
- `avalonia-zafiro-development`: Core development rules for Avalonia Zafiro applications.
### Changed
- **Index & Registry**: Updated `skills_index.json` and `README.md` registry (Total: 243 skills).
### Contributors
- [@SuperJMN](https://github.com/SuperJMN) - PR #20
- [@Mohammad-Faiz-Cloud-Engineer](https://github.com/Mohammad-Faiz-Cloud-Engineer) - PR #21
## [2.11.0] - 2026-01-23 - "Postgres Performance"
### Added
- **New Skill**:
- `postgres-best-practices`: Comprehensive Supabase PostgreSQL performance optimization guide with 30+ rules covering query performance, connection management, RLS security, schema design, locking, and monitoring.
### Changed
- **Official Sources**: Added [supabase/agent-skills](https://github.com/supabase/agent-skills) to Credits & Sources.
- **Index & Registry**: Updated `skills_index.json` and `README.md` registry (Total: 239 skills).
### Contributors
- [@ar27111994](https://github.com/ar27111994) - PR #19
---
## [2.10.0] - 2026-01-22 - "Developer Excellence"
### Added
- **New Skills**:
- `api-security-best-practices`: Comprehensive guide for secure API design and defense.
- `environment-setup-guide`: Systematic approach to project onboarding and tool configuration.
- `web-performance-optimization`: Methodologies for optimizing Core Web Vitals and loading speed.
### Changed
- **Enhanced Skill**:
- `code-review-checklist`: Replaced with a much more detailed and systematic version covering functionality, security, and quality.
### Fixed
- **Index & Registry**: Updated `skills_index.json` and `README.md` registry (Total: 238 skills).
### Added
- **Automation Support**:
- `scripts/update_readme.py`: Automated script to sync skill counts and regenerate the registry table.
- Updated `MAINTENANCE.md` to reflect the new automated workflow.
- **Repository Quality**:
- `MAINTENANCE.md` is now tracked in the repository (removed from `.gitignore`).
- Improved contribution guidelines.
## [2.8.0] - 2026-01-22 - "Documentation Power"
### Added
- **API Documentation Generator**: New skill to automatically generate comprehensive API documentation (`skills/api-documentation-generator`).
- **Remotion Best Practices**: 28 modular rules for programmatic video creation (`skills/remotion-best-practices`).
## [2.7.0] - 2026-01-22 - "Agent Memory"
### Added
- **Agent Memory MCP**: New skill providing persistent, searchable knowledge management for AI agents (`skills/agent-memory-mcp`).
### Changed
- **Renamed Skill**: `agent-memory` was renamed to `agent-memory-mcp` to avoid naming conflicts.
---
## [2.6.0] - 2026-01-21 - "Everything Skills Edition"
### Added
- **8 Verified Skills** from [affaan-m/everything-claude-code](https://github.com/affaan-m/everything-claude-code):
- `cc-skill-backend-patterns`
- `cc-skill-clickhouse-io`
- `cc-skill-coding-standards`
- `cc-skill-continuous-learning`
- `cc-skill-frontend-patterns`
- `cc-skill-project-guidelines-example`
- `cc-skill-security-review`
- `cc-skill-strategic-compact`
- **Documentation**: New `WALKTHROUGH.md` for import process details.
### Changed
- **Skill Cleanup**: Removed 27 unwanted agents, commands, and rules from the `everything-claude-code` import to focus strictly on skills.
- **Index**: Regenerated `skills_index.json` (Total: 233 skills).
- **Credits**: Updated README credits and registry.
## [1.0.0] - 2026-01-19 - "Marketing Edition"
### Added
@@ -113,7 +347,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Changed
- Total skills count: ~65
- Total skills count: **~65**
---

236
CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,236 @@
# 🤝 Contributing Guide - V3 Enterprise Edition
**Thank you for wanting to make this repo better!** This guide shows you exactly how to contribute, even if you're new to open source.
With V3, we raised the bar for quality. Please read the **new Quality Standards** below carefully.
---
## 🧐 The "Quality Bar" (V3 Standard)
**Critical for new skills:** Every skill submitted must pass our **5-Point Quality Check** (see `docs/QUALITY_BAR.md` for details):
1. **Metadata**: Correct Frontmatter (`name`, `description`).
2. **Safety**: No harmful commands without "Risk" labels.
3. **Clarity**: Clear "When to use" section.
4. **Examples**: At least one copy-paste usage example.
5. **Actions**: Must define concrete steps, not just "thoughts".
---
## Ways to Contribute
You don't need to be an expert! Here are ways anyone can help:
### 1. Improve Documentation (Easiest!)
- Fix typos or grammar
- Make explanations clearer
- Add examples to existing skills
- Translate documentation to other languages
### 2. Report Issues
- Found something confusing? Tell us!
- Skill not working? Let us know!
- Have suggestions? We want to hear them!
### 3. Create New Skills
- Share your expertise as a skill
- Fill gaps in the current collection
- Improve existing skills
### 4. Test and Validate
- Try skills and report what works/doesn't work
- Test on different AI tools
- Suggest improvements
---
## How to Create a New Skill
### Step-by-Step Guide
#### Step 1: Choose Your Skill Topic
Ask yourself: "What do I wish my AI assistant knew better?".
Example: "I'm good at Docker, let me create a Docker skill".
#### Step 2: Create the Folder Structure
Skills live in the `skills/` directory. Use `kebab-case` for folder names.
```bash
# Navigate to skills
cd skills/
# Create your skill folder
mkdir my-awesome-skill
cd my-awesome-skill
# Create the SKILL.md file
touch SKILL.md
```
#### Step 3: Write Your SKILL.md
Every skill needs this basic structure. **Copy this template:**
```markdown
---
name: my-awesome-skill
description: "Brief one-line description of what this skill does"
---
# Skill Title
## Overview
Explain what this skill does and when to use it.
## When to Use This Skill
- Use when [scenario 1]
- Use when [scenario 2]
## How It Works
Detailed step-by-step instructions for the AI...
## Examples
### Example 1
\`\`\`
code example here
\`\`\`
## Best Practices
- ✅ Do this
- ❌ Don't do this
```
#### Step 4: Validate (CRITICAL V3 STEP)
Run the validation script locally. **We will not merge PRs that fail this check.**
```bash
# Soft mode (warnings only)
python3 scripts/validate_skills.py
# Hard mode (what CI runs)
python3 scripts/validate_skills.py --strict
```
This checks:
-`SKILL.md` exists
- ✅ Frontmatter is correct
- ✅ Name matches folder name
- ✅ Quality Bar checks passed
#### Step 5: Submit Your Skill
```bash
git add skills/my-awesome-skill/
git commit -m "feat: add my-awesome-skill"
git push origin my-branch
```
---
## Skill Template (Copy & Paste)
Save time! Copy this template:
```markdown
---
name: your-skill-name
description: "One sentence describing what this skill does and when to use it"
---
# Your Skill Name
## Overview
[2-3 sentences explaining what this skill does]
## When to Use This Skill
- Use when you need to [scenario 1]
- Use when you want to [scenario 2]
## Step-by-Step Guide
### 1. [First Step Name]
[Detailed instructions]
## Examples
### Example 1: [Use Case Name]
\`\`\`language
// Example code here
\`\`\`
## Best Practices
-**Do:** [Good practice]
-**Don't:** [What to avoid]
## Troubleshooting
**Problem:** [Common Issue]
**Solution:** [How to fix it]
```
---
## Commit Message Guidelines
Use these prefixes:
- `feat:` - New skill or major feature
- `docs:` - Documentation improvements
- `fix:` - Bug fixes
- `refactor:` - Code improvements without changing functionality
- `test:` - Adding or updating tests
- `chore:` - Maintenance tasks
**Examples:**
```
feat: add kubernetes-deployment skill
docs: improve getting started guide
fix: correct typo in stripe-integration skill
```
---
## Learning Resources
### New to Git/GitHub?
- [GitHub's Hello World Guide](https://guides.github.com/activities/hello-world/)
- [Git Basics](https://git-scm.com/book/en/v2/Getting-Started-Git-Basics)
### New to Markdown?
- [Markdown Guide](https://www.markdownguide.org/basic-syntax/)
---
## Code of Conduct
- Be respectful and inclusive
- Welcome newcomers
- Focus on constructive feedback
- **No harmful content**: See `docs/SECURITY_GUARDRAILS.md`.
---
**Thank you for making this project better for everyone!**
Every contribution, no matter how small, makes a difference. Whether you fix a typo, improve a sentence, or create a whole new skill - you're helping thousands of developers!

178
FAQ.md Normal file
View File

@@ -0,0 +1,178 @@
# ❓ Frequently Asked Questions (FAQ)
**Got questions?** You're not alone! Here are answers to the most common questions about Antigravity Awesome Skills.
---
## 🎯 General Questions
### What are "skills" exactly?
Skills are specialized instruction files that teach AI assistants how to handle specific tasks. Think of them as expert knowledge modules that your AI can load on-demand.
**Simple analogy:** Just like you might consult different experts (a lawyer, a doctor, a mechanic), these skills let your AI become an expert in different areas when you need them.
### Do I need to install all 256+ skills?
**No!** When you clone the repository, all skills are available, but your AI only loads them when you explicitly invoke them with `@skill-name`.
It's like having a library - all books are there, but you only read the ones you need.
**Pro Tip:** Use [Starter Packs](docs/BUNDLES.md) to install only what matches your role.
### Which AI tools work with these skills?
-**Claude Code** (Anthropic CLI)
-**Gemini CLI** (Google)
-**Codex CLI** (OpenAI)
-**Cursor** (AI IDE)
-**Antigravity IDE**
-**OpenCode**
- ⚠️ **GitHub Copilot** (partial support via copy-paste)
### Are these skills free to use?
**Yes!** This repository is licensed under MIT License.
- ✅ Free for personal use
- ✅ Free for commercial use
- ✅ You can modify them
### Do skills work offline?
The skill files themselves are stored locally on your computer, but your AI assistant needs an internet connection to function.
---
## 🔒 Security & Trust (V3 Update)
### What do the Risk Labels mean?
We classify skills so you know what you're running:
-**Safe (White/Blue)**: Read-only, planning, or benign skills.
- 🔴 **Risk (Red)**: Skills that modify files (delete), use network scanners, or perform destructive actions. **Use with caution.**
- 🟣 **Official (Purple)**: Maintained by trusted vendors (Anthropic, DeepMind, etc.).
### Can these skills hack my computer?
**No.** Skills are text files. However, they _instruct_ the AI to run commands. If a skill says "delete all files", a compliant AI might try to do it.
_Always check the Risk label and review the code._
---
## 📦 Installation & Setup
### Where should I install the skills?
The universal path that works with most tools is `.agent/skills/`:
```bash
git clone https://github.com/sickn33/antigravity-awesome-skills.git .agent/skills
```
**Tool-specific paths:**
- Claude Code: `.claude/skills/`
- Gemini CLI: `.gemini/skills/`
- Cursor: `.cursor/skills/` or project root
### Does this work with Windows?
**Yes**, but some "Official" skills use **symlinks** which Windows handles poorly by default.
Run git with:
```bash
git clone -c core.symlinks=true https://github.com/sickn33/antigravity-awesome-skills.git .agent/skills
```
Or enable "Developer Mode" in Windows Settings.
### How do I update skills?
Navigate to your skills directory and pull the latest changes:
```bash
cd .agent/skills
git pull origin main
```
---
## 🛠️ Using Skills
### How do I invoke a skill?
Use the `@` symbol followed by the skill name:
```bash
@brainstorming help me design a todo app
```
### Can I use multiple skills at once?
**Yes!** You can invoke multiple skills:
```bash
@brainstorming help me design this, then use @writing-plans to create a task list.
```
### How do I know which skill to use?
1. **Browse the README**: Check the [Full Skill Registry](README.md#full-skill-registry-256256).
2. **Search**: `ls skills/ | grep "keyword"`
3. **Ask your AI**: "What skills do you have for testing?"
---
## 🏗️ Troubleshooting
### My AI assistant doesn't recognize skills
**Possible causes:**
1. **Wrong installation path**: Check your tool's docs. Try `.agent/skills/`.
2. **Restart Needed**: Restart your AI/IDE after installing.
3. **Typos**: Did you type `@brain-storming` instead of `@brainstorming`?
### A skill gives incorrect or outdated advice
Please [Open an issue](https://github.com/sickn33/antigravity-awesome-skills/issues)!
Include:
- Which skill
- What went wrong
- What should happen instead
---
## 🤝 Contribution
### I'm new to open source. Can I contribute?
**Absolutely!** We welcome beginners.
- Fix typos
- Add examples
- Improve docs
Check out [CONTRIBUTING.md](CONTRIBUTING.md) for instructions.
### My PR failed "Quality Bar" check. Why?
V3 introduces automated quality control. Your skill might be missing:
1. A valid `description`.
2. Usage examples.
Run `python3 scripts/validate_skills.py` locally to check before you push.
### Can I update an "Official" skill?
**No.** Official skills (in `skills/official/`) are mirrored from vendors. Open an issue instead.
---
## 💡 Pro Tips
- Start with `@brainstorming` before building anything new
- Use `@systematic-debugging` when stuck on bugs
- Try `@test-driven-development` for better code quality
- Explore `@skill-creator` to make your own skills
**Still confused?** [Open a discussion](https://github.com/sickn33/antigravity-awesome-skills/discussions) and we'll help you out! 🙌

108
GETTING_STARTED.md Normal file
View File

@@ -0,0 +1,108 @@
# Getting Started with Antigravity Awesome Skills (V3)
**New here? This guide will help you supercharge your AI Agent in 5 minutes.**
---
## 🤔 What Are "Skills"?
AI Agents (like **Claude Code**, **Gemini**, **Cursor**) are smart, but they lack specific knowledge about your tools.
**Skills** are specialized instruction manuals (markdown files) that teach your AI how to perform specific tasks perfectly, every time.
**Analogy:** Your AI is a brilliant intern. **Skills** are the SOPs (Standard Operating Procedures) that make them a Senior Engineer.
---
## ⚡️ Quick Start: The "Starter Packs"
Don't panic about the 256+ skills. You don't need them all at once.
We have curated **Starter Packs** to get you running immediately.
### 1. Install the Repo
Copy the skills to your agent's folder:
```bash
# Universal Installation (works for most agents)
git clone https://github.com/sickn33/antigravity-awesome-skills.git .agent/skills
```
### 2. Pick Your Persona
Find the bundle that matches your role (see [docs/BUNDLES.md](docs/BUNDLES.md)):
| Persona | Bundle Name | What's Inside? |
| :-------------------- | :------------- | :------------------------------------------------ |
| **Web Developer** | `Web Wizard` | React Patterns, Tailwind mastery, Frontend Design |
| **Security Engineer** | `Hacker Pack` | OWASP, Metasploit, Pentest Methodology |
| **Manager / PM** | `Product Pack` | Brainstorming, Planning, SEO, Strategy |
| **Everything** | `Essentials` | Clean Code, Planning, Validation (The Basics) |
---
## 🚀 How to Use a Skill
Once installed, just talk to your AI naturally.
### Example 1: Planning a Feature (**Essentials**)
> "Use **@brainstorming** to help me design a new login flow."
**What happens:** The AI loads the brainstorming skill, asks you structured questions, and produces a professional spec.
### Example 2: Checking Your Code (**Web Wizard**)
> "Run **@lint-and-validate** on this file and fix errors."
**What happens:** The AI follows strict linting rules defined in the skill to clean your code.
### Example 3: Security Audit (**Hacker Pack**)
> "Use **@api-security-best-practices** to review my API endpoints."
**What happens:** The AI audits your code against OWASP standards.
---
## 🔌 Supported Tools
| Tool | Status | Path |
| :-------------- | :-------------- | :---------------- |
| **Claude Code** | ✅ Full Support | `.claude/skills/` |
| **Gemini CLI** | ✅ Full Support | `.gemini/skills/` |
| **Antigravity** | ✅ Native | `.agent/skills/` |
| **Cursor** | ✅ Native | `.cursor/skills/` |
| **Copilot** | ⚠️ Text Only | Manual copy-paste |
---
## 🛡️ Trust & Safety (New in V3)
We classify skills so you know what you're running:
- 🟣 **Official**: Maintained by Anthropic/Google/Vendors (High Trust).
- 🔵 **Safe**: Community skills that are non-destructive (Read-only/Planning).
- 🔴 **Risk**: Skills that modify systems or perform security tests (Authorized Use Only).
_Check the [Full Registry](README.md#full-skill-registry-256256) for risk labels._
---
## ❓ FAQ
**Q: Do I need to install all 250 skills?**
A: You clone the whole repo, but your AI only _reads_ the ones you ask for (or that are relevant). It's lightweight!
**Q: Can I make my own skills?**
A: Yes! Use the **@skill-creator** skill to build your own.
**Q: Is this free?**
A: Yes, MIT License. Open Source forever.
---
## ⏭️ Next Steps
1. [Browse the Bundles](docs/BUNDLES.md)
2. [See Real-World Examples](docs/EXAMPLES.md)
3. [Contribute a Skill](CONTRIBUTING.md)

629
README.md
View File

@@ -1,6 +1,6 @@
# 🌌 Antigravity Awesome Skills: 179+ Agentic Skills for Claude Code, Gemini CLI, Cursor, Copilot & More
# 🌌 Antigravity Awesome Skills: 257+ Agentic Skills for Claude Code, Gemini CLI, Cursor, Copilot & More
> **The Ultimate Collection of 179+ Universal Agentic Skills for AI Coding Assistants — Claude Code, Gemini CLI, Codex CLI, Antigravity IDE, GitHub Copilot, Cursor, OpenCode**
> **The Ultimate Collection of 257+ Universal Agentic Skills for AI Coding Assistants — Claude Code, Gemini CLI, Codex CLI, Antigravity IDE, GitHub Copilot, Cursor, OpenCode**
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Claude Code](https://img.shields.io/badge/Claude%20Code-Anthropic-purple)](https://claude.ai)
@@ -9,9 +9,9 @@
[![Cursor](https://img.shields.io/badge/Cursor-AI%20IDE-orange)](https://cursor.sh)
[![Copilot](https://img.shields.io/badge/GitHub%20Copilot-VSCode-lightblue)](https://github.com/features/copilot)
[![OpenCode](https://img.shields.io/badge/OpenCode-CLI-gray)](https://github.com/opencode-ai/opencode)
[![Antigravity](https://img.shields.io/badge/Antigravity-DeepMind-red)](https://github.com/anthropics/antigravity)
[![Antigravity](https://img.shields.io/badge/Antigravity-DeepMind-red)](https://github.com/sickn33/antigravity-awesome-skills)
**Antigravity Awesome Skills** is a curated, battle-tested library of **179 high-performance agentic skills** designed to work seamlessly across all major AI coding assistants:
**Antigravity Awesome Skills** is a curated, battle-tested library of **257 high-performance agentic skills** designed to work seamlessly across all major AI coding assistants:
- 🟣 **Claude Code** (Anthropic CLI)
- 🔵 **Gemini CLI** (Google DeepMind)
@@ -21,36 +21,76 @@
- 🟠 **Cursor** (AI-native IDE)
-**OpenCode** (Open-source CLI)
This repository provides essential skills to transform your AI assistant into a **full-stack digital agency**, including official capabilities from **Anthropic**, **OpenAI**, **Google**, and **Vercel Labs**.
This repository provides essential skills to transform your AI assistant into a **full-stack digital agency**, including official capabilities from **Anthropic**, **OpenAI**, **Google**, **Supabase**, and **Vercel Labs**.
## 📍 Table of Contents
## Table of Contents
- [🔌 Compatibility](#-compatibility)
- [Features & Categories](#features--categories)
- [Full Skill Registry](#full-skill-registry-155155)
- [Installation](#installation)
- [How to Contribute](#how-to-contribute)
- [Credits & Sources](#credits--sources)
- [License](#license)
- [🚀 New Here? Start Here!](#new-here-start-here)
- [🔌 Compatibility & Invocation](#compatibility--invocation)
- [📦 Features & Categories](#features--categories)
- [🎁 Curated Collections (Bundles)](#curated-collections)
- [📜 Full Skill Registry](#full-skill-registry-256256)
- [🛠️ Installation](#installation)
- [🤝 How to Contribute](#how-to-contribute)
- [👥 Contributors & Credits](#credits--sources)
- [⚖️ License](#license)
- [👥 Repo Contributors](#repo-contributors)
- [🌟 Star History](#star-history)
---
## 🔌 Compatibility
## New Here? Start Here!
These skills follow the universal **SKILL.md** format and work with any AI coding assistant that supports agentic skills:
**Welcome to the V3.5.0 Enterprise Edition.** This isn't just a list of scripts; it's a complete operating system for your AI Agent.
| Tool | Type | Compatibility | Installation Path |
| ------------------- | --------- | ------------- | ---------------------------------------- |
| **Claude Code** | CLI | ✅ Full | `.claude/skills/` or `.agent/skills/` |
| **Gemini CLI** | CLI | ✅ Full | `.gemini/skills/` or `.agent/skills/` |
| **Codex CLI** | CLI | ✅ Full | `.codex/skills/` or `.agent/skills/` |
| **Antigravity IDE** | IDE | ✅ Full | `.agent/skills/` |
| **Cursor** | IDE | ✅ Full | `.cursor/skills/` or project root |
| **GitHub Copilot** | Extension | ⚠️ Partial | Copy skill content to `.github/copilot/` |
| **OpenCode** | CLI | ✅ Full | `.opencode/skills/` or `.agent/skills/` |
### 1. 🐣 Context: What is this?
AI Agents (like Claude Code, Cursor, or Gemini) are smart, but they lack **specific tools**. They don't know your company's "Deployment Protocol" or the specific syntax for "AWS CloudFormation".
**Skills** are small markdown files that teach them how to do these specific tasks perfectly, every time.
### 2. ⚡️ Quick Start (The "Bundle" Way)
Don't install 250+ skills manually. Use our **Starter Packs**:
1. **Clone the repo**:
```bash
git clone https://github.com/sickn33/antigravity-awesome-skills.git .agent/skills
```
2. **Pick your persona** (See [docs/BUNDLES.md](docs/BUNDLES.md)):
- **Web Dev?** use the `Web Wizard` pack.
- **Hacker?** use the `Security Engineer` pack.
- **Just curious?** start with `Essentials`.
### 3. 🧠 How to use
Once installed, just ask your agent naturally:
> "Use the **@brainstorming** skill to help me plan a SaaS."
> "Run **@lint-and-validate** on this file."
👉 **[Read the Full Getting Started Guide](GETTING_STARTED.md)**
---
## Compatibility & Invocation
These skills follow the universal **SKILL.md** format and work with any AI coding assistant that supports agentic skills.
| Tool | Type | Invocation Example | Path |
| :-------------- | :--- | :-------------------------------- | :---------------- |
| **Claude Code** | CLI | `>> /skill-name help me...` | `.claude/skills/` |
| **Gemini CLI** | CLI | `(User Prompt) Use skill-name...` | `.gemini/skills/` |
| **Antigravity** | IDE | `(Agent Mode) Use skill...` | `.agent/skills/` |
| **Cursor** | IDE | `@skill-name (in Chat)` | `.cursor/skills/` |
| **Copilot** | Ext | `(Paste content manually)` | N/A |
> [!TIP]
> Most tools auto-discover skills in `.agent/skills/`. For maximum compatibility, clone to this directory.
> **Universal Path**: We recommend cloning to `.agent/skills/`. Most modern tools (Antigravity, recent CLIs) look here by default.
> [!WARNING]
> **Windows Users**: This repository uses **symlinks** for official skills.
> You must enable Developer Mode or run Git as Administrator:
> `git clone -c core.symlinks=true https://github.com/...`
---
@@ -64,214 +104,287 @@ The repository is organized into several key areas of expertise:
| Category | Skills Count | Key Skills Included |
| :-------------------------- | :----------- | :--------------------------------------------------------------------------------------------------------------------------- |
| **🛸 Autonomous & Agentic** | **~8** | Loki Mode (Startup-in-a-box), Subagent Driven Dev, Dispatching Parallel Agents, Planning With Files, Skill Creator/Developer |
| **🔌 Integrations & APIs** | **~25** | Stripe, Firebase, Supabase, Vercel, Clerk Auth, Twilio, Discord Bot, Slack Bot, GraphQL, AWS Serverless |
| **🛡️ Cybersecurity** | **~50** | Ethical Hacking, Metasploit, Burp Suite, SQLMap, Active Directory, AWS/Cloud Pentesting, OWASP Top 100, Red Team Tools |
| **🎨 Creative & Design** | **~10** | UI/UX Pro Max, Frontend Design, Canvas, Algorithmic Art, Theme Factory, D3 Viz, Web Artifacts |
| **🛠️ Development** | **~25** | TDD, Systematic Debugging, React Patterns, Backend/Frontend Guidelines, Senior Fullstack, Software Architecture |
| **🏗️ Infrastructure & Git** | **~8** | Linux Shell Scripting, Git Worktrees, Git Pushing, Conventional Commits, File Organization, GitHub Workflow Automation |
| **🤖 AI Agents & LLM** | **~30** | LangGraph, CrewAI, Langfuse, RAG Engineer, Prompt Engineer, Voice Agents, Browser Automation, Agent Memory Systems |
| **🔄 Workflow & Planning** | **~6** | Writing Plans, Executing Plans, Concise Planning, Verification Before Completion, Code Review (Requesting/Receiving) |
| **📄 Document Processing** | **~4** | DOCX (Official), PDF (Official), PPTX (Official), XLSX (Official) |
| **🧪 Testing & QA** | **~4** | Webapp Testing, Playwright Automation, Test Fixing, Testing Patterns |
| **📈 Product & Strategy** | **~8** | Product Manager Toolkit, Content Creator, ASO, Doc Co-authoring, Brainstorming, Internal Comms |
| **📣 Marketing & Growth** | **~23** | Page CRO, Copywriting, SEO Audit, Paid Ads, Email Sequence, Pricing Strategy, Referral Program, Launch Strategy |
| **🚀 Maker Tools** | **~11** | Micro-SaaS Launcher, Browser Extension Builder, Telegram Bot, AI Wrapper Product, Viral Generator, 3D Web Experience |
| **🛸 Autonomous & Agentic** | **(13)** | Loki Mode (Startup-in-a-box), Subagent Driven Dev, Dispatching Parallel Agents, Planning With Files, Skill Creator/Developer |
| **🔌 Integrations & APIs** | **(35)** | Stripe, Firebase, Supabase, Vercel, Clerk Auth, Twilio, Discord Bot, Slack Bot, GraphQL, AWS Serverless |
| **🛡️ Cybersecurity** | **(32)** | Ethical Hacking, Metasploit, Burp Suite, SQLMap, Active Directory, AWS/Cloud Pentesting, OWASP Top 100, Red Team Tools |
| **🎨 Creative & Design** | **(21)** | UI/UX Pro Max, Frontend Design, Canvas, Algorithmic Art, Theme Factory, D3 Viz, Web Artifacts |
| **🛠️ Development** | **(44)** | TDD, Systematic Debugging, React Patterns, Backend/Frontend Guidelines, Senior Fullstack, Software Architecture |
| **🏗️ Infrastructure & Git** | **(13)** | Linux Shell Scripting, Git Worktrees, Git Pushing, Conventional Commits, File Organization, GitHub Workflow Automation |
| **🤖 AI Agents & LLM** | **(27)** | Voice AI Engine, LangGraph, CrewAI, Langfuse, RAG Engineer, Prompt Engineer, Browser Automation, Agent Memory Systems |
| **🔄 Workflow & Planning** | **(19)** | Writing Plans, Executing Plans, Concise Planning, Verification Before Completion, Code Review (Requesting/Receiving) |
| **📄 Document Processing** | **(5)** | DOCX (Official), PDF (Official), PPTX (Official), XLSX (Official) |
| **🧪 Testing & QA** | **(8)** | Webapp Testing, Playwright Automation, Test Fixing, Testing Patterns |
| **📈 Product & Strategy** | **(4)** | Product Manager Toolkit, Content Creator, ASO, Doc Co-authoring, Brainstorming, Internal Comms |
| **📣 Marketing & Growth** | **(26)** | Page CRO, Copywriting, SEO Audit, Paid Ads, Email Sequence, Pricing Strategy, Referral Program, Launch Strategy |
| **🚀 Maker Tools** | **(8)** | Micro-SaaS Launcher, Browser Extension Builder, Telegram Bot, AI Wrapper Product, Viral Generator, 3D Web Experience |
---
## Curated Collections
## Full Skill Registry (179/179)
[Check out our Starter Packs in docs/BUNDLES.md](docs/BUNDLES.md) to find the perfect toolkit for your role.
Below is the complete list of available skills. Each skill folder contains a `SKILL.md` that can be imported into Antigravity or Claude Code.
## Full Skill Registry (257/257)
> [!NOTE] > **Document Skills**: We provide both **community** and **official Anthropic** versions for DOCX, PDF, PPTX, and XLSX. Locally, the official versions are used by default (via symlinks). In the repository, both versions are available for flexibility.
| Skill Name | Description | Path |
| :-------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------------------------- |
| **3D Web Experience** | Expert in building 3D experiences for the web - Three.js, React Three Fiber, Spline, WebGL. | `skills/3d-web-experience` |
| **A/B Test Setup** | Plan and implement A/B tests with proper experiment design, statistical significance, and test analysis. | `skills/ab-test-setup` |
| **Active Directory Attacks** | This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing. | `skills/active-directory-attacks` |
| **Address GitHub Comments** | Use when you need to address review or issue comments on an open GitHub Pull Request using the gh CLI. | `skills/address-github-comments` |
| **Agent Evaluation** | Testing and benchmarking LLM agents including behavioral testing, capability assessment, reliability metrics. | `skills/agent-evaluation` |
| **Agent Manager Skill** | Use when you need to manage multiple local CLI agents via tmux sessions (start/stop/monitor/assign) with cron-friendly scheduling. | `skills/agent-manager-skill` |
| **Agent Memory Systems** | Memory architecture for agents: short-term, long-term (vector stores), and cognitive architectures. | `skills/agent-memory-systems` |
| **Agent Tool Builder** | Tool design from schema to error handling. JSON Schema best practices, validation, and MCP. | `skills/agent-tool-builder` |
| **AI Agents Architect** | Expert in autonomous AI agents. Tool use, memory systems, planning strategies, multi-agent orchestration. | `skills/ai-agents-architect` |
| **AI Product** | LLM integration patterns, RAG architecture, prompt engineering, AI UX, and cost optimization. | `skills/ai-product` |
| **AI Wrapper Product** | Building products that wrap AI APIs into focused tools. Prompt engineering, cost management. | `skills/ai-wrapper-product` |
| **Algolia Search** | Algolia search implementation, indexing strategies, React InstantSearch, relevance tuning. | `skills/algolia-search` |
| **Algorithmic Art** | Creating algorithmic art using p5. | `skills/algorithmic-art` |
| **Analytics Tracking** | Set up analytics tracking with GA4, GTM, and custom event implementations for marketing measurement. | `skills/analytics-tracking` |
| **API Fuzzing for Bug Bounty** | This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques. | `skills/api-fuzzing-bug-bounty` |
| **App Store Optimization** | Complete App Store Optimization (ASO) toolkit for researching, optimizing, and tracking mobile app performance on Apple App Store and Google Play Store. | `skills/app-store-optimization` |
| **Autonomous Agent Patterns** | "Design patterns for building autonomous coding agents. | `skills/autonomous-agent-patterns` |
| **Autonomous Agents** | AI systems that independently decompose goals, plan actions, execute tools. ReAct, reflection. | `skills/autonomous-agents` |
| **AWS Penetration Testing** | This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment. | `skills/aws-penetration-testing` |
| **AWS Serverless** | Serverless on AWS. Lambda, API Gateway, DynamoDB, SQS/SNS, SAM/CDK deployment. | `skills/aws-serverless` |
| **Azure Functions** | Azure Functions patterns. Isolated worker model, Durable Functions, cold start optimization. | `skills/azure-functions` |
| **Backend Guidelines** | Comprehensive backend development guide for Node. | `skills/backend-dev-guidelines` |
| **BlockRun** | Agent wallet for LLM micropayments. Use when user needs capabilities Claude lacks (image generation, real-time X/Twitter data) or explicitly requests external models ("blockrun", "use grok", "use gpt", "dall-e", "deepseek"). | `skills/blockrun` |
| **Brainstorming** | "You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. | `skills/brainstorming` |
| **Brand Guidelines (Anthropic)** | Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. | `skills/brand-guidelines-anthropic` |
| **Brand Guidelines (Community)** | Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. | `skills/brand-guidelines-community` |
| **Broken Authentication Testing** | This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". | `skills/broken-authentication` |
| **Browser Automation** | Browser automation with Playwright and Puppeteer. Testing, scraping, agentic control. | `skills/browser-automation` |
| **Browser Extension Builder** | Building browser extensions - Chrome, Firefox. Manifest v3, content scripts, monetization. | `skills/browser-extension-builder` |
| **BullMQ Specialist** | BullMQ for Redis-backed job queues, background processing in Node.js/TypeScript. | `skills/bullmq-specialist` |
| **Bun Development** | "Modern JavaScript/TypeScript development with Bun runtime. | `skills/bun-development` |
| **Burp Suite Web Application Testing** | This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". | `skills/burp-suite-testing` |
| **Canvas Design** | Create beautiful visual art in . | `skills/canvas-design` |
| **Claude Code Guide** | Master guide for using Claude Code effectively. | `skills/claude-code-guide` |
| **Claude D3.js** | Creating interactive data visualisations using d3. | `skills/claude-d3js-skill` |
| **Clerk Auth** | Clerk auth implementation, middleware, organizations, webhooks, user sync. | `skills/clerk-auth` |
| **Cloud Penetration Testing** | This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". | `skills/cloud-penetration-testing` |
| **Computer Use Agents** | AI agents that interact with computers like humans. Screen control, sandboxing. | `skills/computer-use-agents` |
| **Concise Planning** | Use when a user asks for a plan for a coding task, to generate a clear, actionable, and atomic checklist. | `skills/concise-planning` |
| **Competitor Alternatives** | Create compelling competitor comparison and alternative pages for SEO and conversions. | `skills/competitor-alternatives` |
| **Content Creator** | Create SEO-optimized marketing content with consistent brand voice. | `skills/content-creator` |
| **Context Window Management** | Managing LLM context windows. Summarization, trimming, routing. | `skills/context-window-management` |
| **Conversation Memory** | Persistent memory for LLM conversations. Short-term, long-term, entity-based memory. | `skills/conversation-memory` |
| **Core Components** | Core component library and design system patterns. | `skills/core-components` |
| **Copy Editing** | Edit and polish existing marketing copy with a systematic seven-sweeps framework. | `skills/copy-editing` |
| **Copywriting** | Write compelling marketing copy for homepages, landing pages, pricing pages, and feature pages. | `skills/copywriting` |
| **CrewAI** | Role-based multi-agent framework. Agent design, task definition, crew orchestration. | `skills/crewai` |
| **Cross-Site Scripting and HTML Injection Testing** | This skill should be used when the user asks to "test for XSS vulnerabilities", "perform cross-site scripting attacks", "identify HTML injection flaws", "exploit client-side injection vulnerabilities", "steal cookies via XSS", or "bypass content security policies". | `skills/xss-html-injection` |
| **Discord Bot Architect** | Production Discord bots. Discord.js, Pycord, slash commands, sharding. | `skills/discord-bot-architect` |
| **Dispatching Parallel Agents** | Use when facing 2+ independent tasks that can be worked on without shared state or sequential dependencies. | `skills/dispatching-parallel-agents` |
| **Doc Co-authoring** | Guide users through a structured workflow for co-authoring documentation. | `skills/doc-coauthoring` |
| **DOCX (Official)** | "Comprehensive document creation, editing, and analysis with support for tracked changes, comments, formatting preservation, and text extraction. | `skills/docx-official` |
| **Email Sequence** | Create and optimize email sequences, drip campaigns, and lifecycle email programs. | `skills/email-sequence` |
| **Email Systems** | Transactional email, marketing automation, deliverability, infrastructure. | `skills/email-systems` |
| **Ethical Hacking Methodology** | This skill should be used when the user asks to "learn ethical hacking", "understand penetration testing lifecycle", "perform reconnaissance", "conduct security scanning", "exploit vulnerabilities", or "write penetration test reports". | `skills/ethical-hacking-methodology` |
| **Executing Plans** | Use when you have a written implementation plan to execute in a separate session with review checkpoints. | `skills/executing-plans` |
| **File Organizer** | Intelligently organizes files and folders by understanding context, finding duplicates, and suggesting better organizational structures. | `skills/file-organizer` |
| **File Path Traversal Testing** | This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI vulnerabilities", or "access files outside web root". | `skills/file-path-traversal` |
| **File Uploads** | File uploads and cloud storage. S3, Cloudflare R2, presigned URLs. | `skills/file-uploads` |
| **Finishing Dev Branch** | Use when implementation is complete, all tests pass, and you need to decide how to integrate the work - guides completion of development work by presenting structured options for merge, PR, or cleanup. | `skills/finishing-a-development-branch` |
| **Firebase** | Firebase Auth, Firestore, Realtime Database, Cloud Functions, Storage. | `skills/firebase` |
| **Form CRO** | Optimize lead capture forms, contact forms, demo request forms for higher conversion rates. | `skills/form-cro` |
| **Free Tool Strategy** | Plan and build free tools for marketing, lead generation, and SEO value. | `skills/free-tool-strategy` |
| **Frontend Design** | Create distinctive, production-grade frontend interfaces with high design quality. | `skills/frontend-design` |
| **Frontend Guidelines** | Frontend development guidelines for React/TypeScript applications. | `skills/frontend-dev-guidelines` |
| **GCP Cloud Run** | Serverless on GCP. Cloud Run services and functions, Pub/Sub. | `skills/gcp-cloud-run` |
| **Git Pushing** | Stage, commit, and push git changes with conventional commit messages. | `skills/git-pushing` |
| **GitHub Workflow Automation** | "Automate GitHub workflows with AI assistance. | `skills/github-workflow-automation` |
| **GraphQL** | Schema design, resolvers, DataLoader, federation, Apollo/urql integration. | `skills/graphql` |
| **HTML Injection Testing** | This skill should be used when the user asks to "test for HTML injection", "inject HTML into web pages", "perform HTML injection attacks", "deface web applications", or "test content injection vulnerabilities". | `skills/html-injection-testing` |
| **HubSpot Integration** | HubSpot CRM integration. OAuth, CRM objects, webhooks, custom objects. | `skills/hubspot-integration` |
| **IDOR Vulnerability Testing** | This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data. | `skills/idor-testing` |
| **Inngest** | Inngest for serverless background jobs, event-driven workflows. | `skills/inngest` |
| **Interactive Portfolio** | Building portfolios that land jobs. Developer, designer portfolios. | `skills/interactive-portfolio` |
| **Internal Comms (Anthropic)** | A set of resources to help me write all kinds of internal communications, using the formats that my company likes to use. | `skills/internal-comms-anthropic` |
| **Internal Comms (Community)** | A set of resources to help me write all kinds of internal communications, using the formats that my company likes to use. | `skills/internal-comms-community` |
| **JavaScript Mastery** | "Comprehensive JavaScript reference covering 33+ essential concepts every developer should know. | `skills/javascript-mastery` |
| **Kaizen** | Guide for continuous improvement, error proofing, and standardization. | `skills/kaizen` |
| **Langfuse** | Open-source LLM observability. Tracing, prompt management, evaluation. | `skills/langfuse` |
| **LangGraph** | Stateful, multi-actor AI applications. Graph construction, persistence. | `skills/langgraph` |
| **Launch Strategy** | Plan product launches, feature announcements, and go-to-market strategies. | `skills/launch-strategy` |
| **Linux Privilege Escalation** | This skill should be used when the user asks to "escalate privileges on Linux", "find privesc vectors on Linux systems", "exploit sudo misconfigurations", "abuse SUID binaries", "exploit cron jobs for root access", "enumerate Linux systems for privilege escalation", or "gain root access from low-privilege shell". | `skills/linux-privilege-escalation` |
| **Linux Shell Scripting** | This skill should be used when the user asks to "create bash scripts", "automate Linux tasks", "monitor system resources", "backup files", "manage users", or "write production shell scripts". | `skills/linux-shell-scripting` |
| **LLM App Patterns** | "Production-ready patterns for building LLM applications. | `skills/llm-app-patterns` |
| **Loki Mode** | Multi-agent autonomous startup system for Claude Code. | `skills/loki-mode` |
| **Marketing Ideas** | 140 proven SaaS marketing ideas and strategies organized by category. | `skills/marketing-ideas` |
| **Marketing Psychology** | 70+ mental models and psychological principles for marketing and persuasion. | `skills/marketing-psychology` |
| **MCP Builder** | Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. | `skills/mcp-builder` |
| **Metasploit Framework** | This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". | `skills/metasploit-framework` |
| **Moodle External API Development** | Create custom external web service APIs for Moodle LMS. Use when implementing web services for course management, user tracking, quiz operations, or custom plugin functionality. Covers parameter validation, database operations, error handling, service registration, and Moodle coding standards. | `skills/moodle-external-api-development` |
| **Micro-SaaS Launcher** | Launching small SaaS products fast. Idea validation, MVP, pricing. | `skills/micro-saas-launcher` |
| **Neon Postgres** | Neon serverless Postgres, branching, connection pooling, Prisma integration. | `skills/neon-postgres` |
| **Network 101** | This skill should be used when the user asks to "set up a web server", "configure HTTP or HTTPS", "perform SNMP enumeration", "configure SMB shares", "test network services", or needs guidance on configuring and testing network services for penetration testing labs. | `skills/network-101` |
| **Next.js Supabase Auth** | Supabase Auth with Next.js App Router. Auth middleware. | `skills/nextjs-supabase-auth` |
| **NotebookLM** | Use this skill to query your Google NotebookLM notebooks directly from Claude Code for source-grounded, citation-backed answers from Gemini. | `skills/notebooklm` |
| **Notion Template Business** | Building and selling Notion templates. Design, pricing, marketing. | `skills/notion-template-business` |
| **Onboarding CRO** | Optimize post-signup onboarding, user activation, and time-to-value. | `skills/onboarding-cro` |
| **PDF (Official)** | Comprehensive PDF manipulation toolkit for extracting text and tables, creating new PDFs, merging/splitting documents, and handling forms. | `skills/pdf-official` |
| **Pentest Checklist** | This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements. | `skills/pentest-checklist` |
| **Pentest Commands** | This skill should be used when the user asks to "run pentest commands", "scan with nmap", "use metasploit exploits", "crack passwords with hydra or john", "scan web vulnerabilities with nikto", "enumerate networks", or needs essential penetration testing command references. | `skills/pentest-commands` |
| **Page CRO** | Conversion rate optimization for marketing pages - homepages, landing pages, pricing pages. | `skills/page-cro` |
| **Paid Ads** | Create and optimize paid ad campaigns on Google Ads, Meta, LinkedIn, and other platforms. | `skills/paid-ads` |
| **Paywall Upgrade CRO** | Optimize in-app paywalls, upgrade screens, and freemium conversion moments. | `skills/paywall-upgrade-cro` |
| **Personal Tool Builder** | Building custom tools. Rapid prototyping, local-first apps, CLI tools. | `skills/personal-tool-builder` |
| **Plaid Fintech** | Plaid API for banking. Link token flows, transactions, ACH. | `skills/plaid-fintech` |
| **Planning With Files** | Implements Manus-style file-based planning for complex tasks. | `skills/planning-with-files` |
| **Playwright Automation** | Complete browser automation with Playwright. | `skills/playwright-skill` |
| **Popup CRO** | Create and optimize popups, modals, and overlays for conversion. | `skills/popup-cro` |
| **PPTX (Official)** | "Presentation creation, editing, and analysis. | `skills/pptx-official` |
| **Privilege Escalation Methods** | This skill should be used when the user asks to "escalate privileges", "get root access", "become administrator", "privesc techniques", "abuse sudo", "exploit SUID binaries", "Kerberoasting", "pass-the-ticket", "token impersonation", or needs guidance on post-exploitation privilege escalation for Linux or Windows systems. | `skills/privilege-escalation-methods` |
| **Pricing Strategy** | Design pricing, packaging, and monetization strategy for SaaS products. | `skills/pricing-strategy` |
| **Product Toolkit** | Comprehensive toolkit for product managers including RICE prioritization, customer interview analysis, PRD templates, discovery frameworks, and go-to-market strategies. | `skills/product-manager-toolkit` |
| **Prompt Caching** | Caching strategies for LLM prompts. Anthropic caching, CAG. | `skills/prompt-caching` |
| **Prompt Engineer** | Designing prompts for LLM applications. Structure, evaluation. | `skills/prompt-engineer` |
| **Prompt Engineering** | Expert guide on prompt engineering patterns, best practices, and optimization techniques. | `skills/prompt-engineering` |
| **Prompt Library** | "Curated collection of high-quality prompts for various use cases. | `skills/prompt-library` |
| **Programmatic SEO** | Build SEO-driven pages at scale using templates and data. | `skills/programmatic-seo` |
| **RAG Engineer** | Building RAG systems. Embedding models, vector databases, chunking. | `skills/rag-engineer` |
| **RAG Implementation** | RAG patterns. Chunking, embeddings, vector stores. | `skills/rag-implementation` |
| **React Best Practices** | React and Next. | `skills/react-best-practices` |
| **React UI Patterns** | Modern React UI patterns for loading states, error handling, and data fetching. | `skills/react-ui-patterns` |
| **Receiving Code Review** | Use when receiving code review feedback, before implementing suggestions, especially if feedback seems unclear or technically questionable - requires technical rigor and verification, not performative agreement or blind implementation. | `skills/receiving-code-review` |
| **Red Team Tools and Methodology** | This skill should be used when the user asks to "follow red team methodology", "perform bug bounty hunting", "automate reconnaissance", "hunt for XSS vulnerabilities", "enumerate subdomains", or needs security researcher techniques and tool configurations from top bug bounty hunters. | `skills/red-team-tools` |
| **Referral Program** | Design referral programs, affiliate programs, and word-of-mouth strategies. | `skills/referral-program` |
| **Requesting Code Review** | Use when completing tasks, implementing major features, or before merging to verify work meets requirements. | `skills/requesting-code-review` |
| **Salesforce Development** | Salesforce integration, Apex development, Lightning components. | `skills/salesforce-development` |
| **Schema Markup** | Add structured data and JSON-LD schema markup for SEO and rich snippets. | `skills/schema-markup` |
| **Scroll Experience** | GSAP/Framer scroll-driven storytelling. Parallax effects. | `skills/scroll-experience` |
| **Security Scanning Tools** | This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detect malware", "check cloud security", or "evaluate system compliance". | `skills/scanning-tools` |
| **Segment CDP** | Segment customer data platform. Event tracking, identity resolution. | `skills/segment-cdp` |
| **Senior Architect** | Comprehensive software architecture skill for designing scalable, maintainable systems using ReactJS, NextJS, NodeJS, Express, React Native, Swift, Kotlin, Flutter, Postgres, GraphQL, Go, Python. | `skills/senior-architect` |
| **Senior Fullstack** | Comprehensive fullstack development skill for building complete web applications with React, Next. | `skills/senior-fullstack` |
| **SEO Audit** | Audit technical and on-page SEO issues for better search rankings. | `skills/seo-audit` |
| **Shodan Reconnaissance and Pentesting** | This skill should be used when the user asks to "search for exposed devices on the internet," "perform Shodan reconnaissance," "find vulnerable services using Shodan," "scan IP ranges with Shodan," or "discover IoT devices and open ports. | `skills/shodan-reconnaissance` |
| **Shopify Apps** | Building Shopify apps. App Bridge, Polaris, webhooks. | `skills/shopify-apps` |
| **Shopify Development** | Build Shopify apps, extensions, themes using GraphQL Admin API, Shopify CLI, Polaris UI, and Liquid. Use when user asks about "shopify app", "checkout extension", "shopify theme", "liquid template", "polaris", "shopify graphql", "shopify webhook", or "metafields". | `skills/shopify-development` |
| **Signup Flow CRO** | Optimize signup, registration, and trial activation flows for higher conversions. | `skills/signup-flow-cro` |
| **Skill Creator** | Guide for creating effective skills. | `skills/skill-creator` |
| **Skill Developer** | Create and manage Claude Code skills following Anthropic best practices. | `skills/skill-developer` |
| **Slack Bot Builder** | Production Slack bots. Bolt framework, slash commands, modals. | `skills/slack-bot-builder` |
| **Slack GIF Creator** | Knowledge and utilities for creating animated GIFs optimized for Slack. | `skills/slack-gif-creator` |
| **SMTP Penetration Testing** | This skill should be used when the user asks to "perform SMTP penetration testing", "enumerate email users", "test for open mail relays", "grab SMTP banners", "brute force email credentials", or "assess mail server security". | `skills/smtp-penetration-testing` |
| **Social Content** | Create and schedule social media content for LinkedIn, Twitter/X, and other platforms. | `skills/social-content` |
| **Software Architecture** | Guide for quality focused software architecture. | `skills/software-architecture` |
| **SQL Injection Testing** | This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". | `skills/sql-injection-testing` |
| **SQLMap Database Penetration Testing** | This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a vulnerable database," or "perform automated database penetration testing. | `skills/sqlmap-database-pentesting` |
| **SSH Penetration Testing** | This skill should be used when the user asks to "pentest SSH services", "enumerate SSH configurations", "brute force SSH credentials", "exploit SSH vulnerabilities", "perform SSH tunneling", or "audit SSH security". | `skills/ssh-penetration-testing` |
| **Stripe Integration** | Stripe patterns. Checkout, subscriptions, payment intents, webhooks. | `skills/stripe-integration` |
| **Subagent Driven Dev** | Use when executing implementation plans with independent tasks in the current session. | `skills/subagent-driven-development` |
| **Systematic Debugging** | Use when encountering any bug, test failure, or unexpected behavior, before proposing fixes. | `skills/systematic-debugging` |
| **TDD** | Use when implementing any feature or bugfix, before writing implementation code. | `skills/test-driven-development` |
| **Telegram Bot Builder** | Building Telegram bots. Bot API, inline mode, payments, Mini Apps. | `skills/telegram-bot-builder` |
| **Telegram Mini App** | TON Connect, Telegram Mini Apps, wallet integration. | `skills/telegram-mini-app` |
| **Test Fixing** | Run tests and systematically fix all failing tests using smart error grouping. | `skills/test-fixing` |
| **Testing Patterns** | Jest testing patterns, factory functions, mocking strategies, and TDD workflow. | `skills/testing-patterns` |
| **Theme Factory** | Toolkit for styling artifacts with a theme. | `skills/theme-factory` |
| **Top 100 Vulnerabilities** | This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". | `skills/top-web-vulnerabilities` |
| **Trigger.dev** | Trigger.dev for serverless background jobs. Long-running tasks. | `skills/trigger-dev` |
| **Twilio Communications** | Twilio for SMS, voice, video. Programmable messaging, OTP. | `skills/twilio-communications` |
| **UI/UX Pro Max** | "UI/UX design intelligence. | `skills/ui-ux-pro-max` |
| **Upstash QStash** | Upstash QStash for serverless message queues. | `skills/upstash-qstash` |
| **Using Git Worktrees** | Use when starting feature work that needs isolation from current workspace or before executing implementation plans - creates isolated git worktrees with smart directory selection and safety verification. | `skills/using-git-worktrees` |
| **Using Superpowers** | Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions. | `skills/using-superpowers` |
| **Vercel Deployment** | Vercel deployment. Edge functions, preview deployments. | `skills/vercel-deployment` |
| **Verification Before Completion** | Use when about to claim work is complete, fixed, or passing, before committing or creating PRs - requires running verification commands and confirming output before making any success claims; evidence before assertions always. | `skills/verification-before-completion` |
| **Viral Generator Builder** | Building shareable generators that go viral. | `skills/viral-generator-builder` |
| **Voice Agents** | Voice-based AI assistants. Speech-to-text, real-time conversation. | `skills/voice-agents` |
| **Voice AI Development** | Voice AI patterns. Wake words, streaming ASR, emotional TTS. | `skills/voice-ai-development` |
| **Web Artifacts** | Suite of tools for creating elaborate, multi-component claude. | `skills/web-artifacts-builder` |
| **Web Design Guidelines** | Review UI code for Web Interface Guidelines compliance. | `skills/web-design-guidelines` |
| **Webapp Testing** | Toolkit for interacting with and testing local web applications using Playwright. | `skills/webapp-testing` |
| **Windows Privilege Escalation** | This skill should be used when the user asks to "escalate privileges on Windows," "find Windows privesc vectors," "enumerate Windows for privilege escalation," "exploit Windows misconfigurations," or "perform post-exploitation privilege escalation. | `skills/windows-privilege-escalation` |
| **Wireshark Network Traffic Analysis** | This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "detect network anomalies", "investigate suspicious traffic", or "perform protocol analysis". | `skills/wireshark-analysis` |
| **WordPress Penetration Testing** | This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". | `skills/wordpress-penetration-testing` |
| **Workflow Automation** | "Design and implement automated workflows combining visual logic with custom code. | `skills/workflow-automation` |
| **Writing Plans** | Use when you have a spec or requirements for a multi-step task, before touching code. | `skills/writing-plans` |
| **Writing Skills** | Use when creating new skills, editing existing skills, or verifying skills work before deployment. | `skills/writing-skills` |
| **XLSX (Official)** | "Comprehensive spreadsheet creation, editing, and analysis with support for formulas, formatting, data analysis, and visualization. | `skills/xlsx-official` |
| **Zapier/Make Patterns** | No-code automation. Zapier, Make, n8n workflows. | `skills/zapier-make-patterns` |
> [!TIP]
> Use the `validate_skills.py` script in the `scripts/` directory to ensure all skills are properly formatted and ready for use.
---
| Skill Name | Risk | Description | Path |
| :--- | :--- | :--- | :--- |
| **2d-games** | ⚪ | 2D game development principles. Sprites, tilemaps, physics, camera. | `skills/game-development/2d-games` |
| **3d-games** | ⚪ | 3D game development principles. Rendering, shaders, physics, cameras. | `skills/game-development/3d-games` |
| **3d-web-experience** | ⚪ | Expert in building 3D experiences for the web - Three.js, React Three Fiber, Spline, WebGL, and interactive 3D scenes. Covers product configurators, 3D portfolios, immersive websites, and bringing depth to web experiences. Use when: 3D website, three.js, WebGL, react three fiber, 3D experience. | `skills/3d-web-experience` |
| **ab-test-setup** | ⚪ | Structured guide for setting up A/B tests with mandatory gates for hypothesis, metrics, and execution readiness. | `skills/ab-test-setup` |
| **Active Directory Attacks** | ⚪ | This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing. | `skills/active-directory-attacks` |
| **address-github-comments** | ⚪ | Use when you need to address review or issue comments on an open GitHub Pull Request using the gh CLI. | `skills/address-github-comments` |
| **agent-evaluation** | ⚪ | Testing and benchmarking LLM agents including behavioral testing, capability assessment, reliability metrics, and production monitoring—where even top agents achieve less than 50% on real-world benchmarks Use when: agent testing, agent evaluation, benchmark agents, agent reliability, test agent. | `skills/agent-evaluation` |
| **agent-manager-skill** | ⚪ | Manage multiple local CLI agents via tmux sessions (start/stop/monitor/assign) with cron-friendly scheduling. | `skills/agent-manager-skill` |
| **agent-memory-mcp** | ⚪ | A hybrid memory system that provides persistent, searchable knowledge management for AI agents (Architecture, Patterns, Decisions). | `skills/agent-memory-mcp` |
| **agent-memory-systems** | ⚪ | Memory is the cornerstone of intelligent agents. Without it, every interaction starts from zero. This skill covers the architecture of agent memory: short-term (context window), long-term (vector stores), and the cognitive architectures that organize them. Key insight: Memory isn't just storage - it's retrieval. A million stored facts mean nothing if you can't find the right one. Chunking, embedding, and retrieval strategies determine whether your agent remembers or forgets. The field is fragm | `skills/agent-memory-systems` |
| **agent-tool-builder** | ⚪ | Tools are how AI agents interact with the world. A well-designed tool is the difference between an agent that works and one that hallucinates, fails silently, or costs 10x more tokens than necessary. This skill covers tool design from schema to error handling. JSON Schema best practices, description writing that actually helps the LLM, validation, and the emerging MCP standard that's becoming the lingua franca for AI tools. Key insight: Tool descriptions are more important than tool implementa | `skills/agent-tool-builder` |
| **ai-agents-architect** | ⚪ | Expert in designing and building autonomous AI agents. Masters tool use, memory systems, planning strategies, and multi-agent orchestration. Use when: build agent, AI agent, autonomous agent, tool use, function calling. | `skills/ai-agents-architect` |
| **ai-product** | ⚪ | Every product will be AI-powered. The question is whether you'll build it right or ship a demo that falls apart in production. This skill covers LLM integration patterns, RAG architecture, prompt engineering that scales, AI UX that users trust, and cost optimization that doesn't bankrupt you. Use when: keywords, file_patterns, code_patterns. | `skills/ai-product` |
| **ai-wrapper-product** | ⚪ | Expert in building products that wrap AI APIs (OpenAI, Anthropic, etc.) into focused tools people will pay for. Not just 'ChatGPT but different' - products that solve specific problems with AI. Covers prompt engineering for products, cost management, rate limiting, and building defensible AI businesses. Use when: AI wrapper, GPT product, AI tool, wrap AI, AI SaaS. | `skills/ai-wrapper-product` |
| **algolia-search** | ⚪ | Expert patterns for Algolia search implementation, indexing strategies, React InstantSearch, and relevance tuning Use when: adding search to, algolia, instantsearch, search api, search functionality. | `skills/algolia-search` |
| **algorithmic-art** | ⚪ | Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations. | `skills/algorithmic-art` |
| **analytics-tracking** | ⚪ | Design, audit, and improve analytics tracking systems that produce reliable, decision-ready data. Use when the user wants to set up, fix, or evaluate analytics tracking (GA4, GTM, product analytics, events, conversions, UTMs). This skill focuses on measurement strategy, signal quality, and validation— not just firing events. | `skills/analytics-tracking` |
| **API Fuzzing for Bug Bounty** | ⚪ | This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques. | `skills/api-fuzzing-bug-bounty` |
| **api-documentation-generator** | ⚪ | Generate comprehensive, developer-friendly API documentation from code, including endpoints, parameters, examples, and best practices | `skills/api-documentation-generator` |
| **api-patterns** | ⚪ | API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination. | `skills/api-patterns` |
| **api-security-best-practices** | ⚪ | Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities | `skills/api-security-best-practices` |
| **app-builder** | ⚪ | Main application building orchestrator. Creates full-stack applications from natural language requests. Determines project type, selects tech stack, coordinates agents. | `skills/app-builder` |
| **app-store-optimization** | ⚪ | Complete App Store Optimization (ASO) toolkit for researching, optimizing, and tracking mobile app performance on Apple App Store and Google Play Store | `skills/app-store-optimization` |
| **architecture** | ⚪ | Architectural decision-making framework. Requirements analysis, trade-off evaluation, ADR documentation. Use when making architecture decisions or analyzing system design. | `skills/architecture` |
| **autonomous-agent-patterns** | ⚪ | Design patterns for building autonomous coding agents. Covers tool integration, permission systems, browser automation, and human-in-the-loop workflows. Use when building AI agents, designing tool APIs, implementing permission systems, or creating autonomous coding assistants. | `skills/autonomous-agent-patterns` |
| **autonomous-agents** | ⚪ | Autonomous agents are AI systems that can independently decompose goals, plan actions, execute tools, and self-correct without constant human guidance. The challenge isn't making them capable - it's making them reliable. Every extra decision multiplies failure probability. This skill covers agent loops (ReAct, Plan-Execute), goal decomposition, reflection patterns, and production reliability. Key insight: compounding error rates kill autonomous agents. A 95% success rate per step drops to 60% b | `skills/autonomous-agents` |
| **avalonia-layout-zafiro** | ⚪ | Guidelines for modern Avalonia UI layout using Zafiro.Avalonia, emphasizing shared styles, generic components, and avoiding XAML redundancy. | `skills/avalonia-layout-zafiro` |
| **avalonia-viewmodels-zafiro** | ⚪ | Optimal ViewModel and Wizard creation patterns for Avalonia using Zafiro and ReactiveUI. | `skills/avalonia-viewmodels-zafiro` |
| **avalonia-zafiro-development** | ⚪ | Mandatory skills, conventions, and behavioral rules for Avalonia UI development using the Zafiro toolkit. | `skills/avalonia-zafiro-development` |
| **AWS Penetration Testing** | ⚪ | This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment. | `skills/aws-penetration-testing` |
| **aws-serverless** | ⚪ | Specialized skill for building production-ready serverless applications on AWS. Covers Lambda functions, API Gateway, DynamoDB, SQS/SNS event-driven patterns, SAM/CDK deployment, and cold start optimization. | `skills/aws-serverless` |
| **azure-functions** | ⚪ | Expert patterns for Azure Functions development including isolated worker model, Durable Functions orchestration, cold start optimization, and production patterns. Covers .NET, Python, and Node.js programming models. Use when: azure function, azure functions, durable functions, azure serverless, function app. | `skills/azure-functions` |
| **backend-dev-guidelines** | ⚪ | Opinionated backend development standards for Node.js + Express + TypeScript microservices. Covers layered architecture, BaseController pattern, dependency injection, Prisma repositories, Zod validation, unifiedConfig, Sentry error tracking, async safety, and testing discipline. | `skills/backend-dev-guidelines` |
| **backend-patterns** | ⚪ | Backend architecture patterns, API design, database optimization, and server-side best practices for Node.js, Express, and Next.js API routes. | `skills/cc-skill-backend-patterns` |
| **bash-linux** | ⚪ | Bash/Linux terminal patterns. Critical commands, piping, error handling, scripting. Use when working on macOS or Linux systems. | `skills/bash-linux` |
| **behavioral-modes** | ⚪ | AI operational modes (brainstorm, implement, debug, review, teach, ship, orchestrate). Use to adapt behavior based on task type. | `skills/behavioral-modes` |
| **blockrun** | ⚪ | Use when user needs capabilities Claude lacks (image generation, real-time X/Twitter data) or explicitly requests external models ("blockrun", "use grok", "use gpt", "dall-e", "deepseek") | `skills/blockrun` |
| **brainstorming** | ⚪ | Use this skill before any creative or constructive work (features, components, architecture, behavior changes, or functionality). This skill transforms vague ideas into validated designs through disciplined, incremental reasoning and collaboration. | `skills/brainstorming` |
| **brand-guidelines** | ⚪ | Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply. | `skills/brand-guidelines-anthropic` |
| **brand-guidelines** | ⚪ | Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply. | `skills/brand-guidelines-community` |
| **Broken Authentication Testing** | ⚪ | This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications. | `skills/broken-authentication` |
| **browser-automation** | ⚪ | Browser automation powers web testing, scraping, and AI agent interactions. The difference between a flaky script and a reliable system comes down to understanding selectors, waiting strategies, and anti-detection patterns. This skill covers Playwright (recommended) and Puppeteer, with patterns for testing, scraping, and agentic browser control. Key insight: Playwright won the framework war. Unless you need Puppeteer's stealth ecosystem or are Chrome-only, Playwright is the better choice in 202 | `skills/browser-automation` |
| **browser-extension-builder** | ⚪ | Expert in building browser extensions that solve real problems - Chrome, Firefox, and cross-browser extensions. Covers extension architecture, manifest v3, content scripts, popup UIs, monetization strategies, and Chrome Web Store publishing. Use when: browser extension, chrome extension, firefox addon, extension, manifest v3. | `skills/browser-extension-builder` |
| **bullmq-specialist** | ⚪ | BullMQ expert for Redis-backed job queues, background processing, and reliable async execution in Node.js/TypeScript applications. Use when: bullmq, bull queue, redis queue, background job, job queue. | `skills/bullmq-specialist` |
| **bun-development** | ⚪ | Modern JavaScript/TypeScript development with Bun runtime. Covers package management, bundling, testing, and migration from Node.js. Use when working with Bun, optimizing JS/TS development speed, or migrating from Node.js to Bun. | `skills/bun-development` |
| **Burp Suite Web Application Testing** | ⚪ | This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing. | `skills/burp-suite-testing` |
| **busybox-on-windows** | ⚪ | How to use a Win32 build of BusyBox to run many of the standard UNIX command line tools on Windows. | `skills/busybox-on-windows` |
| **canvas-design** | ⚪ | Create beautiful visual art in .png and .pdf documents using design philosophy. You should use this skill when the user asks to create a poster, piece of art, design, or other static piece. Create original visual designs, never copying existing artists' work to avoid copyright violations. | `skills/canvas-design` |
| **cc-skill-continuous-learning** | ⚪ | Development skill from everything-claude-code | `skills/cc-skill-continuous-learning` |
| **cc-skill-project-guidelines-example** | ⚪ | Project Guidelines Skill (Example) | `skills/cc-skill-project-guidelines-example` |
| **cc-skill-strategic-compact** | ⚪ | Development skill from everything-claude-code | `skills/cc-skill-strategic-compact` |
| **Claude Code Guide** | ⚪ | Master guide for using Claude Code effectively. Includes configuration templates, prompting strategies "Thinking" keywords, debugging techniques, and best practices for interacting with the agent. | `skills/claude-code-guide` |
| **clean-code** | ⚪ | Pragmatic coding standards - concise, direct, no over-engineering, no unnecessary comments | `skills/clean-code` |
| **clerk-auth** | ⚪ | Expert patterns for Clerk auth implementation, middleware, organizations, webhooks, and user sync Use when: adding authentication, clerk auth, user authentication, sign in, sign up. | `skills/clerk-auth` |
| **clickhouse-io** | ⚪ | ClickHouse database patterns, query optimization, analytics, and data engineering best practices for high-performance analytical workloads. | `skills/cc-skill-clickhouse-io` |
| **Cloud Penetration Testing** | ⚪ | This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms. | `skills/cloud-penetration-testing` |
| **code-review-checklist** | ⚪ | Comprehensive checklist for conducting thorough code reviews covering functionality, security, performance, and maintainability | `skills/code-review-checklist` |
| **codex-review** | ⚪ | Professional code review with auto CHANGELOG generation, integrated with Codex AI | `skills/codex-review` |
| **coding-standards** | ⚪ | Universal coding standards, best practices, and patterns for TypeScript, JavaScript, React, and Node.js development. | `skills/cc-skill-coding-standards` |
| **competitor-alternatives** | ⚪ | When the user wants to create competitor comparison or alternative pages for SEO and sales enablement. Also use when the user mentions 'alternative page,' 'vs page,' 'competitor comparison,' 'comparison page,' '[Product] vs [Product],' '[Product] alternative,' or 'competitive landing pages.' Covers four formats: singular alternative, plural alternatives, you vs competitor, and competitor vs competitor. Emphasizes deep research, modular content architecture, and varied section types beyond feature tables. | `skills/competitor-alternatives` |
| **computer-use-agents** | ⚪ | Build AI agents that interact with computers like humans do - viewing screens, moving cursors, clicking buttons, and typing text. Covers Anthropic's Computer Use, OpenAI's Operator/CUA, and open-source alternatives. Critical focus on sandboxing, security, and handling the unique challenges of vision-based control. Use when: computer use, desktop automation agent, screen control AI, vision-based agent, GUI automation. | `skills/computer-use-agents` |
| **concise-planning** | ⚪ | Use when a user asks for a plan for a coding task, to generate a clear, actionable, and atomic checklist. | `skills/concise-planning` |
| **content-creator** | ⚪ | Create SEO-optimized marketing content with consistent brand voice. Includes brand voice analyzer, SEO optimizer, content frameworks, and social media templates. Use when writing blog posts, creating social media content, analyzing brand voice, optimizing SEO, planning content calendars, or when user mentions content creation, brand voice, SEO optimization, social media marketing, or content strategy. | `skills/content-creator` |
| **context-window-management** | ⚪ | Strategies for managing LLM context windows including summarization, trimming, routing, and avoiding context rot Use when: context window, token limit, context management, context engineering, long context. | `skills/context-window-management` |
| **context7-auto-research** | ⚪ | Automatically fetch latest library/framework documentation for Claude Code via Context7 API | `skills/context7-auto-research` |
| **conversation-memory** | ⚪ | Persistent memory systems for LLM conversations including short-term, long-term, and entity-based memory Use when: conversation memory, remember, memory persistence, long-term memory, chat history. | `skills/conversation-memory` |
| **copy-editing** | ⚪ | When the user wants to edit, review, or improve existing marketing copy. Also use when the user mentions 'edit this copy,' 'review my copy,' 'copy feedback,' 'proofread,' 'polish this,' 'make this better,' or 'copy sweep.' This skill provides a systematic approach to editing marketing copy through multiple focused passes. | `skills/copy-editing` |
| **copywriting** | ⚪ | Use this skill when writing, rewriting, or improving marketing copy for any page (homepage, landing page, pricing, feature, product, or about page). This skill produces clear, compelling, and testable copy while enforcing alignment, honesty, and conversion best practices. | `skills/copywriting` |
| **core-components** | ⚪ | Core component library and design system patterns. Use when building UI, using design tokens, or working with the component library. | `skills/core-components` |
| **crewai** | ⚪ | Expert in CrewAI - the leading role-based multi-agent framework used by 60% of Fortune 500 companies. Covers agent design with roles and goals, task definition, crew orchestration, process types (sequential, hierarchical, parallel), memory systems, and flows for complex workflows. Essential for building collaborative AI agent teams. Use when: crewai, multi-agent team, agent roles, crew of agents, role-based agents. | `skills/crewai` |
| **Cross-Site Scripting and HTML Injection Testing** | ⚪ | This skill should be used when the user asks to "test for XSS vulnerabilities", "perform cross-site scripting attacks", "identify HTML injection flaws", "exploit client-side injection vulnerabilities", "steal cookies via XSS", or "bypass content security policies". It provides comprehensive techniques for detecting, exploiting, and understanding XSS and HTML injection attack vectors in web applications. | `skills/xss-html-injection` |
| **d3-viz** | ⚪ | Creating interactive data visualisations using d3.js. This skill should be used when creating custom charts, graphs, network diagrams, geographic visualisations, or any complex SVG-based data visualisation that requires fine-grained control over visual elements, transitions, or interactions. Use this for bespoke visualisations beyond standard charting libraries, whether in React, Vue, Svelte, vanilla JavaScript, or any other environment. | `skills/claude-d3js-skill` |
| **daily-news-report** | ⚪ | Scrapes content based on a preset URL list, filters high-quality technical information, and generates daily Markdown reports. | `skills/daily-news-report` |
| **database-design** | ⚪ | Database design principles and decision-making. Schema design, indexing strategy, ORM selection, serverless databases. | `skills/database-design` |
| **deployment-procedures** | ⚪ | Production deployment principles and decision-making. Safe deployment workflows, rollback strategies, and verification. Teaches thinking, not scripts. | `skills/deployment-procedures` |
| **design-orchestration** | ⚪ | Orchestrates design workflows by routing work through brainstorming, multi-agent review, and execution readiness in the correct order. Prevents premature implementation, skipped validation, and unreviewed high-risk designs. | `skills/design-orchestration` |
| **discord-bot-architect** | ⚪ | Specialized skill for building production-ready Discord bots. Covers Discord.js (JavaScript) and Pycord (Python), gateway intents, slash commands, interactive components, rate limiting, and sharding. | `skills/discord-bot-architect` |
| **dispatching-parallel-agents** | ⚪ | Use when facing 2+ independent tasks that can be worked on without shared state or sequential dependencies | `skills/dispatching-parallel-agents` |
| **doc-coauthoring** | ⚪ | Guide users through a structured workflow for co-authoring documentation. Use when user wants to write documentation, proposals, technical specs, decision docs, or similar structured content. This workflow helps users efficiently transfer context, refine content through iteration, and verify the doc works for readers. Trigger when user mentions writing docs, creating proposals, drafting specs, or similar documentation tasks. | `skills/doc-coauthoring` |
| **docker-expert** | ⚪ | Docker containerization expert with deep knowledge of multi-stage builds, image optimization, container security, Docker Compose orchestration, and production deployment patterns. Use PROACTIVELY for Dockerfile optimization, container issues, image size problems, security hardening, networking, and orchestration challenges. | `skills/docker-expert` |
| **documentation-templates** | ⚪ | Documentation templates and structure guidelines. README, API docs, code comments, and AI-friendly documentation. | `skills/documentation-templates` |
| **docx** | ⚪ | Comprehensive document creation, editing, and analysis with support for tracked changes, comments, formatting preservation, and text extraction. When Claude needs to work with professional documents (.docx files) for: (1) Creating new documents, (2) Modifying or editing content, (3) Working with tracked changes, (4) Adding comments, or any other document tasks | `skills/docx-official` |
| **email-sequence** | ⚪ | When the user wants to create or optimize an email sequence, drip campaign, automated email flow, or lifecycle email program. Also use when the user mentions "email sequence," "drip campaign," "nurture sequence," "onboarding emails," "welcome sequence," "re-engagement emails," "email automation," or "lifecycle emails." For in-app onboarding, see onboarding-cro. | `skills/email-sequence` |
| **email-systems** | ⚪ | Email has the highest ROI of any marketing channel. $36 for every $1 spent. Yet most startups treat it as an afterthought - bulk blasts, no personalization, landing in spam folders. This skill covers transactional email that works, marketing automation that converts, deliverability that reaches inboxes, and the infrastructure decisions that scale. Use when: keywords, file_patterns, code_patterns. | `skills/email-systems` |
| **environment-setup-guide** | ⚪ | Guide developers through setting up development environments with proper tools, dependencies, and configurations | `skills/environment-setup-guide` |
| **Ethical Hacking Methodology** | ⚪ | This skill should be used when the user asks to "learn ethical hacking", "understand penetration testing lifecycle", "perform reconnaissance", "conduct security scanning", "exploit vulnerabilities", or "write penetration test reports". It provides comprehensive ethical hacking methodology and techniques. | `skills/ethical-hacking-methodology` |
| **exa-search** | ⚪ | Semantic search, similar content discovery, and structured research using Exa API | `skills/exa-search` |
| **executing-plans** | ⚪ | Use when you have a written implementation plan to execute in a separate session with review checkpoints | `skills/executing-plans` |
| **File Path Traversal Testing** | ⚪ | This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI vulnerabilities", or "access files outside web root". It provides comprehensive file path traversal attack and testing methodologies. | `skills/file-path-traversal` |
| **file-organizer** | ⚪ | Intelligently organizes files and folders by understanding context, finding duplicates, and suggesting better organizational structures. Use when user wants to clean up directories, organize downloads, remove duplicates, or restructure projects. | `skills/file-organizer` |
| **file-uploads** | ⚪ | Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking. Use when: file upload, S3, R2, presigned URL, multipart. | `skills/file-uploads` |
| **finishing-a-development-branch** | ⚪ | Use when implementation is complete, all tests pass, and you need to decide how to integrate the work - guides completion of development work by presenting structured options for merge, PR, or cleanup | `skills/finishing-a-development-branch` |
| **firebase** | ⚪ | Firebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules are your last line of defense, and they're often wrong. Firestore queries are limited, and you learn this after you've designed your data model. This skill covers Firebase Authentication, Firestore, Realtime Database, Cloud Functions, Cloud Storage, and Firebase Hosting. Key insight: Firebase is optimized for read-heavy, denormalized data. I | `skills/firebase` |
| **firecrawl-scraper** | ⚪ | Deep web scraping, screenshots, PDF parsing, and website crawling using Firecrawl API | `skills/firecrawl-scraper` |
| **form-cro** | ⚪ | Optimize any form that is NOT signup or account registration — including lead capture, contact, demo request, application, survey, quote, and checkout forms. Use when the goal is to increase form completion rate, reduce friction, or improve lead quality without breaking compliance or downstream workflows. | `skills/form-cro` |
| **free-tool-strategy** | ⚪ | When the user wants to plan, evaluate, or build a free tool for marketing purposes — lead generation, SEO value, or brand awareness. Also use when the user mentions "engineering as marketing," "free tool," "marketing tool," "calculator," "generator," "interactive tool," "lead gen tool," "build a tool for leads," or "free resource." This skill bridges engineering and marketing — useful for founders and technical marketers. | `skills/free-tool-strategy` |
| **frontend-design** | ⚪ | Create distinctive, production-grade frontend interfaces with intentional aesthetics, high craft, and non-generic visual identity. Use when building or styling web UIs, components, pages, dashboards, or frontend applications. | `skills/frontend-design` |
| **frontend-dev-guidelines** | ⚪ | Opinionated frontend development standards for modern React + TypeScript applications. Covers Suspense-first data fetching, lazy loading, feature-based architecture, MUI v7 styling, TanStack Router, performance optimization, and strict TypeScript practices. | `skills/frontend-dev-guidelines` |
| **frontend-patterns** | ⚪ | Frontend development patterns for React, Next.js, state management, performance optimization, and UI best practices. | `skills/cc-skill-frontend-patterns` |
| **game-art** | ⚪ | Game art principles. Visual style selection, asset pipeline, animation workflow. | `skills/game-development/game-art` |
| **game-audio** | ⚪ | Game audio principles. Sound design, music integration, adaptive audio systems. | `skills/game-development/game-audio` |
| **game-design** | ⚪ | Game design principles. GDD structure, balancing, player psychology, progression. | `skills/game-development/game-design` |
| **game-development** | ⚪ | Game development orchestrator. Routes to platform-specific skills based on project needs. | `skills/game-development` |
| **gcp-cloud-run** | ⚪ | Specialized skill for building production-ready serverless applications on GCP. Covers Cloud Run services (containerized), Cloud Run Functions (event-driven), cold start optimization, and event-driven architecture with Pub/Sub. | `skills/gcp-cloud-run` |
| **geo-fundamentals** | ⚪ | Generative Engine Optimization for AI search engines (ChatGPT, Claude, Perplexity). | `skills/geo-fundamentals` |
| **git-pushing** | ⚪ | Stage, commit, and push git changes with conventional commit messages. Use when user wants to commit and push changes, mentions pushing to remote, or asks to save and push their work. Also activates when user says "push changes", "commit and push", "push this", "push to github", or similar git workflow requests. | `skills/git-pushing` |
| **github-workflow-automation** | ⚪ | Automate GitHub workflows with AI assistance. Includes PR reviews, issue triage, CI/CD integration, and Git operations. Use when automating GitHub workflows, setting up PR review automation, creating GitHub Actions, or triaging issues. | `skills/github-workflow-automation` |
| **graphql** | ⚪ | GraphQL gives clients exactly the data they need - no more, no less. One endpoint, typed schema, introspection. But the flexibility that makes it powerful also makes it dangerous. Without proper controls, clients can craft queries that bring down your server. This skill covers schema design, resolvers, DataLoader for N+1 prevention, federation for microservices, and client integration with Apollo/urql. Key insight: GraphQL is a contract. The schema is the API documentation. Design it carefully. | `skills/graphql` |
| **HTML Injection Testing** | ⚪ | This skill should be used when the user asks to "test for HTML injection", "inject HTML into web pages", "perform HTML injection attacks", "deface web applications", or "test content injection vulnerabilities". It provides comprehensive HTML injection attack techniques and testing methodologies. | `skills/html-injection-testing` |
| **hubspot-integration** | ⚪ | Expert patterns for HubSpot CRM integration including OAuth authentication, CRM objects, associations, batch operations, webhooks, and custom objects. Covers Node.js and Python SDKs. Use when: hubspot, hubspot api, hubspot crm, hubspot integration, contacts api. | `skills/hubspot-integration` |
| **i18n-localization** | ⚪ | Internationalization and localization patterns. Detecting hardcoded strings, managing translations, locale files, RTL support. | `skills/i18n-localization` |
| **IDOR Vulnerability Testing** | ⚪ | This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications. | `skills/idor-testing` |
| **Infinite Gratitude** | 🔵 | Multi-agent research skill for parallel research execution (10 agents, battle-tested with real case studies). | `skills/infinite-gratitude` |
| **inngest** | ⚪ | Inngest expert for serverless-first background jobs, event-driven workflows, and durable execution without managing queues or workers. Use when: inngest, serverless background job, event-driven workflow, step function, durable execution. | `skills/inngest` |
| **interactive-portfolio** | ⚪ | Expert in building portfolios that actually land jobs and clients - not just showing work, but creating memorable experiences. Covers developer portfolios, designer portfolios, creative portfolios, and portfolios that convert visitors into opportunities. Use when: portfolio, personal website, showcase work, developer portfolio, designer portfolio. | `skills/interactive-portfolio` |
| **internal-comms** | ⚪ | A set of resources to help me write all kinds of internal communications, using the formats that my company likes to use. Claude should use this skill whenever asked to write some sort of internal communications (status reports, leadership updates, 3P updates, company newsletters, FAQs, incident reports, project updates, etc.). | `skills/internal-comms-anthropic` |
| **internal-comms** | ⚪ | A set of resources to help me write all kinds of internal communications, using the formats that my company likes to use. Claude should use this skill whenever asked to write some sort of internal communications (status reports, leadership updates, 3P updates, company newsletters, FAQs, incident reports, project updates, etc.). | `skills/internal-comms-community` |
| **javascript-mastery** | ⚪ | Comprehensive JavaScript reference covering 33+ essential concepts every developer should know. From fundamentals like primitives and closures to advanced patterns like async/await and functional programming. Use when explaining JS concepts, debugging JavaScript issues, or teaching JavaScript fundamentals. | `skills/javascript-mastery` |
| **kaizen** | ⚪ | Guide for continuous improvement, error proofing, and standardization. Use this skill when the user wants to improve code quality, refactor, or discuss process improvements. | `skills/kaizen` |
| **langfuse** | ⚪ | Expert in Langfuse - the open-source LLM observability platform. Covers tracing, prompt management, evaluation, datasets, and integration with LangChain, LlamaIndex, and OpenAI. Essential for debugging, monitoring, and improving LLM applications in production. Use when: langfuse, llm observability, llm tracing, prompt management, llm evaluation. | `skills/langfuse` |
| **langgraph** | ⚪ | Expert in LangGraph - the production-grade framework for building stateful, multi-actor AI applications. Covers graph construction, state management, cycles and branches, persistence with checkpointers, human-in-the-loop patterns, and the ReAct agent pattern. Used in production at LinkedIn, Uber, and 400+ companies. This is LangChain's recommended approach for building agents. Use when: langgraph, langchain agent, stateful agent, agent graph, react agent. | `skills/langgraph` |
| **last30days** | ⚪ | Research a topic from the last 30 days on Reddit + X + Web, become an expert, and write copy-paste-ready prompts for the user's target tool. | `skills/last30days` |
| **launch-strategy** | ⚪ | When the user wants to plan a product launch, feature announcement, or release strategy. Also use when the user mentions 'launch,' 'Product Hunt,' 'feature release,' 'announcement,' 'go-to-market,' 'beta launch,' 'early access,' 'waitlist,' or 'product update.' This skill covers phased launches, channel strategy, and ongoing launch momentum. | `skills/launch-strategy` |
| **lint-and-validate** | ⚪ | Automatic quality control, linting, and static analysis procedures. Use after every code modification to ensure syntax correctness and project standards. Triggers onKeywords: lint, format, check, validate, types, static analysis. | `skills/lint-and-validate` |
| **Linux Privilege Escalation** | ⚪ | This skill should be used when the user asks to "escalate privileges on Linux", "find privesc vectors on Linux systems", "exploit sudo misconfigurations", "abuse SUID binaries", "exploit cron jobs for root access", "enumerate Linux systems for privilege escalation", or "gain root access from low-privilege shell". It provides comprehensive techniques for identifying and exploiting privilege escalation paths on Linux systems. | `skills/linux-privilege-escalation` |
| **Linux Production Shell Scripts** | ⚪ | This skill should be used when the user asks to "create bash scripts", "automate Linux tasks", "monitor system resources", "backup files", "manage users", or "write production shell scripts". It provides ready-to-use shell script templates for system administration. | `skills/linux-shell-scripting` |
| **llm-app-patterns** | ⚪ | Production-ready patterns for building LLM applications. Covers RAG pipelines, agent architectures, prompt IDEs, and LLMOps monitoring. Use when designing AI applications, implementing RAG, building agents, or setting up LLM observability. | `skills/llm-app-patterns` |
| **loki-mode** | ⚪ | Multi-agent autonomous startup system for Claude Code. Triggers on "Loki Mode". Orchestrates 100+ specialized agents across engineering, QA, DevOps, security, data/ML, business operations, marketing, HR, and customer success. Takes PRD to fully deployed, revenue-generating product with zero human intervention. Features Task tool for subagent dispatch, parallel code review with 3 specialized reviewers, severity-based issue triage, distributed task queue with dead letter handling, automatic deployment to cloud providers, A/B testing, customer feedback loops, incident response, circuit breakers, and self-healing. Handles rate limits via distributed state checkpoints and auto-resume with exponential backoff. Requires --dangerously-skip-permissions flag. | `skills/loki-mode` |
| **marketing-ideas** | ⚪ | Provide proven marketing strategies and growth ideas for SaaS and software products, prioritized using a marketing feasibility scoring system. | `skills/marketing-ideas` |
| **marketing-psychology** | ⚪ | Apply behavioral science and mental models to marketing decisions, prioritized using a psychological leverage and feasibility scoring system. | `skills/marketing-psychology` |
| **mcp-builder** | ⚪ | Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK). | `skills/mcp-builder` |
| **Metasploit Framework** | ⚪ | This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments. | `skills/metasploit-framework` |
| **micro-saas-launcher** | ⚪ | Expert in launching small, focused SaaS products fast - the indie hacker approach to building profitable software. Covers idea validation, MVP development, pricing, launch strategies, and growing to sustainable revenue. Ship in weeks, not months. Use when: micro saas, indie hacker, small saas, side project, saas mvp. | `skills/micro-saas-launcher` |
| **mobile-design** | ⚪ | Mobile-first design and engineering doctrine for iOS and Android apps. Covers touch interaction, performance, platform conventions, offline behavior, and mobile-specific decision-making. Teaches principles and constraints, not fixed layouts. Use for React Native, Flutter, or native mobile apps. | `skills/mobile-design` |
| **mobile-games** | ⚪ | Mobile game development principles. Touch input, battery, performance, app stores. | `skills/game-development/mobile-games` |
| **moodle-external-api-development** | ⚪ | Create custom external web service APIs for Moodle LMS. Use when implementing web services for course management, user tracking, quiz operations, or custom plugin functionality. Covers parameter validation, database operations, error handling, service registration, and Moodle coding standards. | `skills/moodle-external-api-development` |
| **multi-agent-brainstorming** | ⚪ | Use this skill when a design or idea requires higher confidence, risk reduction, or formal review. This skill orchestrates a structured, sequential multi-agent design review where each agent has a strict, non-overlapping role. It prevents blind spots, false confidence, and premature convergence. | `skills/multi-agent-brainstorming` |
| **multiplayer** | ⚪ | Multiplayer game development principles. Architecture, networking, synchronization. | `skills/game-development/multiplayer` |
| **neon-postgres** | ⚪ | Expert patterns for Neon serverless Postgres, branching, connection pooling, and Prisma/Drizzle integration Use when: neon database, serverless postgres, database branching, neon postgres, postgres serverless. | `skills/neon-postgres` |
| **nestjs-expert** | ⚪ | Nest.js framework expert specializing in module architecture, dependency injection, middleware, guards, interceptors, testing with Jest/Supertest, TypeORM/Mongoose integration, and Passport.js authentication. Use PROACTIVELY for any Nest.js application issues including architecture decisions, testing strategies, performance optimization, or debugging complex dependency injection problems. If a specialized expert is a better fit, I will recommend switching and stop. | `skills/nestjs-expert` |
| **Network 101** | ⚪ | This skill should be used when the user asks to "set up a web server", "configure HTTP or HTTPS", "perform SNMP enumeration", "configure SMB shares", "test network services", or needs guidance on configuring and testing network services for penetration testing labs. | `skills/network-101` |
| **nextjs-best-practices** | ⚪ | Next.js App Router principles. Server Components, data fetching, routing patterns. | `skills/nextjs-best-practices` |
| **nextjs-supabase-auth** | ⚪ | Expert integration of Supabase Auth with Next.js App Router Use when: supabase auth next, authentication next.js, login supabase, auth middleware, protected route. | `skills/nextjs-supabase-auth` |
| **nodejs-best-practices** | ⚪ | Node.js development principles and decision-making. Framework selection, async patterns, security, and architecture. Teaches thinking, not copying. | `skills/nodejs-best-practices` |
| **nosql-expert** | ⚪ | Expert guidance for distributed NoSQL databases (Cassandra, DynamoDB). Focuses on mental models, query-first modeling, single-table design, and avoiding hot partitions in high-scale systems. | `skills/nosql-expert` |
| **notebooklm** | ⚪ | Use this skill to query your Google NotebookLM notebooks directly from Claude Code for source-grounded, citation-backed answers from Gemini. Browser automation, library management, persistent auth. Drastically reduced hallucinations through document-only responses. | `skills/notebooklm` |
| **notion-template-business** | ⚪ | Expert in building and selling Notion templates as a business - not just making templates, but building a sustainable digital product business. Covers template design, pricing, marketplaces, marketing, and scaling to real revenue. Use when: notion template, sell templates, digital product, notion business, gumroad. | `skills/notion-template-business` |
| **obsidian-clipper-template-creator** | ⚪ | Guide for creating templates for the Obsidian Web Clipper. Use when you want to create a new clipping template, understand available variables, or format clipped content. | `skills/obsidian-clipper-template-creator` |
| **onboarding-cro** | ⚪ | When the user wants to optimize post-signup onboarding, user activation, first-run experience, or time-to-value. Also use when the user mentions "onboarding flow," "activation rate," "user activation," "first-run experience," "empty states," "onboarding checklist," "aha moment," or "new user experience." For signup/registration optimization, see signup-flow-cro. For ongoing email sequences, see email-sequence. | `skills/onboarding-cro` |
| **page-cro** | ⚪ | Analyze and optimize individual pages for conversion performance. Use when the user wants to improve conversion rates, diagnose why a page is underperforming, or increase the effectiveness of marketing pages (homepage, landing pages, pricing, feature pages, or blog posts). This skill focuses on diagnosis, prioritization, and testable recommendations— not blind optimization. | `skills/page-cro` |
| **paid-ads** | ⚪ | When the user wants help with paid advertising campaigns on Google Ads, Meta (Facebook/Instagram), LinkedIn, Twitter/X, or other ad platforms. Also use when the user mentions 'PPC,' 'paid media,' 'ad copy,' 'ad creative,' 'ROAS,' 'CPA,' 'ad campaign,' 'retargeting,' or 'audience targeting.' This skill covers campaign strategy, ad creation, audience targeting, and optimization. | `skills/paid-ads` |
| **parallel-agents** | ⚪ | Multi-agent orchestration patterns. Use when multiple independent tasks can run with different domain expertise or when comprehensive analysis requires multiple perspectives. | `skills/parallel-agents` |
| **paywall-upgrade-cro** | ⚪ | When the user wants to create or optimize in-app paywalls, upgrade screens, upsell modals, or feature gates. Also use when the user mentions "paywall," "upgrade screen," "upgrade modal," "upsell," "feature gate," "convert free to paid," "freemium conversion," "trial expiration screen," "limit reached screen," "plan upgrade prompt," or "in-app pricing." Distinct from public pricing pages (see page-cro) — this skill focuses on in-product upgrade moments where the user has already experienced value. | `skills/paywall-upgrade-cro` |
| **pc-games** | ⚪ | PC and console game development principles. Engine selection, platform features, optimization strategies. | `skills/game-development/pc-games` |
| **pdf** | ⚪ | Comprehensive PDF manipulation toolkit for extracting text and tables, creating new PDFs, merging/splitting documents, and handling forms. When Claude needs to fill in a PDF form or programmatically process, generate, or analyze PDF documents at scale. | `skills/pdf-official` |
| **Pentest Checklist** | ⚪ | This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements. | `skills/pentest-checklist` |
| **Pentest Commands** | ⚪ | This skill should be used when the user asks to "run pentest commands", "scan with nmap", "use metasploit exploits", "crack passwords with hydra or john", "scan web vulnerabilities with nikto", "enumerate networks", or needs essential penetration testing command references. | `skills/pentest-commands` |
| **performance-profiling** | ⚪ | Performance profiling principles. Measurement, analysis, and optimization techniques. | `skills/performance-profiling` |
| **personal-tool-builder** | ⚪ | Expert in building custom tools that solve your own problems first. The best products often start as personal tools - scratch your own itch, build for yourself, then discover others have the same itch. Covers rapid prototyping, local-first apps, CLI tools, scripts that grow into products, and the art of dogfooding. Use when: build a tool, personal tool, scratch my itch, solve my problem, CLI tool. | `skills/personal-tool-builder` |
| **plaid-fintech** | ⚪ | Expert patterns for Plaid API integration including Link token flows, transactions sync, identity verification, Auth for ACH, balance checks, webhook handling, and fintech compliance best practices. Use when: plaid, bank account linking, bank connection, ach, account aggregation. | `skills/plaid-fintech` |
| **plan-writing** | ⚪ | Structured task planning with clear breakdowns, dependencies, and verification criteria. Use when implementing features, refactoring, or any multi-step work. | `skills/plan-writing` |
| **planning-with-files** | ⚪ | Implements Manus-style file-based planning for complex tasks. Creates task_plan.md, findings.md, and progress.md. Use when starting complex multi-step tasks, research projects, or any task requiring >5 tool calls. | `skills/planning-with-files` |
| **playwright-skill** | ⚪ | Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check responsive design, validate UX, test login flows, check links, automate any browser task. Use when user wants to test websites, automate browser interactions, validate web functionality, or perform any browser-based testing. | `skills/playwright-skill` |
| **popup-cro** | ⚪ | Create and optimize popups, modals, overlays, slide-ins, and banners to increase conversions without harming user experience or brand trust. | `skills/popup-cro` |
| **powershell-windows** | ⚪ | PowerShell Windows patterns. Critical pitfalls, operator syntax, error handling. | `skills/powershell-windows` |
| **pptx** | ⚪ | Presentation creation, editing, and analysis. When Claude needs to work with presentations (.pptx files) for: (1) Creating new presentations, (2) Modifying or editing content, (3) Working with layouts, (4) Adding comments or speaker notes, or any other presentation tasks | `skills/pptx-official` |
| **pricing-strategy** | ⚪ | Design pricing, packaging, and monetization strategies based on value, customer willingness to pay, and growth objectives. | `skills/pricing-strategy` |
| **prisma-expert** | ⚪ | Prisma ORM expert for schema design, migrations, query optimization, relations modeling, and database operations. Use PROACTIVELY for Prisma schema issues, migration problems, query performance, relation design, or database connection issues. | `skills/prisma-expert` |
| **Privilege Escalation Methods** | ⚪ | This skill should be used when the user asks to "escalate privileges", "get root access", "become administrator", "privesc techniques", "abuse sudo", "exploit SUID binaries", "Kerberoasting", "pass-the-ticket", "token impersonation", or needs guidance on post-exploitation privilege escalation for Linux or Windows systems. | `skills/privilege-escalation-methods` |
| **product-manager-toolkit** | ⚪ | Comprehensive toolkit for product managers including RICE prioritization, customer interview analysis, PRD templates, discovery frameworks, and go-to-market strategies. Use for feature prioritization, user research synthesis, requirement documentation, and product strategy development. | `skills/product-manager-toolkit` |
| **production-code-audit** | ⚪ | Autonomously deep-scan entire codebase line-by-line, understand architecture and patterns, then systematically transform it to production-grade, corporate-level professional quality with optimizations | `skills/production-code-audit` |
| **programmatic-seo** | ⚪ | Design and evaluate programmatic SEO strategies for creating SEO-driven pages at scale using templates and structured data. Use when the user mentions programmatic SEO, pages at scale, template pages, directory pages, location pages, comparison pages, integration pages, or keyword-pattern page generation. This skill focuses on feasibility, strategy, and page system design—not execution unless explicitly requested. | `skills/programmatic-seo` |
| **prompt-caching** | ⚪ | Caching strategies for LLM prompts including Anthropic prompt caching, response caching, and CAG (Cache Augmented Generation) Use when: prompt caching, cache prompt, response cache, cag, cache augmented. | `skills/prompt-caching` |
| **prompt-engineer** | ⚪ | Expert in designing effective prompts for LLM-powered applications. Masters prompt structure, context management, output formatting, and prompt evaluation. Use when: prompt engineering, system prompt, few-shot, chain of thought, prompt design. | `skills/prompt-engineer` |
| **prompt-engineering** | ⚪ | Expert guide on prompt engineering patterns, best practices, and optimization techniques. Use when user wants to improve prompts, learn prompting strategies, or debug agent behavior. | `skills/prompt-engineering` |
| **prompt-library** | ⚪ | Curated collection of high-quality prompts for various use cases. Includes role-based prompts, task-specific templates, and prompt refinement techniques. Use when user needs prompt templates, role-play prompts, or ready-to-use prompt examples for coding, writing, analysis, or creative tasks. | `skills/prompt-library` |
| **python-patterns** | ⚪ | Python development principles and decision-making. Framework selection, async patterns, type hints, project structure. Teaches thinking, not copying. | `skills/python-patterns` |
| **rag-engineer** | ⚪ | Expert in building Retrieval-Augmented Generation systems. Masters embedding models, vector databases, chunking strategies, and retrieval optimization for LLM applications. Use when: building RAG, vector search, embeddings, semantic search, document retrieval. | `skills/rag-engineer` |
| **rag-implementation** | ⚪ | Retrieval-Augmented Generation patterns including chunking, embeddings, vector stores, and retrieval optimization Use when: rag, retrieval augmented, vector search, embeddings, semantic search. | `skills/rag-implementation` |
| **react-patterns** | ⚪ | Modern React patterns and principles. Hooks, composition, performance, TypeScript best practices. | `skills/react-patterns` |
| **react-ui-patterns** | ⚪ | Modern React UI patterns for loading states, error handling, and data fetching. Use when building UI components, handling async data, or managing UI states. | `skills/react-ui-patterns` |
| **receiving-code-review** | ⚪ | Use when receiving code review feedback, before implementing suggestions, especially if feedback seems unclear or technically questionable - requires technical rigor and verification, not performative agreement or blind implementation | `skills/receiving-code-review` |
| **Red Team Tools and Methodology** | ⚪ | This skill should be used when the user asks to "follow red team methodology", "perform bug bounty hunting", "automate reconnaissance", "hunt for XSS vulnerabilities", "enumerate subdomains", or needs security researcher techniques and tool configurations from top bug bounty hunters. | `skills/red-team-tools` |
| **red-team-tactics** | ⚪ | Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting. | `skills/red-team-tactics` |
| **referral-program** | ⚪ | When the user wants to create, optimize, or analyze a referral program, affiliate program, or word-of-mouth strategy. Also use when the user mentions 'referral,' 'affiliate,' 'ambassador,' 'word of mouth,' 'viral loop,' 'refer a friend,' or 'partner program.' This skill covers program design, incentive structure, and growth optimization. | `skills/referral-program` |
| **remotion-best-practices** | ⚪ | Best practices for Remotion - Video creation in React | `skills/remotion-best-practices` |
| **requesting-code-review** | ⚪ | Use when completing tasks, implementing major features, or before merging to verify work meets requirements | `skills/requesting-code-review` |
| **research-engineer** | ⚪ | An uncompromising Academic Research Engineer. Operates with absolute scientific rigor, objective criticism, and zero flair. Focuses on theoretical correctness, formal verification, and optimal implementation across any required technology. | `skills/research-engineer` |
| **salesforce-development** | ⚪ | Expert patterns for Salesforce platform development including Lightning Web Components (LWC), Apex triggers and classes, REST/Bulk APIs, Connected Apps, and Salesforce DX with scratch orgs and 2nd generation packages (2GP). Use when: salesforce, sfdc, apex, lwc, lightning web components. | `skills/salesforce-development` |
| **schema-markup** | ⚪ | Design, validate, and optimize schema.org structured data for eligibility, correctness, and measurable SEO impact. Use when the user wants to add, fix, audit, or scale schema markup (JSON-LD) for rich results. This skill evaluates whether schema should be implemented, what types are valid, and how to deploy safely according to Google guidelines. | `skills/schema-markup` |
| **scroll-experience** | ⚪ | Expert in building immersive scroll-driven experiences - parallax storytelling, scroll animations, interactive narratives, and cinematic web experiences. Like NY Times interactives, Apple product pages, and award-winning web experiences. Makes websites feel like experiences, not just pages. Use when: scroll animation, parallax, scroll storytelling, interactive story, cinematic website. | `skills/scroll-experience` |
| **Security Scanning Tools** | ⚪ | This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detect malware", "check cloud security", or "evaluate system compliance". It provides comprehensive guidance on security scanning tools and methodologies. | `skills/scanning-tools` |
| **security-review** | ⚪ | Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns. | `skills/cc-skill-security-review` |
| **segment-cdp** | ⚪ | Expert patterns for Segment Customer Data Platform including Analytics.js, server-side tracking, tracking plans with Protocols, identity resolution, destinations configuration, and data governance best practices. Use when: segment, analytics.js, customer data platform, cdp, tracking plan. | `skills/segment-cdp` |
| **senior-architect** | ⚪ | Comprehensive software architecture skill for designing scalable, maintainable systems using ReactJS, NextJS, NodeJS, Express, React Native, Swift, Kotlin, Flutter, Postgres, GraphQL, Go, Python. Includes architecture diagram generation, system design patterns, tech stack decision frameworks, and dependency analysis. Use when designing system architecture, making technical decisions, creating architecture diagrams, evaluating trade-offs, or defining integration patterns. | `skills/senior-architect` |
| **senior-fullstack** | ⚪ | Comprehensive fullstack development skill for building complete web applications with React, Next.js, Node.js, GraphQL, and PostgreSQL. Includes project scaffolding, code quality analysis, architecture patterns, and complete tech stack guidance. Use when building new projects, analyzing code quality, implementing design patterns, or setting up development workflows. | `skills/senior-fullstack` |
| **seo-audit** | ⚪ | Diagnose and audit SEO issues affecting crawlability, indexation, rankings, and organic performance. Use when the user asks for an SEO audit, technical SEO review, ranking diagnosis, on-page SEO review, meta tag audit, or SEO health check. This skill identifies issues and prioritizes actions but does not execute changes. For large-scale page creation, use programmatic-seo. For structured data, use schema-markup. | `skills/seo-audit` |
| **seo-fundamentals** | ⚪ | Core principles of SEO including E-E-A-T, Core Web Vitals, technical foundations, content quality, and how modern search engines evaluate pages. This skill explains *why* SEO works, not how to execute specific optimizations. | `skills/seo-fundamentals` |
| **server-management** | ⚪ | Server management principles and decision-making. Process management, monitoring strategy, and scaling decisions. Teaches thinking, not commands. | `skills/server-management` |
| **Shodan Reconnaissance and Pentesting** | ⚪ | This skill should be used when the user asks to "search for exposed devices on the internet," "perform Shodan reconnaissance," "find vulnerable services using Shodan," "scan IP ranges with Shodan," or "discover IoT devices and open ports." It provides comprehensive guidance for using Shodan's search engine, CLI, and API for penetration testing reconnaissance. | `skills/shodan-reconnaissance` |
| **shopify-apps** | ⚪ | Expert patterns for Shopify app development including Remix/React Router apps, embedded apps with App Bridge, webhook handling, GraphQL Admin API, Polaris components, billing, and app extensions. Use when: shopify app, shopify, embedded app, polaris, app bridge. | `skills/shopify-apps` |
| **shopify-development** | ⚪ | Build Shopify apps, extensions, themes using GraphQL Admin API, Shopify CLI, Polaris UI, and Liquid. TRIGGER: "shopify", "shopify app", "checkout extension", "admin extension", "POS extension", "shopify theme", "liquid template", "polaris", "shopify graphql", "shopify webhook", "shopify billing", "app subscription", "metafields", "shopify functions" | `skills/shopify-development` |
| **signup-flow-cro** | ⚪ | When the user wants to optimize signup, registration, account creation, or trial activation flows. Also use when the user mentions "signup conversions," "registration friction," "signup form optimization," "free trial signup," "reduce signup dropoff," or "account creation flow." For post-signup onboarding, see onboarding-cro. For lead capture forms (not account creation), see form-cro. | `skills/signup-flow-cro` |
| **skill-creator** | ⚪ | Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations. | `skills/skill-creator` |
| **skill-developer** | ⚪ | Create and manage Claude Code skills following Anthropic best practices. Use when creating new skills, modifying skill-rules.json, understanding trigger patterns, working with hooks, debugging skill activation, or implementing progressive disclosure. Covers skill structure, YAML frontmatter, trigger types (keywords, intent patterns, file paths, content patterns), enforcement levels (block, suggest, warn), hook mechanisms (UserPromptSubmit, PreToolUse), session tracking, and the 500-line rule. | `skills/skill-developer` |
| **slack-bot-builder** | ⚪ | Build Slack apps using the Bolt framework across Python, JavaScript, and Java. Covers Block Kit for rich UIs, interactive components, slash commands, event handling, OAuth installation flows, and Workflow Builder integration. Focus on best practices for production-ready Slack apps. Use when: slack bot, slack app, bolt framework, block kit, slash command. | `skills/slack-bot-builder` |
| **slack-gif-creator** | ⚪ | Knowledge and utilities for creating animated GIFs optimized for Slack. Provides constraints, validation tools, and animation concepts. Use when users request animated GIFs for Slack like "make me a GIF of X doing Y for Slack." | `skills/slack-gif-creator` |
| **SMTP Penetration Testing** | ⚪ | This skill should be used when the user asks to "perform SMTP penetration testing", "enumerate email users", "test for open mail relays", "grab SMTP banners", "brute force email credentials", or "assess mail server security". It provides comprehensive techniques for testing SMTP server security. | `skills/smtp-penetration-testing` |
| **social-content** | ⚪ | When the user wants help creating, scheduling, or optimizing social media content for LinkedIn, Twitter/X, Instagram, TikTok, Facebook, or other platforms. Also use when the user mentions 'LinkedIn post,' 'Twitter thread,' 'social media,' 'content calendar,' 'social scheduling,' 'engagement,' or 'viral content.' This skill covers content creation, repurposing, and platform-specific strategies. | `skills/social-content` |
| **software-architecture** | ⚪ | Guide for quality focused software architecture. This skill should be used when users want to write code, design architecture, analyze code, in any case that relates to software development. | `skills/software-architecture` |
| **SQL Injection Testing** | ⚪ | This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems. | `skills/sql-injection-testing` |
| **SQLMap Database Penetration Testing** | ⚪ | This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a vulnerable database," or "perform automated database penetration testing." It provides comprehensive guidance for using SQLMap to detect and exploit SQL injection vulnerabilities. | `skills/sqlmap-database-pentesting` |
| **SSH Penetration Testing** | ⚪ | This skill should be used when the user asks to "pentest SSH services", "enumerate SSH configurations", "brute force SSH credentials", "exploit SSH vulnerabilities", "perform SSH tunneling", or "audit SSH security". It provides comprehensive SSH penetration testing methodologies and techniques. | `skills/ssh-penetration-testing` |
| **stripe-integration** | ⚪ | Get paid from day one. Payments, subscriptions, billing portal, webhooks, metered billing, Stripe Connect. The complete guide to implementing Stripe correctly, including all the edge cases that will bite you at 3am. This isn't just API calls - it's the full payment system: handling failures, managing subscriptions, dealing with dunning, and keeping revenue flowing. Use when: stripe, payments, subscription, billing, checkout. | `skills/stripe-integration` |
| **subagent-driven-development** | ⚪ | Use when executing implementation plans with independent tasks in the current session | `skills/subagent-driven-development` |
| **supabase-postgres-best-practices** | ⚪ | Postgres performance optimization and best practices from Supabase. Use this skill when writing, reviewing, or optimizing Postgres queries, schema designs, or database configurations. | `skills/postgres-best-practices` |
| **systematic-debugging** | ⚪ | Use when encountering any bug, test failure, or unexpected behavior, before proposing fixes | `skills/systematic-debugging` |
| **tailwind-patterns** | ⚪ | Tailwind CSS v4 principles. CSS-first configuration, container queries, modern patterns, design token architecture. | `skills/tailwind-patterns` |
| **tavily-web** | ⚪ | Web search, content extraction, crawling, and research capabilities using Tavily API | `skills/tavily-web` |
| **tdd-workflow** | ⚪ | Test-Driven Development workflow principles. RED-GREEN-REFACTOR cycle. | `skills/tdd-workflow` |
| **telegram-bot-builder** | ⚪ | Expert in building Telegram bots that solve real problems - from simple automation to complex AI-powered bots. Covers bot architecture, the Telegram Bot API, user experience, monetization strategies, and scaling bots to thousands of users. Use when: telegram bot, bot api, telegram automation, chat bot telegram, tg bot. | `skills/telegram-bot-builder` |
| **telegram-mini-app** | ⚪ | Expert in building Telegram Mini Apps (TWA) - web apps that run inside Telegram with native-like experience. Covers the TON ecosystem, Telegram Web App API, payments, user authentication, and building viral mini apps that monetize. Use when: telegram mini app, TWA, telegram web app, TON app, mini app. | `skills/telegram-mini-app` |
| **templates** | ⚪ | Project scaffolding templates for new applications. Use when creating new projects from scratch. Contains 12 templates for various tech stacks. | `skills/app-builder/templates` |
| **test-driven-development** | ⚪ | Use when implementing any feature or bugfix, before writing implementation code | `skills/test-driven-development` |
| **test-fixing** | ⚪ | Run tests and systematically fix all failing tests using smart error grouping. Use when user asks to fix failing tests, mentions test failures, runs test suite and failures occur, or requests to make tests pass. | `skills/test-fixing` |
| **testing-patterns** | ⚪ | Jest testing patterns, factory functions, mocking strategies, and TDD workflow. Use when writing unit tests, creating test factories, or following TDD red-green-refactor cycle. | `skills/testing-patterns` |
| **theme-factory** | ⚪ | Toolkit for styling artifacts with a theme. These artifacts can be slides, docs, reportings, HTML landing pages, etc. There are 10 pre-set themes with colors/fonts that you can apply to any artifact that has been creating, or can generate a new theme on-the-fly. | `skills/theme-factory` |
| **Top 100 Web Vulnerabilities Reference** | ⚪ | This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability definitions, root causes, impacts, and mitigation strategies across all major web security categories. | `skills/top-web-vulnerabilities` |
| **trigger-dev** | ⚪ | Trigger.dev expert for background jobs, AI workflows, and reliable async execution with excellent developer experience and TypeScript-first design. Use when: trigger.dev, trigger dev, background task, ai background job, long running task. | `skills/trigger-dev` |
| **twilio-communications** | ⚪ | Build communication features with Twilio: SMS messaging, voice calls, WhatsApp Business API, and user verification (2FA). Covers the full spectrum from simple notifications to complex IVR systems and multi-channel authentication. Critical focus on compliance, rate limits, and error handling. Use when: twilio, send SMS, text message, voice call, phone verification. | `skills/twilio-communications` |
| **typescript-expert** | ⚪ | TypeScript and JavaScript expert with deep knowledge of type-level programming, performance optimization, monorepo management, migration strategies, and modern tooling. Use PROACTIVELY for any TypeScript/JavaScript issues including complex type gymnastics, build performance, debugging, and architectural decisions. If a specialized expert is a better fit, I will recommend switching and stop. | `skills/typescript-expert` |
| **ui-ux-pro-max** | ⚪ | UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 9 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind, shadcn/ui). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient. Integrations: shadcn/ui MCP for component search and examples. | `skills/ui-ux-pro-max` |
| **upstash-qstash** | ⚪ | Upstash QStash expert for serverless message queues, scheduled jobs, and reliable HTTP-based task delivery without managing infrastructure. Use when: qstash, upstash queue, serverless cron, scheduled http, message queue serverless. | `skills/upstash-qstash` |
| **using-git-worktrees** | ⚪ | Use when starting feature work that needs isolation from current workspace or before executing implementation plans - creates isolated git worktrees with smart directory selection and safety verification | `skills/using-git-worktrees` |
| **using-superpowers** | ⚪ | Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions | `skills/using-superpowers` |
| **vercel-deployment** | ⚪ | Expert knowledge for deploying to Vercel with Next.js Use when: vercel, deploy, deployment, hosting, production. | `skills/vercel-deployment` |
| **vercel-react-best-practices** | ⚪ | React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements. | `skills/react-best-practices` |
| **verification-before-completion** | ⚪ | Use when about to claim work is complete, fixed, or passing, before committing or creating PRs - requires running verification commands and confirming output before making any success claims; evidence before assertions always | `skills/verification-before-completion` |
| **viral-generator-builder** | ⚪ | Expert in building shareable generator tools that go viral - name generators, quiz makers, avatar creators, personality tests, and calculator tools. Covers the psychology of sharing, viral mechanics, and building tools people can't resist sharing with friends. Use when: generator tool, quiz maker, name generator, avatar creator, viral tool. | `skills/viral-generator-builder` |
| **voice-agents** | ⚪ | Voice agents represent the frontier of AI interaction - humans speaking naturally with AI systems. The challenge isn't just speech recognition and synthesis, it's achieving natural conversation flow with sub-800ms latency while handling interruptions, background noise, and emotional nuance. This skill covers two architectures: speech-to-speech (OpenAI Realtime API, lowest latency, most natural) and pipeline (STT→LLM→TTS, more control, easier to debug). Key insight: latency is the constraint. Hu | `skills/voice-agents` |
| **voice-ai-development** | ⚪ | Expert in building voice AI applications - from real-time voice agents to voice-enabled apps. Covers OpenAI Realtime API, Vapi for voice agents, Deepgram for transcription, ElevenLabs for synthesis, LiveKit for real-time infrastructure, and WebRTC fundamentals. Knows how to build low-latency, production-ready voice experiences. Use when: voice ai, voice agent, speech to text, text to speech, realtime voice. | `skills/voice-ai-development` |
| **voice-ai-engine-development** | ⚪ | Build real-time conversational AI voice engines using async worker pipelines, streaming transcription, LLM agents, and TTS synthesis with interrupt handling and multi-provider support | `skills/voice-ai-engine-development` |
| **vr-ar** | ⚪ | VR/AR development principles. Comfort, interaction, performance requirements. | `skills/game-development/vr-ar` |
| **vulnerability-scanner** | ⚪ | Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization. | `skills/vulnerability-scanner` |
| **web-artifacts-builder** | ⚪ | Suite of tools for creating elaborate, multi-component claude.ai HTML artifacts using modern frontend web technologies (React, Tailwind CSS, shadcn/ui). Use for complex artifacts requiring state management, routing, or shadcn/ui components - not for simple single-file HTML/JSX artifacts. | `skills/web-artifacts-builder` |
| **web-design-guidelines** | ⚪ | Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices". | `skills/web-design-guidelines` |
| **web-games** | ⚪ | Web browser game development principles. Framework selection, WebGPU, optimization, PWA. | `skills/game-development/web-games` |
| **web-performance-optimization** | ⚪ | Optimize website and web application performance including loading speed, Core Web Vitals, bundle size, caching strategies, and runtime performance | `skills/web-performance-optimization` |
| **webapp-testing** | ⚪ | Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs. | `skills/webapp-testing` |
| **Windows Privilege Escalation** | ⚪ | This skill should be used when the user asks to "escalate privileges on Windows," "find Windows privesc vectors," "enumerate Windows for privilege escalation," "exploit Windows misconfigurations," or "perform post-exploitation privilege escalation." It provides comprehensive guidance for discovering and exploiting privilege escalation vulnerabilities in Windows environments. | `skills/windows-privilege-escalation` |
| **Wireshark Network Traffic Analysis** | ⚪ | This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "detect network anomalies", "investigate suspicious traffic", or "perform protocol analysis". It provides comprehensive techniques for network packet capture, filtering, and analysis using Wireshark. | `skills/wireshark-analysis` |
| **WordPress Penetration Testing** | ⚪ | This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies. | `skills/wordpress-penetration-testing` |
| **workflow-automation** | ⚪ | Workflow automation is the infrastructure that makes AI agents reliable. Without durable execution, a network hiccup during a 10-step payment flow means lost money and angry customers. With it, workflows resume exactly where they left off. This skill covers the platforms (n8n, Temporal, Inngest) and patterns (sequential, parallel, orchestrator-worker) that turn brittle scripts into production-grade automation. Key insight: The platforms make different tradeoffs. n8n optimizes for accessibility | `skills/workflow-automation` |
| **writing-plans** | ⚪ | Use when you have a spec or requirements for a multi-step task, before touching code | `skills/writing-plans` |
| **writing-skills** | ⚪ | Use when creating new skills, editing existing skills, or verifying skills work before deployment | `skills/writing-skills` |
| **xlsx** | ⚪ | Comprehensive spreadsheet creation, editing, and analysis with support for formulas, formatting, data analysis, and visualization. When Claude needs to work with spreadsheets (.xlsx, .xlsm, .csv, .tsv, etc) for: (1) Creating new spreadsheets with formulas and formatting, (2) Reading or analyzing data, (3) Modify existing spreadsheets while preserving formulas, (4) Data analysis and visualization in spreadsheets, or (5) Recalculating formulas | `skills/xlsx-official` |
| **zapier-make-patterns** | ⚪ | No-code automation democratizes workflow building. Zapier and Make (formerly Integromat) let non-developers automate business processes without writing code. But no-code doesn't mean no-complexity - these platforms have their own patterns, pitfalls, and breaking points. This skill covers when to use which platform, how to build reliable automations, and when to graduate to code-based solutions. Key insight: Zapier optimizes for simplicity and integrations (7000+ apps), Make optimizes for power | `skills/zapier-make-patterns` |
## Installation
@@ -309,14 +422,27 @@ Please ensure your skill follows the Antigravity/Claude Code best practices.
## Credits & Sources
We stand on the shoulders of giants.
👉 **[View the Full Attribution Ledger](docs/SOURCES.md)**
Key contributors and sources include:
- **HackTricks**
- **OWASP**
- **Anthropic / OpenAI / Google**
- **The Open Source Community**
This collection would not be possible without the incredible work of the Claude Code community and official sources:
### Official Sources
- **[anthropics/skills](https://github.com/anthropics/skills)**: Official Anthropic skills repository - Document manipulation (DOCX, PDF, PPTX, XLSX), Brand Guidelines, Internal Communications.
- **[anthropics/claude-cookbooks](https://github.com/anthropics/claude-cookbooks)**: Official notebooks and recipes for building with Claude.
- **[remotion-dev/skills](https://github.com/remotion-dev/skills)**: Official Remotion skills - Video creation in React with 28 modular rules.
- **[vercel-labs/agent-skills](https://github.com/vercel-labs/agent-skills)**: Vercel Labs official skills - React Best Practices, Web Design Guidelines.
- **[openai/skills](https://github.com/openai/skills)**: OpenAI Codex skills catalog - Agent skills, Skill Creator, Concise Planning.
- **[supabase/agent-skills](https://github.com/supabase/agent-skills)**: Supabase official skills - Postgres Best Practices.
### Community Contributors
@@ -331,6 +457,10 @@ This collection would not be possible without the incredible work of the Claude
- **[zircote/.claude](https://github.com/zircote/.claude)**: Shopify development skill reference.
- **[vibeforge1111/vibeship-spawner-skills](https://github.com/vibeforge1111/vibeship-spawner-skills)**: AI Agents, Integrations, Maker Tools (57 skills, Apache 2.0).
- **[coreyhaines31/marketingskills](https://github.com/coreyhaines31/marketingskills)**: Marketing skills for CRO, copywriting, SEO, paid ads, and growth (23 skills, MIT).
- **[vudovn/antigravity-kit](https://github.com/vudovn/antigravity-kit)**: AI Agent templates with Skills, Agents, and Workflows (33 skills, MIT).
- **[affaan-m/everything-claude-code](https://github.com/affaan-m/everything-claude-code)**: Complete Claude Code configuration collection from Anthropic hackathon winner - skills only (8 skills, MIT).
- **[webzler/agentMemory](https://github.com/webzler/agentMemory)**: Source for the agent-memory-mcp skill.
- **[sstklen/claude-api-cost-optimization](https://github.com/sstklen/claude-api-cost-optimization)**: Save 50-90% on Claude API costs with smart optimization strategies (MIT).
### Inspirations
@@ -343,13 +473,16 @@ This collection would not be possible without the incredible work of the Claude
MIT License. See [LICENSE](LICENSE) for details.
---
## Community
**Keywords**: Claude Code, Gemini CLI, Codex CLI, Antigravity IDE, GitHub Copilot, Cursor, OpenCode, Agentic Skills, AI Coding Assistant, AI Agent Skills, MCP, MCT, AI Agents, Autonomous Coding, Security Auditing, React Patterns, LLM Tools, AI IDE, Coding AI, AI Pair Programming, Vibe Coding, Agentic Coding, AI Developer Tools.
- [Community Guidelines](docs/COMMUNITY_GUIDELINES.md)
- [Security Policy](docs/SECURITY_GUARDRAILS.md)
---
## 🏷️ GitHub Topics
---
## GitHub Topics
For repository maintainers, add these topics to maximize discoverability:
@@ -357,6 +490,38 @@ For repository maintainers, add these topics to maximize discoverability:
claude-code, gemini-cli, codex-cli, antigravity, cursor, github-copilot, opencode,
agentic-skills, ai-coding, llm-tools, ai-agents, autonomous-coding, mcp,
ai-developer-tools, ai-pair-programming, vibe-coding, skill, skills, SKILL.md, rules.md, CLAUDE.md, GEMINI.md, CURSOR.md
claude-code, gemini-cli, codex-cli, antigravity, cursor, github-copilot, opencode,
agentic-skills, ai-coding, llm-tools, ai-agents, autonomous-coding, mcp
```
---
## Repo Contributors
We officially thank the following contributors for their help in making this repository awesome!
- [sck_0](https://github.com/sck_0)
- [Munir Abbasi](https://github.com/munirabbasi)
- [Mohammad Faiz](https://github.com/mohdfaiz2k9)
- [Ianj332](https://github.com/Ianj332)
- [sickn33](https://github.com/sickn33)
- [GuppyTheCat](https://github.com/GuppyTheCat)
- [Tiger-Foxx](https://github.com/Tiger-Foxx)
- [arathiesh](https://github.com/arathiesh)
- [1bcMax](https://github.com/1bcMax)
- [Ahmed Rehan](https://github.com/ar27111994)
- [BenedictKing](https://github.com/BenedictKing)
- [Nguyen Huu Loc](https://github.com/LocNguyenSGU)
- [Owen Wu](https://github.com/yubing744)
- [SuperJMN](https://github.com/SuperJMN)
- [Viktor Ferenczi](https://github.com/viktor-ferenczi)
- [krisnasantosa15](https://github.com/krisnasantosa15)
- [raeef1001](https://github.com/raeef1001)
- [taksrules](https://github.com/taksrules)
- [zebbern](https://github.com/zebbern)
- [Đỗ Khắc Gia Khoa](https://github.com/dokhacgiakhoa)
- [vuth-dogo](https://github.com/vuth-dogo)
- [mvanhorn](https://github.com/mvanhorn)
- [rookie-ricardo](https://github.com/rookie-ricardo)
## Star History
[![Star History Chart](https://api.star-history.com/svg?repos=sickn33/antigravity-awesome-skills&type=date&legend=top-left)](https://www.star-history.com/#sickn33/antigravity-awesome-skills&type=date&legend=top-left)

38
RELEASE_NOTES.md Normal file
View File

@@ -0,0 +1,38 @@
# Release v3.5.0: Community & Clarity
> **Expanding the ecosystem with new community contributions and improved accessibility.**
This release welcomes new community contributors and improves documentation accessibility with English translations for key skills.
## 🚀 New Skills
### [infinite-gratitude](https://github.com/sstklen/infinite-gratitude)
**Multi-agent research skill**
Parallel research execution with 10 agents, battle-tested with real case studies.
- **Added to**: Community Contributors
### [claude-api-cost-optimization](https://github.com/sstklen/claude-api-cost-optimization)
**Cost Optimization Strategies**
Practical strategies to save 50-90% on Claude API costs.
- **Added to**: Community Contributors
## 📦 Improvements
- **Localization**: Translated `daily-news-report` description to English.
- **Registry Update**: Now tracking **256** skills.
- **Documentation**: Synced contributors and skill counts across all docs.
## 👥 Credits
A huge shoutout to our community contributors:
- **@sstklen** for `infinite-gratitude` and `claude-api-cost-optimization`
- **@rookie-ricardo** for `daily-news-report`
---
_Upgrade now: `git pull origin main` to fetch the latest skills._

19
SECURITY.md Normal file
View File

@@ -0,0 +1,19 @@
# Security Policy
## Supported Versions
We track the `main` branch.
## Reporting a Vulnerability
**DO NOT** open a public Issue for security exploits.
If you find a security vulnerability (e.g., a skill that bypasses the "Authorized Use Only" check or executes malicious code without warning):
1. Email: `security@antigravity.dev` (Placeholder)
2. Or open a **Private Advisory** on this repository.
## Offensive Skills Policy
Please read our [Security Guardrails](docs/SECURITY_GUARDRAILS.md).
All offensive skills are strictly for **authorized educational and professional use only**.

BIN
assets/star-history.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 50 KiB

124
docs/BUNDLES.md Normal file
View File

@@ -0,0 +1,124 @@
# 📦 Antigravity Skill Bundles
Don't know where to start? Pick a bundle below to get a curated set of skills for your role.
## 🚀 The "Essentials" Starter Pack
_For everyone. Install these first._
- `concise-planning`: Always start with a plan.
- `lint-and-validate`: Keep your code clean automatically.
- `git-pushing`: Save your work safely.
- `kaizen`: Continuous improvement mindset.
## 🛡️ The "Security Engineer" Pack
_For pentesting, auditing, and hardening._
- `ethical-hacking-methodology`: The Bible of ethical hacking.
- `burp-suite-testing`: Web vulnerability scanning.
- `owasp-top-10`: Check for the most common flaws.
- `linux-privilege-escalation`: Advanced Linux security assessment.
- `cloud-penetration-testing`: AWS/Azure/GCP security.
## 🌐 The "Web Wizard" Pack
_For building modern, high-performance web apps._
- `frontend-design`: UI guidelines and aesthetics.
- `react-patterns`: Best practices for React (if available).
- `tailwind-mastery`: Styling superpowers.
- `form-cro`: Optimize your forms for conversion.
- `seo-audit`: Get found on Google.
## 🤖 The "Agent Architect" Pack
_For building AI systems._
- `agent-evaluation`: Test your agents.
- `langgraph`: Build stateful agent workflows.
- `mcp-builder`: Create your own tools.
- `prompt-engineering`: Master the art of talking to LLMs.
## 🎮 The "Indie Game Dev" Pack
_For building games with AI assistants._
- `game-development/game-design`: Mechanics and loops.
- `game-development/2d-games`: Sprites and physics.
- `game-development/3d-games`: Models and shaders.
- `game-development/unity-csharp`: C# scripting mastery.
- `algorithmic-art`: Generate assets with code.
## 🐍 The "Python Pro" Pack
_For backend heavyweights and data scientists._
- `python-patterns`: Idiomatic Python code.
- `poetry-manager`: Dependency management that works.
- `pytest-mastery`: Testing frameworks.
- `fastapi-expert`: High-performance APIs.
- `django-guide`: The battery-included framework.
## 🦄 The "Startup Founder" Pack
_For building products, not just code._
- `product-requirements-doc`: Define what to build.
- `competitor-analysis`: Know who you are fighting.
- `pitch-deck-creator`: Raise capital (or just explain your idea).
- `landing-page-copy`: Write words that sell.
- `stripe-integration`: Get paid.
## 🌧️ The "DevOps & Cloud" Pack
_For infrastructure and scaling._
- `docker-expert`: Master containers and multi-stage builds.
- `aws-serverless`: Go serverless on AWS (Lambda, DynamoDB).
- `environment-setup-guide`: Standardization for teams.
- `deployment-procedures`: Safe rollout strategies.
- `bash-linux`: Terminal wizardry.
## 📊 The "Data & Analytics" Pack
_For making sense of the numbers._
- `analytics-tracking`: Set up GA4/PostHog correctly.
- `d3-viz`: Beautiful custom visualizations.
- `sql-mastery`: Write better queries (Community skill).
- `ab-test-setup`: Validated learning.
## 🎨 The "Creative Director" Pack
_For visuals, content, and branding._
- `canvas-design`: Generate posters and diagrams.
- `frontend-design`: UI aesthetics.
- `content-creator`: SEO-optimized blog posts.
- `copy-editing`: Polish your prose.
- `algorithmic-art`: Code-generated masterpieces.
## 🐞 The "QA & Testing" Pack
_For breaking things before users do._
- `test-driven-development`: Red, Green, Refactor.
- `systematic-debugging`: Sherlock Holmes for code.
- `browser-automation`: End-to-end testing with Playwright.
- `ab-test-setup`: Validated experiments.
- `code-review-checklist`: Catch bugs in PRs.
## 🖌️ The "Web Designer" Pack
_For pixel-perfect experiences._
- `ui-ux-pro-max`: Premium design systems/tokens.
- `frontend-design`: The base layer of aesthetics.
- `3d-web-experience`: Three.js & R3F magic.
- `canvas-design`: Static visuals/posters.
- `responsive-layout`: Mobile-first principles.
---
_To use a bundle, simply copy the skill names into your `.agent/skills` folder or use them with your agent._

39
docs/CI_DRIFT_FIX.md Normal file
View File

@@ -0,0 +1,39 @@
# CI Drift Fix Guide
**Problem**: The failing job is caused by uncommitted changes detected in `README.md` or `skills_index.json` after the update scripts run.
**Error**:
```
❌ Detected uncommitted changes in README.md or skills_index.json. Please run scripts locally and commit.
```
**Cause**:
Scripts like `scripts/generate_index.py` and `scripts/update_readme.py` modify `README.md` and `skills_index.json`, but the workflow expects these files to have no changes after the scripts are run. Any differences mean the committed repo is out-of-sync with what the generation scripts produce.
**How to Fix (DO THIS EVERY TIME):**
1. Run the **FULL Validation Chain** locally to regenerate `README.md` e `skills_index.json`:
```bash
python3 scripts/validate_skills.py
python3 scripts/generate_index.py
python3 scripts/update_readme.py
```
2. Check for changes:
```bash
git status
git diff
```
3. Commit and push any updates:
```bash
git add README.md skills_index.json
git commit -m "chore: sync generated registry files"
git push
```
**Summary**:
Always commit and push all changes produced by the registry or readme update scripts. This keeps the CI workflow passing by ensuring the repository and generated files are synced.

33
docs/COMMUNITY_GUIDELINES.md Normal file
View File

@@ -0,0 +1,33 @@
# Code of Conduct
## Our Pledge
In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone.
## Our Standards
Examples of behavior that contributes to creating a positive environment include:
- Using welcoming and inclusive language
- Being respectful of differing viewpoints and experiences
- Gracefully accepting constructive criticism
- Focusing on what is best for the community
- Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
- The use of sexualized language or imagery and unwelcome sexual attention or advances
- Trolling, insulting/derogatory comments, and personal or political attacks
- Public or private harassment
- Publishing others' private information without explicit permission
- Other conduct which could reasonably be considered inappropriate in a professional setting
## Enforcement
Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.1.
[homepage]: https://www.contributor-covenant.org

56
docs/EXAMPLES.md Normal file
View File

@@ -0,0 +1,56 @@
# 🧪 Real-World Examples ("The Antigravity Cookbook")
Skills are powerful on their own, but unstoppable when combined.
Here are three common scenarios and how to solve them using this repository.
## 🥘 Recipe 1: The "Legacy Code Audit"
_Scenario: You just inherited a messy 5-year-old Node.js repo. You need to fix it safely._
**Skills Used:**
1. `concise-planning` (To map the chaos)
2. `lint-and-validate` (To find the bugs)
3. `security-audit` (To find the holes)
**The Workflow:**
1. **Plan**: "Agent, use `concise-planning` to create a checklist for refactoring `src/legacy-api.js`."
2. **Audit**: "Run `security-audit` on the `package.json` to find vulnerable dependencies."
3. **Fix**: "Use `lint-and-validate` rules to auto-fix the formatting issues in `src/`."
---
## 🥘 Recipe 2: The "Modern Web App"
_Scenario: You need to build a high-performance Landing Page in 2 hours._
**Skills Used:**
1. `frontend-design` (For aesthetics)
2. `react-patterns` (For structure)
3. `tailwind-mastery` (For speed)
**The Workflow:**
1. **Design**: "Use `frontend-design` to generate a color palette and typography for a 'Cyberpunk Coffee Shop'."
2. **Scaffold**: "Initialize a Vite project. Then apply `react-patterns` to create the 'Hero' component."
3. **Style**: "Use `tailwind-mastery` to make the buttons glassmorphic and responsive."
---
## 🥘 Recipe 3: The "Agent Architect"
_Scenario: You want to build a custom AI agent that can verify its own code._
**Skills Used:**
1. `mcp-builder` (To build tools)
2. `agent-evaluation` (To test reliability)
3. `prompt-engineering` (To refine instructions)
**The Workflow:**
1. **Build**: "Use `mcp-builder` to create a `verify-file` tool."
2. **Instruct**: "Apply `prompt-engineering` patterns to the System Prompt so the agent always checks file paths."
3. **Test**: "Run `agent-evaluation` to benchmark how often the agent fails to find the file."

64
docs/QUALITY_BAR.md Normal file
View File

@@ -0,0 +1,64 @@
# 🏆 Quality Bar & Validation Standards
To transform **Antigravity Awesome Skills** from a collection of scripts into a trusted platform, every skill must meet a specific standard of quality and safety.
## The "Validated" Badge ✅
A skill earns the "Validated" badge only if it passes these **5 automated checks**:
### 1. Metadata Integrity
The `SKILL.md` frontmatter must be valid YAML and contain:
- `name`: Kebab-case, matches folder name.
- `description`: Under 200 chars, clear value prop.
- `risk`: One of `[none, safe, critical, offensive]`.
- `source`: URL to original source (or "self" if original).
### 2. Clear Triggers ("When to use")
The skill MUST have a section explicitly stating when to trigger it.
- **Good**: "Use when the user asks to debug a React component."
- **Bad**: "This skill helps you with code."
### 3. Safety & Risk Classification
Every skill must declare its risk level:
- 🟢 **none**: Pure text/reasoning (e.g., Brainstorming).
- 🔵 **safe**: Reads files, runs safe commands (e.g., Linter).
- 🟠 **critical**: Modifies state, deletes files, pushes to prod (e.g., Git Push).
- 🔴 **offensive**: Pentesting/Red Team tools. **MUST** have "Authorized Use Only" warning.
### 4. Copy-Pasteable Examples
At least one code block or interaction example that a user (or agent) can immediately use.
### 5. Explicit Limitations
A list of known edge cases or things the skill _cannot_ do.
- _Example_: "Does not work on Windows without WSL."
---
## Support Levels
We also categorize skills by who maintains them:
| Level | Badge | Meaning |
| :------------ | :---- | :-------------------------------------------------- |
| **Official** | 🟣 | Maintained by the core team. High reliability. |
| **Community** | ⚪ | Contributed by the ecosystem. Best effort support. |
| **Verified** | ✨ | Community skill that has passed deep manual review. |
---
## How to Validate Your Skill
Run the validator script before submitting a PR:
```bash
python3 scripts/validate_skills.py --strict
```

51
docs/SECURITY_GUARDRAILS.md Normal file
View File

@@ -0,0 +1,51 @@
# 🛡️ Security Guardrails & Policy
Antigravity Awesome Skills is a powerful toolkit. With great power comes great responsibility. This document defines the **Rules of Engagement** for all security and offensive capabilities in this repository.
## 🔴 Offensive Skills Policy (The "Red Line")
**What is an Offensive Skill?**
Any skill designed to penetrate, exploit, disrupt, or simulate attacks against systems.
_Examples: Pentesting, SQL Injection, Phishing Simulation, Red Teaming._
### 1. The "Authorized Use Only" Disclaimer
Every offensive skill **MUST** begin with this exact disclaimer in its `SKILL.md`:
> **⚠️ AUTHORIZED USE ONLY**
> This skill is for educational purposes or authorized security assessments only.
> You must have explicit, written permission from the system owner before using this tool.
> Misuse of this tool is illegal and strictly prohibited.
### 2. Mandatory User Confirmation
Offensive skills must **NEVER** run fully autonomously.
- **Requirement**: The skill description/instructions must explicitly tell the agent to _ask for user confirmation_ before executing any exploit or attack command.
- **Agent Instruction**: "Ask the user to verify the target URL/IP before running."
### 3. Safe by Design
- **No Weaponized Payloads**: Skills should not include active malware, ransomware, or non-educational exploits.
- **Sandbox Recommended**: Instructions should recommend running in a contained environment (Docker/VM).
---
## 🔵 Defensive Skills Policy
**What is a Defensive Skill?**
Tools for hardening, auditing, monitoring, or protecting systems.
_Examples: Linting, Log Analysis, Configuration Auditing._
- **Data Privacy**: Defensive skills must not upload data to 3rd party servers without explicit user consent.
- **Non-Destructive**: Audits should be read-only by default.
---
## ⚖️ Legal Disclaimer
By using this repository, you agree that:
1. You are responsible for your own actions.
2. The authors and contributors are not liable for any damage caused by these tools.
3. You will comply with all local, state, and federal laws regarding cybersecurity.

605
docs/SKILL_ANATOMY.md Normal file
View File

@@ -0,0 +1,605 @@
# Anatomy of a Skill - Understanding the Structure
**Want to understand how skills work under the hood?** This guide breaks down every part of a skill file.
---
## 📁 Basic Folder Structure
```
skills/
└── my-skill-name/
├── SKILL.md ← Required: The main skill definition
├── examples/ ← Optional: Example files
│ ├── example1.js
│ └── example2.py
├── scripts/ ← Optional: Helper scripts
│ └── helper.sh
├── templates/ ← Optional: Code templates
│ └── template.tsx
├── references/ ← Optional: Reference documentation
│ └── api-docs.md
└── README.md ← Optional: Additional documentation
```
**Key Rule:** Only `SKILL.md` is required. Everything else is optional!
---
## SKILL.md Structure
Every `SKILL.md` file has two main parts:
### 1. Frontmatter (Metadata)
### 2. Content (Instructions)
Let's break down each part:
---
## Part 1: Frontmatter
The frontmatter is at the very top, wrapped in `---`:
```markdown
---
name: my-skill-name
description: "Brief description of what this skill does"
---
```
### Required Fields
#### `name`
- **What it is:** The skill's identifier
- **Format:** lowercase-with-hyphens
- **Must match:** The folder name exactly
- **Example:** `stripe-integration`
#### `description`
- **What it is:** One-sentence summary
- **Format:** String in quotes
- **Length:** Keep it under 150 characters
- **Example:** `"Stripe payment integration patterns including checkout, subscriptions, and webhooks"`
### Optional Fields
Some skills include additional metadata:
```markdown
---
name: my-skill-name
description: "Brief description"
risk: "safe" # safe | risk | official
source: "community"
tags: ["react", "typescript"]
---
```
---
## Part 2: Content
After the frontmatter comes the actual skill content. Here's the recommended structure:
### Recommended Sections
#### 1. Title (H1)
```markdown
# Skill Title
```
- Use a clear, descriptive title
- Usually matches or expands on the skill name
#### 2. Overview
```markdown
## Overview
A brief explanation of what this skill does and why it exists.
2-4 sentences is perfect.
```
#### 3. When to Use
```markdown
## When to Use This Skill
- Use when you need to [scenario 1]
- Use when working with [scenario 2]
- Use when the user asks about [scenario 3]
```
**Why this matters:** Helps the AI know when to activate this skill
#### 4. Core Instructions
```markdown
## How It Works
### Step 1: [Action]
Detailed instructions...
### Step 2: [Action]
More instructions...
```
**This is the heart of your skill** - clear, actionable steps
#### 5. Examples
```markdown
## Examples
### Example 1: [Use Case]
\`\`\`javascript
// Example code
\`\`\`
### Example 2: [Another Use Case]
\`\`\`javascript
// More code
\`\`\`
```
**Why examples matter:** They show the AI exactly what good output looks like
#### 6. Best Practices
```markdown
## Best Practices
- ✅ Do this
- ✅ Also do this
- ❌ Don't do this
- ❌ Avoid this
```
#### 7. Common Pitfalls
```markdown
## Common Pitfalls
- **Problem:** Description
**Solution:** How to fix it
```
#### 8. Related Skills
```markdown
## Related Skills
- `@other-skill` - When to use this instead
- `@complementary-skill` - How this works together
```
---
## Writing Effective Instructions
### Use Clear, Direct Language
**❌ Bad:**
```markdown
You might want to consider possibly checking if the user has authentication.
```
**✅ Good:**
```markdown
Check if the user is authenticated before proceeding.
```
### Use Action Verbs
**❌ Bad:**
```markdown
The file should be created...
```
**✅ Good:**
```markdown
Create the file...
```
### Be Specific
**❌ Bad:**
```markdown
Set up the database properly.
```
**✅ Good:**
```markdown
1. Create a PostgreSQL database
2. Run migrations: `npm run migrate`
3. Seed initial data: `npm run seed`
```
---
## Optional Components
### Scripts Directory
If your skill needs helper scripts:
```
scripts/
├── setup.sh ← Setup automation
├── validate.py ← Validation tools
└── generate.js ← Code generators
```
**Reference them in SKILL.md:**
```markdown
Run the setup script:
\`\`\`bash
bash scripts/setup.sh
\`\`\`
```
### Examples Directory
Real-world examples that demonstrate the skill:
```
examples/
├── basic-usage.js
├── advanced-pattern.ts
└── full-implementation/
├── index.js
└── config.json
```
### Templates Directory
Reusable code templates:
```
templates/
├── component.tsx
├── test.spec.ts
└── config.json
```
**Reference in SKILL.md:**
```markdown
Use this template as a starting point:
\`\`\`typescript
{{#include templates/component.tsx}}
\`\`\`
```
### References Directory
External documentation or API references:
```
references/
├── api-docs.md
├── best-practices.md
└── troubleshooting.md
```
---
## Skill Size Guidelines
### Minimum Viable Skill
- **Frontmatter:** name + description
- **Content:** 100-200 words
- **Sections:** Overview + Instructions
### Standard Skill
- **Frontmatter:** name + description
- **Content:** 300-800 words
- **Sections:** Overview + When to Use + Instructions + Examples
### Comprehensive Skill
- **Frontmatter:** name + description + optional fields
- **Content:** 800-2000 words
- **Sections:** All recommended sections
- **Extras:** Scripts, examples, templates
**Rule of thumb:** Start small, expand based on feedback
---
## Formatting Best Practices
### Use Markdown Effectively
#### Code Blocks
Always specify the language:
```markdown
\`\`\`javascript
const example = "code";
\`\`\`
```
#### Lists
Use consistent formatting:
```markdown
- Item 1
- Item 2
- Sub-item 2.1
- Sub-item 2.2
```
#### Emphasis
- **Bold** for important terms: `**important**`
- _Italic_ for emphasis: `*emphasis*`
- `Code` for commands/code: `` `code` ``
#### Links
```markdown
[Link text](https://example.com)
```
---
## ✅ Quality Checklist
Before finalizing your skill:
### Content Quality
- [ ] Instructions are clear and actionable
- [ ] Examples are realistic and helpful
- [ ] No typos or grammar errors
- [ ] Technical accuracy verified
### Structure
- [ ] Frontmatter is valid YAML
- [ ] Name matches folder name
- [ ] Sections are logically organized
- [ ] Headings follow hierarchy (H1 → H2 → H3)
### Completeness
- [ ] Overview explains the "why"
- [ ] Instructions explain the "how"
- [ ] Examples show the "what"
- [ ] Edge cases are addressed
### Usability
- [ ] A beginner could follow this
- [ ] An expert would find it useful
- [ ] The AI can parse it correctly
- [ ] It solves a real problem
---
## 🔍 Real-World Example Analysis
Let's analyze a real skill: `brainstorming`
```markdown
---
name: brainstorming
description: "You MUST use this before any creative work..."
---
```
**Analysis:**
- ✅ Clear name
- ✅ Strong description with urgency ("MUST use")
- ✅ Explains when to use it
```markdown
# Brainstorming Ideas Into Designs
## Overview
Help turn ideas into fully formed designs...
```
**Analysis:**
- ✅ Clear title
- ✅ Concise overview
- ✅ Explains the value proposition
```markdown
## The Process
**Understanding the idea:**
- Check out the current project state first
- Ask questions one at a time
```
**Analysis:**
- ✅ Broken into clear phases
- ✅ Specific, actionable steps
- ✅ Easy to follow
---
## Advanced Patterns
### Conditional Logic
```markdown
## Instructions
If the user is working with React:
- Use functional components
- Prefer hooks over class components
If the user is working with Vue:
- Use Composition API
- Follow Vue 3 patterns
```
### Progressive Disclosure
```markdown
## Basic Usage
[Simple instructions for common cases]
## Advanced Usage
[Complex patterns for power users]
```
### Cross-References
```markdown
## Related Workflows
1. First, use `@brainstorming` to design
2. Then, use `@writing-plans` to plan
3. Finally, use `@test-driven-development` to implement
```
---
## Skill Effectiveness Metrics
How to know if your skill is good:
### Clarity Test
- Can someone unfamiliar with the topic follow it?
- Are there any ambiguous instructions?
### Completeness Test
- Does it cover the happy path?
- Does it handle edge cases?
- Are error scenarios addressed?
### Usefulness Test
- Does it solve a real problem?
- Would you use this yourself?
- Does it save time or improve quality?
---
## Learning from Existing Skills
### Study These Examples
**For Beginners:**
- `skills/brainstorming/SKILL.md` - Clear structure
- `skills/git-pushing/SKILL.md` - Simple and focused
- `skills/copywriting/SKILL.md` - Good examples
**For Advanced:**
- `skills/systematic-debugging/SKILL.md` - Comprehensive
- `skills/react-best-practices/SKILL.md` - Multiple files
- `skills/loki-mode/SKILL.md` - Complex workflows
---
## 💡 Pro Tips
1. **Start with the "When to Use" section** - This clarifies the skill's purpose
2. **Write examples first** - They help you understand what you're teaching
3. **Test with an AI** - See if it actually works before submitting
4. **Get feedback** - Ask others to review your skill
5. **Iterate** - Skills improve over time based on usage
---
## Common Mistakes to Avoid
### ❌ Mistake 1: Too Vague
```markdown
## Instructions
Make the code better.
```
**✅ Fix:**
```markdown
## Instructions
1. Extract repeated logic into functions
2. Add error handling for edge cases
3. Write unit tests for core functionality
```
### ❌ Mistake 2: Too Complex
```markdown
## Instructions
[5000 words of dense technical jargon]
```
**✅ Fix:**
Break into multiple skills or use progressive disclosure
### ❌ Mistake 3: No Examples
```markdown
## Instructions
[Instructions without any code examples]
```
**✅ Fix:**
Add at least 2-3 realistic examples
### ❌ Mistake 4: Outdated Information
```markdown
Use React class components...
```
**✅ Fix:**
Keep skills updated with current best practices
---
## 🎯 Next Steps
1. **Read 3-5 existing skills** to see different styles
2. **Try the skill template** from CONTRIBUTING.md
3. **Create a simple skill** for something you know well
4. **Test it** with your AI assistant
5. **Share it** via Pull Request
---
**Remember:** Every expert was once a beginner. Start simple, learn from feedback, and improve over time! 🚀

21
docs/SOURCES.md Normal file
View File

@@ -0,0 +1,21 @@
# 📜 Sources & Attributions
We believe in giving credit where credit is due.
If you recognize your work here and it is not properly attributed, please open an Issue.
| Skill / Category | Original Source | License | Notes |
| :-------------------------- | :----------------------------------------------------- | :------------- | :---------------------------- |
| `cloud-penetration-testing` | [HackTricks](https://book.hacktricks.xyz/) | MIT / CC-BY-SA | Adapted for agentic use. |
| `active-directory-attacks` | [HackTricks](https://book.hacktricks.xyz/) | MIT / CC-BY-SA | Adapted for agentic use. |
| `owasp-top-10` | [OWASP](https://owasp.org/) | CC-BY-SA | Methodology adapted. |
| `burp-suite-testing` | [PortSwigger](https://portswigger.net/burp) | N/A | Usage guide only (no binary). |
| `crewai` | [CrewAI](https://github.com/joaomdmoura/crewAI) | MIT | Framework guides. |
| `langgraph` | [LangGraph](https://github.com/langchain-ai/langgraph) | MIT | Framework guides. |
| `react-patterns` | [React Docs](https://react.dev/) | CC-BY | Official patterns. |
| **All Official Skills** | [Anthropic / Google / OpenAI] | Proprietary | Usage encouraged by vendors. |
## License Policy
- **Code**: All original code in this repository is **MIT**.
- **Content**: Documentation is **CC-BY-4.0**.
- **Third Party**: We respect the upstream licenses. If an imported skill is GPL, it will be marked clearly or excluded (we aim for MIT/Apache compatibility).

512
docs/VISUAL_GUIDE.md Normal file
View File

@@ -0,0 +1,512 @@
# Visual Quick Start Guide
**Learn by seeing!** This guide uses diagrams and visual examples to help you understand skills.
---
## The Big Picture
```
┌─────────────────────────────────────────────────────────────┐
│ YOU (Developer) │
│ ↓ │
│ "Help me build a payment system" │
│ ↓ │
├─────────────────────────────────────────────────────────────┤
│ AI ASSISTANT │
│ ↓ │
│ Loads @stripe-integration skill │
│ ↓ │
│ Becomes an expert in Stripe payments │
│ ↓ │
│ Provides specialized help with code examples │
└─────────────────────────────────────────────────────────────┘
```
---
## 📦 Repository Structure (Visual)
```
antigravity-awesome-skills/
├── 📄 README.md ← Overview & skill list
├── 📄 GETTING_STARTED.md ← Start here! (NEW)
├── 📄 CONTRIBUTING.md ← How to contribute
├── 📄 FAQ.md ← Troubleshooting
├── 📁 skills/ ← All 250+ skills live here
│ │
│ ├── 📁 brainstorming/
│ │ └── 📄 SKILL.md ← Skill definition
│ │
│ ├── 📁 stripe-integration/
│ │ ├── 📄 SKILL.md
│ │ └── 📁 examples/ ← Optional extras
│ │
│ └── ... (250+ more skills)
├── 📁 scripts/ ← Validation & management
│ ├── validate_skills.py ← Quality Bar Enforcer
│ └── generate_index.py ← Registry Generator
├── 📁 .github/
│ └── 📄 MAINTENANCE.md ← Maintainers Guide
└── 📁 docs/ ← Documentation
├── 📄 BUNDLES.md ← Starter Packs (NEW)
├── 📄 QUALITY_BAR.md ← Quality Standards
├── 📄 SKILL_ANATOMY.md ← How skills work
└── 📄 VISUAL_GUIDE.md ← This file!
```
---
## How Skills Work (Flow Diagram)
```
┌──────────────┐
│ 1. INSTALL │ Copy skills to .agent/skills/
└──────┬───────┘
┌──────────────┐
│ 2. INVOKE │ Type: @skill-name in AI chat
└──────┬───────┘
┌──────────────┐
│ 3. LOAD │ AI reads SKILL.md file
└──────┬───────┘
┌──────────────┐
│ 4. EXECUTE │ AI follows skill instructions
└──────┬───────┘
┌──────────────┐
│ 5. RESULT │ You get specialized help!
└──────────────┘
```
---
## 🎯 Skill Categories (Visual Map)
```
┌─────────────────────────┐
│ 250+ AWESOME SKILLS │
└────────────┬────────────┘
┌────────────────────────┼────────────────────────┐
│ │ │
┌────▼────┐ ┌──────▼──────┐ ┌──────▼──────┐
│ CREATIVE│ │ DEVELOPMENT │ │ SECURITY │
│ (10) │ │ (25) │ │ (50) │
└────┬────┘ └──────┬──────┘ └──────┬──────┘
│ │ │
• UI/UX Design • TDD • Ethical Hacking
• Canvas Art • Debugging • Metasploit
• Themes • React Patterns • Burp Suite
• SQLMap
│ │ │
└────────────────────────┼────────────────────────┘
┌────────────────────────┼────────────────────────┐
│ │ │
┌────▼────┐ ┌──────▼──────┐ ┌──────▼──────┐
│ AI │ │ DOCUMENTS │ │ MARKETING │
│ (30) │ │ (4) │ │ (23) │
└────┬────┘ └──────┬──────┘ └──────┬──────┘
│ │ │
• RAG Systems • DOCX • SEO
• LangGraph • PDF • Copywriting
• Prompt Eng. • PPTX • CRO
• Voice Agents • XLSX • Paid Ads
```
---
## Skill File Anatomy (Visual)
````
┌─────────────────────────────────────────────────────────┐
│ SKILL.md │
├─────────────────────────────────────────────────────────┤
│ │
│ ┌───────────────────────────────────────────────┐ │
│ │ FRONTMATTER (Metadata) │ │
│ │ ───────────────────────────────────────────── │ │
│ │ --- │ │
│ │ name: my-skill │ │
│ │ description: "What this skill does" │ │
│ │ --- │ │
│ └───────────────────────────────────────────────┘ │
│ │
│ ┌───────────────────────────────────────────────┐ │
│ │ CONTENT (Instructions) │ │
│ │ ───────────────────────────────────────────── │ │
│ │ │ │
│ │ # Skill Title │ │
│ │ │ │
│ │ ## Overview │ │
│ │ What this skill does... │ │
│ │ │ │
│ │ ## When to Use │ │
│ │ - Use when... │ │
│ │ │ │
│ │ ## Instructions │ │
│ │ 1. First step... │ │
│ │ 2. Second step... │ │
│ │ │ │
│ │ ## Examples │ │
│ │ ```javascript │ │
│ │ // Example code │ │
│ │ ``` │ │
│ │ │ │
│ └───────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────┘
````
---
## Installation (Visual Steps)
### Step 1: Clone the Repository
```
┌─────────────────────────────────────────┐
│ Terminal │
├─────────────────────────────────────────┤
│ $ git clone https://github.com/ │
│ sickn33/antigravity-awesome-skills │
│ .agent/skills │
│ │
│ ✓ Cloning into '.agent/skills'... │
│ ✓ Done! │
└─────────────────────────────────────────┘
```
### Step 2: Verify Installation
```
┌─────────────────────────────────────────┐
│ File Explorer │
├─────────────────────────────────────────┤
│ 📁 .agent/ │
│ └── 📁 skills/ │
│ ├── 📁 brainstorming/ │
│ ├── 📁 stripe-integration/ │
│ ├── 📁 react-best-practices/ │
│ └── ... (176 more) │
└─────────────────────────────────────────┘
```
### Step 3: Use a Skill
```
┌─────────────────────────────────────────┐
│ AI Assistant Chat │
├─────────────────────────────────────────┤
│ You: @brainstorming help me design │
│ a todo app │
│ │
│ AI: Great! Let me help you think │
│ through this. First, let's │
│ understand your requirements... │
│ │
│ What's the primary use case? │
│ a) Personal task management │
│ b) Team collaboration │
│ c) Project planning │
└─────────────────────────────────────────┘
```
---
## Example: Using a Skill (Step-by-Step)
### Scenario: You want to add Stripe payments to your app
```
┌─────────────────────────────────────────────────────────────┐
│ STEP 1: Identify the Need │
├─────────────────────────────────────────────────────────────┤
│ "I need to add payment processing to my app" │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ STEP 2: Find the Right Skill │
├─────────────────────────────────────────────────────────────┤
│ Search: "payment" or "stripe" │
│ Found: @stripe-integration │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ STEP 3: Invoke the Skill │
├─────────────────────────────────────────────────────────────┤
│ You: @stripe-integration help me add subscription billing │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ STEP 4: AI Loads Skill Knowledge │
├─────────────────────────────────────────────────────────────┤
│ • Stripe API patterns │
│ • Webhook handling │
│ • Subscription management │
│ • Best practices │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ STEP 5: Get Expert Help │
├─────────────────────────────────────────────────────────────┤
│ AI provides: │
│ • Code examples │
│ • Setup instructions │
│ • Security considerations │
│ • Testing strategies │
└─────────────────────────────────────────────────────────────┘
```
---
## Finding Skills (Visual Guide)
### Method 1: Browse by Category
```
README.md → Scroll to "Full Skill Registry" → Find category → Pick skill
```
### Method 2: Search by Keyword
```
Terminal → ls skills/ | grep "keyword" → See matching skills
```
### Method 3: Use the Index
```
Open skills_index.json → Search for keyword → Find skill path
```
---
## Creating Your First Skill (Visual Workflow)
```
┌──────────────┐
│ 1. IDEA │ "I want to share my Docker knowledge"
└──────┬───────┘
┌──────────────┐
│ 2. CREATE │ mkdir skills/docker-mastery
└──────┬───────┘ touch skills/docker-mastery/SKILL.md
┌──────────────┐
│ 3. WRITE │ Add frontmatter + content
└──────┬───────┘ (Use template from CONTRIBUTING.md)
┌──────────────┐
│ 4. TEST │ Copy to .agent/skills/
└──────┬───────┘ Try: @docker-mastery
┌──────────────┐
│ 5. VALIDATE │ python3 scripts/validate_skills.py
└──────┬───────┘
┌──────────────┐
│ 6. SUBMIT │ git commit + push + Pull Request
└──────────────┘
```
---
## Skill Complexity Levels
```
┌─────────────────────────────────────────────────────────────┐
│ SKILL COMPLEXITY │
├─────────────────────────────────────────────────────────────┤
│ │
│ SIMPLE STANDARD COMPLEX │
│ ────── ──────── ─────── │
│ │
│ • 1 file • 1 file • Multiple │
│ • 100-200 words • 300-800 words • 800-2000 │
│ • Basic structure • Full structure • Scripts │
│ • No extras • Examples • Examples │
│ • Best practices • Templates│
│ • Docs │
│ Example: Example: Example: │
│ git-pushing brainstorming loki-mode │
│ │
└─────────────────────────────────────────────────────────────┘
```
---
## 🎯 Contribution Impact (Visual)
```
Your Contribution
├─→ Improves Documentation
│ │
│ └─→ Helps 1000s of developers understand
├─→ Creates New Skill
│ │
│ └─→ Enables new capabilities for everyone
├─→ Fixes Bug/Typo
│ │
│ └─→ Prevents confusion for future users
└─→ Adds Example
└─→ Makes learning easier for beginners
```
---
## Learning Path (Visual Roadmap)
```
START HERE
┌─────────────────┐
│ Read │
│ GETTING_STARTED │
└────────┬────────┘
┌─────────────────┐
│ Try 2-3 Skills │
│ in AI Assistant │
└────────┬────────┘
┌─────────────────┐
│ Read │
│ SKILL_ANATOMY │
└────────┬────────┘
┌─────────────────┐
│ Study Existing │
│ Skills │
└────────┬────────┘
┌─────────────────┐
│ Create Simple │
│ Skill │
└────────┬────────┘
┌─────────────────┐
│ Read │
│ CONTRIBUTING │
└────────┬────────┘
┌─────────────────┐
│ Submit PR │
└────────┬────────┘
CONTRIBUTOR! 🎉
```
---
## 💡 Quick Tips (Visual Cheatsheet)
```
┌─────────────────────────────────────────────────────────────┐
│ QUICK REFERENCE │
├─────────────────────────────────────────────────────────────┤
│ │
│ 📥 INSTALL │
│ git clone [repo] .agent/skills │
│ │
│ 🎯 USE │
│ @skill-name [your request] │
│ │
│ 🔍 FIND │
│ ls skills/ | grep "keyword" │
│ │
│ ✅ VALIDATE │
│ python3 scripts/validate_skills.py │
│ │
│ 📝 CREATE │
│ 1. mkdir skills/my-skill │
│ 2. Create SKILL.md with frontmatter │
│ 3. Add content │
│ 4. Test & validate │
│ 5. Submit PR │
│ │
│ 🆘 HELP │
│ • GETTING_STARTED.md - Basics │
│ • CONTRIBUTING.md - How to contribute │
│ • SKILL_ANATOMY.md - Deep dive │
│ • GitHub Issues - Ask questions │
│ │
└─────────────────────────────────────────────────────────────┘
```
---
## Success Stories (Visual Timeline)
```
Day 1: Install skills
└─→ "Wow, @brainstorming helped me design my app!"
Day 3: Use 5 different skills
└─→ "These skills save me so much time!"
Week 1: Create first skill
└─→ "I shared my expertise as a skill!"
Week 2: Skill gets merged
└─→ "My skill is helping others! 🎉"
Month 1: Regular contributor
└─→ "I've contributed 5 skills and improved docs!"
```
---
## Next Steps
1.**Understand** the visual structure
2.**Install** skills in your AI tool
3.**Try** 2-3 skills from different categories
4.**Read** CONTRIBUTING.md
5.**Create** your first skill
6.**Share** with the community
---
**Visual learner?** This guide should help! Still have questions? Check out:
- [GETTING_STARTED.md](../GETTING_STARTED.md) - Text-based intro
- [SKILL_ANATOMY.md](SKILL_ANATOMY.md) - Detailed breakdown
- [CONTRIBUTING.md](../CONTRIBUTING.md) - How to contribute
**Ready to contribute?** You've got this! 💪

148
docs/vi/BUNDLES.md Normal file
View File

@@ -0,0 +1,148 @@
# 📦 Các Gói Skill Của Antigravity (Bundles)
Không biết bắt đầu từ đâu? Đừng lo. Hãy chọn ngay một gói (Bundle) bên dưới để sở hữu bộ kỹ năng "trấn phái" phù hợp nhất với vai trò của bạn.
---
## 🚀 Gói "Cơ Bản" (The Essentials Starter Pack)
_Dành cho tất cả mọi người. Mới nhập môn thì cài bộ này trước._
- `concise-planning`: Luôn bắt đầu mọi việc bằng một kế hoạch ngắn gọn.
- `lint-and-validate`: Tự động giữ cho code sạch đẹp.
- `git-pushing`: Lưu trữ kết quả làm việc an toàn lên Git.
- `kaizen`: Tư duy cải tiến liên tục (nhỏ nhưng đều đặn).
---
## 🛡️ Gói "Kỹ Sư Bảo Mật" (The Security Engineer Pack)
_Dành cho pentester, chuyên gia audit và hacker mũ trắng._
- `ethical-hacking-methodology`: Cuốn "Kinh Thánh" về ethical hacking.
- `burp-suite-testing`: Quét lỗ hổng bảo mật Web.
- `owasp-top-10`: Kiểm tra nhanh các lỗi bảo mật phổ biến nhất.
- `linux-privilege-escalation`: Đánh giá bảo mật nâng cao cho Linux.
- `cloud-penetration-testing`: Bảo mật đám mây AWS/Azure/GCP.
---
## 🌐 Gói "Phù Thủy Web" (The Web Wizard Pack)
_Dành cho anh em Dev xây dựng các web app hiện đại, hiệu năng cao._
- `frontend-design`: Hướng dẫn về thẩm mỹ và nguyên tắc UI.
- `react-patterns`: Các bài thực hành tốt nhất (best practices) cho React.
- `tailwind-mastery`: Làm chủ CSS siêu tốc.
- `form-cro`: Tối ưu hóa các biểu mẫu (form) để tăng tỷ lệ chuyển đổi.
- `seo-audit`: Giúp web của bạn lên top Google.
---
## 🤖 Gói "Kiến Trúc Sư AI" (The Agent Architect Pack)
_Dành cho người xây dựng hệ thống AI._
- `agent-evaluation`: Kiểm thử và đánh giá Agent của bạn.
- `langgraph`: Xây dựng các luồng agent có trạng thái (stateful).
- `mcp-builder`: Tự chế tạo công cụ (tools) riêng cho AI.
- `prompt-engineering`: Làm chủ nghệ thuật ra lệnh cho LLM.
---
## 🎮 Gói "Làm Game Indie" (The Indie Game Dev Pack)
_Dành cho người làm game với sự trợ giúp của AI._
- `game-development/game-design`: Cơ chế và vòng lặp game (game loops).
- `game-development/2d-games`: Sprites và vật lý 2D.
- `game-development/3d-games`: Mô hình và đổ bóng (shaders) 3D.
- `game-development/unity-csharp`: Làm chủ C# scripting trong Unity.
- `algorithmic-art`: Tạo tài nguyên game bằng code nghệ thuật.
---
## 🐍 Gói "Trùm Python" (The Python Pro Pack)
_Dành cho đội Backend và khoa học dữ liệu._
- `python-patterns`: Viết code Python chuẩn chỉ (idiomatic).
- `poetry-manager`: Quản lý thư viện phụ thuộc (dependency) "không đau đầu".
- `pytest-mastery`: Làm chủ các framework kiểm thử.
- `fastapi-expert`: Xây dựng API hiệu năng cao.
- `django-guide`: Framework "pin trâu" cho mọi tính năng (batteries-included).
---
## 🦄 Gói "Khởi Nghiệp" (The Startup Founder Pack)
_Dành cho người xây sản phẩm, không chỉ mỗi code._
- `product-requirements-doc`: Định nghĩa rõ những gì cần làm.
- `competitor-analysis`: Biết người biết ta, trăm trận trăm thắng.
- `pitch-deck-creator`: Gọi vốn (hoặc đơn giản là trình bày ý tưởng).
- `landing-page-copy`: Viết nội dung bán hàng "đi vào lòng người".
- `stripe-integration`: Tích hợp thanh toán để lụm tiền.
---
## 🌧️ Gói "DevOps & Cloud" (The DevOps Pack)
_Dành cho người lo hạ tầng và mở rộng hệ thống._
- `docker-expert`: Bậc thầy về container.
- `aws-serverless`: Triển khai không máy chủ trên AWS (Lambda, DynamoDB).
- `environment-setup-guide`: Chuẩn hóa môi trường cho cả team.
- `deployment-procedures`: Chiến lược rollout an toàn.
- `bash-linux`: Phù thủy dòng lệnh Terminal.
---
## 📊 Gói "Dữ Liệu & Phân Tích" (The Data Pack)
_Dành cho người thích các con số._
- `analytics-tracking`: Cài đặt GA4/PostHog chuẩn ngay từ đầu.
- `d3-viz`: Vẽ biểu đồ tùy chỉnh tuyệt đẹp.
- `sql-mastery`: Viết câu truy vấn (query) tối ưu.
- `ab-test-setup`: Học hỏi dựa trên dữ liệu thực tế.
---
## 🎨 Gói "Giám Đốc Sáng Tạo" (The Creative Director Pack)
_Dành cho hình ảnh, nội dung và thương hiệu._
- `canvas-design`: Tạo poster và sơ đồ.
- `frontend-design`: Thẩm mỹ giao diện.
- `content-creator`: Viết blog chuẩn SEO.
- `copy-editing`: Chuốt lại câu từ cho mượt.
- `algorithmic-art`: Tạo kiệt tác bằng code.
---
## 🐞 Gói "Kiểm Thử & QA" (The QA & Testing Pack)
_Dành cho người "đập phá" trước khi người dùng kịp làm._
- `test-driven-development`: Quy trình Đỏ, Xanh, Refactor.
- `systematic-debugging`: Thám tử Sherlock Holmes trong làng code.
- `browser-automation`: Test toàn trình (E2E) với Playwright.
- `ab-test-setup`: Thử nghiệm có kiểm chứng.
- `code-review-checklist`: Bắt lỗi ngay trong Pull Request.
---
## 🖌️ Gói "Thiết Kế Web" (The Web Designer Pack)
_Dành cho trải nghiệm điểm ảnh hoàn hảo (pixel-perfect)._
- `ui-ux-pro-max`: Hệ thống thiết kế (Design systems) cao cấp.
- `frontend-design`: Nền tảng của cái đẹp.
- `3d-web-experience`: Ma thuật với Three.js & R3F.
- `canvas-design`: Hình ảnh tĩnh/poster.
- `responsive-layout`: Nguyên tắc "Mobile-first" (Di động trước tiên).
---
_Để sử dụng một gói, bạn chỉ cần copy tên các skill vào thư mục `.agent/skills` hoặc gọi chúng trực tiếp với agent của bạn nhé._

239
docs/vi/CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,239 @@
# 🤝 Hướng Dẫn Đóng Góp - V3 Enterprise Edition
[Đọc bản gốc tiếng Anh](./CONTRIBUTING.md)
**Cảm ơn bạn đã quan tâm và muốn đóng góp cho dự án!**
Tài liệu này sẽ hướng dẫn bạn quy trình đóng góp một cách cụ thể, ngay cả khi bạn chưa từng tham gia dự án mã nguồn mở nào.
Trong phiên bản V3, chúng tôi đặt ra tiêu chuẩn chất lượng cao hơn. Vui lòng đọc kỹ phần **Tiêu Chuẩn Chất Lượng Mới** bên dưới.
---
## 🧐 "Thước Đo Chất Lượng" (Tiêu Chuẩn V3)
**Lưu ý quan trọng cho Skill mới:** Mọi skill được gửi lên đều phải vượt qua **Quy Trình Kiểm Tra 5 Điểm** (xem chi tiết tại `docs/QUALITY_BAR.md`):
1. **Metadata (Siêu dữ liệu)**: Khai báo Frontmatter chính xác (gồm `name`, `description`).
2. **Safety (An toàn)**: Tuyệt đối không chứa lệnh gây nguy hiểm nếu không gắn nhãn "Risk".
3. **Clarity (Rõ ràng)**: Mục "When to use" (Khi nào sử dụng) phải được mô tả cụ thể, dễ hiểu.
4. **Examples (Ví dụ)**: Phải cung cấp ít nhất một ví dụ thực tế có thể copy-paste và chạy được ngay.
5. **Actions (Hành động)**: Phải đưa ra các bước thực hiện cụ thể, tránh nói chung chung kiểu "hãy suy nghĩ về...".
---
## Các Cách Đóng Góp
Bạn không cần phải là chuyên gia mới có thể đóng góp! Dưới đây là những việc mà bất kỳ ai cũng có thể làm để hỗ trợ dự án:
### 1. Cải Thiện Tài Liệu (Dễ nhất!)
- Sửa lỗi chính tả, ngữ pháp.
- Viết lại các đoạn hướng dẫn cho dễ hiểu hơn.
- Bổ sung ví dụ minh họa cho các skill hiện có.
- Dịch tài liệu sang ngôn ngữ khác (Như bản dịch tiếng Việt này chẳng hạn!).
### 2. Báo Cáo Vấn Đề (Issues)
- Thấy chỗ nào khó hiểu? Hãy phản hồi cho chúng tôi!
- Skill chạy không đúng? Hãy báo lỗi ngay!
- Có ý tưởng hay ho? Chúng tôi rất muốn lắng nghe!
### 3. Tạo Skill Mới
- Đóng gói kiến thức chuyên môn của bạn thành một skill.
- Bổ sung những mảng kiến thức còn thiếu trong kho tàng skill hiện tại.
- Nâng cấp và cải thiện các skill đã có.
### 4. Kiểm Tra và Xác Thực
- Chạy thử các skill và báo cáo kết quả (cái nào ổn, cái nào lỗi).
- Test trên nhiều công cụ AI khác nhau (Claude, ChatGPT, Gemini...).
- Đề xuất các cải tiến về hiệu năng hoặc trải nghiệm.
---
## Quy Trình Tạo Một Skill Mới
### Hướng Dẫn Từng Bước
#### Bước 1: Chọn Chủ Đề
Hãy tự hỏi: "Mình ước gì con AI của mình biết rành rẽ về cái gì nhỉ?".
Ví dụ: "Mình thạo Docker, để mình viết một skill dạy nó dùng Docker cho chuẩn".
#### Bước 2: Tạo Cấu Trúc Thư Mục
Tất cả skill nằm trong thư mục `skills/`. Hãy đặt tên thư mục theo kiểu `kebab-case` (chữ thường, nối bằng gạch ngang).
```bash
# Vào thư mục skills
cd skills/
# Tạo thư mục cho skill mới
mkdir my-awesome-skill
cd my-awesome-skill
# Tạo file nội dung SKILL.md
touch SKILL.md
```
#### Bước 3: Viết Nội Dung SKILL.md
Mọi skill đều phải tuân theo cấu trúc cơ bản sau. **Hãy copy mẫu này để bắt đầu:**
```markdown
---
name: my-awesome-skill
description: "Mô tả ngắn gọn (1 dòng) về công dụng của skill này"
---
# Tên Skill
## Tổng Quan
Giải thích skill này dùng để làm gì và bối cảnh sử dụng.
## Khi Nào Nên Dùng (When to Use)
- Dùng khi [trường hợp 1]
- Dùng khi [trường hợp 2]
## Cách Hoạt Động
Hướng dẫn từng bước chi tiết để AI làm theo...
## Ví Dụ Minh Họa
### Ví Dụ 1
\`\`\`
code example here
\`\`\`
## Lưu Ý / Best Practices
- ✅ Nên làm: ...
- ❌ Tránh làm: ...
```
#### Bước 4: Kiểm Tra (QUAN TRỌNG VỚI V3)
Chạy script kiểm tra (validation) trên máy của bạn. **Chúng tôi sẽ không merge các PR nếu chưa qua bước này.**
```bash
# Chế độ thường (chỉ hiện cảnh báo)
python3 scripts/validate_skills.py
# Chế độ nghiêm ngặt (giống hệ thống CI)
python3 scripts/validate_skills.py --strict
```
Script này sẽ check:
- ✅ File `SKILL.md` đã có chưa?
- ✅ Frontmatter khai báo đúng chưa?
- ✅ Tên skill có khớp với tên thư mục không?
- ✅ Có đạt chuẩn chất lượng (Quality Bar) không?
#### Bước 5: Gửi Skill (Pull Request)
```bash
git add skills/my-awesome-skill/
git commit -m "feat: add my-awesome-skill"
git push origin my-branch
```
---
## Mẫu Template Chuẩn (Copy & Paste)
Để tiết kiệm thời gian, bạn hãy dùng mẫu đầy đủ này:
```markdown
---
name: your-skill-name
description: "Mô tả ngắn gọn công dụng và thời điểm dùng skill này"
---
# Tên Skill
## Tổng Quan
[2-3 câu giới thiệu ngắn gọn về chức năng của skill]
## Khi Nào Nên Dùng
- Khi bạn cần [làm việc A]
- Khi bạn muốn [đạt kết quả B]
## Hướng Dẫn Chi Tiết
### 1. [Bước đầu tiên]
[Mô tả các thực hiện]
## Ví Dụ
### Ví Dụ 1: [Tên trường hợp cụ thể]
\`\`\`language
// Code mẫu
\`\`\`
## Best Practices
-**Nên:** [Thói quen tốt]
-**Không nên:** [Điều cần tránh]
## Xử Lý Sự Cố (Troubleshooting)
**Vấn Đề:** [Lỗi thường gặp]
**Giải Pháp:** [Cách khắc phục]
```
---
## Quy Tắc Viết Commit Message
Vui lòng sử dụng các tiền tố sau để phân loại commit:
- `feat:` - Thêm skill mới hoặc tính năng lớn.
- `docs:` - Cập nhật/sửa đổi tài liệu.
- `fix:` - Sửa lỗi (bug fix).
- `refactor:` - Tối ưu code nhưng không đổi tính năng.
- `test:` - Thêm hoặc sửa test.
- `chore:` - Các việc vặt, bảo trì hệ thống.
**Ví dụ:**
```
feat: add kubernetes-deployment skill
docs: improve getting started guide
fix: correct typo in stripe-integration skill
```
---
## Tài Liệu Tham Khảo
### Cho người mới dùng Git/GitHub
- [Hướng dẫn Hello World của GitHub](https://guides.github.com/activities/hello-world/)
- [Git Cơ bản](https://git-scm.com/book/en/v2/Getting-Started-Git-Basics)
### Cho người mới viết Markdown
- [Hướng dẫn Markdown](https://www.markdownguide.org/basic-syntax/)
---
## Quy Tắc Ứng Xử (Code of Conduct)
- Tôn trọng và hòa nhã với mọi người.
- Luôn chào đón thành viên mới.
- Góp ý mang tính xây dựng, tích cực.
- **Nghiêm cấm nội dung độc hại**: Xem chi tiết tại `docs/SECURITY_GUARDRAILS.md`.
---
**Cảm ơn bạn đã góp phần xây dựng dự án!**
Mỗi đóng góp của bạn, dù là nhỏ nhất, đều rất đáng quý. Dù chỉ là sửa lỗi chính tả hay viết hẳn một skill mới - bạn đang trực tiếp giúp đỡ hàng ngàn lập trình viên khác làm việc hiệu quả hơn!

56
docs/vi/EXAMPLES.md Normal file
View File

@@ -0,0 +1,56 @@
# 🧪 Ví Dụ Thực Tế ("Sách dạy nấu ăn Antigravity")
Skill đứng một mình đã mạnh, nhưng khi kết hợp lại thì "vô đối".
Dưới đây là 3 kịch bản phổ biến và cách giải quyết chúng bằng kho tàng này.
## 🥘 Công thức 1: "Kiểm toán Code cũ" (The Legacy Code Audit)
_Tình huống: Bạn vừa phải nhận lại một dự án Node.js 5 năm tuổi siêu lộn xộn. Bạn cần dọn dẹp nó một cách an toàn._
**Các Skill cần dùng:**
1. `concise-planning` (Để vẽ bản đồ cho đống hỗn độn)
2. `lint-and-validate` (Để tìm lỗi)
3. `security-review` (Để tìm lỗ hổng)
**Quy trình (Workflow):**
1. **Lập kế hoạch**: "Này Agent, dùng `concise-planning` để tạo checklist refactor lại thư mục `src/legacy-api.js` cho tôi."
2. **Kiểm toán**: "Chạy `security-review` trên file `package.json` để xem có thư viện nào dính lỗi bảo mật không."
3. **Sửa lỗi**: "Dùng các quy tắc của `lint-and-validate` để tự sửa lỗi định dạng trong thư mục `src/`."
---
## 🥘 Công thức 2: "Web App Hiện Đại" (The Modern Web App)
_Tình huống: Bạn cần dựng một trang Landing Page có hiệu năng cao trong vòng 2 tiếng._
**Các Skill cần dùng:**
1. `frontend-design` (Để lo phần thẩm mỹ)
2. `react-patterns` (Để lo phần cấu trúc code)
3. `tailwind-mastery` (Để code giao diện siêu tốc)
**Quy trình (Workflow):**
1. **Thiết kế**: "Dùng `frontend-design` tạo cho tôi một bảng màu và font chữ theo phong cách 'Quán Cà phê Cyberpunk'."
2. **Dựng khung**: "Khởi tạo dự án Vite. Sau đó áp dụng `react-patterns` để viết component 'Hero'."
3. **Tạo kiểu**: "Dùng `tailwind-mastery` làm cho mấy cái nút bấm có hiệu ứng kính (glassmorphism) và chuẩn mobile giúp tôi."
---
## 🥘 Công thức 3: "Kiến Trúc Sư Agent" (The Agent Architect)
_Tình huống: Bạn muốn xây một con AI agent riêng có khả năng tự kiểm tra code của chính nó._
**Các Skill cần dùng:**
1. `mcp-builder` (Để xây công cụ)
2. `agent-evaluation` (Để kiểm tra độ tin cậy)
3. `prompt-engineering` (Để tinh chỉnh câu lệnh)
**Quy trình (Workflow):**
1. **Xây dựng**: "Dùng `mcp-builder` để tạo một công cụ tên là `verify-file`."
2. **Ra lệnh**: "Áp dụng các mẫu `prompt-engineering` vào System Prompt để đảm bảo con agent luôn kiểm tra đường dẫn file trước khi làm gì đó."
3. **Kiểm thử**: "Chạy `agent-evaluation` để đo xem tần suất con agent này tìm sai file là bao nhiêu phần trăm."

178
docs/vi/FAQ.md Normal file
View File

@@ -0,0 +1,178 @@
# ❓ Câu Hỏi Thường Gặp (FAQ)
**Bạn có thắc mắc?** Đừng lo, bạn không cô đơn đâu! Dưới đây là giải đáp cho những câu hỏi phổ biến nhất về Antigravity Awesome Skills.
---
## 🎯 Câu hỏi chung
### "Skill" rốt cuộc là cái gì?
Skills thực chất là các file hướng dẫn chuyên biệt dùng để dạy cho trợ lý AI cách xử lý một tác vụ cụ thể. Hãy coi nó như những module kiến thức chuyên gia mà AI của bạn có thể "nạp" vào khi cần.
**Ví dụ dễ hiểu:** Giống như trong phim Ma Trận, khi Neo cần biết lái trực thăng, anh ấy tải chương trình lái trực thăng vào não. Skills ở đây cũng y hệt vậy, giúp biến AI của bạn thành chuyên gia trong từng lĩnh vực (luật sư, bác sĩ, thợ máy...) tùy theo nhu cầu của bạn.
### Tôi có phải cài hết hơn 250 skill không?
**Không hề!** Khi bạn clone cái kho này về, toàn bộ skills sẽ nằm sẵn trong máy, NHƯNG AI của bạn chỉ thực sự đọc và load kỹ năng nào mà bạn gọi tên (bằng lệnh `@tên-skill`) thôi.
Nó giống như một thư viện sách: sách thì đầy trên kệ, nhưng bạn chỉ cần rút đúng cuốn bạn định đọc.
**Mẹo:** Dùng các [Gói Khởi Điểm (Starter Packs)](../BUNDLES.vi.md) để cài bộ phù hợp với công việc của bạn cho gọn.
### Những công cụ AI nào dùng được mấy skill này?
-**Claude Code** (Anthropic CLI)
-**Gemini CLI** (Google)
-**Codex CLI** (OpenAI)
-**Cursor** (AI IDE)
-**Antigravity IDE**
-**OpenCode**
- ⚠️ **GitHub Copilot** (Hỗ trợ một phần, phải copy-paste thủ công)
### Dùng cái này có mất phí không?
**Hoàn toàn miễn phí!** Dự án này dùng Giấy phép MIT.
- ✅ Miễn phí cho dùng cá nhân
- ✅ Miễn phí cho thương mại/công ty
- ✅ Bạn thoải mái sửa đổi code
### Skills có chạy offline không?
Bản thân các file skill nằm trên máy bạn (offline), nhưng trợ lý AI (Claude, Gemini...) thì vẫn cần mạng internet để hoạt động nhé.
---
## 🔒 Độ Tin Cậy & An Toàn (Cập nhật V3)
### Mấy cái "Nhãn Rủi Ro" (Risk Label) nghĩa là sao?
Để đảm bảo an toàn, chúng tôi phân loại skill theo màu:
-**Safe (Trắng/Xanh)**: Skill an toàn, chỉ đọc, lập kế hoạch hoặc vô hại.
- 🔴 **Risk (Đỏ)**: Skill có khả năng chỉnh sửa/xóa file hệ thống, hoặc dùng để quét mạng (pentest). **Cần cẩn trọng khi dùng.**
- 🟣 **Official (Tím)**: Skill chính chủ do các nhà cung cấp uy tín (Anthropic, DeepMind...) bảo trì.
### Dùng skill này có sợ bị hack máy không?
**Không.** Skill chỉ là file văn bản (text). Tuy nhiên, nó chứa hướng dẫn để AI chạy lệnh. Nếu skill bảo "xóa hết file đi", một con AI ngây thơ có thể sẽ làm thật.
_Do đó: Luôn kiểm tra Nhãn Rủi Ro và đọc qua nội dung skill trước khi dùng._
---
## 📦 Cài đặt & Thiết lập
### Tôi nên cài skill vào đâu?
Đường dẫn chuẩn nhất dùng được cho hầu hết công cụ là `.agent/skills/`:
```bash
git clone https://github.com/sickn33/antigravity-awesome-skills.git .agent/skills
```
**Đường dẫn riêng cho từng tool:**
- Claude Code: `.claude/skills/`
- Gemini CLI: `.gemini/skills/`
- Cursor: `.cursor/skills/` hoặc thư mục gốc của dự án
### Dùng trên Windows có được không?
**Được**, nhưng lưu ý là một số skill "Official" có dùng **symlinks** (liên kết tượng trưng) mà Windows mặc định hỗ trợ hơi kém.
Hãy chạy lệnh git này để bật hỗ trợ symlink:
```bash
git clone -c core.symlinks=true https://github.com/sickn33/antigravity-awesome-skills.git .agent/skills
```
Hoặc bật chế độ "Developer Mode" trong phần Settings của Windows.
### Cập nhật skill kiểu gì?
Chỉ cần vào thư mục đó và pull code mới về là xong:
```bash
cd .agent/skills
git pull origin main
```
---
## 🛠️ Cách sử dụng
### Gọi skill như thế nào?
Dùng ký tự `@` cộng với tên skill:
```
@brainstorming giúp tôi thiết kế một app quản lý công việc
```
### Dùng nhiều skill cùng lúc được không?
**Được luôn!** Bạn có thể kết hợp (combo) nhiều skill:
```
@brainstorming lên ý tưởng cho tôi, xong rồi dùng @writing-plans để ra list công việc cụ thể nhé.
```
### Làm sao biết nên dùng skill nào?
1. **Đọc file README**: Xem [Danh sách đầy đủ các skill](README.vi.md#trọn-bộ-danh-sách-256-kỹ-năng-full-list).
2. **Tìm kiếm**: `ls skills/ | grep "từ-khóa"` (ví dụ tìm "test", "security").
3. **Hỏi chính con AI**: "Cậu có skill nào liên quan đến testing không?"
---
## 🏗️ Xử lý sự cố (Troubleshooting)
### AI của tôi không nhận diện được skill
**Nguyên nhân có thể:**
1. **Sai đường dẫn cài đặt**: Kiểm tra lại tài liệu của tool bạn dùng. Thử đường dẫn `.agent/skills/` xem sao.
2. **Cần khởi động lại**: Thử tắt đi bật lại AI/IDE sau khi cài đặt.
3. **Gõ sai tên**: Bạn có gõ `@brain-storming` thay vì `@brainstorming` không?
### Skill đưa ra lời khuyên sai hoặc lỗi thời
Làm ơn hãy [Báo lỗi (Open Issue)](https://github.com/sickn33/antigravity-awesome-skills/issues) giúp chúng tôi!
Nhớ ghi rõ:
- Skill nào bị lỗi
- Lỗi là gì
- Đáng lẽ nó phải làm gì
---
## 🤝 Đóng góp (Contribution)
### Tôi là người mới (newbie). Tôi đóng góp được không?
**Hoan nghênh nhiệt liệt!** Chúng tôi rất quý trọng các đóng góp từ người mới.
- Sửa lỗi chính tả
- Thêm ví dụ
- Cải thiện tài liệu
Xem hướng dẫn tại [CONTRIBUTING.vi.md](CONTRIBUTING.vi.md) nhé.
### Tôi gửi PR nhưng bị trượt bài kiểm tra "Quality Bar". Tại sao?
Bản V3 có hệ thống kiểm tra chất lượng tự động. Skill của bạn có thể đang thiếu:
1. Phần `description` (mô tả).
2. Các ví dụ sử dụng mẫu.
Hãy chạy `python3 scripts/validate_skills.py` trên máy để tự kiểm tra trước khi đẩy code lên nhé.
### Tôi có được sửa các skill "Official" không?
**Không.** Các skill Official (trong thư mục `skills/official/`) là bản sao (mirror) từ nhà cung cấp gốc. Nếu thấy lỗi, hãy mở Issue báo cáo thay vì sửa trực tiếp.
---
## 💡 Mẹo hay cho chuyên gia (Pro Tips)
- Luôn bắt đầu bằng `@brainstorming` trước khi xây dựng cái gì mới.
- Dùng `@systematic-debugging` khi bí bách vì bug.
- Thử `@test-driven-development` để code "xịn" hơn.
- Khám phá `@skill-creator` để tự tạo skill riêng cho mình.
**Vẫn còn thắc mắc?** [Vào đây thảo luận](https://github.com/sickn33/antigravity-awesome-skills/discussions) nhé, chúng tôi sẽ hỗ trợ hết mình! 🙌

110
docs/vi/GETTING_STARTED.md Normal file
View File

@@ -0,0 +1,110 @@
# Bắt đầu với Antigravity Awesome Skills (V3)
[Đọc bản gốc tiếng Anh](./GETTING_STARTED.md)
**Bạn là người mới? Hướng dẫn này sẽ giúp bạn "nâng cấp" trí tuệ cho AI Agent chỉ trong 5 phút.**
---
## 🤔 "Skill" là gì?
Các trợ lý AI (như **Claude Code**, **Gemini**, **Cursor**) vốn rất thông minh, nhưng chúng thường thiếu kiến thức chuyên sâu về bộ công cụ cụ thể mà bạn đang dùng.
**Skills** chính là những cuốn "cẩm nang hướng dẫn" (file markdown) giúp dạy cho AI biết cách thực hiện từng tác vụ chuyên biệt một cách chuẩn xác nhất.
**Hãy tưởng tượng:** AI của bạn là một thực tập sinh thiên tài. **Skills** chính là các quy trình chuẩn (SOPs) giúp biến cậu thực tập sinh đó thành một Kỹ sư Cao cấp (Senior Engineer) dày dặn kinh nghiệm.
---
## ⚡️ Bắt đầu nhanh: Dùng "Gói Khởi Điểm" (Starter Packs)
Đừng bị choáng ngợp bởi con số 256+ skill. Bạn không cần phải dùng hết tát cả cùng lúc.
Chúng tôi đã soạn sẵn các **Gói Khởi Điểm** để bạn có thể bắt tay vào việc ngay.
### 1. Cài đặt Repo
Clone toàn bộ kho skill này vào thư mục cấu hình của agent:
```bash
# Cách cài đặt chung (áp dụng cho hầu hết các loại agent)
git clone https://github.com/sickn33/antigravity-awesome-skills.git .agent/skills
```
### 2. Chọn Gói phù hợp với Vai trò (Persona)
Hãy tìm gói (Bundle) phù hợp nhất với công việc của bạn (xem chi tiết tại [docs/BUNDLES.vi.md](../BUNDLES.vi.md)):
| Vai Trò | Tên Gói | Gồm những gì? |
| :-------------------- | :------------- | :------------------------------------------------ |
| **Web Developer** | `Web Wizard` | React Patterns, bí kíp Tailwind, Thiết kế Frontend|
| **Security Engineer** | `Hacker Pack` | OWASP, Metasploit, Quy trình Pentest |
| **Manager / PM** | `Product Pack` | Brainstorming, Lập kế hoạch, SEO, Chiến lược |
| **Bất kỳ ai** | `Essentials` | Clean Code, Lập kế hoạch, Kiểm tra code (Cơ bản) |
---
## 🚀 Cách sử dụng Skill
Sau khi cài đặt xong, bạn cứ trò chuyện với AI như bình thường.
### Ví dụ 1: Lên kế hoạch tính năng (Gói **Essentials**)
> "Dùng **@brainstorming** giúp tôi lên ý tưởng cho luồng đăng nhập (login flow) mới."
**Kết quả:** AI sẽ kích hoạt skill brainstorming, đặt các câu hỏi định hướng, và cuối cùng soạn ra một bản đặc tả (spec) chuyên nghiệp cho bạn.
### Ví dụ 2: Rà soát Code (Gói **Web Wizard**)
> "Chạy **@lint-and-validate** trên file này và sửa các lỗi giúp tôi."
**Kết quả:** AI sẽ tuân thủ nghiêm ngặt các quy tắc linting đã được định nghĩa trong skill để dọn dẹp và chuẩn hóa code của bạn.
### Ví dụ 3: Kiểm toán Bảo mật (Gói **Hacker Pack**)
> "Dùng **@api-security-best-practices** để review các API endpoint này xem có lỗ hổng nào không."
**Kết quả:** AI sẽ đóng vai chuyên gia bảo mật, rà soát code của bạn dựa trên các tiêu chuẩn an toàn của OWASP.
---
## 🔌 Các công cụ hỗ trợ
| Công cụ | Trạng thái | Đường dẫn cài đặt |
| :-------------- | :-------------- | :---------------- |
| **Claude Code** | ✅ Hỗ trợ tốt | `.claude/skills/` |
| **Gemini CLI** | ✅ Hỗ trợ tốt | `.gemini/skills/` |
| **Antigravity** | ✅ Mặc định | `.agent/skills/` |
| **Cursor** | ✅ Mặc định | `.cursor/skills/` |
| **Copilot** | ⚠️ Chỉ Text | Phải copy-paste thủ công |
---
## 🛡️ Độ Tin Cậy & An Toàn (Mới)
Để bạn yên tâm sử dụng, chúng tôi phân loại skill theo các nhãn sau:
- 🟣 **Official**: Skill chính chủ, được bảo trì bởi Anthropic/Google hoặc các nhà cung cấp uy tín (Độ tin cậy cao).
- 🔵 **Safe**: Skill do cộng đồng đóng góp, an toàn, không gây hại (thường là skill đọc hoặc lập kế hoạch).
- 🔴 **Risk**: Skill có khả năng sửa đổi hệ thống hoặc thực hiện các bài test bảo mật (Chỉ dùng khi bạn hiểu rõ và cho phép).
_Xem [Danh sách đầy đủ](README.vi.md#danh-sách-skill-đầy-đủ-256256) để biết nhãn rủi ro của từng skill._
---
## ❓ Câu hỏi thường gặp (FAQ)
**H: Tôi có bắt buộc phải cài hết 250 skill không?**
Đ: Bạn clone cả repo về, nhưng AI chỉ _đọc_ đúng cái skill mà bạn gọi (hoặc liên quan) thôi. Nên nó rất nhẹ, không lo nặng máy!
**H: Tôi tự viết skill riêng được không?**
Đ: Được chứ! Hãy dùng skill **@skill-creator** để nó hướng dẫn bạn tạo skill mới từ A-Z.
**H: Dùng cái này có mất phí không?**
Đ: Hoàn toàn miễn phí. Giấy phép MIT. Mã nguồn mở mãi mãi.
---
## ⏭️ Bước tiếp theo
1. [Xem chi tiết các Gói (Bundles)](../BUNDLES.vi.md)
2. [Tham khảo các ví dụ thực tế](../EXAMPLES.vi.md)
3. [Đóng góp Skill cho cộng đồng](CONTRIBUTING.vi.md)

479
docs/vi/README.md Normal file
View File

@@ -0,0 +1,479 @@
# 🌌 Antigravity Awesome Skills: Kho Tàng 256+ Kỹ Năng Agentic cho Claude Code, Gemini CLI, Cursor & Copilot
[Đọc bản gốc tiếng Anh](../../README.md)
> **Bộ sưu tập "quyền năng" tối thượng gồm hơn 256 kỹ năng giúp bạn làm chủ các Trợ lý Lập trình AI như Claude Code, Gemini CLI, Codex CLI, Antigravity IDE, GitHub Copilot, Cursor và OpenCode**
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Claude Code](https://img.shields.io/badge/Claude%20Code-Anthropic-purple)](https://claude.ai)
[![Gemini CLI](https://img.shields.io/badge/Gemini%20CLI-Google-blue)](https://github.com/google-gemini/gemini-cli)
[![Codex CLI](https://img.shields.io/badge/Codex%20CLI-OpenAI-green)](https://github.com/openai/codex)
[![Cursor](https://img.shields.io/badge/Cursor-AI%20IDE-orange)](https://cursor.sh)
[![Copilot](https://img.shields.io/badge/GitHub%20Copilot-VSCode-lightblue)](https://github.com/features/copilot)
[![OpenCode](https://img.shields.io/badge/OpenCode-CLI-gray)](https://github.com/opencode-ai/opencode)
[![Antigravity](https://img.shields.io/badge/Antigravity-DeepMind-red)](https://github.com/sickn33/antigravity-awesome-skills)
**Antigravity Awesome Skills** không chỉ là một danh sách, mà là một kho vũ khí hạng nặng đã được kiểm chứng thực tế. Nó bao gồm **256 kỹ năng chuyên biệt** giúp AI hoạt động hiệu quả tối đa trên mọi nền tảng trợ lý lập trình phổ biến hiện nay:
- 🟣 **Claude Code** (Anthropic CLI)
- 🔵 **Gemini CLI** (Google DeepMind)
- 🟢 **Codex CLI** (OpenAI)
- 🔴 **Antigravity IDE** (Google DeepMind)
- 🩵 **GitHub Copilot** (VSCode Extension)
- 🟠 **Cursor** (AI-native IDE)
-**OpenCode** (Open-source CLI)
Dự án này cung cấp những kỹ năng then chốt để biến trợ lý AI của bạn từ một công cụ chat đơn thuần thành một **đội ngũ kỹ thuật số toàn năng (full-stack digital agency)**. Chúng tôi tích hợp cả những quy trình chuẩn mực từ các ông lớn như **Anthropic**, **OpenAI**, **Google**, **Supabase**, và **Vercel Labs**.
## Mục Lục - Đi tắt đón đầu
- [🚀 Bạn mới dùng lần đầu? Hãy đọc phần này trước!](#bạn-mới-dùng-lần-đầu-hãy-đọc-phần-này-trước)
- [🔌 Các công cụ hỗ trợ & Cách ra lệnh cho AI](#các-công-cụ-hỗ-trợ--cách-ra-lệnh-cho-ai)
- [📦 Phân loại các nhóm Kỹ năng & Tính năng](#phân-loại-các-nhóm-kỹ-năng--tính-năng)
- [🎁 Các gói Kỹ năng chọn lọc theo nghề (Bundles)](#các-gói-kỹ-năng-chọn-lọc-theo-nghề-bundles)
- [📜 Trọn bộ danh sách 256 Kỹ năng (Full list)](#trọn-bộ-danh-sách-256-kỹ-năng-full-list)
- [🛠️ Hướng dẫn cài đặt nhanh](#hướng-dẫn-cài-đặt-nhanh)
- [🤝 Bạn muốn đóng góp?](#bạn-muốn-đóng-góp)
- [👥 Lời cảm ơn & Nguồn tham khảo](#lời-cảm-ơn--nguồn-tham-khảo)
- [⚖️ Bản quyền (License)](#bản-quyền-license)
- [👥 Những người hùng đã đóng góp](#những-người-hùng-đã-đóng-góp)
- [🌟 Lịch sử phát triển](#lịch-sử-phát-triển)
---
## Bạn mới dùng lần đầu? Hãy đọc phần này trước!
**Chào mừng bạn đến với phiên bản V3 Enterprise.**
Đây không phải là một danh sách chứa mấy đoạn code rời rạc. Hãy coi đây là một **hệ điều hành kiến thức** hoàn chỉnh giúp AI Agent của bạn thông minh hơn gấp bội.
### 1. 🐣 Hiểu đơn giản: Cái này để làm gì?
Các AI Agent (như Claude Code, Cursor, hay Gemini) rất thông minh, nhưng chúng giống như những siêu máy tính chưa được cài phần mềm chuyên dụng. Chúng không thể tự biết "Quy trình Deploy chuẩn của công ty A" hay "Cách viết code AWS CloudFormation không lỗi".
**Skills (Kỹ năng)** ở đây chính là những file hướng dẫn nhỏ (dạng markdown), đóng vai trò như sách giáo khoa, dạy cho AI biết cách thực hiện từng đầu việc cụ thể một cách chuẩn chỉ, trăm lần như một.
### 2. ⚡️ Cách dùng nhanh nhất (Dùng các Gói có sẵn)
Bạn không việc gì phải cài thủ công từng cái trong số 256 skill kia. Chúng tôi đã gom nhóm sẵn thành các **Gói Khởi Điểm (Starter Packs)** phù hợp với từng nhu cầu:
1. **Tải repo này về máy**:
```bash
git clone https://github.com/sickn33/antigravity-awesome-skills.git .agent/skills
```
2. **Chọn vai trò của bạn** (Xem chi tiết tại [docs/BUNDLES.md](BUNDLES.md)):
- **Lập trình viên Web?** 👉 chọn gói `Web Wizard`.
- **Chuyên gia Bảo mật/Hacker?** 👉 chọn gói `Security Engineer`.
- **Muốn dùng thử cho biết?** 👉 chọn gói `Essentials` (Cơ bản).
### 3. 🧠 Dùng như thế nào?
Cài xong rồi thì bạn cứ ra lệnh cho con AI như nói chuyện bình thường thôi:
> "Dùng skill **@brainstorming** để giúp tôi lên ý tưởng cho một dự án phần mềm quản lý kho."
> "Chạy **@lint-and-validate** trên file code này xem có lỗi cú pháp nào không."
👉 **[Xem Hướng dẫn chi tiết cho người mới bắt đầu (Tiếng Việt)](GETTING_STARTED.md)**
---
## Các công cụ hỗ trợ & Cách ra lệnh cho AI
Các skill này được viết theo chuẩn **SKILL.md** quốc tế, nên bạn dùng trợ lý ảo nào nó cũng hiểu được, miễn là có hỗ trợ tính năng agentic skills.
| Tên Công cụ | Loại | Ví dụ câu lệnh mẫu | Thư mục cài đặt chuẩn |
| :-------------- | :--- | :-------------------------------- | :-------------------- |
| **Claude Code** | CLI | `>> /skill-name help me...` | `.claude/skills/` |
| **Gemini CLI** | CLI | `(User Prompt) Use skill-name...` | `.gemini/skills/` |
| **Antigravity** | IDE | `(Agent Mode) Use skill...` | `.agent/skills/` |
| **Cursor** | IDE | `@skill-name (gõ trong Chat)` | `.cursor/skills/` |
| **Copilot** | Ext | `(Copy nội dung dán vào chat)` | N/A |
> [!TIP]
> **Lời khuyên**: Tốt nhất bạn nên cài vào thư mục `.agent/skills/`. Hầu hết các công cụ mới bây giờ (như Antigravity) đều tự động tìm trong thư mục này, rất tiện.
> [!WARNING]
> **Lưu ý cho người dùng Windows**: Repo này có dùng **symlinks** (đường dẫn tắt) cho các skill chính chủ.
> Để tránh lỗi, bạn cần bật Developer Mode trên Windows hoặc chạy Git dưới quyền Admin:
> `git clone -c core.symlinks=true https://github.com/...`
---
Dù bạn đang dùng **Gemini CLI**, **Claude Code**, **Codex CLI**, **Cursor**, **GitHub Copilot**, **Antigravity**, hay **OpenCode**, bộ skill này được thiết kế theo tiêu chí "cắm là chạy" (plug-and-play), giúp tăng sức mạnh cho trợ lý AI của bạn tức thì.
Đây là nơi hội tụ tinh hoa từ cộng đồng mã nguồn mở, giúp biến trợ lý AI của bạn thành một "siêu nhân": code giỏi, thiết kế đẹp, lại còn rành bảo mật và biết làm cả marketing.
## Phân loại các nhóm Kỹ năng & Tính năng
Kho tàng này được chia thành các nhóm chuyên môn để bạn dễ tìm kiếm:
| Nhóm Kỹ Năng | Số lượng | Những cái tên nổi bật nên thử ngay |
| :----------------------------- | :------- | :-------------------------------------------------------------------------------------------------------------------------- |
| **🛸 Tự Động Hóa & Agent** | **(13)** | Loki Mode (Chế độ Startup tự động), Code theo kiểu Agent con (Subagent), Điều phối Agent chạy song song, Tự tạo Skill mới |
| **🔌 Kết Nối & APIs** | **(35)** | Stripe, Firebase, Supabase, Vercel, Clerk Auth, Twilio, Discord Bot, Slack Bot, GraphQL, AWS Serverless |
| **🛡️ Bảo Mật & An Ninh** | **(32)** | Ethical Hacking, Metasploit, Burp Suite, SQLMap, Tấn công Active Directory, Kiểm thử AWS/Cloud, Top 100 lỗi OWASP |
| **🎨 Sáng Tạo & Thiết Kế** | **(21)** | UI/UX Pro Max, Thiết kế Frontend, Canvas, Tạo nghệ thuật bằng code, Theme Factory, Vẽ biểu đồ D3 |
| **🛠️ Kỹ Thuật Lập Trình** | **(44)** | TDD (Test trước code sau), Debug có hệ thống, React Patterns, Chuẩn Backend/Frontend, Kiến trúc phần mềm |
| **🏗️ Hạ Tầng & Git** | **(13)** | Shell Scripting, Git Worktrees, Git Pushing, Conventional Commits (Commit chuẩn), Sắp xếp file, Tự động hóa GitHub Workflow |
| **🤖 AI & LLM** | **(27)** | Voice AI Engine, LangGraph, CrewAI, Kỹ sư RAG, Prompt Engineer, Tự động hóa trình duyệt, Hệ thống bộ nhớ cho Agent |
| **🔄 Quy Trình Làm Việc** | **(19)** | Lập kế hoạch, Thực thi kế hoạch, Soát xét code (Code Review), Kiểm tra kỹ lưỡng trước khi bàn giao |
| **📄 Xử Lý Tài Liệu** | **(5)** | Làm việc với file Word (DOCX), PDF, PowerPoint (PPTX), Excel (XLSX) - Bản chính chủ |
| **🧪 Kiểm Thử (Testing)** | **(8)** | Test ứng dụng Web, Tự động hóa với Playwright, Sửa lỗi Test, Các mẫu Testing chuẩn |
| **📈 Sản Phẩm & Chiến Lược** | **(4)** | Bộ công cụ cho Product Manager (PM), Sáng tạo nội dung, Tối ưu App Store (ASO), Brainstorming ý tưởng |
| **📣 Marketing & Tăng Trưởng** | **(26)** | Tối ưu chuyển đổi (CRO), Viết lời quảng cáo (Copywriting), SEO Audit, Chạy Ads, Gửi Email tự động, Chiến lược giá |
| **🚀 Công Cụ cho Maker** | **(8)** | Ra mắt Micro-SaaS, Làm Extension trình duyệt, Tạo Bot Telegram, Xây dựng AI Wrapper, Tạo nội dung Viral |
## Các gói Kỹ năng chọn lọc theo nghề (Bundles)
Hãy ghé thăm trang [docs/BUNDLES.md](BUNDLES.md) để xem các **Gói Khởi Điểm** và chọn cho mình bộ đồ nghề ưng ý nhất thay vì phải tự nhặt từng cái.
## Trọn bộ danh sách 256 Kỹ năng (Full list)
> [!NOTE]
> **Về các Skill xử lý tài liệu**: Với các định dạng như Word, PDF, Excel, PowerPoint, chúng tôi có 2 bản: **bản cộng đồng (community)** và **bản chính chủ (official Anthropic)**. Khi bạn chạy trên máy, hệ thống sẽ ưu tiên dùng bản chính chủ (xịn hơn).
_(Lưu ý: Bảng dưới đây giữ nguyên tên tiếng Anh của Skill để bạn dễ tra cứu trong code, còn phần mô tả đã được dịch sang tiếng Việt)_
| Tên Skill (Tên lệnh) | Rủi ro | Mô tả công dụng | Đường dẫn file |
| :-------------------------------------------------- | :----- | :---------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------- |
| **2d-games** | ⚪ | Nguyên tắc phát triển game 2D. Sprites, tilemaps, vật lý, camera. | `skills/game-development/2d-games` |
| **3d-games** | ⚪ | Nguyên tắc phát triển game 3D. Rendering, shaders, vật lý, camera. | `skills/game-development/3d-games` |
| **3d-web-experience** | ⚪ | Chuyên gia xây dựng trải nghiệm 3D cho web - Three.js, React Three Fiber, Spline, WebGL. Bao gồm cấu hình sản phẩm, portfolio 3D, website nhập vai. | `skills/3d-web-experience` |
| **ab-test-setup** | ⚪ | Hướng dẫn cấu trúc thiết lập A/B test với các cổng kiểm soát bắt buộc cho giả thuyết, chỉ số và sự sẵn sàng thực thi. | `skills/ab-test-setup` |
| **Active Directory Attacks** | ⚪ | Dùng khi user yêu cầu "tấn công Active Directory", "khai thác AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound", "Golden Ticket"... | `skills/active-directory-attacks` |
| **address-github-comments** | ⚪ | Dùng khi bạn cần giải quyết các comment review hoặc issue trên GitHub Pull Request đang mở bằng gh CLI. | `skills/address-github-comments` |
| **agent-evaluation** | ⚪ | Kiểm thử và đánh giá chuẩn (benchmark) các LLM agent, bao gồm kiểm tra hành vi, đánh giá năng lực, chỉ số độ tin cậy và giám sát production. | `skills/agent-evaluation` |
| **agent-manager-skill** | ⚪ | Quản lý nhiều CLI agent cục bộ thông qua tmux sessions (start/stop/monitor/assign) với lịch trình cron-friendly. | `skills/agent-manager-skill` |
| **agent-memory-mcp** | ⚪ | Hệ thống bộ nhớ lai cung cấp quản lý tri thức bền vững, có thể tìm kiếm cho AI agents (Kiến trúc, Mẫu, Quyết định). | `skills/agent-memory-mcp` |
| **agent-memory-systems** | ⚪ | Skill bao trùm kiến trúc bộ nhớ agent: ngắn hạn (context window), dài hạn (vector stores), và các kiến trúc nhận thức để tổ chức chúng. | `skills/agent-memory-systems` |
| **agent-tool-builder** | ⚪ | Thiết kế công cụ từ schema đến xử lý lỗi. JSON Schema best practices, viết mô tả giúp LLM hiểu, validation, và chuẩn MCP mới nổi. | `skills/agent-tool-builder` |
| **ai-agents-architect** | ⚪ | Chuyên gia thiết kế và xây dựng các AI agent tự chủ. Làm chủ việc sử dụng công cụ, hệ thống bộ nhớ, chiến lược lập kế hoạch và điều phối đa tác nhân. | `skills/ai-agents-architect` |
| **ai-product** | ⚪ | Các mẫu tích hợp LLM, kiến trúc RAG, prompt engineering mở rộng, AI UX mà người dùng tin tưởng, và tối ưu hóa chi phí. | `skills/ai-product` |
| **ai-wrapper-product** | ⚪ | Chuyên gia xây dựng các sản phẩm bao bọc (wrap) AI APIs (OpenAI, Anthropic...) thành các công cụ tập trung giải quyết vấn đề cụ thể. | `skills/ai-wrapper-product` |
| **algolia-search** | ⚪ | Các mẫu chuyên gia để triển khai tìm kiếm Algolia, chiến lược đánh chỉ mục (indexing), React InstantSearch và tinh chỉnh độ liên quan. | `skills/algolia-search` |
| **algorithmic-art** | ⚪ | Tạo nghệ thuật thuật toán sử dụng p5.js với tính ngẫu nhiên có hạt giống (seeded randomness) và tham số tương tác. | `skills/algorithmic-art` |
| **analytics-tracking** | ⚪ | Thiết kế, kiểm toán và cải thiện hệ thống theo dõi phân tích (GA4, GTM, product analytics, events, conversions, UTMs). | `skills/analytics-tracking` |
| **API Fuzzing for Bug Bounty** | ⚪ | Dùng khi user yêu cầu "test bảo mật API", "fuzz APIs", "tìm lỗi IDOR", "test REST/GraphQL API", "kiểm thử xâm nhập API". | `skills/api-fuzzing-bug-bounty` |
| **api-documentation-generator** | ⚪ | Tạo tài liệu API toàn diện, thân thiện với lập trình viên từ code, bao gồm endpoints, tham số, ví dụ. | `skills/api-documentation-generator` |
| **api-patterns** | ⚪ | Nguyên tắc thiết kế API và ra quyết định. Chọn REST vs GraphQL vs tRPC, định dạng phản hồi, versioning, phân trang. | `skills/api-patterns` |
| **api-security-best-practices** | ⚪ | Triển khai các mẫu thiết kế API bảo mật bao gồm xác thực, phân quyền, validate đầu vào, rate limiting. | `skills/api-security-best-practices` |
| **app-builder** | ⚪ | Bộ điều phối xây dựng ứng dụng chính. Tạo ứng dụng full-stack từ yêu cầu ngôn ngữ tự nhiên. Xác định loại dự án, chọn tech stack. | `skills/app-builder` |
| **app-store-optimization** | ⚪ | Bộ công cụ ASO hoàn chỉnh để nghiên cứu, tối ưu hóa và theo dõi hiệu suất ứng dụng trên Apple App Store và Google Play Store. | `skills/app-store-optimization` |
| **architecture** | ⚪ | Khung ra quyết định kiến trúc. Phân tích yêu cầu, đánh giá đánh đổi (trade-off), tài liệu hóa ADR. | `skills/architecture` |
| **autonomous-agent-patterns** | ⚪ | Các mẫu thiết kế để xây dựng coding agent tự chủ. Tích hợp công cụ, hệ thống quyền, tự động hóa trình duyệt, quy trình human-in-the-loop. | `skills/autonomous-agent-patterns` |
| **autonomous-agents** | ⚪ | Skill bao trùm các vòng lặp agent (ReAct, Plan-Execute), phân rã mục tiêu, mẫu phản tư (reflection), và độ tin cậy trong production. | `skills/autonomous-agents` |
| **avalonia-layout-zafiro** | ⚪ | Hướng dẫn layout Avalonia UI hiện đại sử dụng Zafiro.Avalonia, nhấn mạnh style chia sẻ, component generic. | `skills/avalonia-layout-zafiro` |
| **avalonia-viewmodels-zafiro** | ⚪ | Các mẫu tạo ViewModel và Wizard tối ưu cho Avalonia sử dụng Zafiro và ReactiveUI. | `skills/avalonia-viewmodels-zafiro` |
| **avalonia-zafiro-development** | ⚪ | Các quy tắc bắt buộc, quy ước và hành vi để phát triển Avalonia UI sử dụng bộ công cụ Zafiro. | `skills/avalonia-zafiro-development` |
| **AWS Penetration Testing** | ⚪ | Dùng khi user yêu cầu "pentest AWS", "test bảo mật AWS", "khai thác IAM", "leo thang đặc quyền AWS", "test S3 bucket", "SSRF metadata"... | `skills/aws-penetration-testing` |
| **aws-serverless** | ⚪ | Kỹ năng chuyên sâu xây dựng ứng dụng serverless ready-for-production trên AWS (Lambda, API Gateway, DynamoDB, SQS/SNS, SAM/CDK). | `skills/aws-serverless` |
| **azure-functions** | ⚪ | Các mẫu chuyên gia phát triển Azure Functions bao gồm isolated worker model, Durable Functions, tối ưu cold start. | `skills/azure-functions` |
| **backend-dev-guidelines** | ⚪ | Tiêu chuẩn phát triển backend (có quan điểm riêng) cho Node.js + Express + TypeScript microservices. | `skills/backend-dev-guidelines` |
| **backend-patterns** | ⚪ | Các mẫu kiến trúc backend, thiết kế API, tối ưu database, và best practices phía server cho Node.js, Express, Next.js API routes. | `skills/cc-skill-backend-patterns` |
| **bash-linux** | ⚪ | Các mẫu Bash/Linux terminal. Các lệnh quan trọng, piping, xử lý lỗi, scripting. | `skills/bash-linux` |
| **behavioral-modes** | ⚪ | Các chế độ vận hành AI (brainstorm, implement, debug, review, teach, ship, orchestrate). | `skills/behavioral-modes` |
| **blockrun** | ⚪ | Dùng khi user cần các khả năng mà Claude thiếu (tạo ảnh, dữ liệu X/Twitter thời gian thực) hoặc yêu cầu dùng model ngoài ("use gpt", "dall-e"). | `skills/blockrun` |
| **brainstorming** | ⚪ | Dùng skill này trước bất kỳ công việc sáng tạo hay xây dựng nào. Biến ý tưởng mơ hồ thành thiết kế đã được kiểm chứng. | `skills/brainstorming` |
| **brand-guidelines** | ⚪ | Áp dụng màu sắc và font chữ thương hiệu chính thức của Anthropic (Bản Official). | `skills/brand-guidelines-anthropic` |
| **brand-guidelines** | ⚪ | Áp dụng màu sắc và font chữ thương hiệu chính thức của Anthropic (Bản Community). | `skills/brand-guidelines-community` |
| **Broken Authentication Testing** | ⚪ | Hướng dẫn kiểm tra lỗi xác thực, quản lý phiên, credential stuffing, chính sách mật khẩu, session fixation. | `skills/broken-authentication` |
| **browser-automation** | ⚪ | Tự động hóa trình duyệt với Playwright (khuyên dùng) và Puppeteer. Các mẫu để test, scrape, và điều khiển agent. | `skills/browser-automation` |
| **browser-extension-builder** | ⚪ | Chuyên gia xây dựng extension trình duyệt (Chrome, Firefox, cross-browser). Manifest v3, content scripts, popup UI. | `skills/browser-extension-builder` |
| **bullmq-specialist** | ⚪ | Chuyên gia BullMQ cho hàng đợi job Redis, xử lý nền (background processing) tin cậy trong Node.js/TypeScript. | `skills/bullmq-specialist` |
| **bun-development** | ⚪ | Phát triển JavaScript/TypeScript hiện đại với Bun runtime. Quản lý gói, bundling, testing, và di chuyển từ Node.js. | `skills/bun-development` |
| **Burp Suite Web Application Testing** | ⚪ | Hướng dẫn sử dụng Burp Suite: intercept traffic, modify requests, scan vulnerabilities, dùng Repeater. | `skills/burp-suite-testing` |
| **busybox-on-windows** | ⚪ | Cách sử dụng bản build Win32 của BusyBox để chạy các công cụ dòng lệnh UNIX tiêu chuẩn trên Windows. | `skills/busybox-on-windows` |
| **canvas-design** | ⚪ | Tạo nghệ thuật thị giác đẹp mắt trong tài liệu .png và .pdf sử dụng triết lý thiết kế. | `skills/canvas-design` |
| **cc-skill-continuous-learning** | ⚪ | Kỹ năng phát triển từ everything-claude-code | `skills/cc-skill-continuous-learning` |
| **cc-skill-project-guidelines-example** | ⚪ | Skill Hướng Dẫn Dự Án (Ví dụ minh họa) | `skills/cc-skill-project-guidelines-example` |
| **cc-skill-strategic-compact** | ⚪ | Kỹ năng phát triển từ everything-claude-code | `skills/cc-skill-strategic-compact` |
| **Claude Code Guide** | ⚪ | Hướng dẫn tổng thể để sử dụng Claude Code hiệu quả. Cấu hình, chiến lược prompt, từ khóa "Thinking", debug. | `skills/claude-code-guide` |
| **clean-code** | ⚪ | Tiêu chuẩn code thực dụng - súc tích, trực tiếp, không over-engineering, không comment thừa thãi. | `skills/clean-code` |
| **clerk-auth** | ⚪ | Các mẫu chuyên gia cho tích hợp Clerk auth, middleware, organizations, webhooks, và đồng bộ user. | `skills/clerk-auth` |
| **clickhouse-io** | ⚪ | Các mẫu database ClickHouse, tối ưu query, analytics, và best practices kỹ thuật dữ liệu. | `skills/cc-skill-clickhouse-io` |
| **Cloud Penetration Testing** | ⚪ | Hướng dẫn pentest AWS, Azure, GCP. Enumeration tài nguyên, khai thác cấu hình sai, lấy secrets, audit hạ tầng. | `skills/cloud-penetration-testing` |
| **code-review-checklist** | ⚪ | Danh sách kiểm tra toàn diện để thực hiện code review kỹ lưỡng (chức năng, bảo mật, hiệu năng, bảo trì). | `skills/code-review-checklist` |
| **codex-review** | ⚪ | Code review chuyên nghiệp với tạo CHANGELOG tự động, tích hợp với Codex AI. | `skills/codex-review` |
| **coding-standards** | ⚪ | Tiêu chuẩn code phổ quát, best practices và pattern cho TypeScript, JavaScript, React, và Node.js. | `skills/cc-skill-coding-standards` |
| **competitor-alternatives** | ⚪ | Tạo các trang so sánh đối thủ hoặc trang thay thế (alternative pages) cho SEO và hỗ trợ bán hàng. | `skills/competitor-alternatives` |
| **computer-use-agents** | ⚪ | Xây dựng AI agent tương tác máy tính như con người (nhìn màn hình, di chuột, click, gõ phím). | `skills/computer-use-agents` |
| **concise-planning** | ⚪ | Dùng khi user yêu cầu một kế hoạch cho tác vụ code, tạo ra checklist rõ ràng, khả thi và nguyên tử (atomic). | `skills/concise-planning` |
| **content-creator** | ⚪ | Tạo nội dung marketing tối ưu SEO với giọng văn thương hiệu nhất quán. Bao gồm phân tích giọng văn, tối ưu SEO. | `skills/content-creator` |
| **context-window-management** | ⚪ | Các chiến lược quản lý cửa sổ ngữ cảnh LLM bao gồm tóm tắt, cắt tỉa (trimming), định tuyến (routing). | `skills/context-window-management` |
| **context7-auto-research** | ⚪ | Tự động lấy tài liệu thư viện/framework mới nhất cho Claude Code thông qua Context7 API. | `skills/context7-auto-research` |
| **conversation-memory** | ⚪ | Hệ thống bộ nhớ bền vững cho hội thoại LLM bao gồm ngắn hạn, dài hạn và bộ nhớ dựa trên thực thể. | `skills/conversation-memory` |
| **copy-editing** | ⚪ | Dùng khi user muốn chỉnh sửa, review hoặc cải thiện nội dung marketing hiện có. Cách tiếp cận hệ thống qua nhiều lượt quét. | `skills/copy-editing` |
| **copywriting** | ⚪ | Dùng khi viết, viết lại hoặc cải thiện nội dung marketing cho bất kỳ trang nào (landing page, pricing, about...). | `skills/copywriting` |
| **core-components** | ⚪ | Thư viện component cốt lõi và các mẫu hệ thống thiết kế (design system). | `skills/core-components` |
| **crewai** | ⚪ | Chuyên gia CrewAI - framework đa tác nhân (multi-agent) dựa trên vai trò. Thiết kế agent, task, orchestrate crew. | `skills/crewai` |
| **Cross-Site Scripting and HTML Injection Testing** | ⚪ | Hướng dẫn test lỗi XSS, HTML injection, khai thác injection phía client, đánh cắp cookie. | `skills/xss-html-injection` |
| **d3-viz** | ⚪ | Tạo trực quan hóa dữ liệu tương tác bằng d3.js. Biểu đồ tùy chỉnh, đồ thị mạng, bản đồ địa lý. | `skills/claude-d3js-skill` |
| **daily-news-report** | ⚪ | Dựa trên danh sách URL, cào nội dung, lọc tin kỹ thuật chất lượng cao và tạo báo cáo Markdown hàng ngày. | `skills/daily-news-report` |
| **database-design** | ⚪ | Nguyên tắc thiết kế cơ sở dữ liệu. Thiết kế schema, chiến lược index, chọn ORM, serverless databases. | `skills/database-design` |
| **deployment-procedures** | ⚪ | Nguyên tắc triển khai production. Quy trình deploy an toàn, chiến lược rollback, xác thực. | `skills/deployment-procedures` |
| **design-orchestration** | ⚪ | Điều phối quy trình thiết kế thông qua brainstorming, review đa tác nhân, và sẵn sàng thực thi theo đúng thứ tự. | `skills/design-orchestration` |
| **discord-bot-architect** | ⚪ | Kỹ năng chuyên sâu xây dựng Discord bot production-ready. Discord.js, Pycord, slash commands, sharding. | `skills/discord-bot-architect` |
| **dispatching-parallel-agents** | ⚪ | Dùng khi đối mặt với 2+ nhiệm vụ độc lập có thể thực hiện mà không chia sẻ trạng thái hoặc phụ thuộc tuần tự. | `skills/dispatching-parallel-agents` |
| **doc-coauthoring** | ⚪ | Hướng dẫn quy trình đồng tác giả tài liệu (proposal, technical spec, decision docs). | `skills/doc-coauthoring` |
| **docker-expert** | ⚪ | Chuyên gia Docker containerization. Multi-stage builds, tối ưu image, bảo mật container, Docker Compose orchestration. | `skills/docker-expert` |
| **documentation-templates** | ⚪ | Các mẫu tài liệu và hướng dẫn cấu trúc. README, API docs, comment code, tài liệu thân thiện với AI. | `skills/documentation-templates` |
| **docx** | ⚪ | Xử lý tài liệu .docx toàn diện: Tạo mới, chỉnh sửa, theo dõi thay đổi (tracked changes), comment. (Bản Official) | `skills/docx-official` |
| **email-sequence** | ⚪ | Tạo hoặc tối ưu chuỗi email (drip campaign), luồng email tự động, email vòng đời (lifecycle). | `skills/email-sequence` |
| **email-systems** | ⚪ | Kiến thức về hệ thống email: transactional email, marketing automation, deliverability, và các quyết định hạ tầng. | `skills/email-systems` |
| **environment-setup-guide** | ⚪ | Hướng dẫn thiết lập môi trường phát triển với các công cụ, dependencies và cấu hình phù hợp. | `skills/environment-setup-guide` |
| **Ethical Hacking Methodology** | ⚪ | Phương pháp và kỹ thuật one hacker đạo đức toàn diện: trinh sát, quét, khai thác, viết báo cáo. | `skills/ethical-hacking-methodology` |
| **exa-search** | ⚪ | Tìm kiếm ngữ nghĩa, khám phá nội dung tương tự và nghiên cứu có cấu trúc sử dụng Exa API. | `skills/exa-search` |
| **executing-plans** | ⚪ | Dùng khi bạn đã có một kế hoạch triển khai (implementation plan) để thực thi trong một phiên làm việc riêng. | `skills/executing-plans` |
| **File Path Traversal Testing** | ⚪ | Hướng dẫn test lỗi Directory Traversal, LFI, đọc file tùy ý trên server. | `skills/file-path-traversal` |
| **file-organizer** | ⚪ | Tổ chức file và folder thông minh dựa trên ngữ cảnh, tìm file trùng lặp, đề xuất cấu trúc tốt hơn. | `skills/file-organizer` |
| **file-uploads** | ⚪ | Chuyên gia xử lý upload file và lưu trữ đám mây (S3, R2, presigned URLs, multipart uploads). | `skills/file-uploads` |
| **finishing-a-development-branch** | ⚪ | Dùng khi hoàn thành cài đặt, tất cả test đã pass, và cần quyết định cách tích hợp (merge, PR, cleanup). | `skills/finishing-a-development-branch` |
| **firebase** | ⚪ | Chuyên gia Firebase: Authentication, Firestore, Realtime Database, Cloud Functions, Storage, Hosting. | `skills/firebase` |
| **firecrawl-scraper** | ⚪ | Deep web scraping, chụp ảnh màn hình, phân tích PDF, và cào website sử dụng Firecrawl API. | `skills/firecrawl-scraper` |
| **form-cro** | ⚪ | Tối ưu hóa bất kỳ form nào KHÔNG phải là đăng ký tài khoản (lead capture, contact, checkout...). | `skills/form-cro` |
| **free-tool-strategy** | ⚪ | Lên kế hoạch, đánh giá hoặc xây dựng công cụ miễn phí cho mục đích marketing (engineering as marketing). | `skills/free-tool-strategy` |
| **frontend-design** | ⚪ | Tạo giao diện frontend đặc sắc, chất lượng cao, thẩm mỹ có chủ đích (không chung chung). | `skills/frontend-design` |
| **frontend-dev-guidelines** | ⚪ | Tiêu chuẩn phát triển frontend (có quan điểm riêng) cho ứng dụng React + TypeScript hiện đại. | `skills/frontend-dev-guidelines` |
| **frontend-patterns** | ⚪ | Các pattern frontend cho React, Next.js, quản lý state, tối ưu hiệu năng. | `skills/cc-skill-frontend-patterns` |
| **game-art** | ⚪ | Nguyên tắc nghệ thuật game. Chọn phong cách hình ảnh, pipeline tài sản, quy trình hoạt hình. | `skills/game-development/game-art` |
| **game-audio** | ⚪ | Nguyên tắc âm thanh game. Thiết kế âm thanh, tích hợp nhạc, hệ thống âm thanh thích ứng. | `skills/game-development/game-audio` |
| **game-design** | ⚪ | Nguyên tắc thiết kế game. Cấu trúc GDD, cân bằng game, tâm lý người chơi. | `skills/game-development/game-design` |
| **game-development** | ⚪ | Bộ điều phối phát triển game. Định tuyến đến các skill cụ thể theo nền tảng dựa trên nhu cầu dự án. | `skills/game-development` |
| **gcp-cloud-run** | ⚪ | Kỹ năng chuyên sâu xây dựng ứng dụng serverless trên GCP (Cloud Run, Cloud Run Functions, Pub/Sub). | `skills/gcp-cloud-run` |
| **geo-fundamentals** | ⚪ | Generative Engine Optimization (GEO) cho các công cụ tìm kiếm AI (ChatGPT, Claude, Perplexity). | `skills/geo-fundamentals` |
| **git-pushing** | ⚪ | Stage, commit, và push thay đổi git với commit message chuẩn "conventional commit". | `skills/git-pushing` |
| **github-workflow-automation** | ⚪ | Tự động hóa quy trình GitHub với sự hỗ trợ của AI (PR reviews, issue triage, CI/CD, Git operations). | `skills/github-workflow-automation` |
| **graphql** | ⚪ | Thiết kế schema GraphQL, resolvers, DataLoader ngăn chặn N+1, federation cho microservices. | `skills/graphql` |
| **HTML Injection Testing** | ⚪ | Hướng dẫn test lỗi HTML injection, deface ứng dụng web, content injection. | `skills/html-injection-testing` |
| **hubspot-integration** | ⚪ | Các mẫu tích hợp HubSpot CRM bao gồm OAuth, CRM objects, webhooks, custom objects. | `skills/hubspot-integration` |
| **i18n-localization** | ⚪ | Các mẫu Quốc tế hóa (i18n) và Bản địa hóa (localization). Phát hiện chuỗi hardcoded, quản lý dịch. | `skills/i18n-localization` |
| **IDOR Vulnerability Testing** | ⚪ | Hướng dẫn test lỗi IDOR (Insecure Direct Object References), broken access control. | `skills/idor-testing` |
| **inngest** | ⚪ | Chuyên gia Inngest cho background jobs serverless-first, luồng công việc theo sự kiện (event-driven). | `skills/inngest` |
| **interactive-portfolio** | ⚪ | Chuyên gia xây dựng portfolio giúp trúng tuyển công việc và khách hàng - không chỉ show tác phẩm mà tạo trải nghiệm. | `skills/interactive-portfolio` |
| **internal-comms** | ⚪ | Tài nguyên viết truyền thông nội bộ (official Anthropic context). | `skills/internal-comms-anthropic` |
| **internal-comms** | ⚪ | Tài nguyên viết truyền thông nội bộ (community context). | `skills/internal-comms-community` |
| **javascript-mastery** | ⚪ | Tài liệu tham khảo JavaScript toàn diện bao gồm 33+ khái niệm cốt lõi mọi developer cần biết. | `skills/javascript-mastery` |
| **kaizen** | ⚪ | Hướng dẫn cải tiến liên tục, phòng chống lỗi (error proofing) và tiêu chuẩn hóa. | `skills/kaizen` |
| **langfuse** | ⚪ | Chuyên gia Langfuse - nền tảng LLM observability. Tracing, quản lý prompt, đánh giá (evaluation). | `skills/langfuse` |
| **langgraph** | ⚪ | Chuyên gia LangGraph - framework xây dựng ứng dụng AI đa tác nhân có trạng thái (stateful). | `skills/langgraph` |
| **last30days** | ⚪ | Nghiên cứu một chủ đề trong 30 ngày qua trên Reddit + X + Web, trở thành chuyên gia và viết prompt. | `skills/last30days` |
| **launch-strategy** | ⚪ | Lên kế hoạch ra mắt sản phẩm, công bố tính năng, chiến lược go-to-market. | `skills/launch-strategy` |
| **lint-and-validate** | ⚪ | Quy trình kiểm soát chất lượng tự động, linting và phân tích tĩnh (static analysis). | `skills/lint-and-validate` |
| **Linux Privilege Escalation** | ⚪ | Hướng dẫn leo thang đặc quyền trên Linux: sudo, SUID, cron jobs, kernel exploits. | `skills/linux-privilege-escalation` |
| **Linux Production Shell Scripts** | ⚪ | Các mẫu shell script production-ready cho quản trị hệ thống Linux. | `skills/linux-shell-scripting` |
| **llm-app-patterns** | ⚪ | Các mẫu production-ready để xây dựng ứng dụng LLM (RAG pipelines, agent architectures, LLMOps). | `skills/llm-app-patterns` |
| **loki-mode** | ⚪ | Hệ thống startup tự động đa tác nhân cho Claude Code. Điều phối 100+ agent chuyên biệt. (Yêu cầu cờ --dangerously-skip-permissions). | `skills/loki-mode` |
| **marketing-ideas** | ⚪ | Cung cấp chiến lược marketing đã được kiểm chứng và ý tưởng tăng trưởng cho SaaS/software. | `skills/marketing-ideas` |
| **marketing-psychology** | ⚪ | Áp dụng khoa học hành vi và mô hình tư duy vào các quyết định marketing. | `skills/marketing-psychology` |
| **mcp-builder** | ⚪ | Hướng dẫn tạo MCP (Model Context Protocol) servers chất lượng cao (Python/Node). | `skills/mcp-builder` |
| **Metasploit Framework** | ⚪ | Hướng dẫn sử dụng Metasploit: msfconsole, msfvenom, post-exploitation, auxiliary modules. | `skills/metasploit-framework` |
| **micro-saas-launcher** | ⚪ | Chuyên gia ra mắt sản phẩm SaaS nhỏ (micro-SaaS) nhanh chóng - tiếp cận kiểu indie hacker. | `skills/micro-saas-launcher` |
| **mobile-design** | ⚪ | Học thuyết thiết kế và kỹ thuật mobile-first cho iOS và Android (React Native, Flutter, Native). | `skills/mobile-design` |
| **mobile-games** | ⚪ | Nguyên tắc phát triển game mobile. Cảm ứng, pin, hiệu năng, app stores. | `skills/game-development/mobile-games` |
| **moodle-external-api-development** | ⚪ | Tạo web service APIs tùy chỉnh bên ngoài cho Moodle LMS. | `skills/moodle-external-api-development` |
| **multi-agent-brainstorming** | ⚪ | Điều phối quy trình đánh giá thiết kế đa tác nhân tuần tự, có cấu trúc để giảm rủi ro. | `skills/multi-agent-brainstorming` |
| **multiplayer** | ⚪ | Nguyên tắc phát triển game multiplayer. Kiến trúc, mạng, đồng bộ hóa. | `skills/game-development/multiplayer` |
| **neon-postgres** | ⚪ | Các mẫu chuyên gia cho Neon serverless Postgres, branching, connection pooling. | `skills/neon-postgres` |
| **nestjs-expert** | ⚪ | Chuyên gia framework Nest.js: module architecture, dependency injection, guards, interceptors. | `skills/nestjs-expert` |
| **Network 101** | ⚪ | Hướng dẫn cơ bản về mạng: thiết lập web server, HTTP/HTTPS, SNMP, SMB, test services. | `skills/network-101` |
| **nextjs-best-practices** | ⚪ | Nguyên tắc Next.js App Router. Server Components, data fetching, routing patterns. | `skills/nextjs-best-practices` |
| **nextjs-supabase-auth** | ⚪ | Tích hợp chuyên gia Supabase Auth với Next.js App Router. | `skills/nextjs-supabase-auth` |
| **nodejs-best-practices** | ⚪ | Nguyên tắc phát triển Node.js. Chọn framework, async patterns, bảo mật. | `skills/nodejs-best-practices` |
| **nosql-expert** | ⚪ | Hướng dẫn chuyên môn cho databases NoSQL phân tán (Cassandra, DynamoDB). | `skills/nosql-expert` |
| **notebooklm** | ⚪ | Truy vấn Google NotebookLM notebooks trực tiếp từ Claude Code để có câu trả lời có trích dẫn. | `skills/notebooklm` |
| **notion-template-business** | ⚪ | Chuyên gia xây dựng và bán Notion templates như một mô hình kinh doanh. | `skills/notion-template-business` |
| **obsidian-clipper-template-creator** | ⚪ | Hướng dẫn tạo template cho Obsidian Web Clipper. | `skills/obsidian-clipper-template-creator` |
| **onboarding-cro** | ⚪ | Tối ưu hóa onboarding sau đăng ký, kích hoạt người dùng (user activation), time-to-value. | `skills/onboarding-cro` |
| **page-cro** | ⚪ | Phân tích và tối ưu hóa các trang đơn lẻ (homepage, landing page) để tăng tỷ lệ chuyển đổi. | `skills/page-cro` |
| **paid-ads** | ⚪ | Hỗ trợ chiến dịch quảng cáo trả phí trên Google Ads, Meta, LinkedIn, Twitter/X. | `skills/paid-ads` |
| **parallel-agents** | ⚪ | Các mẫu điều phối đa tác nhân song song (parallel orchestration). | `skills/parallel-agents` |
| **paywall-upgrade-cro** | ⚪ | Tạo hoặc tối ưu in-app paywalls, màn hình nâng cấp, upsell modals. | `skills/paywall-upgrade-cro` |
| **pc-games** | ⚪ | Nguyên tắc phát triển game PC/Console. Chọn engine, tối ưu hóa. | `skills/game-development/pc-games` |
| **pdf** | ⚪ | Bộ công cụ xử lý PDF toàn diện: trích xuất text/table, merge/split, xử lý form. (Bản Official) | `skills/pdf-official` |
| **Pentest Checklist** | ⚪ | Danh sách kiểm tra và lên kế hoạch cho một cuộc kiểm thử xâm nhập (pentest). | `skills/pentest-checklist` |
| **Pentest Commands** | ⚪ | Các lệnh pentest thiết yếu: nmap, metasploit, hydra, john, nikto... | `skills/pentest-commands` |
| **performance-profiling** | ⚪ | Nguyên tắc hồ sơ hiệu năng (profiling). Đo lường, phân tích và tối ưu hóa. | `skills/performance-profiling` |
| **personal-tool-builder** | ⚪ | Chuyên gia xây dựng các công cụ tùy chỉnh (custom tools) để giải quyết vấn đề cá nhân (scratch your own itch). | `skills/personal-tool-builder` |
| **plaid-fintech** | ⚪ | Các mẫu tích hợp Plaid API: Link token, transactions sync, identity verification, ACH auth. | `skills/plaid-fintech` |
| **plan-writing** | ⚪ | Lập kế hoạch tác vụ có cấu trúc với các phân rã rõ ràng, phụ thuộc và tiêu chí xác minh. | `skills/plan-writing` |
| **planning-with-files** | ⚪ | Triển khai lập kế hoạch dựa trên file kiểu Manus (task_plan.md, findings.md...) cho các tác vụ phức tạp. | `skills/planning-with-files` |
| **playwright-skill** | ⚪ | Tự động hóa trình duyệt hoàn chỉnh với Playwright. Test web, fill forms, screenshots. | `skills/playwright-skill` |
| **popup-cro** | ⚪ | Tạo và tối ưu popups, modals, overlays để tăng chuyển đổi mà không gây khó chịu. | `skills/popup-cro` |
| **powershell-windows** | ⚪ | Các mẫu PowerShell Windows. Cạm bẫy quan trọng, cú pháp operator, xử lý lỗi. | `skills/powershell-windows` |
| **pptx** | ⚪ | Tạo, chỉnh sửa và phân tích bài thuyết trình PowerPoint (.pptx). (Bản Official) | `skills/pptx-official` |
| **pricing-strategy** | ⚪ | Thiết kế chiến lược giá, đóng gói và kiếm tiền dựa trên giá trị và mục tiêu tăng trưởng. | `skills/pricing-strategy` |
| **prisma-expert** | ⚪ | Chuyên gia Prisma ORM: thiết kế schema, migrations, tối ưu query. | `skills/prisma-expert` |
| **Privilege Escalation Methods** | ⚪ | Các phương pháp leo thang đặc quyền chung: post-exploitation cho Linux/Windows. | `skills/privilege-escalation-methods` |
| **product-manager-toolkit** | ⚪ | Bộ công cụ toàn diện cho Product Manager (RICE, phỏng vấn khách hàng, PRD, GTM). | `skills/product-manager-toolkit` |
| **production-code-audit** | ⚪ | Tự động quét sâu codebase, hiểu kiến trúc và chuyển đổi sang chất lượng production-grade. | `skills/production-code-audit` |
| **programmatic-seo** | ⚪ | Thiết kế và đánh giá chiến lược SEO lập trình (programmatic SEO) để tạo trang quy mô lớn. | `skills/programmatic-seo` |
| **prompt-caching** | ⚪ | Các chiến lược caching cho LLM prompts (Anthropic prompt caching, CAG). | `skills/prompt-caching` |
| **prompt-engineer** | ⚪ | Chuyên gia thiết kế prompt hiệu quả cho ứng dụng LLM. Few-shot, Chain of Thought... | `skills/prompt-engineer` |
| **prompt-engineering** | ⚪ | Hướng dẫn chuyên gia về các mẫu prompt engineering, best practices và kỹ thuật tối ưu hóa. | `skills/prompt-engineering` |
| **prompt-library** | ⚪ | Bộ sưu tập các prompt chất lượng cao được tuyển chọn cho nhiều trường hợp sử dụng. | `skills/prompt-library` |
| **python-patterns** | ⚪ | Nguyên tắc phát triển Python. Chọn framework, async patterns, type hints. | `skills/python-patterns` |
| **rag-engineer** | ⚪ | Chuyên gia xây dựng hệ thống RAG (Retrieval-Augmented Generation). | `skills/rag-engineer` |
| **rag-implementation** | ⚪ | Các mẫu triển khai RAG bao gồm chunking, embeddings, vector stores. | `skills/rag-implementation` |
| **react-patterns** | ⚪ | Các mẫu React hiện đại. Hooks, composition, hiệu năng, TypeScript best practices. | `skills/react-patterns` |
| **react-ui-patterns** | ⚪ | Các mẫu React UI hiện đại cho loading states, error handling, và data fetching. | `skills/react-ui-patterns` |
| **receiving-code-review** | ⚪ | Dùng khi nhận phản hồi code review, trước khi thực hiện để xác minh kỹ thuật. | `skills/receiving-code-review` |
| **Red Team Tools and Methodology** | ⚪ | Phương pháp và công cụ Red Team: bug bounty hunting, trinh sát tự động, XSS hunting... | `skills/red-team-tools` |
| **red-team-tactics** | ⚪ | Nguyên tắc chiến thuật Red Team dựa trên MITRE ATT&CK. | `skills/red-team-tactics` |
| **referral-program** | ⚪ | Tạo, tối ưu và phân tích chương trình giới thiệu, affiliate, hoặc chiến lược truyền miệng. | `skills/referral-program` |
| **remotion-best-practices** | ⚪ | Best practices cho Remotion - Tạo video bằng React. | `skills/remotion-best-practices` |
| **requesting-code-review** | ⚪ | Dùng khi hoàn thành tác vụ, trước khi merge để xác minh công việc đáp ứng yêu cầu. | `skills/requesting-code-review` |
| **research-engineer** | ⚪ | Kỹ sư nghiên cứu học thuật không khoan nhượng. Tập trung vào tính chính xác lý thuyết và xác minh hình thức. | `skills/research-engineer` |
| **salesforce-development** | ⚪ | Các mẫu chuyên gia phát triển Salesforce (LWC, Apex, APIs, Salesforce DX). | `skills/salesforce-development` |
| **schema-markup** | ⚪ | Thiết kế, validate và tối ưu schema.org structured data cho SEO. | `skills/schema-markup` |
| **scroll-experience** | ⚪ | Chuyên gia xây dựng trải nghiệm cuộn (scroll-driven experiences) - parallax, scrollytelling. | `skills/scroll-experience` |
| **Security Scanning Tools** | ⚪ | Hướng dẫn sử dụng các công cụ quét bảo mật mạng, web, cloud. | `skills/scanning-tools` |
| **security-review** | ⚪ | Danh sách kiểm tra bảo mật toàn diện khi thêm auth, xử lý input, secrets, API. | `skills/cc-skill-security-review` |
| **segment-cdp** | ⚪ | Các mẫu chuyên gia cho Segment CDP (Analytics.js, Protocols, identity resolution). | `skills/segment-cdp` |
| **senior-architect** | ⚪ | Kỹ năng kiến trúc phần mềm toàn diện cho việc thiết kế hệ thống mở rộng, dễ bảo trì. | `skills/senior-architect` |
| **senior-fullstack** | ⚪ | Kỹ năng phát triển fullstack toàn diện (React, Next.js, Node.js, GraphQL, PostgreSQL). | `skills/senior-fullstack` |
| **seo-audit** | ⚪ | Chẩn đoán và kiểm toán các vấn đề SEO ảnh hưởng đến khả năng thu thập dữ liệu, lập chỉ mục và xếp hạng. | `skills/seo-audit` |
| **seo-fundamentals** | ⚪ | Các nguyên tắc cốt lõi của SEO (E-E-A-T, Core Web Vitals, nền tảng kỹ thuật). | `skills/seo-fundamentals` |
| **server-management** | ⚪ | Nguyên tắc quản lý máy chủ. Quản lý quy trình, giám sát, mở rộng. | `skills/server-management` |
| **Shodan Reconnaissance and Pentesting** | ⚪ | Hướng dẫn sử dụng Shodan để trinh sát và pentest: tìm thiết bị lộ lọt, scan IP ranges... | `skills/shodan-reconnaissance` |
| **shopify-apps** | ⚪ | Các mẫu chuyên gia phát triển ứng dụng Shopify (Remix, App Bridge, GraphQL Admin API). | `skills/shopify-apps` |
| **shopify-development** | ⚪ | Xây dựng Shopify apps, extensions, themes dùng GraphQL, CLI, Polaris, Liquid. | `skills/shopify-development` |
| **signup-flow-cro** | ⚪ | Tối ưu hóa quy trình đăng ký, tạo tài khoản, kích hoạt dùng thử. | `skills/signup-flow-cro` |
| **skill-creator** | ⚪ | Hướng dẫn tạo skill hiệu quả. Dùng khi user muốn tạo skill mới hoặc cập nhật skill cũ. | `skills/skill-creator` |
| **skill-developer** | ⚪ | Tạo và quản lý Claude Code skills theo best practices của Anthropic. | `skills/skill-developer` |
| **slack-bot-builder** | ⚪ | Xây dựng Slack apps sử dụng Bolt framework (Python/JS/Java). Block Kit, slash commands. | `skills/slack-bot-builder` |
| **slack-gif-creator** | ⚪ | Kiến thức và tiện ích để tạo GIF hoạt hình tối ưu cho Slack. | `skills/slack-gif-creator` |
| **SMTP Penetration Testing** | ⚪ | Hướng dẫn pentest SMTP: enumerate users, open mail relays, brute force. | `skills/smtp-penetration-testing` |
| **social-content** | ⚪ | Hỗ trợ tạo, lên lịch, tối ưu nội dung mạng xã hội (LinkedIn, Twitter, Instagram...). | `skills/social-content` |
| **software-architecture** | ⚪ | Hướng dẫn kiến trúc phần mềm tập trung vào chất lượng. | `skills/software-architecture` |
| **SQL Injection Testing** | ⚪ | Hướng dẫn test lỗi SQL Injection (SQLi), khai thác lỗ hổng truy vấn database. | `skills/sql-injection-testing` |
| **SQLMap Database Penetration Testing** | ⚪ | Hướng dẫn sử dụng SQLMap để tự động hóa test SQL injection và dump database. | `skills/sqlmap-database-pentesting` |
| **SSH Penetration Testing** | ⚪ | Hướng dẫn pentest SSH: enumerate config, brute force, exploit vulnerabilities. | `skills/ssh-penetration-testing` |
| **stripe-integration** | ⚪ | Hướng dẫn tích hợp Stripe toàn diện: Payments, subscriptions, billing portal, webhooks. | `skills/stripe-integration` |
| **subagent-driven-development** | ⚪ | Dùng khi thực thi kế hoạch triển khai với các nhiệm vụ độc lập trong phiên hiện tại. | `skills/subagent-driven-development` |
| **supabase-postgres-best-practices** | ⚪ | Tối ưu hóa hiệu năng Postgres và best practices từ Supabase. | `skills/postgres-best-practices` |
| **systematic-debugging** | ⚪ | Dùng khi gặp bug, test fail hoặc hành vi không mong muốn, trước khi đề xuất sửa lỗi. | `skills/systematic-debugging` |
| **tailwind-patterns** | ⚪ | Nguyên tắc Tailwind CSS v4. Cấu hình CSS-first, container queries, design token. | `skills/tailwind-patterns` |
| **tavily-web** | ⚪ | Tìm kiếm web, trích xuất nội dung, crawling và nghiên cứu sử dụng Tavily API. | `skills/tavily-web` |
| **tdd-workflow** | ⚪ | Quy trình Test-Driven Development (TDD). Vòng lặp RED-GREEN-REFACTOR. | `skills/tdd-workflow` |
| **telegram-bot-builder** | ⚪ | Chuyên gia xây dựng Telegram bot. Bot API, UX, kiếm tiền, scaling. | `skills/telegram-bot-builder` |
| **telegram-mini-app** | ⚪ | Chuyên gia xây dựng Telegram Mini Apps (TWA). Hệ sinh thái TON, payments, auth. | `skills/telegram-mini-app` |
| **templates** | ⚪ | Các mẫu khung dự án (project scaffolding) cho ứng dụng mới. | `skills/app-builder/templates` |
| **test-driven-development** | ⚪ | Dùng khi triển khai tính năng hoặc sửa lỗi, trước khi viết code triển khai. | `skills/test-driven-development` |
| **test-fixing** | ⚪ | Chạy test và sửa lỗi systematically. | `skills/test-fixing` |
| **testing-patterns** | ⚪ | Các mẫu Jest testing, factory functions, mocking strategies, TDD workflow. | `skills/testing-patterns` |
| **theme-factory** | ⚪ | Bộ công cụ tạo theme cho các artifact (slides, docs, landing pages). 10 pre-set themes. | `skills/theme-factory` |
| **Top 100 Web Vulnerabilities Reference** | ⚪ | Tham chiếu toàn diện về Top 100 lỗ hổng web (OWASP-aligned). | `skills/top-web-vulnerabilities` |
| **trigger-dev** | ⚪ | Chuyên gia Trigger.dev cho background jobs, AI workflows, reliable async execution. | `skills/trigger-dev` |
| **twilio-communications** | ⚪ | Xây dựng tính năng giao tiếp với Twilio: SMS, Voice, WhatsApp, Verify (2FA). | `skills/twilio-communications` |
| **typescript-expert** | ⚪ | Chuyên gia TypeScript/JavaScript: type-level programming, tối ưu hiệu năng, monorepo. | `skills/typescript-expert` |
| **ui-ux-pro-max** | ⚪ | Trí tuệ thiết kế UI/UX. 50 kiểu, 21 bảng màu, 50 cặp font... Shadow, gradient, layout. | `skills/ui-ux-pro-max` |
| **upstash-qstash** | ⚪ | Chuyên gia Upstash QStash cho serverless message queues, scheduled jobs. | `skills/upstash-qstash` |
| **using-git-worktrees** | ⚪ | Dùng khi bắt đầu công việc tính năng cần cô lập, tạo git worktrees. | `skills/using-git-worktrees` |
| **using-superpowers** | ⚪ | Dùng khi bắt đầu hội thoại - thiết lập cách tìm và dùng skill. | `skills/using-superpowers` |
| **vercel-deployment** | ⚪ | Kiến thức chuyên gia để deploy lên Vercel với Next.js. | `skills/vercel-deployment` |
| **vercel-react-best-practices** | ⚪ | Hướng dẫn tối ưu hiệu năng React và Next.js từ Vercel Engineering. | `skills/react-best-practices` |
| **verification-before-completion** | ⚪ | Dùng trước khi tuyên bố hoàn thành, chạy lệnh xác minh và xác nhận output. | `skills/verification-before-completion` |
| **viral-generator-builder** | ⚪ | Chuyên gia xây dựng các công cụ tạo nội dung viral (quiz, name generator, avatar creator). | `skills/viral-generator-builder` |
| **voice-agents** | ⚪ | Xây dựng voice agents - giao tiếp tự nhiên với AI. Xử lý độ trễ, ngắt lời. | `skills/voice-agents` |
| **voice-ai-development** | ⚪ | Chuyên gia phát triển ứng dụng Voice AI (OpenAI Realtime API, Vapi, Deepgram). | `skills/voice-ai-development` |
| **voice-ai-engine-development** | ⚪ | Xây dựng voice engines AI thời gian thực sử dụng async worker pipelines. | `skills/voice-ai-engine-development` |
| **vr-ar** | ⚪ | Nguyên tắc phát triển VR/AR. Thoải mái, tương tác, hiệu năng. | `skills/game-development/vr-ar` |
| **vulnerability-scanner** | ⚪ | Nguyên tắc phân tích lỗ hổng nâng cao. OWASP 2025, Supply Chain Security. | `skills/vulnerability-scanner` |
| **web-artifacts-builder** | ⚪ | Bộ công cụ tạo artifact web phức tạp, đa thành phần (React, Tailwind, shadcn/ui). | `skills/web-artifacts-builder` |
| **web-design-guidelines** | ⚪ | Review code UI tuân thủ Web Interface Guidelines. | `skills/web-design-guidelines` |
| **web-games** | ⚪ | Nguyên tắc phát triển game web. Framework, WebGPU, PWA. | `skills/game-development/web-games` |
| **web-performance-optimization** | ⚪ | Tối ưu hóa hiệu năng website và ứng dụng web (Core Web Vitals, bundle size). | `skills/web-performance-optimization` |
| **webapp-testing** | ⚪ | Bộ công cụ tương tác và test ứng dụng web cục bộ sử dụng Playwright. | `skills/webapp-testing` |
| **Windows Privilege Escalation** | ⚪ | Hướng dẫn leo thang đặc quyền trên Windows: misconfigurations, post-exploitation. | `skills/windows-privilege-escalation` |
| **Wireshark Network Traffic Analysis** | ⚪ | Hướng dẫn phân tích lưu lượng mạng bằng Wireshark: capture packets, filter, analyze protocols. | `skills/wireshark-analysis` |
| **WordPress Penetration Testing** | ⚪ | Hướng dẫn pentest WordPress: scan vulnerabilities, enumerate plugins, exploit hacks. | `skills/wordpress-penetration-testing` |
| **workflow-automation** | ⚪ | Tự động hóa quy trình (n8n, Temporal, Inngest). Biến script dễ vỡ thành automation bền vững. | `skills/workflow-automation` |
| **writing-plans** | ⚪ | Dùng khi bạn có spec hoặc yêu cầu cho tác vụ đa bước, trước khi viết code. | `skills/writing-plans` |
| **writing-skills** | ⚪ | Dùng khi tạo skill mới, chỉnh sửa skill, hoặc xác minh skill hoạt động. | `skills/writing-skills` |
| **xlsx** | ⚪ | Xử lý bảng tính toàn diện: Tạo mới, công thức, định dạng, phân tích dữ liệu. (Bản Official) | `skills/xlsx-official` |
| **zapier-make-patterns** | ⚪ | Các mẫu tự động hóa No-code (Zapier, Make). Khi nào dùng, cạm bẫy, và khi nào nên code. | `skills/zapier-make-patterns` |
---
## Hướng dẫn cài đặt nhanh
Để sở hữu bộ skill này cho **Claude Code**, **Gemini CLI**, **Codex CLI**, **Cursor**, **Antigravity**, hay **OpenCode**, bạn chỉ cần clone repo này vào thư mục skills tương ứng của agent:
```bash
# Cài đặt chung (Dùng được cho đa số công cụ)
git clone https://github.com/sickn33/antigravity-awesome-skills.git .agent/skills
# Dành riêng cho Claude Code
git clone https://github.com/sickn33/antigravity-awesome-skills.git .claude/skills
# Dành riêng cho Gemini CLI
git clone https://github.com/sickn33/antigravity-awesome-skills.git .gemini/skills
# Dành riêng cho Cursor
git clone https://github.com/sickn33/antigravity-awesome-skills.git .cursor/skills
```
---
## Bạn muốn đóng góp?
Chúng tôi nồng nhiệt chào đón mọi đóng góp từ cộng đồng! Để thêm một skill mới, bạn làm như sau:
1. **Fork** repository này về.
2. **Tạo thư mục mới** trong `skills/` cho skill của bạn.
3. **Thêm file `SKILL.md`** với đầy đủ frontmatter (name và description) theo mẫu.
4. **Chạy kiểm tra (validation)**: `python3 scripts/validate_skills.py`.
5. **Gửi Pull Request**.
Vui lòng đảm bảo skill của bạn tuân thủ các quy chuẩn (best practices) của Antigravity/Claude Code nhé.
---
## Lời cảm ơn & Nguồn tham khảo
Chúng tôi phát triển dự án này dựa trên những nền tảng tri thức vững chắc từ những người đi trước.
👉 **[Xem danh sách ghi nhận đầy đủ](SOURCES.md)**
Các nguồn cảm hứng và đóng góp to lớn bao gồm:
- **HackTricks**
- **OWASP**
- **Anthropic / OpenAI / Google**
- **Cộng đồng nguồn mở (Open Source Community)**
---
## Bản quyền (License)
Dự án được phát hành dưới giấy phép MIT. Xem file [LICENSE](../../LICENSE) để biết thêm chi tiết.
---
## Những người hùng đã đóng góp
Chúng tôi trân trọng mọi sự đóng góp của các bạn!
- [sck_0](https://github.com/sck_0)
- [Munir Abbasi](https://github.com/munirabbasi)
- [Mohammad Faiz](https://github.com/mohdfaiz2k9)
- [GuppyTheCat](https://github.com/GuppyTheCat)
- [sickn33](https://github.com/sickn33)
- [Ianj332](https://github.com/Ianj332)
- [Tiger-Foxx](https://github.com/Tiger-Foxx)
- [arathiesh](https://github.com/arathiesh)
- [1bcMax](https://github.com/1bcMax)
- [Ahmed Rehan](https://github.com/ar27111994)
- [BenedictKing](https://github.com/BenedictKing)
- [Nguyen Huu Loc](https://github.com/LocNguyenSGU)
- [Owen Wu](https://github.com/yubing744)
- [SuperJMN](https://github.com/SuperJMN)
- [Viktor Ferenczi](https://github.com/viktor-ferenczi)
- [krisnasantosa15](https://github.com/krisnasantosa15)
- [zebbern](https://github.com/zebbern)
- [vuth-dogo](https://github.com/vuth-dogo)
- [Takura](https://github.com/taksrules)
- [rafy](https://github.com/raeef1001)
- [Đỗ Khắc Gia Khoa](https://github.com/dokhacgiakhoa)
## Lịch sử phát triển
[![Star History Chart](https://api.star-history.com/svg?repos=sickn33/antigravity-awesome-skills&type=date&legend=top-left)](https://www.star-history.com/#sickn33/antigravity-awesome-skills&type=date&legend=top-left)

21
docs/vi/SOURCES.md Normal file
View File

@@ -0,0 +1,21 @@
# 📜 Nguồn Tham Khảo & Ghi Nhận
Chúng tôi tin vào việc tôn trọng quyền tác giả và nguồn gốc tri thức.
Nếu bạn thấy tác phẩm của mình ở đây mà chưa được ghi nhận xứng đáng, vui lòng mở Issue để chúng tôi cập nhật.
| Skill / Danh mục | Nguồn Gốc | Giấy Phép | Ghi chú |
| :-------------------------- | :----------------------------------------------------- | :------------- | :---------------------------- |
| `cloud-penetration-testing` | [HackTricks](https://book.hacktricks.xyz/) | MIT / CC-BY-SA | Đã điều chỉnh cho Agent dùng. |
| `active-directory-attacks` | [HackTricks](https://book.hacktricks.xyz/) | MIT / CC-BY-SA | Đã điều chỉnh cho Agent dùng. |
| `owasp-top-10` | [OWASP](https://owasp.org/) | CC-BY-SA | Phương pháp luận đã điều chỉnh.|
| `burp-suite-testing` | [PortSwigger](https://portswigger.net/burp) | N/A | Chỉ hướng dẫn sử dụng (không kèm phần mềm). |
| `crewai` | [CrewAI](https://github.com/joaomdmoura/crewAI) | MIT | Hướng dẫn Framework. |
| `langgraph` | [LangGraph](https://github.com/langchain-ai/langgraph) | MIT | Hướng dẫn Framework. |
| `react-patterns` | [React Docs](https://react.dev/) | CC-BY | Các mẫu chính thức. |
| **Các Skill Official** | [Anthropic / Google / OpenAI] | Độc quyền | Được khuyến khích sử dụng bởi nhà cung cấp. |
## Chính sách Giấy phép
- **Mã nguồn (Code)**: Tất cả code gốc trong repo này là **MIT**.
- **Nội dung (Content)**: Tài liệu là **CC-BY-4.0**.
- **Bên thứ ba**: Chúng tôi tôn trọng giấy phép gốc. Nếu một skill được import là GPL, nó sẽ được ghi chú rõ ràng hoặc loại bỏ (chúng tôi ưu tiên tương thích MIT/Apache).

486
docs/vi/VISUAL_GUIDE.md Normal file
View File

@@ -0,0 +1,486 @@
# Hướng Dẫn Nhanh Bằng Hình Ảnh (Visual Quick Start)
**Trăm nghe không bằng một thấy!** Hướng dẫn này sử dụng sơ đồ và ví dụ trực quan để giúp bạn hiểu cách hoạt động của Skills.
---
## Bức Tranh Toàn Cảnh
```
┌─────────────────────────────────────────────────────────────┐
│ BẠN (Lập trình viên) │
│ ↓ │
│ "Giúp tôi xây dựng hệ thống thanh toán nhé" │
│ ↓ │
1├─────────────────────────────────────────────────────────────┤
│ TRỢ LÝ AI │
│ ↓ │
│ Nạp skill @stripe-integration │
│ ↓ │
│ Trở thành chuyên gia thanh toán Stripe │
│ ↓ │
│ Cung cấp hướng dẫn chuyên sâu kèm code mẫu │
│ ↓ │
└─────────────────────────────────────────────────────────────┘
```
---
## 📦 Cấu trúc Thư mục (Trực quan)
```
antigravity-awesome-skills/
├── 📄 README.vi.md ← Tổng quan & Danh sách (Bắt đầu ở đây)
├── 📄 GETTING_STARTED.vi.md ← Hướng dẫn nhập môn
├── 📄 CONTRIBUTING.vi.md ← Hướng dẫn đóng góp
├── 📄 FAQ.vi.md ← Câu hỏi thường gặp
├── 📁 skills/ ← Hơn 250 skill nằm ở đây
│ │
│ ├── 📁 brainstorming/
│ │ └── 📄 SKILL.md ← Định nghĩa Skill
│ │
│ ├── 📁 stripe-integration/
│ │ ├── 📄 SKILL.md
│ │ └── 📁 examples/ ← Các ví dụ đi kèm
│ │
│ └── ... (250+ skill khác)
├── 📁 scripts/ ← Các công cụ quản lý
│ ├── validate_skills.py ← Trình kiểm tra chất lượng
│ └── generate_index.py ← Trình tạo mục lục
├── 📁 .github/
│ └── 📄 MAINTENANCE.md ← Hướng dẫn bảo trì
└── 📁 docs/ ← Tài liệu
├── 📄 BUNDLES.vi.md ← Gói khởi điểm (Starter Packs)
├── 📄 QUALITY_BAR.md ← Tiêu chuẩn chất lượng
├── 📄 SKILL_ANATOMY.md ← Cấu tạo của một skill
└── 📄 VISUAL_GUIDE.vi.md ← Chính là file này!
```
---
## Cách Skill hoạt động (Sơ đồ luồng)
```
┌──────────────┐
│ 1. CÀI ĐẶT │ Copy skills vào thư mục .agent/skills/
└──────┬───────┘
┌──────────────┐
│ 2. RA LỆNH │ Gõ: @ten-skill trong khung chat với AI
└──────┬───────┘
┌──────────────┐
│ 3. NẠP │ AI đọc nội dung file SKILL.md
└──────┬───────┘
┌──────────────┐
│ 4. THỰC THI │ AI làm theo hướng dẫn trong skill
└──────┬───────┘
┌──────────────┐
│ 5. KẾT QUẢ │ Bạn nhận được sự hỗ trợ chuyên sâu!
└──────────────┘
```
---
## 🎯 Phân loại Skill (Bản đồ tư duy)
```
┌─────────────────────────┐
│ 250+ SKILL TUYỆT ĐỈNH │
└────────────┬────────────┘
┌────────────────────────┼────────────────────────┐
│ │ │
┌────▼────┐ ┌──────▼──────┐ ┌──────▼──────┐
│ SÁNG TẠO│ │ PHÁT TRIỂN │ │ BẢO MẬT │
│ (10) │ │ (25) │ │ (50) │
└────┬────┘ └──────┬──────┘ └──────┬──────┘
│ │ │
• Thiết kế UI/UX • TDD (Test) • Ethical Hacking
• Nghệ thuật Canvas • Debugging • Metasploit
• Tạo Theme • React Patterns • Burp Suite
• SQLMap
│ │ │
└────────────────────────┼────────────────────────┘
┌────────────────────────┼────────────────────────┐
│ │ │
┌────▼────┐ ┌──────▼──────┐ ┌──────▼──────┐
│ AI │ │ TÀI LIỆU │ │ MARKETING │
│ (30) │ │ (4) │ │ (23) │
└────┬────┘ └──────┬──────┘ └──────┬──────┘
│ │ │
• Hệ thống RAG • DOCX • SEO
• LangGraph • PDF • Viết quảng cáo
• Prompt Eng. • PPTX • CRO
• Voice Agents • XLSX • Chạy Ads
```
---
## Giải phẫu một Skill
````
┌─────────────────────────────────────────────────────────┐
│ SKILL.md │
├─────────────────────────────────────────────────────────┤
│ │
│ ┌───────────────────────────────────────────────┐ │
│ │ FRONTMATTER (Metadata - Dữ liệu mô tả) │ │
│ │ ───────────────────────────────────────────── │ │
│ │ --- │ │
│ │ name: my-skill │ │
│ │ description: "Skill này làm cái gì" │ │
│ │ --- │ │
│ └───────────────────────────────────────────────┘ │
│ │
│ ┌───────────────────────────────────────────────┐ │
│ │ CONTENT (Nội dung hướng dẫn) │ │
│ │ ───────────────────────────────────────────── │ │
│ │ │ │
│ │ # Tên Skill │ │
│ │ │ │
│ │ ## Tổng quan │ │
│ │ Skill này giúp bạn... │ │
│ │ │ │
│ │ ## Khi nào dùng │ │
│ │ - Dùng khi... │ │
│ │ │ │
│ │ ## Hướng dẫn │ │
│ │ 1. Bước một... │ │
│ │ 2. Bước hai... │ │
│ │ │ │
│ │ ## Ví dụ │ │
│ │ ```javascript │ │
│ │ // Code mẫu │ │
│ │ ``` │ │
│ │ │ │
│ └───────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────┘
````
---
## Quy trình cài đặt (Các bước trực quan)
### Bước 1: Clone Repo về máy
```
┌─────────────────────────────────────────┐
│ Terminal (Dòng lệnh) │
├─────────────────────────────────────────┤
│ $ git clone https://github.com/ │
│ sickn33/antigravity-awesome-skills │
│ .agent/skills │
│ │
│ ✓ Cloning into '.agent/skills'... │
│ ✓ Done! │
1└─────────────────────────────────────────┘
```
### Bước 2: Kiểm tra cài đặt
```
┌─────────────────────────────────────────┐
│ File Explorer (Quản lý file) │
├─────────────────────────────────────────┤
│ 📁 .agent/ │
│ └── 📁 skills/ │
│ ├── 📁 brainstorming/ │
│ ├── 📁 stripe-integration/ │
│ ├── 📁 react-best-practices/ │
│ └── ... (250+ cái nữa) │
└─────────────────────────────────────────┘
```
### Bước 3: Sử dụng Skill
```
┌─────────────────────────────────────────┐
│ AI Assistant Chat │
├─────────────────────────────────────────┤
│ Bạn: @brainstorming giúp tôi thiết kế │
│ một cái app to-do list │
│ │
│ AI: Tuyệt! Để tôi giúp bạn suy nghĩ. │
│ Trước tiên, hãy xác định yêu cầu. │
│ │
│ Mục đích chính là gì? │
│ a) Quản lý việc cá nhân │
│ b) Cộng tác nhóm │
│ c) Lập kế hoạch dự án │
└─────────────────────────────────────────┘
```
---
## Ví dụ: Một phiên làm việc thực tế
### Tình huống: Bạn muốn tích hợp thanh toán Stripe
```
┌─────────────────────────────────────────────────────────────┐
│ BƯỚC 1: Xác định nhu cầu │
├─────────────────────────────────────────────────────────────┤
│ "Tôi cần thêm tính năng thanh toán vào app" │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ BƯỚC 2: Tìm Skill phù hợp │
├─────────────────────────────────────────────────────────────┤
│ Tìm kiếm: "payment" hoặc "stripe" │
│ Tìm thấy: @stripe-integration │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ BƯỚC 3: Gọi Skill │
├─────────────────────────────────────────────────────────────┤
│ Bạn: @stripe-integration giúp tôi thêm tính năng gói subs │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ BƯỚC 4: AI nạp kiến thức │
├─────────────────────────────────────────────────────────────┤
│ • Các pattern API của Stripe │
│ • Xử lý Webhook │
│ • Quản lý gói đăng ký (Subscription) │
│ • Các bài thực hành tốt nhất (Best practices) │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ BƯỚC 5: Nhận hỗ trợ chuyên gia │
├─────────────────────────────────────────────────────────────┤
│ AI cung cấp: │
│ • Code mẫu │
│ • Hướng dẫn cài đặt │
│ • Lưu ý bảo mật │
│ • Chiến lược kiểm thử (Testing) │
└─────────────────────────────────────────────────────────────┘
```
---
## Cách tìm kiếm Skill (Hướng dẫn hình ảnh)
### Cách 1: Duyệt theo Danh mục
```
README.vi.md → Cuộn xuống "Danh sách Skill đầy đủ" → Tìm nhóm → Chọn skill
```
### Cách 2: Tìm theo từ khóa
```
Terminal → ls skills/ | grep "từ-khóa" → Thấy các skill khớp
```
### Cách 3: Dùng file Index
```
Mở skills_index.json → Ctrl+F tìm từ khóa → Lấy đường dẫn skill
```
---
## Quy trình tạo Skill đầu tay của bạn
```
┌──────────────┐
│ 1. Ý TƯỞNG │ "Tôi muốn chia sẻ kiến thức Docker của mình"
└──────┬───────┘
┌──────────────┐
│ 2. TẠO FOLDER│ mkdir skills/docker-mastery
└──────┬───────┘ touch skills/docker-mastery/SKILL.md
┌──────────────┐
│ 3. VIẾT │ Thêm frontmatter + nội dung
└──────┬───────┘ (Dùng mẫu trong CONTRIBUTING.vi.md)
┌──────────────┐
│ 4. THỬ │ Copy vào .agent/skills/
└──────┬───────┘ Thử gọi: @docker-mastery
┌──────────────┐
│ 5. KIỂM TRA │ python3 scripts/validate_skills.py
└──────┬───────┘
┌──────────────┐
│ 6. NỘP BÀI │ git commit + push + Pull Request
└──────────────┘
```
---
## Các cấp độ phức tạp của Skill
```
┌─────────────────────────────────────────────────────────────┐
│ ĐỘ PHỨC TẠP CỦA SKILL │
├─────────────────────────────────────────────────────────────┤
│ │
│ ĐƠN GIẢN TIÊU CHUẨN PHỨC TẠP │
│ ──────── ────────── ──────── │
│ │
│ • 1 file • 1 file • Nhiều file
│ • 100-200 từ • 300-800 từ • 800-2000 │
│ • Cấu trúc cơ bản • Cấu trúc đầy đủ • Scripts │
│ • Không phụ kiện • Có ví dụ • Có ví dụ │
│ • Best practices • Template │
│ • Docs │
│ Ví dụ: Ví dụ: Ví dụ: │
│ git-pushing brainstorming loki-mode │
│ │
└─────────────────────────────────────────────────────────────┘
```
---
## Tác động của việc Đóng góp (Quy trình nhân quả)
```
Đóng góp của BẠN
├─→ Cải thiện Tài liệu
│ │
│ └─→ Giúp hàng ngàn lập trình viên đỡ bỡ ngỡ
├─→ Tạo Skill mới
│ │
│ └─→ Mở ra khả năng mới cho mọi người
├─→ Sửa lỗi (Bug/Typo)
│ │
│ └─→ Tránh nhầm lẫn cho người sau
└─→ Thêm ví dụ
└─→ Giúp người mới học nhanh hơn
```
---
## Lộ trình học tập (Roadmap trực quan)
```
BẮT ĐẦU Ở ĐÂY
┌─────────────────┐
│ Đọc │
│ GETTING_STARTED │
└────────┬────────┘
┌─────────────────┐
│ Thử 2-3 Skill │
│ với AI Assistant│
└────────┬────────┘
┌─────────────────┐
│ Đọc │
│ SKILL_ANATOMY │
└────────┬────────┘
┌─────────────────┐
│ Nghiên cứu code │
│ của Skill có sẵn│
└────────┬────────┘
┌─────────────────┐
│ Tạo một Skill │
│ đơn giản │
└────────┬────────┘
┌─────────────────┐
│ Đọc │
│ CONTRIBUTING │
└────────┬────────┘
┌─────────────────┐
│ Gửi PR (Nộp bài)│
└────────┬────────┘
CONTRIBUTOR! 🎉
```
---
## Mẹo nhanh (Cheatsheet)
```
┌─────────────────────────────────────────────────────────────┐
│ TRA CỨU NHANH │
├─────────────────────────────────────────────────────────────┤
│ │
│ 📥 CÀI ĐẶT │
│ git clone [repo] .agent/skills │
│ │
│ 🎯 DÙNG │
│ @ten-skill [yêu cầu của bạn] │
│ │
│ 🔍 TÌM │
│ ls skills/ | grep "từ-khóa" │
│ │
│ ✅ KIỂM TRA │
│ python3 scripts/validate_skills.py │
│ │
│ 📝 TẠO │
│ 1. mkdir skills/ten-skill │
│ 2. Tạo SKILL.md có frontmatter │
│ 3. Viết nội dung │
│ 4. Test & validate │
│ 5. Gửi PR │
│ │
│ 🆘 TRỢ GIÚP │
│ • GETTING_STARTED.vi.md - Cơ bản │
│ • CONTRIBUTING.vi.md - Cách đóng góp │
│ • SKILL_ANATOMY.md - Chuyên sâu │
│ • GitHub Issues - Hỏi đáp │
│ │
└─────────────────────────────────────────────────────────────┘
```
---
## Bước tiếp theo
1.**Hiểu** cấu trúc qua hình ảnh
2.**Cài đặt** skills vào công cụ AI của bạn
3.**Thử** 2-3 skill thuộc các nhóm khác nhau
4.**Đọc** CONTRIBUTING.vi.md
5.**Tạo** skill đầu tay
6.**Chia sẻ** với cộng đồng
---
**Bạn học qua hình ảnh tốt hơn?** Hy vọng hướng dẫn này giúp ích! Nếu còn thắc mắc, hãy xem thêm:
- [GETTING_STARTED.vi.md](../GETTING_STARTED.vi.md) - Hướng dẫn dạng chữ
- [SKILL_ANATOMY.md](SKILL_ANATOMY.md) - Phân tích chi tiết (Tiếng Anh)
- [CONTRIBUTING.vi.md](../CONTRIBUTING.vi.md) - Cách đóng góp
**Sẵn sàng đóng góp chưa?** Triển khai thôi! 💪

95
scripts/generate_index.py
View File

@@ -2,69 +2,90 @@ import os
import json
import re
import yaml
def parse_frontmatter(content):
"""
Parses YAML frontmatter using PyYAML for standard compliance.
"""
fm_match = re.search(r'^---\s*\n(.*?)\n---', content, re.DOTALL)
if not fm_match:
return {}
try:
return yaml.safe_load(fm_match.group(1)) or {}
except yaml.YAMLError as e:
print(f"⚠️ YAML parsing error: {e}")
return {}
def generate_index(skills_dir, output_file):
print(f"🏗️ Generating index from: {skills_dir}")
skills = []
for root, dirs, files in os.walk(skills_dir):
# Skip .disabled directories
dirs[:] = [d for d in dirs if d != '.disabled']
# Skip .disabled or hidden directories
dirs[:] = [d for d in dirs if not d.startswith('.')]
if "SKILL.md" in files:
skill_path = os.path.join(root, "SKILL.md")
dir_name = os.path.basename(root)
parent_dir = os.path.basename(os.path.dirname(root))
# Default values
skill_info = {
"id": dir_name,
"path": os.path.relpath(root, os.path.dirname(skills_dir)),
"category": parent_dir if parent_dir != "skills" else "uncategorized",
"name": dir_name.replace("-", " ").title(),
"description": ""
"description": "",
"risk": "unknown",
"source": "unknown"
}
with open(skill_path, 'r', encoding='utf-8') as f:
content = f.read()
try:
with open(skill_path, 'r', encoding='utf-8') as f:
content = f.read()
except Exception as e:
print(f"⚠️ Error reading {skill_path}: {e}")
continue
# Try to extract from frontmatter first
fm_match = re.search(r'^---\s*(.*?)\s*---', content, re.DOTALL)
# Parse Metadata
metadata = parse_frontmatter(content)
# Merge Metadata
if "name" in metadata: skill_info["name"] = metadata["name"]
if "description" in metadata: skill_info["description"] = metadata["description"]
if "risk" in metadata: skill_info["risk"] = metadata["risk"]
if "source" in metadata: skill_info["source"] = metadata["source"]
# Fallback for description if missing in frontmatter (legacy support)
if not skill_info["description"]:
body = content
fm_match = re.search(r'^---\s*\n(.*?)\n---', content, re.DOTALL)
if fm_match:
fm_content = fm_match.group(1)
name_fm = re.search(r'^name:\s*(.+)$', fm_content, re.MULTILINE)
desc_fm = re.search(r'^description:\s*(.+)$', fm_content, re.MULTILINE)
body = content[fm_match.end():].strip()
if name_fm:
skill_info["name"] = name_fm.group(1).strip()
if desc_fm:
skill_info["description"] = desc_fm.group(1).strip()
# Simple extraction of first non-header paragraph
lines = body.split('\n')
desc_lines = []
for line in lines:
if line.startswith('#') or not line.strip():
if desc_lines: break
continue
desc_lines.append(line.strip())
# Fallback to Header and First Paragraph if needed
if not skill_info["description"] or skill_info["description"] == "":
name_match = re.search(r'^#\s+(.+)$', content, re.MULTILINE)
if name_match and not fm_match: # Only override if no frontmatter name
skill_info["name"] = name_match.group(1).strip()
# Extract first paragraph
body = content
if fm_match:
body = content[fm_match.end():].strip()
lines = body.split('\n')
desc_lines = []
for line in lines:
if line.startswith('#') or not line.strip():
if desc_lines: break
continue
desc_lines.append(line.strip())
if desc_lines:
skill_info["description"] = " ".join(desc_lines)[:150] + "..."
if desc_lines:
skill_info["description"] = " ".join(desc_lines)[:250].strip()
skills.append(skill_info)
skills.sort(key=lambda x: x["name"])
# Sort validation: by name
skills.sort(key=lambda x: (x["name"].lower(), x["id"].lower()))
with open(output_file, 'w', encoding='utf-8') as f:
json.dump(skills, f, indent=2)
print(f"✅ Generated index with {len(skills)} skills at: {output_file}")
print(f"✅ Generated rich index with {len(skills)} skills at: {output_file}")
return skills
if __name__ == "__main__":

142
scripts/update_readme.py Normal file
View File

@@ -0,0 +1,142 @@
#!/usr/bin/env python3
import json
import os
import re
def update_readme():
base_dir = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
readme_path = os.path.join(base_dir, "README.md")
index_path = os.path.join(base_dir, "skills_index.json")
print(f"📖 Reading skills index from: {index_path}")
with open(index_path, 'r', encoding='utf-8') as f:
skills = json.load(f)
total_skills = len(skills)
print(f"🔢 Total skills found: {total_skills}")
print(f"📝 Updating README at: {readme_path}")
with open(readme_path, 'r', encoding='utf-8') as f:
content = f.read()
# 1. Update Title Count
content = re.sub(
r'(# 🌌 Antigravity Awesome Skills: )\d+(\+ Agentic Skills)',
f'\\g<1>{total_skills}\\g<2>',
content
)
# 2. Update Blockquote Count
content = re.sub(
r'(Collection of )\d+(\+ Universal)',
f'\\g<1>{total_skills}\\g<2>',
content
)
# 3. Update Intro Text Count
content = re.sub(
r'(library of \*\*)\d+( high-performance skills\*\*)',
f'\\g<1>{total_skills}\\g<2>',
content
)
# 4. Update Registry Header Count
content = re.sub(
r'(## Full Skill Registry \()\d+/\d+(\))',
f'\\g<1>{total_skills}/{total_skills}\\g<2>',
content
)
# 5. Ensure Curated Collections section exists (idempotent)
#
# Historical note: we previously used "## 📦 Curated Collections" in some runs.
# If the README already contains "## Curated Collections", inserting the emoji header creates duplicates.
canonical_collections_header = "## Curated Collections"
canonical_collections_body = "[Check out our Starter Packs in docs/BUNDLES.md](docs/BUNDLES.md) to find the perfect toolkit for your role."
# Normalize any emoji variant to the canonical header
content = content.replace("## 📦 Curated Collections", canonical_collections_header)
# If the section is missing entirely, insert it right before the Full Skill Registry section
if canonical_collections_header not in content:
registry_header_match = re.search(r'^## Full Skill Registry', content, flags=re.MULTILINE)
if registry_header_match:
insert_block = f"{canonical_collections_header}\n\n{canonical_collections_body}\n\n"
content = content[:registry_header_match.start()] + insert_block + content[registry_header_match.start():]
# De-dupe repeated Curated Collections blocks (e.g. after a previous buggy insert)
escaped_body = re.escape(canonical_collections_body)
dedupe_pattern = re.compile(
rf'(?:{re.escape(canonical_collections_header)}\s*\n\s*\n{escaped_body}\s*\n\s*){{2,}}',
flags=re.MULTILINE
)
content = dedupe_pattern.sub(f"{canonical_collections_header}\n\n{canonical_collections_body}\n\n", content)
# 6. Generate New Registry Table
print("🔄 Generating new registry table...")
# Store the Note block to preserve it
note_pattern = r'(> \[!NOTE\].*?)\n\n\| Skill Name'
note_match = re.search(note_pattern, content, re.DOTALL)
note_block = ""
if note_match:
note_block = note_match.group(1)
else:
note_block = "> [!NOTE] > **Document Skills**: We provide both **community** and **official Anthropic** versions. Locally, the official versions are used by default."
table_header = "| Skill Name | Risk | Description | Path |\n| :--- | :--- | :--- | :--- |"
table_rows = []
for skill in skills:
name = skill.get('name', 'Unknown')
desc = skill.get('description', '').replace('\n', ' ').strip()
path = skill.get('path', '')
risk = skill.get('risk', 'unknown')
# Risk Icons
risk_icon = ""
if risk == "official": risk_icon = "🟣" # Mapping official to purple
if risk == "none": risk_icon = "🟢"
if risk == "safe": risk_icon = "🔵"
if risk == "critical": risk_icon = "🟠"
if risk == "offensive": risk_icon = "🔴"
# Escape pipes
desc = desc.replace('|', r'\|')
row = f"| **{name}** | {risk_icon} | {desc} | `{path}` |"
table_rows.append(row)
new_table_section = f"{note_block}\n\n{table_header}\n" + "\n".join(table_rows)
# Replace the old table section
header_pattern = r'## Full Skill Registry \(\d+/\d+\)'
header_match = re.search(header_pattern, content)
if not header_match:
print("❌ Could not find 'Full Skill Registry' header.")
return
start_pos = header_match.end()
# Find the next section (## ...) or end of file
next_section_match = re.search(r'\n## ', content[start_pos:])
if next_section_match:
end_pos = start_pos + next_section_match.start()
rest_of_file = content[end_pos:]
else:
rest_of_file = ""
before_header = content[:header_match.start()]
new_header = f"## Full Skill Registry ({total_skills}/{total_skills})"
new_content = f"{before_header}{new_header}\n\n{new_table_section}\n{rest_of_file}"
with open(readme_path, 'w', encoding='utf-8') as f:
f.write(new_content)
print("✅ README.md updated successfully with Collections link and Risk columns.")
if __name__ == "__main__":
update_readme()

130
scripts/validate_skills.py
View File

@@ -1,52 +1,124 @@
import os
import re
import argparse
import sys
def validate_skills(skills_dir):
def parse_frontmatter(content):
"""
Simple frontmatter parser using regex to avoid external dependencies.
Returns a dict of key-values.
"""
fm_match = re.search(r'^---\s*\n(.*?)\n---', content, re.DOTALL)
if not fm_match:
return None
fm_text = fm_match.group(1)
metadata = {}
for line in fm_text.split('\n'):
if ':' in line:
key, val = line.split(':', 1)
metadata[key.strip()] = val.strip().strip('"').strip("'")
return metadata
def validate_skills(skills_dir, strict_mode=False):
print(f"🔍 Validating skills in: {skills_dir}")
print(f"⚙️ Mode: {'STRICT (CI)' if strict_mode else 'Standard (Dev)'}")
errors = []
warnings = []
skill_count = 0
# Pre-compiled regex
security_disclaimer_pattern = re.compile(r"AUTHORIZED USE ONLY", re.IGNORECASE)
trigger_section_pattern = re.compile(r"^##\s+When to Use", re.MULTILINE | re.IGNORECASE)
valid_risk_levels = ["none", "safe", "critical", "offensive"]
for root, dirs, files in os.walk(skills_dir):
# Skip .disabled directories
dirs[:] = [d for d in dirs if d != '.disabled']
# Skip .disabled or hidden directories
dirs[:] = [d for d in dirs if not d.startswith('.')]
if "SKILL.md" in files:
skill_count += 1
skill_path = os.path.join(root, "SKILL.md")
rel_path = os.path.relpath(skill_path, skills_dir)
with open(skill_path, 'r', encoding='utf-8') as f:
content = f.read()
try:
with open(skill_path, 'r', encoding='utf-8') as f:
content = f.read()
except Exception as e:
errors.append(f"{rel_path}: Unreadable file - {str(e)}")
continue
# Check for Frontmatter or Header
has_frontmatter = content.strip().startswith("---")
has_header = re.search(r'^#\s+', content, re.MULTILINE)
# 1. Frontmatter Check
metadata = parse_frontmatter(content)
if not metadata:
errors.append(f"{rel_path}: Missing or malformed YAML frontmatter")
continue # Cannot proceed without metadata
if not (has_frontmatter or has_header):
errors.append(f"{rel_path}: Missing frontmatter or top-level heading")
# 2. Metadata Schema Checks
if "name" not in metadata:
errors.append(f"{rel_path}: Missing 'name' in frontmatter")
elif metadata["name"] != os.path.basename(root):
warnings.append(f"⚠️ {rel_path}: Name '{metadata['name']}' does not match folder name '{os.path.basename(root)}'")
if has_frontmatter:
# Basic check for name and description in frontmatter
fm_match = re.search(r'^---\s*(.*?)\s*---', content, re.DOTALL)
if fm_match:
fm_content = fm_match.group(1)
if "name:" not in fm_content:
errors.append(f"⚠️ {rel_path}: Frontmatter missing 'name:'")
if "description:" not in fm_content:
errors.append(f"⚠️ {rel_path}: Frontmatter missing 'description:'")
else:
errors.append(f"{rel_path}: Malformed frontmatter")
if "description" not in metadata:
errors.append(f"{rel_path}: Missing 'description' in frontmatter")
# Risk Validation (Quality Bar)
if "risk" not in metadata:
msg = f"⚠️ {rel_path}: Missing 'risk' label (defaulting to 'unknown')"
if strict_mode: errors.append(msg.replace("⚠️", ""))
else: warnings.append(msg)
elif metadata["risk"] not in valid_risk_levels:
errors.append(f"{rel_path}: Invalid risk level '{metadata['risk']}'. Must be one of {valid_risk_levels}")
# Source Validation
if "source" not in metadata:
msg = f"⚠️ {rel_path}: Missing 'source' attribution"
if strict_mode: errors.append(msg.replace("⚠️", ""))
else: warnings.append(msg)
# 3. Content Checks (Triggers)
if not trigger_section_pattern.search(content):
msg = f"⚠️ {rel_path}: Missing '## When to Use' section"
if strict_mode: errors.append(msg.replace("⚠️", ""))
else: warnings.append(msg)
# 4. Security Guardrails
if metadata.get("risk") == "offensive":
if not security_disclaimer_pattern.search(content):
errors.append(f"🚨 {rel_path}: OFFENSIVE SKILL MISSING SECURITY DISCLAIMER! (Must contain 'AUTHORIZED USE ONLY')")
# Reporting
print(f"\n📊 Checked {skill_count} skills.")
if warnings:
print(f"\n⚠️ Found {len(warnings)} Warnings:")
for w in warnings:
print(w)
print(f"✅ Found and checked {skill_count} skills.")
if errors:
print("\n⚠️ Validation Results:")
for err in errors:
print(err)
print(f"\n❌ Found {len(errors)} Critical Errors:")
for e in errors:
print(e)
return False
else:
print("✨ All skills passed basic validation!")
return True
if strict_mode and warnings:
print("\n❌ STRICT MODE: Failed due to warnings.")
return False
print("\n✨ All skills passed validation!")
return True
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Validate Antigravity Skills")
parser.add_argument("--strict", action="store_true", help="Fail on warnings (for CI)")
args = parser.parse_args()
base_dir = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
skills_path = os.path.join(base_dir, "skills")
validate_skills(skills_path)
success = validate_skills(skills_path, strict_mode=args.strict)
if not success:
sys.exit(1)

256
skills/README.md
View File

@@ -1,89 +1,201 @@
# Antigravity Skills
# Skills Directory
通过模块化的 **Skills** 定义,赋予 Agent 在特定领域的专业能力(如全栈开发、复杂逻辑规划、多媒体处理等),让 Agent 能够像人类专家一样系统性地解决复杂问题。
**Welcome to the skills folder!** This is where all 179+ specialized AI skills live.
## 📂 目录结构
## 🤔 What Are Skills?
Skills are specialized instruction sets that teach AI assistants how to handle specific tasks. Think of them as expert knowledge modules that your AI can load on-demand.
**Simple analogy:** Just like you might consult different experts (a designer, a security expert, a marketer), skills let your AI become an expert in different areas when you need them.
---
## 📂 Folder Structure
Each skill lives in its own folder with this structure:
```
.
├── .agent/
── skills/ # Antigravity Skills 技能库
├── skill-name/ # 独立技能目录
├── SKILL.md # 技能核心定义与Prompt必须
├── scripts/ # 技能依赖的脚本(可选)
│ │ ├── examples/ # 技能使用示例(可选)
│ │ └── resources/ # 技能依赖的模板与资源(可选)
├── skill-guide/ # 用户手册与文档指南
│ └── Antigravity_Skills_Manual_CN.md # 中文使用手册
└── README.md
skills/
├── skill-name/ # Individual skill folder
── SKILL.md # Main skill definition (required)
│ ├── scripts/ # Helper scripts (optional)
├── examples/ # Usage examples (optional)
└── resources/ # Templates & resources (optional)
```
## 📖 快速开始
1.`.agent/`目录复制到你的工作区:
**Key point:** Only `SKILL.md` is required. Everything else is optional!
---
## How to Use Skills
### Step 1: Make sure skills are installed
Skills should be in your `.agent/skills/` directory (or `.claude/skills/`, `.gemini/skills/`, etc.)
### Step 2: Invoke a skill in your AI chat
Use the `@` symbol followed by the skill name:
```
@brainstorming help me design a todo app
```
or
```
@stripe-integration add payment processing to my app
```
### Step 3: The AI becomes an expert
The AI loads that skill's knowledge and helps you with specialized expertise!
---
## Skill Categories
### Creative & Design
Skills for visual design, UI/UX, and artistic creation:
- `@algorithmic-art` - Create algorithmic art with p5.js
- `@canvas-design` - Design posters and artwork (PNG/PDF output)
- `@frontend-design` - Build production-grade frontend interfaces
- `@ui-ux-pro-max` - Professional UI/UX design with color, fonts, layouts
- `@web-artifacts-builder` - Build modern web apps (React, Tailwind, Shadcn/ui)
- `@theme-factory` - Generate themes for documents and presentations
- `@brand-guidelines` - Apply Anthropic brand design standards
- `@slack-gif-creator` - Create high-quality GIFs for Slack
### Development & Engineering
Skills for coding, testing, debugging, and code review:
- `@test-driven-development` - Write tests before implementation (TDD)
- `@systematic-debugging` - Debug systematically, not randomly
- `@webapp-testing` - Test web apps with Playwright
- `@receiving-code-review` - Handle code review feedback properly
- `@requesting-code-review` - Request code reviews before merging
- `@finishing-a-development-branch` - Complete dev branches (merge, PR, cleanup)
- `@subagent-driven-development` - Coordinate multiple AI agents for parallel tasks
### Documentation & Office
Skills for working with documents and office files:
- `@doc-coauthoring` - Collaborate on structured documents
- `@docx` - Create, edit, and analyze Word documents
- `@xlsx` - Work with Excel spreadsheets (formulas, charts)
- `@pptx` - Create and modify PowerPoint presentations
- `@pdf` - Handle PDFs (extract text, merge, split, fill forms)
- `@internal-comms` - Draft internal communications (reports, announcements)
- `@notebooklm` - Query Google NotebookLM notebooks
### Planning & Workflow
Skills for task planning and workflow optimization:
- `@brainstorming` - Brainstorm and design before coding
- `@writing-plans` - Write detailed implementation plans
- `@planning-with-files` - File-based planning system (Manus-style)
- `@executing-plans` - Execute plans with checkpoints and reviews
- `@using-git-worktrees` - Create isolated Git worktrees for parallel work
- `@verification-before-completion` - Verify work before claiming completion
- `@using-superpowers` - Discover and use advanced skills
### System Extension
Skills for extending AI capabilities:
- `@mcp-builder` - Build MCP (Model Context Protocol) servers
- `@skill-creator` - Create new skills or update existing ones
- `@writing-skills` - Tools for writing and validating skill files
- `@dispatching-parallel-agents` - Distribute tasks to multiple agents
---
## Finding Skills
### Method 1: Browse this folder
```bash
cp -r .agent/ /path/to/your/workspace/
ls skills/
```
2. **调用 Skill**: 在对话框输入 `@[skill-name]``/skill-name`来进行调用,例如:
```text
/canvas-design 帮我设计一张关于“Deep Learning”的博客封面风格要素雅、科技感尺寸 16:9
### Method 2: Search by keyword
```bash
ls skills/ | grep "keyword"
```
3. **查看手册**: 详细的使用案例和参数说明请查阅 [skill-guide/Antigravity_Skills_Manual_CN.md](skill-guide/Antigravity_Skills_Manual_CN.md)。
4. **环境依赖**: 部分 Skill (如 PDF, XLSX) 依赖 Python 环境,请确保 `.venv` 处于激活状态或系统已安装相应库。
### Method 3: Check the main README
See the [main README](../README.md) for the complete list of all 179+ skills organized by category.
## 🚀 已集成的 Skills
---
### 🎨 创意与设计 (Creative & Design)
这些技能专注于视觉表现、UI/UX 设计和艺术创作。
- **`@[algorithmic-art]`**: 使用 p5.js 代码创作算法艺术、生成艺术
- **`@[canvas-design]`**: 基于设计哲学创建海报、艺术作品(输出 PNG/PDF
- **`@[frontend-design]`**: 创建高质量、生产级的各种前端界面和 Web 组件
- **`@[ui-ux-pro-max]`**: 专业的 UI/UX 设计智能,提供配色、字体、布局等全套设计方案
- **`@[web-artifacts-builder]`**: 构建复杂、现代化的 Web 应用(基于 React, Tailwind, Shadcn/ui
- **`@[theme-factory]`**: 为文档、幻灯片、HTML 等生成配套的主题风格
- **`@[brand-guidelines]`**: 应用 Anthropic 官方品牌设计规范(颜色、排版等)
- **`@[slack-gif-creator]`**: 制作专用于 Slack 的高质量 GIF 动图
## 💡 Popular Skills to Try
### 🛠️ 开发与工程 (Development & Engineering)
这些技能涵盖了编码、测试、调试和代码审查的全生命周期。
- **`@[test-driven-development]`**: 测试驱动开发TDD在编写实现代码前先编写测试
- **`@[systematic-debugging]`**: 系统化调试,用于解决 Bug、测试失败或异常行为
- **`@[webapp-testing]`**: 使用 Playwright 对本地 Web 应用进行交互测试和验证
- **`@[receiving-code-review]`**: 处理代码审查反馈,进行技术验证而非盲目修改
- **`@[requesting-code-review]`**: 主动发起代码审查,在合并或完成任务前验证代码质量
- **`@[finishing-a-development-branch]`**: 引导开发分支的收尾工作合并、PR、清理等
- **`@[subagent-driven-development]`**: 协调多个子 Agent 并行执行独立的开发任务
**For beginners:**
- `@brainstorming` - Design before coding
- `@systematic-debugging` - Fix bugs methodically
- `@git-pushing` - Commit with good messages
### 📄 文档与办公 (Documentation & Office)
这些技能用于处理各种格式的专业文档和办公需求。
- **`@[doc-coauthoring]`**: 引导用户进行结构化文档(提案、技术规范等)的协作编写
- **`@[docx]`**: 创建、编辑和分析 Word 文档
- **`@[xlsx]`**: 创建、编辑和分析 Excel 电子表格(支持公式、图表)
- **`@[pptx]`**: 创建和修改 PowerPoint 演示文稿
- **`@[pdf]`**: 处理 PDF 文档,包括提取文本、表格,合并/拆分及填写表单
- **`@[internal-comms]`**: 起草各类企业内部沟通文档周报、通告、FAQ 等)
- **`@[notebooklm]`**: 查询 Google NotebookLM 笔记本,提供基于文档的确切答案
**For developers:**
- `@test-driven-development` - Write tests first
- `@react-best-practices` - Modern React patterns
- `@senior-fullstack` - Full-stack development
### 📅 计划与流程 (Planning & Workflow)
这些技能帮助优化工作流、任务规划和执行效率。
- **`@[brainstorming]`**: 在开始任何工作前进行头脑风暴,明确需求和设计
- **`@[writing-plans]`**: 为复杂的多步骤任务编写详细的执行计划Spec
- **`@[planning-with-files]`**: 适用于复杂任务的文件式规划系统Manus-style
- **`@[executing-plans]`**: 执行已有的实施计划,包含检查点和审查机制
- **`@[using-git-worktrees]`**: 创建隔离的 Git 工作树,用于并行开发或任务切换
- **`@[verification-before-completion]`**: 在声明任务完成前运行验证命令,确保证据确凿
- **`@[using-superpowers]`**: 引导用户发现和使用这些高级技能
**For security:**
- `@ethical-hacking-methodology` - Security basics
- `@burp-suite-testing` - Web app security testing
### 🧩 系统扩展 (System Extension)
这些技能允许我扩展自身的能力边界。
- **`@[mcp-builder]`**: 构建 MCP (Model Context Protocol) 服务器,连接外部工具和数据
- **`@[skill-creator]`**: 创建新技能或更新现有技能,扩展我的知识库和工作流
- **`@[writing-skills]`**: 辅助编写、编辑和验证技能文件的工具集
- **`@[dispatching-parallel-agents]`**: 分发并行任务给多个 Agent 处理
---
## 📚 参考文档
- [Anthropic Skills](https://github.com/anthropic/skills)
- [UI/UX Pro Max Skills](https://github.com/nextlevelbuilder/ui-ux-pro-max-skill)
- [Superpowers](https://github.com/obra/superpowers)
- [Planning with Files](https://github.com/OthmanAdi/planning-with-files)
- [NotebookLM](https://github.com/PleasePrompto/notebooklm-skill)
## Creating Your Own Skill
Want to create a new skill? Check out:
1. [CONTRIBUTING.md](../CONTRIBUTING.md) - How to contribute
2. [docs/SKILL_ANATOMY.md](../docs/SKILL_ANATOMY.md) - Skill structure guide
3. `@skill-creator` - Use this skill to create new skills!
**Basic structure:**
```markdown
---
name: my-skill-name
description: "What this skill does"
---
# Skill Title
## Overview
[What this skill does]
## When to Use
- Use when [scenario]
## Instructions
[Step-by-step guide]
## Examples
[Code examples]
```
---
## Documentation
- **[Getting Started](../GETTING_STARTED.md)** - Quick start guide
- **[Examples](../docs/EXAMPLES.md)** - Real-world usage examples
- **[FAQ](../FAQ.md)** - Common questions
- **[Visual Guide](../docs/VISUAL_GUIDE.md)** - Diagrams and flowcharts
---
## 🌟 Contributing
Found a skill that needs improvement? Want to add a new skill?
1. Read [CONTRIBUTING.md](../CONTRIBUTING.md)
2. Study existing skills in this folder
3. Create your skill following the structure
4. Submit a Pull Request
---
## References
- [Anthropic Skills](https://github.com/anthropic/skills) - Official Anthropic skills
- [UI/UX Pro Max Skills](https://github.com/nextlevelbuilder/ui-ux-pro-max-skill) - Design skills
- [Superpowers](https://github.com/obra/superpowers) - Original superpowers collection
- [Planning with Files](https://github.com/OthmanAdi/planning-with-files) - Planning patterns
- [NotebookLM](https://github.com/PleasePrompto/notebooklm-skill) - NotebookLM integration
---
**Need help?** Check the [FAQ](../FAQ.md) or open an issue on GitHub!

538
skills/ab-test-setup/SKILL.md
View File

@@ -1,508 +1,232 @@
---
name: ab-test-setup
description: When the user wants to plan, design, or implement an A/B test or experiment. Also use when the user mentions "A/B test," "split test," "experiment," "test this change," "variant copy," "multivariate test," or "hypothesis." For tracking implementation, see analytics-tracking.
description: Structured guide for setting up A/B tests with mandatory gates for hypothesis, metrics, and execution readiness.
---
# A/B Test Setup
You are an expert in experimentation and A/B testing. Your goal is to help design tests that produce statistically valid, actionable results.
## 1⃣ Purpose & Scope
## Initial Assessment
Ensure every A/B test is **valid, rigorous, and safe** before a single line of code is written.
Before designing a test, understand:
1. **Test Context**
- What are you trying to improve?
- What change are you considering?
- What made you want to test this?
2. **Current State**
- Baseline conversion rate?
- Current traffic volume?
- Any historical test data?
3. **Constraints**
- Technical implementation complexity?
- Timeline requirements?
- Tools available?
- Prevents "peeking"
- Enforces statistical power
- Blocks invalid hypotheses
---
## Core Principles
## 2⃣ Pre-Requisites
### 1. Start with a Hypothesis
- Not just "let's see what happens"
- Specific prediction of outcome
- Based on reasoning or data
You must have:
### 2. Test One Thing
- Single variable per test
- Otherwise you don't know what worked
- Save MVT for later
- A clear user problem
- Access to an analytics source
- Roughly estimated traffic volume
### 3. Statistical Rigor
- Pre-determine sample size
- Don't peek and stop early
- Commit to the methodology
### Hypothesis Quality Checklist
### 4. Measure What Matters
- Primary metric tied to business value
- Secondary metrics for context
- Guardrail metrics to prevent harm
A valid hypothesis includes:
- Observation or evidence
- Single, specific change
- Directional expectation
- Defined audience
- Measurable success criteria
---
## Hypothesis Framework
### 3 Hypothesis Lock (Hard Gate)
### Structure
Before designing variants or metrics, you MUST:
```
Because [observation/data],
we believe [change]
will cause [expected outcome]
for [audience].
We'll know this is true when [metrics].
```
- Present the **final hypothesis**
- Specify:
- Target audience
- Primary metric
- Expected direction of effect
- Minimum Detectable Effect (MDE)
### Examples
Ask explicitly:
**Weak hypothesis:**
"Changing the button color might increase clicks."
> “Is this the final hypothesis we are committing to for this test?”
**Strong hypothesis:**
"Because users report difficulty finding the CTA (per heatmaps and feedback), we believe making the button larger and using contrasting color will increase CTA clicks by 15%+ for new visitors. We'll measure click-through rate from page view to signup start."
### Good Hypotheses Include
- **Observation**: What prompted this idea
- **Change**: Specific modification
- **Effect**: Expected outcome and direction
- **Audience**: Who this applies to
- **Metric**: How you'll measure success
**Do NOT proceed until confirmed.**
---
## Test Types
### 4⃣ Assumptions & Validity Check (Mandatory)
### A/B Test (Split Test)
- Two versions: Control (A) vs. Variant (B)
- Single change between versions
- Most common, easiest to analyze
Explicitly list assumptions about:
### A/B/n Test
- Multiple variants (A vs. B vs. C...)
- Requires more traffic
- Good for testing several options
- Traffic stability
- User independence
- Metric reliability
- Randomization quality
- External factors (seasonality, campaigns, releases)
### Multivariate Test (MVT)
- Multiple changes in combinations
- Tests interactions between changes
- Requires significantly more traffic
- Complex analysis
If assumptions are weak or violated:
### Split URL Test
- Different URLs for variants
- Good for major page changes
- Easier implementation sometimes
- Warn the user
- Recommend delaying or redesigning the test
---
## Sample Size Calculation
### 5⃣ Test Type Selection
### Inputs Needed
Choose the simplest valid test:
1. **Baseline conversion rate**: Your current rate
2. **Minimum detectable effect (MDE)**: Smallest change worth detecting
3. **Statistical significance level**: Usually 95%
4. **Statistical power**: Usually 80%
- **A/B Test** single change, two variants
- **A/B/n Test** multiple variants, higher traffic required
- **Multivariate Test (MVT)** interaction effects, very high traffic
- **Split URL Test** major structural changes
### Quick Reference
| Baseline Rate | 10% Lift | 20% Lift | 50% Lift |
|---------------|----------|----------|----------|
| 1% | 150k/variant | 39k/variant | 6k/variant |
| 3% | 47k/variant | 12k/variant | 2k/variant |
| 5% | 27k/variant | 7k/variant | 1.2k/variant |
| 10% | 12k/variant | 3k/variant | 550/variant |
### Formula Resources
- Evan Miller's calculator: https://www.evanmiller.org/ab-testing/sample-size.html
- Optimizely's calculator: https://www.optimizely.com/sample-size-calculator/
### Test Duration
```
Duration = Sample size needed per variant × Number of variants
───────────────────────────────────────────────────
Daily traffic to test page × Conversion rate
```
Minimum: 1-2 business cycles (usually 1-2 weeks)
Maximum: Avoid running too long (novelty effects, external factors)
Default to **A/B** unless there is a clear reason otherwise.
---
## Metrics Selection
### 6 Metrics Definition
### Primary Metric
- Single metric that matters most
- Directly tied to hypothesis
- What you'll use to call the test
#### Primary Metric (Mandatory)
### Secondary Metrics
- Support primary metric interpretation
- Explain why/how the change worked
- Help understand user behavior
- Single metric used to evaluate success
- Directly tied to the hypothesis
- Pre-defined and frozen before launch
### Guardrail Metrics
- Things that shouldn't get worse
- Revenue, retention, satisfaction
- Stop test if significantly negative
#### Secondary Metrics
### Metric Examples by Test Type
- Provide context
- Explain _why_ results occurred
- Must not override the primary metric
**Homepage CTA test:**
- Primary: CTA click-through rate
- Secondary: Time to click, scroll depth
- Guardrail: Bounce rate, downstream conversion
#### Guardrail Metrics
**Pricing page test:**
- Primary: Plan selection rate
- Secondary: Time on page, plan distribution
- Guardrail: Support tickets, refund rate
**Signup flow test:**
- Primary: Signup completion rate
- Secondary: Field-level completion, time to complete
- Guardrail: User activation rate (post-signup quality)
- Metrics that must not degrade
- Used to prevent harmful wins
- Trigger test stop if significantly negative
---
## Designing Variants
### 7⃣ Sample Size & Duration
### Control (A)
- Current experience, unchanged
- Don't modify during test
Define upfront:
### Variant (B+)
- Baseline rate
- MDE
- Significance level (typically 95%)
- Statistical power (typically 80%)
**Best practices:**
- Single, meaningful change
- Bold enough to make a difference
- True to the hypothesis
Estimate:
**What to vary:**
- Required sample size per variant
- Expected test duration
Headlines/Copy:
- Message angle
- Value proposition
- Specificity level
- Tone/voice
Visual Design:
- Layout structure
- Color and contrast
- Image selection
- Visual hierarchy
CTA:
- Button copy
- Size/prominence
- Placement
- Number of CTAs
Content:
- Information included
- Order of information
- Amount of content
- Social proof type
### Documenting Variants
```
Control (A):
- Screenshot
- Description of current state
Variant (B):
- Screenshot or mockup
- Specific changes made
- Hypothesis for why this will win
```
**Do NOT proceed without a realistic sample size estimate.**
---
## Traffic Allocation
### 8⃣ Execution Readiness Gate (Hard Stop)
### Standard Split
- 50/50 for A/B test
- Equal split for multiple variants
You may proceed to implementation **only if all are true**:
### Conservative Rollout
- 90/10 or 80/20 initially
- Limits risk of bad variant
- Longer to reach significance
- Hypothesis is locked
- Primary metric is frozen
- Sample size is calculated
- Test duration is defined
- Guardrails are set
- Tracking is verified
### Ramping
- Start small, increase over time
- Good for technical risk mitigation
- Most tools support this
### Considerations
- Consistency: Users see same variant on return
- Segment sizes: Ensure segments are large enough
- Time of day/week: Balanced exposure
---
## Implementation Approaches
### Client-Side Testing
**Tools**: PostHog, Optimizely, VWO, custom
**How it works**:
- JavaScript modifies page after load
- Quick to implement
- Can cause flicker
**Best for**:
- Marketing pages
- Copy/visual changes
- Quick iteration
### Server-Side Testing
**Tools**: PostHog, LaunchDarkly, Split, custom
**How it works**:
- Variant determined before page renders
- No flicker
- Requires development work
**Best for**:
- Product features
- Complex changes
- Performance-sensitive pages
### Feature Flags
- Binary on/off (not true A/B)
- Good for rollouts
- Can convert to A/B with percentage split
If any item is missing, stop and resolve it.
---
## Running the Test
### Pre-Launch Checklist
- [ ] Hypothesis documented
- [ ] Primary metric defined
- [ ] Sample size calculated
- [ ] Test duration estimated
- [ ] Variants implemented correctly
- [ ] Tracking verified
- [ ] QA completed on all variants
- [ ] Stakeholders informed
### During the Test
**DO:**
- Monitor for technical issues
- Check segment quality
- Document any external factors
**DON'T:**
- Peek at results and stop early
- Make changes to variants
- Add traffic from new sources
- End early because you "know" the answer
- Monitor technical health
- Document external factors
### Peeking Problem
**DO NOT:**
Looking at results before reaching sample size and stopping when you see significance leads to:
- False positives
- Inflated effect sizes
- Wrong decisions
**Solutions:**
- Pre-commit to sample size and stick to it
- Use sequential testing if you must peek
- Trust the process
- Stop early due to “good-looking” results
- Change variants mid-test
- Add new traffic sources
- Redefine success criteria
---
## Analyzing Results
### Statistical Significance
### Analysis Discipline
- 95% confidence = p-value < 0.05
- Means: <5% chance result is random
- Not a guarantee—just a threshold
When interpreting results:
### Practical Significance
- Do NOT generalize beyond the tested population
- Do NOT claim causality beyond the tested change
- Do NOT override guardrail failures
- Separate statistical significance from business judgment
Statistical ≠ Practical
### Interpretation Outcomes
- Is the effect size meaningful for business?
- Is it worth the implementation cost?
- Is it sustainable over time?
### What to Look At
1. **Did you reach sample size?**
- If not, result is preliminary
2. **Is it statistically significant?**
- Check confidence intervals
- Check p-value
3. **Is the effect size meaningful?**
- Compare to your MDE
- Project business impact
4. **Are secondary metrics consistent?**
- Do they support the primary?
- Any unexpected effects?
5. **Any guardrail concerns?**
- Did anything get worse?
- Long-term risks?
6. **Segment differences?**
- Mobile vs. desktop?
- New vs. returning?
- Traffic source?
### Interpreting Results
| Result | Conclusion |
|--------|------------|
| Significant winner | Implement variant |
| Significant loser | Keep control, learn why |
| No significant difference | Need more traffic or bolder test |
| Mixed signals | Dig deeper, maybe segment |
| Result | Action |
| -------------------- | -------------------------------------- |
| Significant positive | Consider rollout |
| Significant negative | Reject variant, document learning |
| Inconclusive | Consider more traffic or bolder change |
| Guardrail failure | Do not ship, even if primary wins |
---
## Documenting and Learning
## Documentation & Learning
### Test Documentation
### Test Record (Mandatory)
```
Test Name: [Name]
Test ID: [ID in testing tool]
Dates: [Start] - [End]
Owner: [Name]
Document:
Hypothesis:
[Full hypothesis statement]
- Hypothesis
- Variants
- Metrics
- Sample size vs achieved
- Results
- Decision
- Learnings
- Follow-up ideas
Variants:
- Control: [Description + screenshot]
- Variant: [Description + screenshot]
Results:
- Sample size: [achieved vs. target]
- Primary metric: [control] vs. [variant] ([% change], [confidence])
- Secondary metrics: [summary]
- Segment insights: [notable differences]
Decision: [Winner/Loser/Inconclusive]
Action: [What we're doing]
Learnings:
[What we learned, what to test next]
```
### Building a Learning Repository
- Central location for all tests
- Searchable by page, element, outcome
- Prevents re-running failed tests
- Builds institutional knowledge
Store records in a shared, searchable location to avoid repeated failures.
---
## Output Format
## Refusal Conditions (Safety)
### Test Plan Document
Refuse to proceed if:
```
# A/B Test: [Name]
- Baseline rate is unknown and cannot be estimated
- Traffic is insufficient to detect the MDE
- Primary metric is undefined
- Multiple variables are changed without proper design
- Hypothesis cannot be clearly stated
## Hypothesis
[Full hypothesis using framework]
## Test Design
- Type: A/B / A/B/n / MVT
- Duration: X weeks
- Sample size: X per variant
- Traffic allocation: 50/50
## Variants
[Control and variant descriptions with visuals]
## Metrics
- Primary: [metric and definition]
- Secondary: [list]
- Guardrails: [list]
## Implementation
- Method: Client-side / Server-side
- Tool: [Tool name]
- Dev requirements: [If any]
## Analysis Plan
- Success criteria: [What constitutes a win]
- Segment analysis: [Planned segments]
```
### Results Summary
When test is complete
### Recommendations
Next steps based on results
Explain why and recommend next steps.
---
## Common Mistakes
## Key Principles (Non-Negotiable)
### Test Design
- Testing too small a change (undetectable)
- Testing too many things (can't isolate)
- No clear hypothesis
- Wrong audience
### Execution
- Stopping early
- Changing things mid-test
- Not checking implementation
- Uneven traffic allocation
### Analysis
- Ignoring confidence intervals
- Cherry-picking segments
- Over-interpreting inconclusive results
- Not considering practical significance
- One hypothesis per test
- One primary metric
- Commit before launch
- No peeking
- Learning over winning
- Statistical rigor first
---
## Questions to Ask
## Final Reminder
If you need more context:
1. What's your current conversion rate?
2. How much traffic does this page get?
3. What change are you considering and why?
4. What's the smallest improvement worth detecting?
5. What tools do you have for testing?
6. Have you tested this area before?
A/B testing is not about proving ideas right.
It is about **learning the truth with confidence**.
---
## Related Skills
- **page-cro**: For generating test ideas based on CRO principles
- **analytics-tracking**: For setting up test measurement
- **copywriting**: For creating variant copy
If you feel tempted to rush, simplify, or “just try it” —
that is the signal to **slow down and re-check the design**.

3
skills/active-directory-attacks/SKILL.md
View File

@@ -1,6 +1,9 @@
---
name: Active Directory Attacks
description: This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.
metadata:
author: zebbern
version: "1.1"
---
# Active Directory Attacks

82
skills/agent-memory-mcp/SKILL.md Normal file
View File

@@ -0,0 +1,82 @@
---
name: agent-memory-mcp
author: Amit Rathiesh
description: A hybrid memory system that provides persistent, searchable knowledge management for AI agents (Architecture, Patterns, Decisions).
---
# Agent Memory Skill
This skill provides a persistent, searchable memory bank that automatically syncs with project documentation. It runs as an MCP server to allow reading/writing/searching of long-term memories.
## Prerequisites
- Node.js (v18+)
## Setup
1. **Clone the Repository**:
Clone the `agentMemory` project into your agent's workspace or a parallel directory:
```bash
git clone https://github.com/webzler/agentMemory.git .agent/skills/agent-memory
```
2. **Install Dependencies**:
```bash
cd .agent/skills/agent-memory
npm install
npm run compile
```
3. **Start the MCP Server**:
Use the helper script to activate the memory bank for your current project:
```bash
npm run start-server <project_id> <absolute_path_to_target_workspace>
```
_Example for current directory:_
```bash
npm run start-server my-project $(pwd)
```
## Capabilities (MCP Tools)
### `memory_search`
Search for memories by query, type, or tags.
- **Args**: `query` (string), `type?` (string), `tags?` (string[])
- **Usage**: "Find all authentication patterns" -> `memory_search({ query: "authentication", type: "pattern" })`
### `memory_write`
Record new knowledge or decisions.
- **Args**: `key` (string), `type` (string), `content` (string), `tags?` (string[])
- **Usage**: "Save this architecture decision" -> `memory_write({ key: "auth-v1", type: "decision", content: "..." })`
### `memory_read`
Retrieve specific memory content by key.
- **Args**: `key` (string)
- **Usage**: "Get the auth design" -> `memory_read({ key: "auth-v1" })`
### `memory_stats`
View analytics on memory usage.
- **Usage**: "Show memory statistics" -> `memory_stats({})`
## Dashboard
This skill includes a standalone dashboard to visualize memory usage.
```bash
npm run start-dashboard <absolute_path_to_target_workspace>
```
Access at: `http://localhost:3333`

771
skills/analytics-tracking/SKILL.md
View File

@@ -1,539 +1,404 @@
---
name: analytics-tracking
description: When the user wants to set up, improve, or audit analytics tracking and measurement. Also use when the user mentions "set up tracking," "GA4," "Google Analytics," "conversion tracking," "event tracking," "UTM parameters," "tag manager," "GTM," "analytics implementation," or "tracking plan." For A/B test measurement, see ab-test-setup.
description: >
Design, audit, and improve analytics tracking systems that produce reliable,
decision-ready data. Use when the user wants to set up, fix, or evaluate
analytics tracking (GA4, GTM, product analytics, events, conversions, UTMs).
This skill focuses on measurement strategy, signal quality, and validation—
not just firing events.
---
# Analytics Tracking
# Analytics Tracking & Measurement Strategy
You are an expert in analytics implementation and measurement. Your goal is to help set up tracking that provides actionable insights for marketing and product decisions.
You are an expert in **analytics implementation and measurement design**.
Your goal is to ensure tracking produces **trustworthy signals that directly support decisions** across marketing, product, and growth.
## Initial Assessment
Before implementing tracking, understand:
1. **Business Context**
- What decisions will this data inform?
- What are the key conversion actions?
- What questions need answering?
2. **Current State**
- What tracking exists?
- What tools are in use (GA4, Mixpanel, Amplitude, etc.)?
- What's working/not working?
3. **Technical Context**
- What's the tech stack?
- Who will implement and maintain?
- Any privacy/compliance requirements?
You do **not** track everything.
You do **not** optimize dashboards without fixing instrumentation.
You do **not** treat GA4 numbers as truth unless validated.
---
## Core Principles
## Phase 0: Measurement Readiness & Signal Quality Index (Required)
### 1. Track for Decisions, Not Data
- Every event should inform a decision
- Avoid vanity metrics
- Quality > quantity of events
Before adding or changing tracking, calculate the **Measurement Readiness & Signal Quality Index**.
### 2. Start with the Questions
- What do you need to know?
- What actions will you take based on this data?
- Work backwards to what you need to track
### Purpose
### 3. Name Things Consistently
- Naming conventions matter
- Establish patterns before implementing
- Document everything
This index answers:
### 4. Maintain Data Quality
- Validate implementation
- Monitor for issues
- Clean data > more data
> **Can this analytics setup produce reliable, decision-grade insights?**
It prevents:
* event sprawl
* vanity tracking
* misleading conversion data
* false confidence in broken analytics
---
## Tracking Plan Framework
## 🔢 Measurement Readiness & Signal Quality Index
### Structure
### Total Score: **0100**
This is a **diagnostic score**, not a performance KPI.
---
### Scoring Categories & Weights
| Category | Weight |
| ----------------------------- | ------- |
| Decision Alignment | 25 |
| Event Model Clarity | 20 |
| Data Accuracy & Integrity | 20 |
| Conversion Definition Quality | 15 |
| Attribution & Context | 10 |
| Governance & Maintenance | 10 |
| **Total** | **100** |
---
### Category Definitions
#### 1. Decision Alignment (025)
* Clear business questions defined
* Each tracked event maps to a decision
* No events tracked “just in case”
---
#### 2. Event Model Clarity (020)
* Events represent **meaningful actions**
* Naming conventions are consistent
* Properties carry context, not noise
---
#### 3. Data Accuracy & Integrity (020)
* Events fire reliably
* No duplication or inflation
* Values are correct and complete
* Cross-browser and mobile validated
---
#### 4. Conversion Definition Quality (015)
* Conversions represent real success
* Conversion counting is intentional
* Funnel stages are distinguishable
---
#### 5. Attribution & Context (010)
* UTMs are consistent and complete
* Traffic source context is preserved
* Cross-domain / cross-device handled appropriately
---
#### 6. Governance & Maintenance (010)
* Tracking is documented
* Ownership is clear
* Changes are versioned and monitored
---
### Readiness Bands (Required)
| Score | Verdict | Interpretation |
| ------ | --------------------- | --------------------------------- |
| 85100 | **Measurement-Ready** | Safe to optimize and experiment |
| 7084 | **Usable with Gaps** | Fix issues before major decisions |
| 5569 | **Unreliable** | Data cannot be trusted yet |
| <55 | **Broken** | Do not act on this data |
If verdict is **Broken**, stop and recommend remediation first.
---
## Phase 1: Context & Decision Definition
(Proceed only after scoring)
### 1. Business Context
* What decisions will this data inform?
* Who uses the data (marketing, product, leadership)?
* What actions will be taken based on insights?
---
### 2. Current State
* Tools in use (GA4, GTM, Mixpanel, Amplitude, etc.)
* Existing events and conversions
* Known issues or distrust in data
---
### 3. Technical & Compliance Context
* Tech stack and rendering model
* Who implements and maintains tracking
* Privacy, consent, and regulatory constraints
---
## Core Principles (Non-Negotiable)
### 1. Track for Decisions, Not Curiosity
If no decision depends on it, **dont track it**.
---
### 2. Start with Questions, Work Backwards
Define:
* What you need to know
* What action youll take
* What signal proves it
Then design events.
---
### 3. Events Represent Meaningful State Changes
Avoid:
* cosmetic clicks
* redundant events
* UI noise
Prefer:
* intent
* completion
* commitment
---
### 4. Data Quality Beats Volume
Fewer accurate events > many unreliable ones.
---
## Event Model Design
### Event Taxonomy
**Navigation / Exposure**
* page_view (enhanced)
* content_viewed
* pricing_viewed
**Intent Signals**
* cta_clicked
* form_started
* demo_requested
**Completion Signals**
* signup_completed
* purchase_completed
* subscription_changed
**System / State Changes**
* onboarding_completed
* feature_activated
* error_occurred
---
### Event Naming Conventions
**Recommended pattern:**
```
Event Name | Event Category | Properties | Trigger | Notes
---------- | ------------- | ---------- | ------- | -----
object_action[_context]
```
### Event Types
Examples:
**Pageviews**
- Automatic in most tools
- Enhanced with page metadata
* signup_completed
* pricing_viewed
* cta_hero_clicked
* onboarding_step_completed
**User Actions**
- Button clicks
- Form submissions
- Feature usage
- Content interactions
Rules:
**System Events**
- Signup completed
- Purchase completed
- Subscription changed
- Errors occurred
**Custom Conversions**
- Goal completions
- Funnel stages
- Business-specific milestones
* lowercase
* underscores
* no spaces
* no ambiguity
---
## Event Naming Conventions
### Event Properties (Context, Not Noise)
### Format Options
Include:
**Object-Action (Recommended)**
```
signup_completed
button_clicked
form_submitted
article_read
```
* where (page, section)
* who (user_type, plan)
* how (method, variant)
**Action-Object**
```
click_button
submit_form
complete_signup
```
Avoid:
**Category_Object_Action**
```
checkout_payment_completed
blog_article_viewed
onboarding_step_completed
```
### Best Practices
- Lowercase with underscores
- Be specific: `cta_hero_clicked` vs. `button_clicked`
- Include context in properties, not event name
- Avoid spaces and special characters
- Document decisions
* PII
* free-text fields
* duplicated auto-properties
---
## Essential Events to Track
## Conversion Strategy
### Marketing Site
### What Qualifies as a Conversion
**Navigation**
- page_view (enhanced)
- outbound_link_clicked
- scroll_depth (25%, 50%, 75%, 100%)
A conversion must represent:
**Engagement**
- cta_clicked (button_text, location)
- video_played (video_id, duration)
- form_started
- form_submitted (form_type)
- resource_downloaded (resource_name)
* real value
* completed intent
* irreversible progress
**Conversion**
- signup_started
- signup_completed
- demo_requested
- contact_submitted
Examples:
### Product/App
* signup_completed
* purchase_completed
* demo_booked
**Onboarding**
- signup_completed
- onboarding_step_completed (step_number, step_name)
- onboarding_completed
- first_key_action_completed
Not conversions:
**Core Usage**
- feature_used (feature_name)
- action_completed (action_type)
- session_started
- session_ended
**Monetization**
- trial_started
- pricing_viewed
- checkout_started
- purchase_completed (plan, value)
- subscription_cancelled
### E-commerce
**Browsing**
- product_viewed (product_id, category, price)
- product_list_viewed (list_name, products)
- product_searched (query, results_count)
**Cart**
- product_added_to_cart
- product_removed_from_cart
- cart_viewed
**Checkout**
- checkout_started
- checkout_step_completed (step)
- payment_info_entered
- purchase_completed (order_id, value, products)
* page views
* button clicks
* form starts
---
## Event Properties (Parameters)
### Conversion Counting Rules
### Standard Properties to Consider
**Page/Screen**
- page_title
- page_location (URL)
- page_referrer
- content_group
**User**
- user_id (if logged in)
- user_type (free, paid, admin)
- account_id (B2B)
- plan_type
**Campaign**
- source
- medium
- campaign
- content
- term
**Product** (e-commerce)
- product_id
- product_name
- category
- price
- quantity
- currency
**Timing**
- timestamp
- session_duration
- time_on_page
### Best Practices
- Use consistent property names
- Include relevant context
- Don't duplicate GA4 automatic properties
- Avoid PII in properties
- Document expected values
* Once per session vs every occurrence
* Explicitly documented
* Consistent across tools
---
## GA4 Implementation
## GA4 & GTM (Implementation Guidance)
### Configuration
*(Tool-specific, but optional)*
**Data Streams**
- One stream per platform (web, iOS, Android)
- Enable enhanced measurement
**Enhanced Measurement Events**
- page_view (automatic)
- scroll (90% depth)
- outbound_click
- site_search
- video_engagement
- file_download
**Recommended Events**
- Use Google's predefined events when possible
- Correct naming for enhanced reporting
- See: https://support.google.com/analytics/answer/9267735
### Custom Events (GA4)
```javascript
// gtag.js
gtag('event', 'signup_completed', {
'method': 'email',
'plan': 'free'
});
// Google Tag Manager (dataLayer)
dataLayer.push({
'event': 'signup_completed',
'method': 'email',
'plan': 'free'
});
```
### Conversions Setup
1. Collect event in GA4
2. Mark as conversion in Admin > Events
3. Set conversion counting (once per session or every time)
4. Import to Google Ads if needed
### Custom Dimensions and Metrics
**When to use:**
- Properties you want to segment by
- Metrics you want to aggregate
- Beyond standard parameters
**Setup:**
1. Create in Admin > Custom definitions
2. Scope: Event, User, or Item
3. Parameter name must match
* Prefer GA4 recommended events
* Use GTM for orchestration, not logic
* Push clean dataLayer events
* Avoid multiple containers
* Version every publish
---
## Google Tag Manager Implementation
## UTM & Attribution Discipline
### Container Structure
### UTM Rules
**Tags**
- GA4 Configuration (base)
- GA4 Event tags (one per event or grouped)
- Conversion pixels (Facebook, LinkedIn, etc.)
* lowercase only
* consistent separators
* documented centrally
* never overwritten client-side
**Triggers**
- Page View (DOM Ready, Window Loaded)
- Click - All Elements / Just Links
- Form Submission
- Custom Events
**Variables**
- Built-in: Click Text, Click URL, Page Path, etc.
- Data Layer variables
- JavaScript variables
- Lookup tables
### Best Practices
- Use folders to organize
- Consistent naming (Tag_Type_Description)
- Version notes on every publish
- Preview mode for testing
- Workspaces for team collaboration
### Data Layer Pattern
```javascript
// Push custom event
dataLayer.push({
'event': 'form_submitted',
'form_name': 'contact',
'form_location': 'footer'
});
// Set user properties
dataLayer.push({
'user_id': '12345',
'user_type': 'premium'
});
// E-commerce event
dataLayer.push({
'event': 'purchase',
'ecommerce': {
'transaction_id': 'T12345',
'value': 99.99,
'currency': 'USD',
'items': [{
'item_id': 'SKU123',
'item_name': 'Product Name',
'price': 99.99
}]
}
});
```
UTMs exist to **explain performance**, not inflate numbers.
---
## UTM Parameter Strategy
## Validation & Debugging
### Standard Parameters
### Required Validation
| Parameter | Purpose | Example |
|-----------|---------|---------|
| utm_source | Where traffic comes from | google, facebook, newsletter |
| utm_medium | Marketing medium | cpc, email, social, referral |
| utm_campaign | Campaign name | spring_sale, product_launch |
| utm_content | Differentiate versions | hero_cta, sidebar_link |
| utm_term | Paid search keywords | running+shoes |
* Real-time verification
* Duplicate detection
* Cross-browser testing
* Mobile testing
* Consent-state testing
### Naming Conventions
### Common Failure Modes
**Lowercase everything**
- google, not Google
- email, not Email
**Use underscores or hyphens consistently**
- product_launch or product-launch
- Pick one, stick with it
**Be specific but concise**
- blog_footer_cta, not cta1
- 2024_q1_promo, not promo
### UTM Documentation
Track all UTMs in a spreadsheet or tool:
| Campaign | Source | Medium | Content | Full URL | Owner | Date |
|----------|--------|--------|---------|----------|-------|------|
| ... | ... | ... | ... | ... | ... | ... |
### UTM Builder
Provide a consistent UTM builder link to team:
- Google's URL builder
- Internal tool
- Spreadsheet formula
* double firing
* missing properties
* broken attribution
* PII leakage
* inflated conversions
---
## Debugging and Validation
## Privacy & Compliance
### Testing Tools
* Consent before tracking where required
* Data minimization
* User deletion support
* Retention policies reviewed
**GA4 DebugView**
- Real-time event monitoring
- Enable with ?debug_mode=true
- Or via Chrome extension
**GTM Preview Mode**
- Test triggers and tags
- See data layer state
- Validate before publish
**Browser Extensions**
- GA Debugger
- Tag Assistant
- dataLayer Inspector
### Validation Checklist
- [ ] Events firing on correct triggers
- [ ] Property values populating correctly
- [ ] No duplicate events
- [ ] Works across browsers
- [ ] Works on mobile
- [ ] Conversions recorded correctly
- [ ] User ID passing when logged in
- [ ] No PII leaking
### Common Issues
**Events not firing**
- Trigger misconfigured
- Tag paused
- GTM not loaded on page
**Wrong values**
- Variable not configured
- Data layer not pushing correctly
- Timing issues (fire before data ready)
**Duplicate events**
- Multiple GTM containers
- Multiple tag instances
- Trigger firing multiple times
Analytics that violate trust undermine optimization.
---
## Privacy and Compliance
## Output Format (Required)
### Considerations
### Measurement Strategy Summary
- Cookie consent required in EU/UK/CA
- No PII in analytics properties
- Data retention settings
- User deletion capabilities
- Cross-device tracking consent
### Implementation
**Consent Mode (GA4)**
- Wait for consent before tracking
- Use consent mode for partial tracking
- Integrate with consent management platform
**Data Minimization**
- Only collect what you need
- IP anonymization
- No PII in custom dimensions
* Measurement Readiness Index score + verdict
* Key risks and gaps
* Recommended remediation order
---
## Output Format
### Tracking Plan
### Tracking Plan Document
```
# [Site/Product] Tracking Plan
## Overview
- Tools: GA4, GTM
- Last updated: [Date]
- Owner: [Name]
## Events
### Marketing Events
| Event Name | Description | Properties | Trigger |
|------------|-------------|------------|---------|
| signup_started | User initiates signup | source, page | Click signup CTA |
| signup_completed | User completes signup | method, plan | Signup success page |
### Product Events
[Similar table]
## Custom Dimensions
| Name | Scope | Parameter | Description |
|------|-------|-----------|-------------|
| user_type | User | user_type | Free, trial, paid |
## Conversions
| Conversion | Event | Counting | Google Ads |
|------------|-------|----------|------------|
| Signup | signup_completed | Once per session | Yes |
## UTM Convention
[Guidelines]
```
### Implementation Code
Provide ready-to-use code snippets
### Testing Checklist
Specific validation steps
| Event | Description | Properties | Trigger | Decision Supported |
| ----- | ----------- | ---------- | ------- | ------------------ |
---
## Questions to Ask
### Conversions
If you need more context:
1. What tools are you using (GA4, Mixpanel, etc.)?
2. What key actions do you want to track?
3. What decisions will this data inform?
4. Who implements - dev team or marketing?
5. Are there privacy/consent requirements?
6. What's already tracked?
| Conversion | Event | Counting | Used By |
| ---------- | ----- | -------- | ------- |
---
### Implementation Notes
* Tool-specific setup
* Ownership
* Validation steps
---
## Questions to Ask (If Needed)
1. What decisions depend on this data?
2. Which metrics are currently trusted or distrusted?
3. Who owns analytics long term?
4. What compliance constraints apply?
5. What tools are already in place?
---
## Related Skills
- **ab-test-setup**: For experiment tracking
- **seo-audit**: For organic traffic analysis
- **page-cro**: For conversion optimization (uses this data)
* **page-cro** Uses this data for optimization
* **ab-test-setup** Requires clean conversions
* **seo-audit** Organic performance analysis
* **programmatic-seo** Scale requires reliable signals
---

484
skills/api-documentation-generator/SKILL.md Normal file
View File

@@ -0,0 +1,484 @@
---
name: api-documentation-generator
description: "Generate comprehensive, developer-friendly API documentation from code, including endpoints, parameters, examples, and best practices"
---
# API Documentation Generator
## Overview
Automatically generate clear, comprehensive API documentation from your codebase. This skill helps you create professional documentation that includes endpoint descriptions, request/response examples, authentication details, error handling, and usage guidelines.
Perfect for REST APIs, GraphQL APIs, and WebSocket APIs.
## When to Use This Skill
- Use when you need to document a new API
- Use when updating existing API documentation
- Use when your API lacks clear documentation
- Use when onboarding new developers to your API
- Use when preparing API documentation for external users
- Use when creating OpenAPI/Swagger specifications
## How It Works
### Step 1: Analyze the API Structure
First, I'll examine your API codebase to understand:
- Available endpoints and routes
- HTTP methods (GET, POST, PUT, DELETE, etc.)
- Request parameters and body structure
- Response formats and status codes
- Authentication and authorization requirements
- Error handling patterns
### Step 2: Generate Endpoint Documentation
For each endpoint, I'll create documentation including:
**Endpoint Details:**
- HTTP method and URL path
- Brief description of what it does
- Authentication requirements
- Rate limiting information (if applicable)
**Request Specification:**
- Path parameters
- Query parameters
- Request headers
- Request body schema (with types and validation rules)
**Response Specification:**
- Success response (status code + body structure)
- Error responses (all possible error codes)
- Response headers
**Code Examples:**
- cURL command
- JavaScript/TypeScript (fetch/axios)
- Python (requests)
- Other languages as needed
### Step 3: Add Usage Guidelines
I'll include:
- Getting started guide
- Authentication setup
- Common use cases
- Best practices
- Rate limiting details
- Pagination patterns
- Filtering and sorting options
### Step 4: Document Error Handling
Clear error documentation including:
- All possible error codes
- Error message formats
- Troubleshooting guide
- Common error scenarios and solutions
### Step 5: Create Interactive Examples
Where possible, I'll provide:
- Postman collection
- OpenAPI/Swagger specification
- Interactive code examples
- Sample responses
## Examples
### Example 1: REST API Endpoint Documentation
```markdown
## Create User
Creates a new user account.
**Endpoint:** `POST /api/v1/users`
**Authentication:** Required (Bearer token)
**Request Body:**
\`\`\`json
{
"email": "user@example.com", // Required: Valid email address
"password": "SecurePass123!", // Required: Min 8 chars, 1 uppercase, 1 number
"name": "John Doe", // Required: 2-50 characters
"role": "user" // Optional: "user" or "admin" (default: "user")
}
\`\`\`
**Success Response (201 Created):**
\`\`\`json
{
"id": "usr_1234567890",
"email": "user@example.com",
"name": "John Doe",
"role": "user",
"createdAt": "2026-01-20T10:30:00Z",
"emailVerified": false
}
\`\`\`
**Error Responses:**
- `400 Bad Request` - Invalid input data
\`\`\`json
{
"error": "VALIDATION_ERROR",
"message": "Invalid email format",
"field": "email"
}
\`\`\`
- `409 Conflict` - Email already exists
\`\`\`json
{
"error": "EMAIL_EXISTS",
"message": "An account with this email already exists"
}
\`\`\`
- `401 Unauthorized` - Missing or invalid authentication token
**Example Request (cURL):**
\`\`\`bash
curl -X POST https://api.example.com/api/v1/users \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "SecurePass123!",
"name": "John Doe"
}'
\`\`\`
**Example Request (JavaScript):**
\`\`\`javascript
const response = await fetch('https://api.example.com/api/v1/users', {
method: 'POST',
headers: {
'Authorization': `Bearer ${token}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
email: 'user@example.com',
password: 'SecurePass123!',
name: 'John Doe'
})
});
const user = await response.json();
console.log(user);
\`\`\`
**Example Request (Python):**
\`\`\`python
import requests
response = requests.post(
'https://api.example.com/api/v1/users',
headers={
'Authorization': f'Bearer {token}',
'Content-Type': 'application/json'
},
json={
'email': 'user@example.com',
'password': 'SecurePass123!',
'name': 'John Doe'
}
)
user = response.json()
print(user)
\`\`\`
```
### Example 2: GraphQL API Documentation
```markdown
## User Query
Fetch user information by ID.
**Query:**
\`\`\`graphql
query GetUser($id: ID!) {
user(id: $id) {
id
email
name
role
createdAt
posts {
id
title
publishedAt
}
}
}
\`\`\`
**Variables:**
\`\`\`json
{
"id": "usr_1234567890"
}
\`\`\`
**Response:**
\`\`\`json
{
"data": {
"user": {
"id": "usr_1234567890",
"email": "user@example.com",
"name": "John Doe",
"role": "user",
"createdAt": "2026-01-20T10:30:00Z",
"posts": [
{
"id": "post_123",
"title": "My First Post",
"publishedAt": "2026-01-21T14:00:00Z"
}
]
}
}
}
\`\`\`
**Errors:**
\`\`\`json
{
"errors": [
{
"message": "User not found",
"extensions": {
"code": "USER_NOT_FOUND",
"userId": "usr_1234567890"
}
}
]
}
\`\`\`
```
### Example 3: Authentication Documentation
```markdown
## Authentication
All API requests require authentication using Bearer tokens.
### Getting a Token
**Endpoint:** `POST /api/v1/auth/login`
**Request:**
\`\`\`json
{
"email": "user@example.com",
"password": "your-password"
}
\`\`\`
**Response:**
\`\`\`json
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expiresIn": 3600,
"refreshToken": "refresh_token_here"
}
\`\`\`
### Using the Token
Include the token in the Authorization header:
\`\`\`
Authorization: Bearer YOUR_TOKEN
\`\`\`
### Token Expiration
Tokens expire after 1 hour. Use the refresh token to get a new access token:
**Endpoint:** `POST /api/v1/auth/refresh`
**Request:**
\`\`\`json
{
"refreshToken": "refresh_token_here"
}
\`\`\`
```
## Best Practices
### ✅ Do This
- **Be Consistent** - Use the same format for all endpoints
- **Include Examples** - Provide working code examples in multiple languages
- **Document Errors** - List all possible error codes and their meanings
- **Show Real Data** - Use realistic example data, not "foo" and "bar"
- **Explain Parameters** - Describe what each parameter does and its constraints
- **Version Your API** - Include version numbers in URLs (/api/v1/)
- **Add Timestamps** - Show when documentation was last updated
- **Link Related Endpoints** - Help users discover related functionality
- **Include Rate Limits** - Document any rate limiting policies
- **Provide Postman Collection** - Make it easy to test your API
### ❌ Don't Do This
- **Don't Skip Error Cases** - Users need to know what can go wrong
- **Don't Use Vague Descriptions** - "Gets data" is not helpful
- **Don't Forget Authentication** - Always document auth requirements
- **Don't Ignore Edge Cases** - Document pagination, filtering, sorting
- **Don't Leave Examples Broken** - Test all code examples
- **Don't Use Outdated Info** - Keep documentation in sync with code
- **Don't Overcomplicate** - Keep it simple and scannable
- **Don't Forget Response Headers** - Document important headers
## Documentation Structure
### Recommended Sections
1. **Introduction**
- What the API does
- Base URL
- API version
- Support contact
2. **Authentication**
- How to authenticate
- Token management
- Security best practices
3. **Quick Start**
- Simple example to get started
- Common use case walkthrough
4. **Endpoints**
- Organized by resource
- Full details for each endpoint
5. **Data Models**
- Schema definitions
- Field descriptions
- Validation rules
6. **Error Handling**
- Error code reference
- Error response format
- Troubleshooting guide
7. **Rate Limiting**
- Limits and quotas
- Headers to check
- Handling rate limit errors
8. **Changelog**
- API version history
- Breaking changes
- Deprecation notices
9. **SDKs and Tools**
- Official client libraries
- Postman collection
- OpenAPI specification
## Common Pitfalls
### Problem: Documentation Gets Out of Sync
**Symptoms:** Examples don't work, parameters are wrong, endpoints return different data
**Solution:**
- Generate docs from code comments/annotations
- Use tools like Swagger/OpenAPI
- Add API tests that validate documentation
- Review docs with every API change
### Problem: Missing Error Documentation
**Symptoms:** Users don't know how to handle errors, support tickets increase
**Solution:**
- Document every possible error code
- Provide clear error messages
- Include troubleshooting steps
- Show example error responses
### Problem: Examples Don't Work
**Symptoms:** Users can't get started, frustration increases
**Solution:**
- Test every code example
- Use real, working endpoints
- Include complete examples (not fragments)
- Provide a sandbox environment
### Problem: Unclear Parameter Requirements
**Symptoms:** Users send invalid requests, validation errors
**Solution:**
- Mark required vs optional clearly
- Document data types and formats
- Show validation rules
- Provide example values
## Tools and Formats
### OpenAPI/Swagger
Generate interactive documentation:
```yaml
openapi: 3.0.0
info:
title: My API
version: 1.0.0
paths:
/users:
post:
summary: Create a new user
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreateUserRequest'
```
### Postman Collection
Export collection for easy testing:
```json
{
"info": {
"name": "My API",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "Create User",
"request": {
"method": "POST",
"url": "{{baseUrl}}/api/v1/users"
}
}
]
}
```
## Related Skills
- `@doc-coauthoring` - For collaborative documentation writing
- `@copywriting` - For clear, user-friendly descriptions
- `@test-driven-development` - For ensuring API behavior matches docs
- `@systematic-debugging` - For troubleshooting API issues
## Additional Resources
- [OpenAPI Specification](https://swagger.io/specification/)
- [REST API Best Practices](https://restfulapi.net/)
- [GraphQL Documentation](https://graphql.org/learn/)
- [API Design Patterns](https://www.apiguide.com/)
- [Postman Documentation](https://learning.postman.com/docs/)
---
**Pro Tip:** Keep your API documentation as close to your code as possible. Use tools that generate docs from code comments to ensure they stay in sync!

3
skills/api-fuzzing-bug-bounty/SKILL.md
View File

@@ -1,6 +1,9 @@
---
name: API Fuzzing for Bug Bounty
description: This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques.
metadata:
author: zebbern
version: "1.1"
---
# API Fuzzing for Bug Bounty

81
skills/api-patterns/SKILL.md Normal file
View File

@@ -0,0 +1,81 @@
---
name: api-patterns
description: API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination.
allowed-tools: Read, Write, Edit, Glob, Grep
---
# API Patterns
> API design principles and decision-making for 2025.
> **Learn to THINK, not copy fixed patterns.**
## 🎯 Selective Reading Rule
**Read ONLY files relevant to the request!** Check the content map, find what you need.
---
## 📑 Content Map
| File | Description | When to Read |
|------|-------------|--------------|
| `api-style.md` | REST vs GraphQL vs tRPC decision tree | Choosing API type |
| `rest.md` | Resource naming, HTTP methods, status codes | Designing REST API |
| `response.md` | Envelope pattern, error format, pagination | Response structure |
| `graphql.md` | Schema design, when to use, security | Considering GraphQL |
| `trpc.md` | TypeScript monorepo, type safety | TS fullstack projects |
| `versioning.md` | URI/Header/Query versioning | API evolution planning |
| `auth.md` | JWT, OAuth, Passkey, API Keys | Auth pattern selection |
| `rate-limiting.md` | Token bucket, sliding window | API protection |
| `documentation.md` | OpenAPI/Swagger best practices | Documentation |
| `security-testing.md` | OWASP API Top 10, auth/authz testing | Security audits |
---
## 🔗 Related Skills
| Need | Skill |
|------|-------|
| API implementation | `@[skills/backend-development]` |
| Data structure | `@[skills/database-design]` |
| Security details | `@[skills/security-hardening]` |
---
## ✅ Decision Checklist
Before designing an API:
- [ ] **Asked user about API consumers?**
- [ ] **Chosen API style for THIS context?** (REST/GraphQL/tRPC)
- [ ] **Defined consistent response format?**
- [ ] **Planned versioning strategy?**
- [ ] **Considered authentication needs?**
- [ ] **Planned rate limiting?**
- [ ] **Documentation approach defined?**
---
## ❌ Anti-Patterns
**DON'T:**
- Default to REST for everything
- Use verbs in REST endpoints (/getUsers)
- Return inconsistent response formats
- Expose internal errors to clients
- Skip rate limiting
**DO:**
- Choose API style based on context
- Ask about client requirements
- Document thoroughly
- Use appropriate status codes
---
## Script
| Script | Purpose | Command |
|--------|---------|---------|
| `scripts/api_validator.py` | API endpoint validation | `python scripts/api_validator.py <project_path>` |

42
skills/api-patterns/api-style.md Normal file
View File

@@ -0,0 +1,42 @@
# API Style Selection (2025)
> REST vs GraphQL vs tRPC - Hangi durumda hangisi?
## Decision Tree
```
Who are the API consumers?
├── Public API / Multiple platforms
│ └── REST + OpenAPI (widest compatibility)
├── Complex data needs / Multiple frontends
│ └── GraphQL (flexible queries)
├── TypeScript frontend + backend (monorepo)
│ └── tRPC (end-to-end type safety)
├── Real-time / Event-driven
│ └── WebSocket + AsyncAPI
└── Internal microservices
└── gRPC (performance) or REST (simplicity)
```
## Comparison
| Factor | REST | GraphQL | tRPC |
|--------|------|---------|------|
| **Best for** | Public APIs | Complex apps | TS monorepos |
| **Learning curve** | Low | Medium | Low (if TS) |
| **Over/under fetching** | Common | Solved | Solved |
| **Type safety** | Manual (OpenAPI) | Schema-based | Automatic |
| **Caching** | HTTP native | Complex | Client-based |
## Selection Questions
1. Who are the API consumers?
2. Is the frontend TypeScript?
3. How complex are the data relationships?
4. Is caching critical?
5. Public or internal API?

24
skills/api-patterns/auth.md Normal file
View File

@@ -0,0 +1,24 @@
# Authentication Patterns
> Choose auth pattern based on use case.
## Selection Guide
| Pattern | Best For |
|---------|----------|
| **JWT** | Stateless, microservices |
| **Session** | Traditional web, simple |
| **OAuth 2.0** | Third-party integration |
| **API Keys** | Server-to-server, public APIs |
| **Passkey** | Modern passwordless (2025+) |
## JWT Principles
```
Important:
├── Always verify signature
├── Check expiration
├── Include minimal claims
├── Use short expiry + refresh tokens
└── Never store sensitive data in JWT
```

26
skills/api-patterns/documentation.md Normal file
View File

@@ -0,0 +1,26 @@
# API Documentation Principles
> Good docs = happy developers = API adoption.
## OpenAPI/Swagger Essentials
```
Include:
├── All endpoints with examples
├── Request/response schemas
├── Authentication requirements
├── Error response formats
└── Rate limiting info
```
## Good Documentation Has
```
Essentials:
├── Quick start / Getting started
├── Authentication guide
├── Complete API reference
├── Error handling guide
├── Code examples (multiple languages)
└── Changelog
```

41
skills/api-patterns/graphql.md Normal file
View File

@@ -0,0 +1,41 @@
# GraphQL Principles
> Flexible queries for complex, interconnected data.
## When to Use
```
✅ Good fit:
├── Complex, interconnected data
├── Multiple frontend platforms
├── Clients need flexible queries
├── Evolving data requirements
└── Reducing over-fetching matters
❌ Poor fit:
├── Simple CRUD operations
├── File upload heavy
├── HTTP caching important
└── Team unfamiliar with GraphQL
```
## Schema Design Principles
```
Principles:
├── Think in graphs, not endpoints
├── Design for evolvability (no versions)
├── Use connections for pagination
├── Be specific with types (not generic "data")
└── Handle nullability thoughtfully
```
## Security Considerations
```
Protect against:
├── Query depth attacks → Set max depth
├── Query complexity → Calculate cost
├── Batching abuse → Limit batch size
├── Introspection → Disable in production
```

31
skills/api-patterns/rate-limiting.md Normal file
View File

@@ -0,0 +1,31 @@
# Rate Limiting Principles
> Protect your API from abuse and overload.
## Why Rate Limit
```
Protect against:
├── Brute force attacks
├── Resource exhaustion
├── Cost overruns (if pay-per-use)
└── Unfair usage
```
## Strategy Selection
| Type | How | When |
|------|-----|------|
| **Token bucket** | Burst allowed, refills over time | Most APIs |
| **Sliding window** | Smooth distribution | Strict limits |
| **Fixed window** | Simple counters per window | Basic needs |
## Response Headers
```
Include in headers:
├── X-RateLimit-Limit (max requests)
├── X-RateLimit-Remaining (requests left)
├── X-RateLimit-Reset (when limit resets)
└── Return 429 when exceeded
```

37
skills/api-patterns/response.md Normal file
View File

@@ -0,0 +1,37 @@
# Response Format Principles
> Consistency is key - choose a format and stick to it.
## Common Patterns
```
Choose one:
├── Envelope pattern ({ success, data, error })
├── Direct data (just return the resource)
└── HAL/JSON:API (hypermedia)
```
## Error Response
```
Include:
├── Error code (for programmatic handling)
├── User message (for display)
├── Details (for debugging, field-level errors)
├── Request ID (for support)
└── NOT internal details (security!)
```
## Pagination Types
| Type | Best For | Trade-offs |
|------|----------|------------|
| **Offset** | Simple, jumpable | Performance on large datasets |
| **Cursor** | Large datasets | Can't jump to page |
| **Keyset** | Performance critical | Requires sortable key |
### Selection Questions
1. How large is the dataset?
2. Do users need to jump to specific pages?
3. Is data frequently changing?

40
skills/api-patterns/rest.md Normal file
View File

@@ -0,0 +1,40 @@
# REST Principles
> Resource-based API design - nouns not verbs.
## Resource Naming Rules
```
Principles:
├── Use NOUNS, not verbs (resources, not actions)
├── Use PLURAL forms (/users not /user)
├── Use lowercase with hyphens (/user-profiles)
├── Nest for relationships (/users/123/posts)
└── Keep shallow (max 3 levels deep)
```
## HTTP Method Selection
| Method | Purpose | Idempotent? | Body? |
|--------|---------|-------------|-------|
| **GET** | Read resource(s) | Yes | No |
| **POST** | Create new resource | No | Yes |
| **PUT** | Replace entire resource | Yes | Yes |
| **PATCH** | Partial update | No | Yes |
| **DELETE** | Remove resource | Yes | No |
## Status Code Selection
| Situation | Code | Why |
|-----------|------|-----|
| Success (read) | 200 | Standard success |
| Created | 201 | New resource created |
| No content | 204 | Success, nothing to return |
| Bad request | 400 | Malformed request |
| Unauthorized | 401 | Missing/invalid auth |
| Forbidden | 403 | Valid auth, no permission |
| Not found | 404 | Resource doesn't exist |
| Conflict | 409 | State conflict (duplicate) |
| Validation error | 422 | Valid syntax, invalid data |
| Rate limited | 429 | Too many requests |
| Server error | 500 | Our fault |

211
skills/api-patterns/scripts/api_validator.py Normal file
View File

@@ -0,0 +1,211 @@
#!/usr/bin/env python3
"""
API Validator - Checks API endpoints for best practices.
Validates OpenAPI specs, response formats, and common issues.
"""
import sys
import json
import re
from pathlib import Path
# Fix Windows console encoding for Unicode output
try:
sys.stdout.reconfigure(encoding='utf-8', errors='replace')
sys.stderr.reconfigure(encoding='utf-8', errors='replace')
except AttributeError:
pass # Python < 3.7
def find_api_files(project_path: Path) -> list:
"""Find API-related files."""
patterns = [
"**/*api*.ts", "**/*api*.js", "**/*api*.py",
"**/routes/*.ts", "**/routes/*.js", "**/routes/*.py",
"**/controllers/*.ts", "**/controllers/*.js",
"**/endpoints/*.ts", "**/endpoints/*.py",
"**/*.openapi.json", "**/*.openapi.yaml",
"**/swagger.json", "**/swagger.yaml",
"**/openapi.json", "**/openapi.yaml"
]
files = []
for pattern in patterns:
files.extend(project_path.glob(pattern))
# Exclude node_modules, etc.
return [f for f in files if not any(x in str(f) for x in ['node_modules', '.git', 'dist', 'build', '__pycache__'])]
def check_openapi_spec(file_path: Path) -> dict:
"""Check OpenAPI/Swagger specification."""
issues = []
passed = []
try:
content = file_path.read_text(encoding='utf-8')
if file_path.suffix == '.json':
spec = json.loads(content)
else:
# Basic YAML check
if 'openapi:' in content or 'swagger:' in content:
passed.append("[OK] OpenAPI/Swagger version defined")
else:
issues.append("[X] No OpenAPI version found")
if 'paths:' in content:
passed.append("[OK] Paths section exists")
else:
issues.append("[X] No paths defined")
if 'components:' in content or 'definitions:' in content:
passed.append("[OK] Schema components defined")
return {'file': str(file_path), 'passed': passed, 'issues': issues, 'type': 'openapi'}
# JSON OpenAPI checks
if 'openapi' in spec or 'swagger' in spec:
passed.append("[OK] OpenAPI version defined")
if 'info' in spec:
if 'title' in spec['info']:
passed.append("[OK] API title defined")
if 'version' in spec['info']:
passed.append("[OK] API version defined")
if 'description' not in spec['info']:
issues.append("[!] API description missing")
if 'paths' in spec:
path_count = len(spec['paths'])
passed.append(f"[OK] {path_count} endpoints defined")
# Check each path
for path, methods in spec['paths'].items():
for method, details in methods.items():
if method in ['get', 'post', 'put', 'patch', 'delete']:
if 'responses' not in details:
issues.append(f"[X] {method.upper()} {path}: No responses defined")
if 'summary' not in details and 'description' not in details:
issues.append(f"[!] {method.upper()} {path}: No description")
except Exception as e:
issues.append(f"[X] Parse error: {e}")
return {'file': str(file_path), 'passed': passed, 'issues': issues, 'type': 'openapi'}
def check_api_code(file_path: Path) -> dict:
"""Check API code for common issues."""
issues = []
passed = []
try:
content = file_path.read_text(encoding='utf-8')
# Check for error handling
error_patterns = [
r'try\s*{', r'try:', r'\.catch\(',
r'except\s+', r'catch\s*\('
]
has_error_handling = any(re.search(p, content) for p in error_patterns)
if has_error_handling:
passed.append("[OK] Error handling present")
else:
issues.append("[X] No error handling found")
# Check for status codes
status_patterns = [
r'status\s*\(\s*\d{3}\s*\)', r'statusCode\s*[=:]\s*\d{3}',
r'HttpStatus\.', r'status_code\s*=\s*\d{3}',
r'\.status\(\d{3}\)', r'res\.status\('
]
has_status = any(re.search(p, content) for p in status_patterns)
if has_status:
passed.append("[OK] HTTP status codes used")
else:
issues.append("[!] No explicit HTTP status codes")
# Check for validation
validation_patterns = [
r'validate', r'schema', r'zod', r'joi', r'yup',
r'pydantic', r'@Body\(', r'@Query\('
]
has_validation = any(re.search(p, content, re.I) for p in validation_patterns)
if has_validation:
passed.append("[OK] Input validation present")
else:
issues.append("[!] No input validation detected")
# Check for auth middleware
auth_patterns = [
r'auth', r'jwt', r'bearer', r'token',
r'middleware', r'guard', r'@Authenticated'
]
has_auth = any(re.search(p, content, re.I) for p in auth_patterns)
if has_auth:
passed.append("[OK] Authentication/authorization detected")
# Check for rate limiting
rate_patterns = [r'rateLimit', r'throttle', r'rate.?limit']
has_rate = any(re.search(p, content, re.I) for p in rate_patterns)
if has_rate:
passed.append("[OK] Rate limiting present")
# Check for logging
log_patterns = [r'console\.log', r'logger\.', r'logging\.', r'log\.']
has_logging = any(re.search(p, content) for p in log_patterns)
if has_logging:
passed.append("[OK] Logging present")
except Exception as e:
issues.append(f"[X] Read error: {e}")
return {'file': str(file_path), 'passed': passed, 'issues': issues, 'type': 'code'}
def main():
target = sys.argv[1] if len(sys.argv) > 1 else "."
project_path = Path(target)
print("\n" + "=" * 60)
print(" API VALIDATOR - Endpoint Best Practices Check")
print("=" * 60 + "\n")
api_files = find_api_files(project_path)
if not api_files:
print("[!] No API files found.")
print(" Looking for: routes/, controllers/, api/, openapi.json/yaml")
sys.exit(0)
results = []
for file_path in api_files[:15]: # Limit
if 'openapi' in file_path.name.lower() or 'swagger' in file_path.name.lower():
result = check_openapi_spec(file_path)
else:
result = check_api_code(file_path)
results.append(result)
# Print results
total_issues = 0
total_passed = 0
for result in results:
print(f"\n[FILE] {result['file']} [{result['type']}]")
for item in result['passed']:
print(f" {item}")
total_passed += 1
for item in result['issues']:
print(f" {item}")
if item.startswith("[X]"):
total_issues += 1
print("\n" + "=" * 60)
print(f"[RESULTS] {total_passed} passed, {total_issues} critical issues")
print("=" * 60)
if total_issues == 0:
print("[OK] API validation passed")
sys.exit(0)
else:
print("[X] Fix critical issues before deployment")
sys.exit(1)
if __name__ == "__main__":
main()

122
skills/api-patterns/security-testing.md Normal file
View File

@@ -0,0 +1,122 @@
# API Security Testing
> Principles for testing API security. OWASP API Top 10, authentication, authorization testing.
---
## OWASP API Security Top 10
| Vulnerability | Test Focus |
|---------------|------------|
| **API1: BOLA** | Access other users' resources |
| **API2: Broken Auth** | JWT, session, credentials |
| **API3: Property Auth** | Mass assignment, data exposure |
| **API4: Resource Consumption** | Rate limiting, DoS |
| **API5: Function Auth** | Admin endpoints, role bypass |
| **API6: Business Flow** | Logic abuse, automation |
| **API7: SSRF** | Internal network access |
| **API8: Misconfiguration** | Debug endpoints, CORS |
| **API9: Inventory** | Shadow APIs, old versions |
| **API10: Unsafe Consumption** | Third-party API trust |
---
## Authentication Testing
### JWT Testing
| Check | What to Test |
|-------|--------------|
| Algorithm | None, algorithm confusion |
| Secret | Weak secrets, brute force |
| Claims | Expiration, issuer, audience |
| Signature | Manipulation, key injection |
### Session Testing
| Check | What to Test |
|-------|--------------|
| Generation | Predictability |
| Storage | Client-side security |
| Expiration | Timeout enforcement |
| Invalidation | Logout effectiveness |
---
## Authorization Testing
| Test Type | Approach |
|-----------|----------|
| **Horizontal** | Access peer users' data |
| **Vertical** | Access higher privilege functions |
| **Context** | Access outside allowed scope |
### BOLA/IDOR Testing
1. Identify resource IDs in requests
2. Capture request with user A's session
3. Replay with user B's session
4. Check for unauthorized access
---
## Input Validation Testing
| Injection Type | Test Focus |
|----------------|------------|
| SQL | Query manipulation |
| NoSQL | Document queries |
| Command | System commands |
| LDAP | Directory queries |
**Approach:** Test all parameters, try type coercion, test boundaries, check error messages.
---
## Rate Limiting Testing
| Aspect | Check |
|--------|-------|
| Existence | Is there any limit? |
| Bypass | Headers, IP rotation |
| Scope | Per-user, per-IP, global |
**Bypass techniques:** X-Forwarded-For, different HTTP methods, case variations, API versioning.
---
## GraphQL Security
| Test | Focus |
|------|-------|
| Introspection | Schema disclosure |
| Batching | Query DoS |
| Nesting | Depth-based DoS |
| Authorization | Field-level access |
---
## Security Testing Checklist
**Authentication:**
- [ ] Test for bypass
- [ ] Check credential strength
- [ ] Verify token security
**Authorization:**
- [ ] Test BOLA/IDOR
- [ ] Check privilege escalation
- [ ] Verify function access
**Input:**
- [ ] Test all parameters
- [ ] Check for injection
**Config:**
- [ ] Check CORS
- [ ] Verify headers
- [ ] Test error handling
---
> **Remember:** APIs are the backbone of modern apps. Test them like attackers will.

41
skills/api-patterns/trpc.md Normal file
View File

@@ -0,0 +1,41 @@
# tRPC Principles
> End-to-end type safety for TypeScript monorepos.
## When to Use
```
✅ Perfect fit:
├── TypeScript on both ends
├── Monorepo structure
├── Internal tools
├── Rapid development
└── Type safety critical
❌ Poor fit:
├── Non-TypeScript clients
├── Public API
├── Need REST conventions
└── Multiple language backends
```
## Key Benefits
```
Why tRPC:
├── Zero schema maintenance
├── End-to-end type inference
├── IDE autocomplete across stack
├── Instant API changes reflected
└── No code generation step
```
## Integration Patterns
```
Common setups:
├── Next.js + tRPC (most common)
├── Monorepo with shared types
├── Remix + tRPC
└── Any TS frontend + backend
```

22
skills/api-patterns/versioning.md Normal file
View File

@@ -0,0 +1,22 @@
# Versioning Strategies
> Plan for API evolution from day one.
## Decision Factors
| Strategy | Implementation | Trade-offs |
|----------|---------------|------------|
| **URI** | /v1/users | Clear, easy caching |
| **Header** | Accept-Version: 1 | Cleaner URLs, harder discovery |
| **Query** | ?version=1 | Easy to add, messy |
| **None** | Evolve carefully | Best for internal, risky for public |
## Versioning Philosophy
```
Consider:
├── Public API? → Version in URI
├── Internal only? → May not need versioning
├── GraphQL? → Typically no versions (evolve schema)
├── tRPC? → Types enforce compatibility
```

907
skills/api-security-best-practices/SKILL.md Normal file
View File

@@ -0,0 +1,907 @@
---
name: api-security-best-practices
description: "Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities"
---
# API Security Best Practices
## Overview
Guide developers in building secure APIs by implementing authentication, authorization, input validation, rate limiting, and protection against common vulnerabilities. This skill covers security patterns for REST, GraphQL, and WebSocket APIs.
## When to Use This Skill
- Use when designing new API endpoints
- Use when securing existing APIs
- Use when implementing authentication and authorization
- Use when protecting against API attacks (injection, DDoS, etc.)
- Use when conducting API security reviews
- Use when preparing for security audits
- Use when implementing rate limiting and throttling
- Use when handling sensitive data in APIs
## How It Works
### Step 1: Authentication & Authorization
I'll help you implement secure authentication:
- Choose authentication method (JWT, OAuth 2.0, API keys)
- Implement token-based authentication
- Set up role-based access control (RBAC)
- Secure session management
- Implement multi-factor authentication (MFA)
### Step 2: Input Validation & Sanitization
Protect against injection attacks:
- Validate all input data
- Sanitize user inputs
- Use parameterized queries
- Implement request schema validation
- Prevent SQL injection, XSS, and command injection
### Step 3: Rate Limiting & Throttling
Prevent abuse and DDoS attacks:
- Implement rate limiting per user/IP
- Set up API throttling
- Configure request quotas
- Handle rate limit errors gracefully
- Monitor for suspicious activity
### Step 4: Data Protection
Secure sensitive data:
- Encrypt data in transit (HTTPS/TLS)
- Encrypt sensitive data at rest
- Implement proper error handling (no data leaks)
- Sanitize error messages
- Use secure headers
### Step 5: API Security Testing
Verify security implementation:
- Test authentication and authorization
- Perform penetration testing
- Check for common vulnerabilities (OWASP API Top 10)
- Validate input handling
- Test rate limiting
## Examples
### Example 1: Implementing JWT Authentication
```markdown
## Secure JWT Authentication Implementation
### Authentication Flow
1. User logs in with credentials
2. Server validates credentials
3. Server generates JWT token
4. Client stores token securely
5. Client sends token with each request
6. Server validates token
### Implementation
#### 1. Generate Secure JWT Tokens
\`\`\`javascript
// auth.js
const jwt = require('jsonwebtoken');
const bcrypt = require('bcrypt');
// Login endpoint
app.post('/api/auth/login', async (req, res) => {
try {
const { email, password } = req.body;
// Validate input
if (!email || !password) {
return res.status(400).json({
error: 'Email and password are required'
});
}
// Find user
const user = await db.user.findUnique({
where: { email }
});
if (!user) {
// Don't reveal if user exists
return res.status(401).json({
error: 'Invalid credentials'
});
}
// Verify password
const validPassword = await bcrypt.compare(
password,
user.passwordHash
);
if (!validPassword) {
return res.status(401).json({
error: 'Invalid credentials'
});
}
// Generate JWT token
const token = jwt.sign(
{
userId: user.id,
email: user.email,
role: user.role
},
process.env.JWT_SECRET,
{
expiresIn: '1h',
issuer: 'your-app',
audience: 'your-app-users'
}
);
// Generate refresh token
const refreshToken = jwt.sign(
{ userId: user.id },
process.env.JWT_REFRESH_SECRET,
{ expiresIn: '7d' }
);
// Store refresh token in database
await db.refreshToken.create({
data: {
token: refreshToken,
userId: user.id,
expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000)
}
});
res.json({
token,
refreshToken,
expiresIn: 3600
});
} catch (error) {
console.error('Login error:', error);
res.status(500).json({
error: 'An error occurred during login'
});
}
});
\`\`\`
#### 2. Verify JWT Tokens (Middleware)
\`\`\`javascript
// middleware/auth.js
const jwt = require('jsonwebtoken');
function authenticateToken(req, res, next) {
// Get token from header
const authHeader = req.headers['authorization'];
const token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN
if (!token) {
return res.status(401).json({
error: 'Access token required'
});
}
// Verify token
jwt.verify(
token,
process.env.JWT_SECRET,
{
issuer: 'your-app',
audience: 'your-app-users'
},
(err, user) => {
if (err) {
if (err.name === 'TokenExpiredError') {
return res.status(401).json({
error: 'Token expired'
});
}
return res.status(403).json({
error: 'Invalid token'
});
}
// Attach user to request
req.user = user;
next();
}
);
}
module.exports = { authenticateToken };
\`\`\`
#### 3. Protect Routes
\`\`\`javascript
const { authenticateToken } = require('./middleware/auth');
// Protected route
app.get('/api/user/profile', authenticateToken, async (req, res) => {
try {
const user = await db.user.findUnique({
where: { id: req.user.userId },
select: {
id: true,
email: true,
name: true,
// Don't return passwordHash
}
});
res.json(user);
} catch (error) {
res.status(500).json({ error: 'Server error' });
}
});
\`\`\`
#### 4. Implement Token Refresh
\`\`\`javascript
app.post('/api/auth/refresh', async (req, res) => {
const { refreshToken } = req.body;
if (!refreshToken) {
return res.status(401).json({
error: 'Refresh token required'
});
}
try {
// Verify refresh token
const decoded = jwt.verify(
refreshToken,
process.env.JWT_REFRESH_SECRET
);
// Check if refresh token exists in database
const storedToken = await db.refreshToken.findFirst({
where: {
token: refreshToken,
userId: decoded.userId,
expiresAt: { gt: new Date() }
}
});
if (!storedToken) {
return res.status(403).json({
error: 'Invalid refresh token'
});
}
// Generate new access token
const user = await db.user.findUnique({
where: { id: decoded.userId }
});
const newToken = jwt.sign(
{
userId: user.id,
email: user.email,
role: user.role
},
process.env.JWT_SECRET,
{ expiresIn: '1h' }
);
res.json({
token: newToken,
expiresIn: 3600
});
} catch (error) {
res.status(403).json({
error: 'Invalid refresh token'
});
}
});
\`\`\`
### Security Best Practices
- ✅ Use strong JWT secrets (256-bit minimum)
- ✅ Set short expiration times (1 hour for access tokens)
- ✅ Implement refresh tokens for long-lived sessions
- ✅ Store refresh tokens in database (can be revoked)
- ✅ Use HTTPS only
- ✅ Don't store sensitive data in JWT payload
- ✅ Validate token issuer and audience
- ✅ Implement token blacklisting for logout
```
### Example 2: Input Validation and SQL Injection Prevention
```markdown
## Preventing SQL Injection and Input Validation
### The Problem
**❌ Vulnerable Code:**
\`\`\`javascript
// NEVER DO THIS - SQL Injection vulnerability
app.get('/api/users/:id', async (req, res) => {
const userId = req.params.id;
// Dangerous: User input directly in query
const query = \`SELECT * FROM users WHERE id = '\${userId}'\`;
const user = await db.query(query);
res.json(user);
});
// Attack example:
// GET /api/users/1' OR '1'='1
// Returns all users!
\`\`\`
### The Solution
#### 1. Use Parameterized Queries
\`\`\`javascript
// ✅ Safe: Parameterized query
app.get('/api/users/:id', async (req, res) => {
const userId = req.params.id;
// Validate input first
if (!userId || !/^\d+$/.test(userId)) {
return res.status(400).json({
error: 'Invalid user ID'
});
}
// Use parameterized query
const user = await db.query(
'SELECT id, email, name FROM users WHERE id = $1',
[userId]
);
if (!user) {
return res.status(404).json({
error: 'User not found'
});
}
res.json(user);
});
\`\`\`
#### 2. Use ORM with Proper Escaping
\`\`\`javascript
// ✅ Safe: Using Prisma ORM
app.get('/api/users/:id', async (req, res) => {
const userId = parseInt(req.params.id);
if (isNaN(userId)) {
return res.status(400).json({
error: 'Invalid user ID'
});
}
const user = await prisma.user.findUnique({
where: { id: userId },
select: {
id: true,
email: true,
name: true,
// Don't select sensitive fields
}
});
if (!user) {
return res.status(404).json({
error: 'User not found'
});
}
res.json(user);
});
\`\`\`
#### 3. Implement Request Validation with Zod
\`\`\`javascript
const { z } = require('zod');
// Define validation schema
const createUserSchema = z.object({
email: z.string().email('Invalid email format'),
password: z.string()
.min(8, 'Password must be at least 8 characters')
.regex(/[A-Z]/, 'Password must contain uppercase letter')
.regex(/[a-z]/, 'Password must contain lowercase letter')
.regex(/[0-9]/, 'Password must contain number'),
name: z.string()
.min(2, 'Name must be at least 2 characters')
.max(100, 'Name too long'),
age: z.number()
.int('Age must be an integer')
.min(18, 'Must be 18 or older')
.max(120, 'Invalid age')
.optional()
});
// Validation middleware
function validateRequest(schema) {
return (req, res, next) => {
try {
schema.parse(req.body);
next();
} catch (error) {
res.status(400).json({
error: 'Validation failed',
details: error.errors
});
}
};
}
// Use validation
app.post('/api/users',
validateRequest(createUserSchema),
async (req, res) => {
// Input is validated at this point
const { email, password, name, age } = req.body;
// Hash password
const passwordHash = await bcrypt.hash(password, 10);
// Create user
const user = await prisma.user.create({
data: {
email,
passwordHash,
name,
age
}
});
// Don't return password hash
const { passwordHash: _, ...userWithoutPassword } = user;
res.status(201).json(userWithoutPassword);
}
);
\`\`\`
#### 4. Sanitize Output to Prevent XSS
\`\`\`javascript
const DOMPurify = require('isomorphic-dompurify');
app.post('/api/comments', authenticateToken, async (req, res) => {
const { content } = req.body;
// Validate
if (!content || content.length > 1000) {
return res.status(400).json({
error: 'Invalid comment content'
});
}
// Sanitize HTML to prevent XSS
const sanitizedContent = DOMPurify.sanitize(content, {
ALLOWED_TAGS: ['b', 'i', 'em', 'strong', 'a'],
ALLOWED_ATTR: ['href']
});
const comment = await prisma.comment.create({
data: {
content: sanitizedContent,
userId: req.user.userId
}
});
res.status(201).json(comment);
});
\`\`\`
### Validation Checklist
- [ ] Validate all user inputs
- [ ] Use parameterized queries or ORM
- [ ] Validate data types (string, number, email, etc.)
- [ ] Validate data ranges (min/max length, value ranges)
- [ ] Sanitize HTML content
- [ ] Escape special characters
- [ ] Validate file uploads (type, size, content)
- [ ] Use allowlists, not blocklists
```
### Example 3: Rate Limiting and DDoS Protection
```markdown
## Implementing Rate Limiting
### Why Rate Limiting?
- Prevent brute force attacks
- Protect against DDoS
- Prevent API abuse
- Ensure fair usage
- Reduce server costs
### Implementation with Express Rate Limit
\`\`\`javascript
const rateLimit = require('express-rate-limit');
const RedisStore = require('rate-limit-redis');
const Redis = require('ioredis');
// Create Redis client
const redis = new Redis({
host: process.env.REDIS_HOST,
port: process.env.REDIS_PORT
});
// General API rate limit
const apiLimiter = rateLimit({
store: new RedisStore({
client: redis,
prefix: 'rl:api:'
}),
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // 100 requests per window
message: {
error: 'Too many requests, please try again later',
retryAfter: 900 // seconds
},
standardHeaders: true, // Return rate limit info in headers
legacyHeaders: false,
// Custom key generator (by user ID or IP)
keyGenerator: (req) => {
return req.user?.userId || req.ip;
}
});
// Strict rate limit for authentication endpoints
const authLimiter = rateLimit({
store: new RedisStore({
client: redis,
prefix: 'rl:auth:'
}),
windowMs: 15 * 60 * 1000, // 15 minutes
max: 5, // Only 5 login attempts per 15 minutes
skipSuccessfulRequests: true, // Don't count successful logins
message: {
error: 'Too many login attempts, please try again later',
retryAfter: 900
}
});
// Apply rate limiters
app.use('/api/', apiLimiter);
app.use('/api/auth/login', authLimiter);
app.use('/api/auth/register', authLimiter);
// Custom rate limiter for expensive operations
const expensiveLimiter = rateLimit({
windowMs: 60 * 60 * 1000, // 1 hour
max: 10, // 10 requests per hour
message: {
error: 'Rate limit exceeded for this operation'
}
});
app.post('/api/reports/generate',
authenticateToken,
expensiveLimiter,
async (req, res) => {
// Expensive operation
}
);
\`\`\`
### Advanced: Per-User Rate Limiting
\`\`\`javascript
// Different limits based on user tier
function createTieredRateLimiter() {
const limits = {
free: { windowMs: 60 * 60 * 1000, max: 100 },
pro: { windowMs: 60 * 60 * 1000, max: 1000 },
enterprise: { windowMs: 60 * 60 * 1000, max: 10000 }
};
return async (req, res, next) => {
const user = req.user;
const tier = user?.tier || 'free';
const limit = limits[tier];
const key = \`rl:user:\${user.userId}\`;
const current = await redis.incr(key);
if (current === 1) {
await redis.expire(key, limit.windowMs / 1000);
}
if (current > limit.max) {
return res.status(429).json({
error: 'Rate limit exceeded',
limit: limit.max,
remaining: 0,
reset: await redis.ttl(key)
});
}
// Set rate limit headers
res.set({
'X-RateLimit-Limit': limit.max,
'X-RateLimit-Remaining': limit.max - current,
'X-RateLimit-Reset': await redis.ttl(key)
});
next();
};
}
app.use('/api/', authenticateToken, createTieredRateLimiter());
\`\`\`
### DDoS Protection with Helmet
\`\`\`javascript
const helmet = require('helmet');
app.use(helmet({
// Content Security Policy
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
styleSrc: ["'self'", "'unsafe-inline'"],
scriptSrc: ["'self'"],
imgSrc: ["'self'", 'data:', 'https:']
}
},
// Prevent clickjacking
frameguard: { action: 'deny' },
// Hide X-Powered-By header
hidePoweredBy: true,
// Prevent MIME type sniffing
noSniff: true,
// Enable HSTS
hsts: {
maxAge: 31536000,
includeSubDomains: true,
preload: true
}
}));
\`\`\`
### Rate Limit Response Headers
\`\`\`
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 87
X-RateLimit-Reset: 1640000000
Retry-After: 900
\`\`\`
```
## Best Practices
### ✅ Do This
- **Use HTTPS Everywhere** - Never send sensitive data over HTTP
- **Implement Authentication** - Require authentication for protected endpoints
- **Validate All Inputs** - Never trust user input
- **Use Parameterized Queries** - Prevent SQL injection
- **Implement Rate Limiting** - Protect against brute force and DDoS
- **Hash Passwords** - Use bcrypt with salt rounds >= 10
- **Use Short-Lived Tokens** - JWT access tokens should expire quickly
- **Implement CORS Properly** - Only allow trusted origins
- **Log Security Events** - Monitor for suspicious activity
- **Keep Dependencies Updated** - Regularly update packages
- **Use Security Headers** - Implement Helmet.js
- **Sanitize Error Messages** - Don't leak sensitive information
### ❌ Don't Do This
- **Don't Store Passwords in Plain Text** - Always hash passwords
- **Don't Use Weak Secrets** - Use strong, random JWT secrets
- **Don't Trust User Input** - Always validate and sanitize
- **Don't Expose Stack Traces** - Hide error details in production
- **Don't Use String Concatenation for SQL** - Use parameterized queries
- **Don't Store Sensitive Data in JWT** - JWTs are not encrypted
- **Don't Ignore Security Updates** - Update dependencies regularly
- **Don't Use Default Credentials** - Change all default passwords
- **Don't Disable CORS Completely** - Configure it properly instead
- **Don't Log Sensitive Data** - Sanitize logs
## Common Pitfalls
### Problem: JWT Secret Exposed in Code
**Symptoms:** JWT secret hardcoded or committed to Git
**Solution:**
\`\`\`javascript
// ❌ Bad
const JWT_SECRET = 'my-secret-key';
// ✅ Good
const JWT_SECRET = process.env.JWT_SECRET;
if (!JWT_SECRET) {
throw new Error('JWT_SECRET environment variable is required');
}
// Generate strong secret
// node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"
\`\`\`
### Problem: Weak Password Requirements
**Symptoms:** Users can set weak passwords like "password123"
**Solution:**
\`\`\`javascript
const passwordSchema = z.string()
.min(12, 'Password must be at least 12 characters')
.regex(/[A-Z]/, 'Must contain uppercase letter')
.regex(/[a-z]/, 'Must contain lowercase letter')
.regex(/[0-9]/, 'Must contain number')
.regex(/[^A-Za-z0-9]/, 'Must contain special character');
// Or use a password strength library
const zxcvbn = require('zxcvbn');
const result = zxcvbn(password);
if (result.score < 3) {
return res.status(400).json({
error: 'Password too weak',
suggestions: result.feedback.suggestions
});
}
\`\`\`
### Problem: Missing Authorization Checks
**Symptoms:** Users can access resources they shouldn't
**Solution:**
\`\`\`javascript
// ❌ Bad: Only checks authentication
app.delete('/api/posts/:id', authenticateToken, async (req, res) => {
await prisma.post.delete({ where: { id: req.params.id } });
res.json({ success: true });
});
// ✅ Good: Checks both authentication and authorization
app.delete('/api/posts/:id', authenticateToken, async (req, res) => {
const post = await prisma.post.findUnique({
where: { id: req.params.id }
});
if (!post) {
return res.status(404).json({ error: 'Post not found' });
}
// Check if user owns the post or is admin
if (post.userId !== req.user.userId && req.user.role !== 'admin') {
return res.status(403).json({
error: 'Not authorized to delete this post'
});
}
await prisma.post.delete({ where: { id: req.params.id } });
res.json({ success: true });
});
\`\`\`
### Problem: Verbose Error Messages
**Symptoms:** Error messages reveal system details
**Solution:**
\`\`\`javascript
// ❌ Bad: Exposes database details
app.post('/api/users', async (req, res) => {
try {
const user = await prisma.user.create({ data: req.body });
res.json(user);
} catch (error) {
res.status(500).json({ error: error.message });
// Error: "Unique constraint failed on the fields: (`email`)"
}
});
// ✅ Good: Generic error message
app.post('/api/users', async (req, res) => {
try {
const user = await prisma.user.create({ data: req.body });
res.json(user);
} catch (error) {
console.error('User creation error:', error); // Log full error
if (error.code === 'P2002') {
return res.status(400).json({
error: 'Email already exists'
});
}
res.status(500).json({
error: 'An error occurred while creating user'
});
}
});
\`\`\`
## Security Checklist
### Authentication & Authorization
- [ ] Implement strong authentication (JWT, OAuth 2.0)
- [ ] Use HTTPS for all endpoints
- [ ] Hash passwords with bcrypt (salt rounds >= 10)
- [ ] Implement token expiration
- [ ] Add refresh token mechanism
- [ ] Verify user authorization for each request
- [ ] Implement role-based access control (RBAC)
### Input Validation
- [ ] Validate all user inputs
- [ ] Use parameterized queries or ORM
- [ ] Sanitize HTML content
- [ ] Validate file uploads
- [ ] Implement request schema validation
- [ ] Use allowlists, not blocklists
### Rate Limiting & DDoS Protection
- [ ] Implement rate limiting per user/IP
- [ ] Add stricter limits for auth endpoints
- [ ] Use Redis for distributed rate limiting
- [ ] Return proper rate limit headers
- [ ] Implement request throttling
### Data Protection
- [ ] Use HTTPS/TLS for all traffic
- [ ] Encrypt sensitive data at rest
- [ ] Don't store sensitive data in JWT
- [ ] Sanitize error messages
- [ ] Implement proper CORS configuration
- [ ] Use security headers (Helmet.js)
### Monitoring & Logging
- [ ] Log security events
- [ ] Monitor for suspicious activity
- [ ] Set up alerts for failed auth attempts
- [ ] Track API usage patterns
- [ ] Don't log sensitive data
## OWASP API Security Top 10
1. **Broken Object Level Authorization** - Always verify user can access resource
2. **Broken Authentication** - Implement strong authentication mechanisms
3. **Broken Object Property Level Authorization** - Validate which properties user can access
4. **Unrestricted Resource Consumption** - Implement rate limiting and quotas
5. **Broken Function Level Authorization** - Verify user role for each function
6. **Unrestricted Access to Sensitive Business Flows** - Protect critical workflows
7. **Server Side Request Forgery (SSRF)** - Validate and sanitize URLs
8. **Security Misconfiguration** - Use security best practices and headers
9. **Improper Inventory Management** - Document and secure all API endpoints
10. **Unsafe Consumption of APIs** - Validate data from third-party APIs
## Related Skills
- `@ethical-hacking-methodology` - Security testing perspective
- `@sql-injection-testing` - Testing for SQL injection
- `@xss-html-injection` - Testing for XSS vulnerabilities
- `@broken-authentication` - Authentication vulnerabilities
- `@backend-dev-guidelines` - Backend development standards
- `@systematic-debugging` - Debug security issues
## Additional Resources
- [OWASP API Security Top 10](https://owasp.org/www-project-api-security/)
- [JWT Best Practices](https://tools.ietf.org/html/rfc8725)
- [Express Security Best Practices](https://expressjs.com/en/advanced/best-practice-security.html)
- [Node.js Security Checklist](https://blog.risingstack.com/node-js-security-checklist/)
- [API Security Checklist](https://github.com/shieldfy/API-Security-Checklist)
---
**Pro Tip:** Security is not a one-time task - regularly audit your APIs, keep dependencies updated, and stay informed about new vulnerabilities!

75
skills/app-builder/SKILL.md Normal file
View File

@@ -0,0 +1,75 @@
---
name: app-builder
description: Main application building orchestrator. Creates full-stack applications from natural language requests. Determines project type, selects tech stack, coordinates agents.
allowed-tools: Read, Write, Edit, Glob, Grep, Bash, Agent
---
# App Builder - Application Building Orchestrator
> Analyzes user's requests, determines tech stack, plans structure, and coordinates agents.
## 🎯 Selective Reading Rule
**Read ONLY files relevant to the request!** Check the content map, find what you need.
| File | Description | When to Read |
|------|-------------|--------------|
| `project-detection.md` | Keyword matrix, project type detection | Starting new project |
| `tech-stack.md` | 2025 default stack, alternatives | Choosing technologies |
| `agent-coordination.md` | Agent pipeline, execution order | Coordinating multi-agent work |
| `scaffolding.md` | Directory structure, core files | Creating project structure |
| `feature-building.md` | Feature analysis, error handling | Adding features to existing project |
| `templates/SKILL.md` | **Project templates** | Scaffolding new project |
---
## 📦 Templates (13)
Quick-start scaffolding for new projects. **Read the matching template only!**
| Template | Tech Stack | When to Use |
|----------|------------|-------------|
| [nextjs-fullstack](templates/nextjs-fullstack/TEMPLATE.md) | Next.js + Prisma | Full-stack web app |
| [nextjs-saas](templates/nextjs-saas/TEMPLATE.md) | Next.js + Stripe | SaaS product |
| [nextjs-static](templates/nextjs-static/TEMPLATE.md) | Next.js + Framer | Landing page |
| [nuxt-app](templates/nuxt-app/TEMPLATE.md) | Nuxt 3 + Pinia | Vue full-stack app |
| [express-api](templates/express-api/TEMPLATE.md) | Express + JWT | REST API |
| [python-fastapi](templates/python-fastapi/TEMPLATE.md) | FastAPI | Python API |
| [react-native-app](templates/react-native-app/TEMPLATE.md) | Expo + Zustand | Mobile app |
| [flutter-app](templates/flutter-app/TEMPLATE.md) | Flutter + Riverpod | Cross-platform mobile |
| [electron-desktop](templates/electron-desktop/TEMPLATE.md) | Electron + React | Desktop app |
| [chrome-extension](templates/chrome-extension/TEMPLATE.md) | Chrome MV3 | Browser extension |
| [cli-tool](templates/cli-tool/TEMPLATE.md) | Node.js + Commander | CLI app |
| [monorepo-turborepo](templates/monorepo-turborepo/TEMPLATE.md) | Turborepo + pnpm | Monorepo |
---
## 🔗 Related Agents
| Agent | Role |
|-------|------|
| `project-planner` | Task breakdown, dependency graph |
| `frontend-specialist` | UI components, pages |
| `backend-specialist` | API, business logic |
| `database-architect` | Schema, migrations |
| `devops-engineer` | Deployment, preview |
---
## Usage Example
```
User: "Make an Instagram clone with photo sharing and likes"
App Builder Process:
1. Project type: Social Media App
2. Tech stack: Next.js + Prisma + Cloudinary + Clerk
3. Create plan:
├─ Database schema (users, posts, likes, follows)
├─ API routes (12 endpoints)
├─ Pages (feed, profile, upload)
└─ Components (PostCard, Feed, LikeButton)
4. Coordinate agents
5. Report progress
6. Start preview
```

71
skills/app-builder/agent-coordination.md Normal file
View File

@@ -0,0 +1,71 @@
# Agent Coordination
> How App Builder orchestrates specialist agents.
## Agent Pipeline
```
┌─────────────────────────────────────────────────────────────┐
│ APP BUILDER (Orchestrator) │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ PROJECT PLANNER │
│ • Task breakdown │
│ • Dependency graph │
│ • File structure planning │
│ • Create {task-slug}.md in project root (MANDATORY) │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ CHECKPOINT: PLAN VERIFICATION │
│ 🔴 VERIFY: Does {task-slug}.md exist in project root? │
│ 🔴 If NO → STOP → Create plan file first │
│ 🔴 If YES → Proceed to specialist agents │
└─────────────────────────────────────────────────────────────┘
┌───────────────────┼───────────────────┐
▼ ▼ ▼
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ DATABASE │ │ BACKEND │ │ FRONTEND │
│ ARCHITECT │ │ SPECIALIST │ │ SPECIALIST │
│ │ │ │ │ │
│ • Schema design │ │ • API routes │ │ • Components │
│ • Migrations │ │ • Controllers │ │ • Pages │
│ • Seed data │ │ • Middleware │ │ • Styling │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
└───────────────────┼───────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ PARALLEL PHASE (Optional) │
│ • Security Auditor → Vulnerability check │
│ • Test Engineer → Unit tests │
│ • Performance Optimizer → Bundle analysis │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ DEVOPS ENGINEER │
│ • Environment setup │
│ • Preview deployment │
│ • Health check │
└─────────────────────────────────────────────────────────────┘
```
## Execution Order
| Phase | Agent(s) | Parallel? | Prerequisite | CHECKPOINT |
|-------|----------|-----------|--------------|------------|
| 0 | Socratic Gate | ❌ | - | ✅ Ask 3 questions |
| 1 | Project Planner | ❌ | Questions answered | ✅ **PLAN.md created** |
| 1.5 | **PLAN VERIFICATION** | ❌ | PLAN.md exists | ✅ **File exists in root** |
| 2 | Database Architect | ❌ | Plan ready | Schema defined |
| 3 | Backend Specialist | ❌ | Schema ready | API routes created |
| 4 | Frontend Specialist | ✅ | API ready (partial) | UI components ready |
| 5 | Security Auditor, Test Engineer | ✅ | Code ready | Tests & audit pass |
| 6 | DevOps Engineer | ❌ | All code ready | Deployment ready |
> 🔴 **CRITICAL:** Phase 1.5 is MANDATORY. No specialist agents proceed without PLAN.md verification.

53
skills/app-builder/feature-building.md Normal file
View File

@@ -0,0 +1,53 @@
# Feature Building
> How to analyze and implement new features.
## Feature Analysis
```
Request: "add payment system"
Analysis:
├── Required Changes:
│ ├── Database: orders, payments tables
│ ├── Backend: /api/checkout, /api/webhooks/stripe
│ ├── Frontend: CheckoutForm, PaymentSuccess
│ └── Config: Stripe API keys
├── Dependencies:
│ ├── stripe package
│ └── Existing user authentication
└── Estimated Time: 15-20 minutes
```
## Iterative Enhancement Process
```
1. Analyze existing project
2. Create change plan
3. Present plan to user
4. Get approval
5. Apply changes
6. Test
7. Show preview
```
## Error Handling
| Error Type | Solution Strategy |
|------------|-------------------|
| TypeScript Error | Fix type, add missing import |
| Missing Dependency | Run npm install |
| Port Conflict | Suggest alternative port |
| Database Error | Check migration, validate connection |
## Recovery Strategy
```
1. Detect error
2. Try automatic fix
3. If failed, report to user
4. Suggest alternative
5. Rollback if necessary
```

34
skills/app-builder/project-detection.md Normal file
View File

@@ -0,0 +1,34 @@
# Project Type Detection
> Analyze user requests to determine project type and template.
## Keyword Matrix
| Keywords | Project Type | Template |
|----------|--------------|----------|
| blog, post, article | Blog | astro-static |
| e-commerce, product, cart, payment | E-commerce | nextjs-saas |
| dashboard, panel, management | Admin Dashboard | nextjs-fullstack |
| api, backend, service, rest | API Service | express-api |
| python, fastapi, django | Python API | python-fastapi |
| mobile, android, ios, react native | Mobile App (RN) | react-native-app |
| flutter, dart | Mobile App (Flutter) | flutter-app |
| portfolio, personal, cv | Portfolio | nextjs-static |
| crm, customer, sales | CRM | nextjs-fullstack |
| saas, subscription, stripe | SaaS | nextjs-saas |
| landing, promotional, marketing | Landing Page | nextjs-static |
| docs, documentation | Documentation | astro-static |
| extension, plugin, chrome | Browser Extension | chrome-extension |
| desktop, electron | Desktop App | electron-desktop |
| cli, command line, terminal | CLI Tool | cli-tool |
| monorepo, workspace | Monorepo | monorepo-turborepo |
## Detection Process
```
1. Tokenize user request
2. Extract keywords
3. Determine project type
4. Detect missing information → forward to conversation-manager
5. Suggest tech stack
```

118
skills/app-builder/scaffolding.md Normal file
View File

@@ -0,0 +1,118 @@
# Project Scaffolding
> Directory structure and core files for new projects.
---
## Next.js Full-Stack Structure (2025 Optimized)
```
project-name/
├── src/
│ ├── app/ # Routes only (thin layer)
│ │ ├── layout.tsx
│ │ ├── page.tsx
│ │ ├── globals.css
│ │ ├── (auth)/ # Route group - auth pages
│ │ │ ├── login/page.tsx
│ │ │ └── register/page.tsx
│ │ ├── (dashboard)/ # Route group - dashboard layout
│ │ │ ├── layout.tsx
│ │ │ └── page.tsx
│ │ └── api/
│ │ └── [resource]/route.ts
│ │
│ ├── features/ # Feature-based modules
│ │ ├── auth/
│ │ │ ├── components/
│ │ │ ├── hooks/
│ │ │ ├── actions.ts # Server Actions
│ │ │ ├── queries.ts # Data fetching
│ │ │ └── types.ts
│ │ ├── products/
│ │ │ ├── components/
│ │ │ ├── actions.ts
│ │ │ └── queries.ts
│ │ └── cart/
│ │ └── ...
│ │
│ ├── shared/ # Shared utilities
│ │ ├── components/ui/ # Reusable UI components
│ │ ├── lib/ # Utils, helpers
│ │ └── hooks/ # Global hooks
│ │
│ └── server/ # Server-only code
│ ├── db/ # Database client (Prisma)
│ ├── auth/ # Auth config
│ └── services/ # External API integrations
├── prisma/
│ ├── schema.prisma
│ ├── migrations/
│ └── seed.ts
├── public/
├── .env.example
├── .env.local
├── package.json
├── tailwind.config.ts
├── tsconfig.json
└── README.md
```
---
## Structure Principles
| Principle | Implementation |
|-----------|----------------|
| **Feature isolation** | Each feature in `features/` with its own components, hooks, actions |
| **Server/Client separation** | Server-only code in `server/`, prevents accidental client imports |
| **Thin routes** | `app/` only for routing, logic lives in `features/` |
| **Route groups** | `(groupName)/` for layout sharing without URL impact |
| **Shared code** | `shared/` for truly reusable UI and utilities |
---
## Core Files
| File | Purpose |
|------|---------|
| `package.json` | Dependencies |
| `tsconfig.json` | TypeScript + path aliases (`@/features/*`) |
| `tailwind.config.ts` | Tailwind config |
| `.env.example` | Environment template |
| `README.md` | Project documentation |
| `.gitignore` | Git ignore rules |
| `prisma/schema.prisma` | Database schema |
---
## Path Aliases (tsconfig.json)
```json
{
"compilerOptions": {
"paths": {
"@/*": ["./src/*"],
"@/features/*": ["./src/features/*"],
"@/shared/*": ["./src/shared/*"],
"@/server/*": ["./src/server/*"]
}
}
}
```
---
## When to Use What
| Need | Location |
|------|----------|
| New page/route | `app/(group)/page.tsx` |
| Feature component | `features/[name]/components/` |
| Server action | `features/[name]/actions.ts` |
| Data fetching | `features/[name]/queries.ts` |
| Reusable button/input | `shared/components/ui/` |
| Database query | `server/db/` |
| External API call | `server/services/` |

40
skills/app-builder/tech-stack.md Normal file
View File

@@ -0,0 +1,40 @@
# Tech Stack Selection (2025)
> Default and alternative technology choices for web applications.
## Default Stack (Web App - 2025)
```yaml
Frontend:
framework: Next.js 16 (Stable)
language: TypeScript 5.7+
styling: Tailwind CSS v4
state: React 19 Actions / Server Components
bundler: Turbopack (Stable for Dev)
Backend:
runtime: Node.js 23
framework: Next.js API Routes / Hono (for Edge)
validation: Zod / TypeBox
Database:
primary: PostgreSQL
orm: Prisma / Drizzle
hosting: Supabase / Neon
Auth:
provider: Auth.js (v5) / Clerk
Monorepo:
tool: Turborepo 2.0
```
## Alternative Options
| Need | Default | Alternative |
|------|---------|-------------|
| Real-time | - | Supabase Realtime, Socket.io |
| File storage | - | Cloudinary, S3 |
| Payment | Stripe | LemonSqueezy, Paddle |
| Email | - | Resend, SendGrid |
| Search | - | Algolia, Typesense |

39
skills/app-builder/templates/SKILL.md Normal file
View File

@@ -0,0 +1,39 @@
---
name: templates
description: Project scaffolding templates for new applications. Use when creating new projects from scratch. Contains 12 templates for various tech stacks.
allowed-tools: Read, Glob, Grep
---
# Project Templates
> Quick-start templates for scaffolding new projects.
---
## 🎯 Selective Reading Rule
**Read ONLY the template matching user's project type!**
| Template | Tech Stack | When to Use |
|----------|------------|-------------|
| [nextjs-fullstack](nextjs-fullstack/TEMPLATE.md) | Next.js + Prisma | Full-stack web app |
| [nextjs-saas](nextjs-saas/TEMPLATE.md) | Next.js + Stripe | SaaS product |
| [nextjs-static](nextjs-static/TEMPLATE.md) | Next.js + Framer | Landing page |
| [express-api](express-api/TEMPLATE.md) | Express + JWT | REST API |
| [python-fastapi](python-fastapi/TEMPLATE.md) | FastAPI | Python API |
| [react-native-app](react-native-app/TEMPLATE.md) | Expo + Zustand | Mobile app |
| [flutter-app](flutter-app/TEMPLATE.md) | Flutter + Riverpod | Cross-platform |
| [electron-desktop](electron-desktop/TEMPLATE.md) | Electron + React | Desktop app |
| [chrome-extension](chrome-extension/TEMPLATE.md) | Chrome MV3 | Browser extension |
| [cli-tool](cli-tool/TEMPLATE.md) | Node.js + Commander | CLI app |
| [monorepo-turborepo](monorepo-turborepo/TEMPLATE.md) | Turborepo + pnpm | Monorepo |
| [astro-static](astro-static/TEMPLATE.md) | Astro + MDX | Blog / Docs |
---
## Usage
1. User says "create [type] app"
2. Match to appropriate template
3. Read ONLY that template's TEMPLATE.md
4. Follow its tech stack and structure

76
skills/app-builder/templates/astro-static/TEMPLATE.md Normal file
View File

@@ -0,0 +1,76 @@
---
name: astro-static
description: Astro static site template principles. Content-focused websites, blogs, documentation.
---
# Astro Static Site Template
## Tech Stack
| Component | Technology |
|-----------|------------|
| Framework | Astro 4.x |
| Content | MDX + Content Collections |
| Styling | Tailwind CSS |
| Integrations | Sitemap, RSS, SEO |
| Output | Static/SSG |
---
## Directory Structure
```
project-name/
├── src/
│ ├── components/ # .astro components
│ ├── content/ # MDX content
│ │ ├── blog/
│ │ └── config.ts # Collection schemas
│ ├── layouts/ # Page layouts
│ ├── pages/ # File-based routing
│ └── styles/
├── public/ # Static assets
├── astro.config.mjs
└── package.json
```
---
## Key Concepts
| Concept | Description |
|---------|-------------|
| Content Collections | Type-safe content with Zod schemas |
| Islands Architecture | Partial hydration for interactivity |
| Zero JS by default | Static HTML unless needed |
| MDX Support | Markdown with components |
---
## Setup Steps
1. `npm create astro@latest {{name}}`
2. Add integrations: `npx astro add mdx tailwind sitemap`
3. Configure `astro.config.mjs`
4. Create content collections
5. `npm run dev`
---
## Deployment
| Platform | Method |
|----------|--------|
| Vercel | Auto-detected |
| Netlify | Auto-detected |
| Cloudflare Pages | Auto-detected |
| GitHub Pages | Build + deploy action |
---
## Best Practices
- Use Content Collections for type safety
- Leverage static generation
- Add islands only where needed
- Optimize images with Astro Image

92
skills/app-builder/templates/chrome-extension/TEMPLATE.md Normal file
View File

@@ -0,0 +1,92 @@
---
name: chrome-extension
description: Chrome Extension template principles. Manifest V3, React, TypeScript.
---
# Chrome Extension Template
## Tech Stack
| Component | Technology |
|-----------|------------|
| Manifest | V3 |
| UI | React 18 |
| Language | TypeScript |
| Styling | Tailwind CSS |
| Bundler | Vite |
| Storage | Chrome Storage API |
---
## Directory Structure
```
project-name/
├── src/
│ ├── popup/ # Extension popup
│ ├── options/ # Options page
│ ├── background/ # Service worker
│ ├── content/ # Content scripts
│ ├── components/
│ ├── hooks/
│ └── lib/
│ ├── storage.ts # Chrome storage helpers
│ └── messaging.ts # Message passing
├── public/
│ ├── icons/
│ └── manifest.json
└── package.json
```
---
## Manifest V3 Concepts
| Component | Purpose |
|-----------|---------|
| Service Worker | Background processing |
| Content Scripts | Page injection |
| Popup | User interface |
| Options Page | Settings |
---
## Permissions
| Permission | Use |
|------------|-----|
| storage | Save user data |
| activeTab | Current tab access |
| scripting | Inject scripts |
| host_permissions | Site access |
---
## Setup Steps
1. `npm create vite {{name}} -- --template react-ts`
2. Add Chrome types: `npm install -D @types/chrome`
3. Configure Vite for multi-entry
4. Create manifest.json
5. `npm run dev` (watch mode)
6. Load in Chrome: `chrome://extensions` → Load unpacked
---
## Development Tips
| Task | Method |
|------|--------|
| Debug Popup | Right-click icon → Inspect |
| Debug Background | Extensions page → Service worker |
| Debug Content | DevTools console on page |
| Hot Reload | `npm run dev` with watch |
---
## Best Practices
- Use type-safe messaging
- Wrap Chrome APIs in promises
- Minimize permissions
- Handle offline gracefully

88
skills/app-builder/templates/cli-tool/TEMPLATE.md Normal file
View File

@@ -0,0 +1,88 @@
---
name: cli-tool
description: Node.js CLI tool template principles. Commander.js, interactive prompts.
---
# CLI Tool Template
## Tech Stack
| Component | Technology |
|-----------|------------|
| Runtime | Node.js 20+ |
| Language | TypeScript |
| CLI Framework | Commander.js |
| Prompts | Inquirer.js |
| Output | chalk + ora |
| Config | cosmiconfig |
---
## Directory Structure
```
project-name/
├── src/
│ ├── index.ts # Entry point
│ ├── cli.ts # CLI setup
│ ├── commands/ # Command handlers
│ ├── lib/
│ │ ├── config.ts # Config loader
│ │ └── logger.ts # Styled output
│ └── types/
├── bin/
│ └── cli.js # Executable
└── package.json
```
---
## CLI Design Principles
| Principle | Description |
|-----------|-------------|
| Subcommands | Group related actions |
| Options | Flags with defaults |
| Interactive | Prompts when needed |
| Non-interactive | Support --yes flags |
---
## Key Components
| Component | Purpose |
|-----------|---------|
| Commander | Command parsing |
| Inquirer | Interactive prompts |
| Chalk | Colored output |
| Ora | Spinners/loading |
| Cosmiconfig | Config file discovery |
---
## Setup Steps
1. Create project directory
2. `npm init -y`
3. Install deps: `npm install commander @inquirer/prompts chalk ora cosmiconfig`
4. Configure bin in package.json
5. `npm link` for local testing
---
## Publishing
```bash
npm login
npm publish
```
---
## Best Practices
- Provide helpful error messages
- Support both interactive and non-interactive modes
- Use consistent output styling
- Validate inputs with Zod
- Exit with proper codes (0 success, 1 error)

88
skills/app-builder/templates/electron-desktop/TEMPLATE.md Normal file
View File

@@ -0,0 +1,88 @@
---
name: electron-desktop
description: Electron desktop app template principles. Cross-platform, React, TypeScript.
---
# Electron Desktop App Template
## Tech Stack
| Component | Technology |
|-----------|------------|
| Framework | Electron 28+ |
| UI | React 18 |
| Language | TypeScript |
| Styling | Tailwind CSS |
| Bundler | Vite + electron-builder |
| IPC | Type-safe communication |
---
## Directory Structure
```
project-name/
├── electron/
│ ├── main.ts # Main process
│ ├── preload.ts # Preload script
│ └── ipc/ # IPC handlers
├── src/
│ ├── App.tsx
│ ├── components/
│ │ ├── TitleBar.tsx # Custom title bar
│ │ └── ...
│ └── hooks/
├── public/
└── package.json
```
---
## Process Model
| Process | Role |
|---------|------|
| Main | Node.js, system access |
| Renderer | Chromium, React UI |
| Preload | Bridge, context isolation |
---
## Key Concepts
| Concept | Purpose |
|---------|---------|
| contextBridge | Safe API exposure |
| ipcMain/ipcRenderer | Process communication |
| nodeIntegration: false | Security |
| contextIsolation: true | Security |
---
## Setup Steps
1. `npm create vite {{name}} -- --template react-ts`
2. Install: `npm install -D electron electron-builder vite-plugin-electron`
3. Create electron/ directory
4. Configure main process
5. `npm run electron:dev`
---
## Build Targets
| Platform | Output |
|----------|--------|
| Windows | NSIS, Portable |
| macOS | DMG, ZIP |
| Linux | AppImage, DEB |
---
## Best Practices
- Use preload script for main/renderer bridge
- Type-safe IPC with typed handlers
- Custom title bar for native feel
- Handle window state (maximize, minimize)
- Auto-updates with electron-updater

83
skills/app-builder/templates/express-api/TEMPLATE.md Normal file
View File

@@ -0,0 +1,83 @@
---
name: express-api
description: Express.js REST API template principles. TypeScript, Prisma, JWT.
---
# Express.js API Template
## Tech Stack
| Component | Technology |
|-----------|------------|
| Runtime | Node.js 20+ |
| Framework | Express.js |
| Language | TypeScript |
| Database | PostgreSQL + Prisma |
| Validation | Zod |
| Auth | JWT + bcrypt |
---
## Directory Structure
```
project-name/
├── prisma/
│ └── schema.prisma
├── src/
│ ├── app.ts # Express setup
│ ├── config/ # Environment
│ ├── routes/ # Route handlers
│ ├── controllers/ # Business logic
│ ├── services/ # Data access
│ ├── middleware/
│ │ ├── auth.ts # JWT verify
│ │ ├── error.ts # Error handler
│ │ └── validate.ts # Zod validation
│ ├── schemas/ # Zod schemas
│ └── utils/
└── package.json
```
---
## Middleware Stack
| Order | Middleware |
|-------|------------|
| 1 | helmet (security) |
| 2 | cors |
| 3 | morgan (logging) |
| 4 | body parsing |
| 5 | routes |
| 6 | error handler |
---
## API Response Format
| Type | Structure |
|------|-----------|
| Success | `{ success: true, data: {...} }` |
| Error | `{ error: "message", details: [...] }` |
---
## Setup Steps
1. Create project directory
2. `npm init -y`
3. Install deps: `npm install express prisma zod bcrypt jsonwebtoken`
4. Configure Prisma
5. `npm run db:push`
6. `npm run dev`
---
## Best Practices
- Layer architecture (routes → controllers → services)
- Validate all inputs with Zod
- Centralized error handling
- Environment-based config
- Use Prisma for type-safe DB access

90
skills/app-builder/templates/flutter-app/TEMPLATE.md Normal file
View File

@@ -0,0 +1,90 @@
---
name: flutter-app
description: Flutter mobile app template principles. Riverpod, Go Router, clean architecture.
---
# Flutter App Template
## Tech Stack
| Component | Technology |
|-----------|------------|
| Framework | Flutter 3.x |
| Language | Dart 3.x |
| State | Riverpod 2.0 |
| Navigation | Go Router |
| HTTP | Dio |
| Storage | Hive |
---
## Directory Structure
```
project_name/
├── lib/
│ ├── main.dart
│ ├── app.dart
│ ├── core/
│ │ ├── constants/
│ │ ├── theme/
│ │ ├── router/
│ │ └── utils/
│ ├── features/
│ │ ├── auth/
│ │ │ ├── data/
│ │ │ ├── domain/
│ │ │ └── presentation/
│ │ └── home/
│ ├── shared/
│ │ ├── widgets/
│ │ └── providers/
│ └── services/
│ ├── api/
│ └── storage/
├── test/
└── pubspec.yaml
```
---
## Architecture Layers
| Layer | Contents |
|-------|----------|
| Presentation | Screens, Widgets, Providers |
| Domain | Entities, Use Cases |
| Data | Repositories, Models |
---
## Key Packages
| Package | Purpose |
|---------|---------|
| flutter_riverpod | State management |
| riverpod_annotation | Code generation |
| go_router | Navigation |
| dio | HTTP client |
| freezed | Immutable models |
| hive | Local storage |
---
## Setup Steps
1. `flutter create {{name}} --org com.{{bundle}}`
2. Update `pubspec.yaml`
3. `flutter pub get`
4. Run code generation: `dart run build_runner build`
5. `flutter run`
---
## Best Practices
- Feature-first folder structure
- Riverpod for state, React Query pattern for server state
- Freezed for immutable data classes
- Go Router for declarative navigation
- Material 3 theming

90
skills/app-builder/templates/monorepo-turborepo/TEMPLATE.md Normal file
View File

@@ -0,0 +1,90 @@
---
name: monorepo-turborepo
description: Turborepo monorepo template principles. pnpm workspaces, shared packages.
---
# Turborepo Monorepo Template
## Tech Stack
| Component | Technology |
|-----------|------------|
| Build System | Turborepo |
| Package Manager | pnpm |
| Apps | Next.js, Express |
| Packages | Shared UI, Config, Types |
| Language | TypeScript |
---
## Directory Structure
```
project-name/
├── apps/
│ ├── web/ # Next.js app
│ ├── api/ # Express API
│ └── docs/ # Documentation
├── packages/
│ ├── ui/ # Shared components
│ ├── config/ # ESLint, TS, Tailwind
│ ├── types/ # Shared types
│ └── utils/ # Shared utilities
├── turbo.json
├── pnpm-workspace.yaml
└── package.json
```
---
## Key Concepts
| Concept | Description |
|---------|-------------|
| Workspaces | pnpm-workspace.yaml |
| Pipeline | turbo.json task graph |
| Caching | Remote/local task caching |
| Dependencies | `workspace:*` protocol |
---
## Turbo Pipeline
| Task | Depends On |
|------|------------|
| build | ^build (dependencies first) |
| dev | cache: false, persistent |
| lint | ^build |
| test | ^build |
---
## Setup Steps
1. Create root directory
2. `pnpm init`
3. Create pnpm-workspace.yaml
4. Create turbo.json
5. Add apps and packages
6. `pnpm install`
7. `pnpm dev`
---
## Common Commands
| Command | Description |
|---------|-------------|
| `pnpm dev` | Run all apps |
| `pnpm build` | Build all |
| `pnpm --filter @name/web dev` | Run specific app |
| `pnpm --filter @name/web add axios` | Add dep to app |
---
## Best Practices
- Shared configs in packages/config
- Shared types in packages/types
- Internal packages with `workspace:*`
- Use Turbo remote caching for CI

82
skills/app-builder/templates/nextjs-fullstack/TEMPLATE.md Normal file
View File

@@ -0,0 +1,82 @@
---
name: nextjs-fullstack
description: Next.js full-stack template principles. App Router, Prisma, Tailwind.
---
# Next.js Full-Stack Template
## Tech Stack
| Component | Technology |
|-----------|------------|
| Framework | Next.js 14 (App Router) |
| Language | TypeScript |
| Database | PostgreSQL + Prisma |
| Styling | Tailwind CSS |
| Auth | Clerk (optional) |
| Validation | Zod |
---
## Directory Structure
```
project-name/
├── prisma/
│ └── schema.prisma
├── src/
│ ├── app/
│ │ ├── layout.tsx
│ │ ├── page.tsx
│ │ ├── globals.css
│ │ └── api/
│ ├── components/
│ │ └── ui/
│ ├── lib/
│ │ ├── db.ts # Prisma client
│ │ └── utils.ts
│ └── types/
├── .env.example
└── package.json
```
---
## Key Concepts
| Concept | Description |
|---------|-------------|
| Server Components | Default, fetch data |
| Server Actions | Form mutations |
| Route Handlers | API endpoints |
| Prisma | Type-safe ORM |
---
## Environment Variables
| Variable | Purpose |
|----------|---------|
| DATABASE_URL | Prisma connection |
| NEXT_PUBLIC_APP_URL | Public URL |
---
## Setup Steps
1. `npx create-next-app {{name}} --typescript --tailwind --app`
2. `npm install prisma @prisma/client zod`
3. `npx prisma init`
4. Configure schema
5. `npm run db:push`
6. `npm run dev`
---
## Best Practices
- Server Components by default
- Server Actions for mutations
- Prisma for type-safe DB
- Zod for validation
- Edge runtime where possible

100
skills/app-builder/templates/nextjs-saas/TEMPLATE.md Normal file
View File

@@ -0,0 +1,100 @@
---
name: nextjs-saas
description: Next.js SaaS template principles. Auth, payments, email.
---
# Next.js SaaS Template
## Tech Stack
| Component | Technology |
|-----------|------------|
| Framework | Next.js 14 (App Router) |
| Auth | NextAuth.js v5 |
| Payments | Stripe |
| Database | PostgreSQL + Prisma |
| Email | Resend |
| UI | Tailwind (ASK USER: shadcn/Headless UI/Custom?) |
---
## Directory Structure
```
project-name/
├── prisma/
├── src/
│ ├── app/
│ │ ├── (auth)/ # Login, register
│ │ ├── (dashboard)/ # Protected routes
│ │ ├── (marketing)/ # Landing, pricing
│ │ └── api/
│ │ ├── auth/[...nextauth]/
│ │ └── webhooks/stripe/
│ ├── components/
│ │ ├── auth/
│ │ ├── billing/
│ │ └── dashboard/
│ ├── lib/
│ │ ├── auth.ts # NextAuth config
│ │ ├── stripe.ts # Stripe client
│ │ └── email.ts # Resend client
│ └── config/
│ └── subscriptions.ts
└── package.json
```
---
## SaaS Features
| Feature | Implementation |
|---------|---------------|
| Auth | NextAuth + OAuth |
| Subscriptions | Stripe Checkout |
| Billing Portal | Stripe Portal |
| Webhooks | Stripe events |
| Email | Transactional via Resend |
---
## Database Schema
| Model | Fields |
|-------|--------|
| User | id, email, stripeCustomerId, subscriptionId |
| Account | OAuth provider data |
| Session | User sessions |
---
## Environment Variables
| Variable | Purpose |
|----------|---------|
| DATABASE_URL | Prisma |
| NEXTAUTH_SECRET | Auth |
| STRIPE_SECRET_KEY | Payments |
| STRIPE_WEBHOOK_SECRET | Webhooks |
| RESEND_API_KEY | Email |
---
## Setup Steps
1. `npx create-next-app {{name}} --typescript --tailwind --app`
2. Install: `npm install next-auth @auth/prisma-adapter stripe resend`
3. Setup Stripe products/prices
4. Configure environment
5. `npm run db:push`
6. `npm run stripe:listen` (webhooks)
7. `npm run dev`
---
## Best Practices
- Route groups for layout separation
- Stripe webhooks for subscription sync
- NextAuth with Prisma adapter
- Email templates with React Email

106
skills/app-builder/templates/nextjs-static/TEMPLATE.md Normal file
View File

@@ -0,0 +1,106 @@
---
name: nextjs-static
description: Next.js static site template principles. Landing pages, portfolios, marketing.
---
# Next.js Static Site Template
## Tech Stack
| Component | Technology |
|-----------|------------|
| Framework | Next.js 14 (Static Export) |
| Language | TypeScript |
| Styling | Tailwind CSS |
| Animations | Framer Motion |
| Icons | Lucide React |
| SEO | Next SEO |
---
## Directory Structure
```
project-name/
├── src/
│ ├── app/
│ │ ├── layout.tsx
│ │ ├── page.tsx # Landing
│ │ ├── about/
│ │ ├── contact/
│ │ └── blog/
│ ├── components/
│ │ ├── layout/ # Header, Footer
│ │ ├── sections/ # Hero, Features, CTA
│ │ └── ui/
│ └── lib/
├── content/ # Markdown content
├── public/
└── next.config.js
```
---
## Static Export Config
```javascript
// next.config.js
const nextConfig = {
output: 'export',
images: { unoptimized: true },
trailingSlash: true,
};
```
---
## Landing Page Sections
| Section | Purpose |
|---------|---------|
| Hero | Main headline, CTA |
| Features | Product benefits |
| Testimonials | Social proof |
| Pricing | Plans |
| CTA | Final conversion |
---
## Animation Patterns
| Pattern | Use |
|---------|-----|
| Fade up | Content entry |
| Stagger | List items |
| Scroll reveal | On viewport |
| Hover | Interactive feedback |
---
## Setup Steps
1. `npx create-next-app {{name}} --typescript --tailwind --app`
2. Install: `npm install framer-motion lucide-react next-seo`
3. Configure static export
4. Create sections
5. `npm run dev`
---
## Deployment
| Platform | Method |
|----------|--------|
| Vercel | Auto |
| Netlify | Auto |
| GitHub Pages | gh-pages branch |
| Any host | Upload `out` folder |
---
## Best Practices
- Static export for maximum performance
- Framer Motion for premium animations
- Responsive mobile-first design
- SEO metadata on every page

101
skills/app-builder/templates/nuxt-app/TEMPLATE.md Normal file
View File

@@ -0,0 +1,101 @@
---
name: nuxt-app
description: Nuxt 3 full-stack template. Vue 3, Pinia, Tailwind, Prisma.
---
# Nuxt 3 Full-Stack Template
## Tech Stack
| Component | Technology |
|-----------|------------|
| Framework | Nuxt 3 |
| Language | TypeScript |
| UI | Vue 3 (Composition API) |
| State | Pinia |
| Database | PostgreSQL + Prisma |
| Styling | Tailwind CSS |
| Validation | Zod |
---
## Directory Structure
```
project-name/
├── prisma/
│ └── schema.prisma
├── server/
│ ├── api/
│ │ └── [resource]/
│ │ └── index.ts
│ └── utils/
│ └── db.ts # Prisma client
├── composables/
│ └── useAuth.ts
├── stores/
│ └── user.ts # Pinia store
├── components/
│ └── ui/
├── pages/
│ ├── index.vue
│ └── [...slug].vue
├── layouts/
│ └── default.vue
├── assets/
│ └── css/
│ └── main.css
├── .env.example
├── nuxt.config.ts
└── package.json
```
---
## Key Concepts
| Concept | Description |
|---------|-------------|
| Auto-imports | Components, composables, utils |
| File-based routing | pages/ → routes |
| Server Routes | server/api/ → API endpoints |
| Composables | Reusable reactive logic |
| Pinia | State management |
---
## Environment Variables
| Variable | Purpose |
|----------|---------|
| DATABASE_URL | Prisma connection |
| NUXT_PUBLIC_APP_URL | Public URL |
---
## Setup Steps
1. `npx nuxi@latest init {{name}}`
2. `cd {{name}}`
3. `npm install @pinia/nuxt @prisma/client prisma zod`
4. `npm install -D @nuxtjs/tailwindcss`
5. Add modules to `nuxt.config.ts`:
```ts
modules: ['@pinia/nuxt', '@nuxtjs/tailwindcss']
```
6. `npx prisma init`
7. Configure schema
8. `npx prisma db push`
9. `npm run dev`
---
## Best Practices
- Use `<script setup>` for components
- Composables for reusable logic
- Pinia stores in `stores/` folder
- Server routes for API logic
- Auto-import for clean code
- TypeScript for type safety
- See `@[skills/vue-expert]` for Vue patterns

83
skills/app-builder/templates/python-fastapi/TEMPLATE.md Normal file
View File

@@ -0,0 +1,83 @@
---
name: python-fastapi
description: FastAPI REST API template principles. SQLAlchemy, Pydantic, Alembic.
---
# FastAPI API Template
## Tech Stack
| Component | Technology |
|-----------|------------|
| Framework | FastAPI |
| Language | Python 3.11+ |
| ORM | SQLAlchemy 2.0 |
| Validation | Pydantic v2 |
| Migrations | Alembic |
| Auth | JWT + passlib |
---
## Directory Structure
```
project-name/
├── alembic/ # Migrations
├── app/
│ ├── main.py # FastAPI app
│ ├── config.py # Settings
│ ├── database.py # DB connection
│ ├── models/ # SQLAlchemy models
│ ├── schemas/ # Pydantic schemas
│ ├── routers/ # API routes
│ ├── services/ # Business logic
│ ├── dependencies/ # DI
│ └── utils/
├── tests/
├── .env.example
└── requirements.txt
```
---
## Key Concepts
| Concept | Description |
|---------|-------------|
| Async | async/await throughout |
| Dependency Injection | FastAPI Depends |
| Pydantic v2 | Validation + serialization |
| SQLAlchemy 2.0 | Async sessions |
---
## API Structure
| Layer | Responsibility |
|-------|---------------|
| Routers | HTTP handling |
| Dependencies | Auth, validation |
| Services | Business logic |
| Models | Database entities |
| Schemas | Request/response |
---
## Setup Steps
1. `python -m venv venv`
2. `source venv/bin/activate`
3. `pip install fastapi uvicorn sqlalchemy alembic pydantic`
4. Create `.env`
5. `alembic upgrade head`
6. `uvicorn app.main:app --reload`
---
## Best Practices
- Use async everywhere
- Pydantic v2 for validation
- SQLAlchemy 2.0 async sessions
- Alembic for migrations
- pytest-asyncio for tests

93
skills/app-builder/templates/react-native-app/TEMPLATE.md Normal file
View File

@@ -0,0 +1,93 @@
---
name: react-native-app
description: React Native mobile app template principles. Expo, TypeScript, navigation.
---
# React Native App Template
## Tech Stack
| Component | Technology |
|-----------|------------|
| Framework | React Native + Expo |
| Language | TypeScript |
| Navigation | Expo Router |
| State | Zustand + React Query |
| Styling | NativeWind |
| Testing | Jest + RNTL |
---
## Directory Structure
```
project-name/
├── app/ # Expo Router (file-based)
│ ├── _layout.tsx # Root layout
│ ├── index.tsx # Home
│ ├── (tabs)/ # Tab navigation
│ └── [id].tsx # Dynamic route
├── components/
│ ├── ui/ # Reusable
│ └── features/
├── hooks/
├── lib/
│ ├── api.ts
│ └── storage.ts
├── store/
├── constants/
└── app.json
```
---
## Navigation Patterns
| Pattern | Use |
|---------|-----|
| Stack | Page hierarchy |
| Tabs | Bottom navigation |
| Drawer | Side menu |
| Modal | Overlay screens |
---
## State Management
| Type | Tool |
|------|------|
| Local | Zustand |
| Server | React Query |
| Forms | React Hook Form |
| Storage | Expo SecureStore |
---
## Key Packages
| Package | Purpose |
|---------|---------|
| expo-router | File-based routing |
| zustand | Local state |
| @tanstack/react-query | Server state |
| nativewind | Tailwind styling |
| expo-secure-store | Secure storage |
---
## Setup Steps
1. `npx create-expo-app {{name}} -t expo-template-blank-typescript`
2. `npx expo install expo-router react-native-safe-area-context`
3. Install state: `npm install zustand @tanstack/react-query`
4. `npx expo start`
---
## Best Practices
- Expo Router for navigation
- Zustand for local, React Query for server state
- NativeWind for consistent styling
- Expo SecureStore for tokens
- Test on both iOS and Android

55
skills/architecture/SKILL.md Normal file
View File

@@ -0,0 +1,55 @@
---
name: architecture
description: Architectural decision-making framework. Requirements analysis, trade-off evaluation, ADR documentation. Use when making architecture decisions or analyzing system design.
allowed-tools: Read, Glob, Grep
---
# Architecture Decision Framework
> "Requirements drive architecture. Trade-offs inform decisions. ADRs capture rationale."
## 🎯 Selective Reading Rule
**Read ONLY files relevant to the request!** Check the content map, find what you need.
| File | Description | When to Read |
|------|-------------|--------------|
| `context-discovery.md` | Questions to ask, project classification | Starting architecture design |
| `trade-off-analysis.md` | ADR templates, trade-off framework | Documenting decisions |
| `pattern-selection.md` | Decision trees, anti-patterns | Choosing patterns |
| `examples.md` | MVP, SaaS, Enterprise examples | Reference implementations |
| `patterns-reference.md` | Quick lookup for patterns | Pattern comparison |
---
## 🔗 Related Skills
| Skill | Use For |
|-------|---------|
| `@[skills/database-design]` | Database schema design |
| `@[skills/api-patterns]` | API design patterns |
| `@[skills/deployment-procedures]` | Deployment architecture |
---
## Core Principle
**"Simplicity is the ultimate sophistication."**
- Start simple
- Add complexity ONLY when proven necessary
- You can always add patterns later
- Removing complexity is MUCH harder than adding it
---
## Validation Checklist
Before finalizing architecture:
- [ ] Requirements clearly understood
- [ ] Constraints identified
- [ ] Each decision has trade-off analysis
- [ ] Simpler alternatives considered
- [ ] ADRs written for significant decisions
- [ ] Team expertise matches chosen patterns

43
skills/architecture/context-discovery.md Normal file
View File

@@ -0,0 +1,43 @@
# Context Discovery
> Before suggesting any architecture, gather context.
## Question Hierarchy (Ask User FIRST)
1. **Scale**
- How many users? (10, 1K, 100K, 1M+)
- Data volume? (MB, GB, TB)
- Transaction rate? (per second/minute)
2. **Team**
- Solo developer or team?
- Team size and expertise?
- Distributed or co-located?
3. **Timeline**
- MVP/Prototype or long-term product?
- Time to market pressure?
4. **Domain**
- CRUD-heavy or business logic complex?
- Real-time requirements?
- Compliance/regulations?
5. **Constraints**
- Budget limitations?
- Legacy systems to integrate?
- Technology stack preferences?
## Project Classification Matrix
```
MVP SaaS Enterprise
┌─────────────────────────────────────────────────────────────┐
│ Scale │ <1K │ 1K-100K │ 100K+ │
│ Team │ Solo │ 2-10 │ 10+ │
│ Timeline │ Fast (weeks) │ Medium (months)│ Long (years)│
│ Architecture │ Simple │ Modular │ Distributed │
│ Patterns │ Minimal │ Selective │ Comprehensive│
│ Example │ Next.js API │ NestJS │ Microservices│
└─────────────────────────────────────────────────────────────┘
```

94
skills/architecture/examples.md Normal file
View File

@@ -0,0 +1,94 @@
# Architecture Examples
> Real-world architecture decisions by project type.
---
## Example 1: MVP E-commerce (Solo Developer)
```yaml
Requirements:
- <1000 users initially
- Solo developer
- Fast to market (8 weeks)
- Budget-conscious
Architecture Decisions:
App Structure: Monolith (simpler for solo)
Framework: Next.js (full-stack, fast)
Data Layer: Prisma direct (no over-abstraction)
Authentication: JWT (simpler than OAuth)
Payment: Stripe (hosted solution)
Database: PostgreSQL (ACID for orders)
Trade-offs Accepted:
- Monolith → Can't scale independently (team doesn't justify it)
- No Repository → Less testable (simple CRUD doesn't need it)
- JWT → No social login initially (can add later)
Future Migration Path:
- Users > 10K → Extract payment service
- Team > 3 → Add Repository pattern
- Social login requested → Add OAuth
```
---
## Example 2: SaaS Product (5-10 Developers)
```yaml
Requirements:
- 1K-100K users
- 5-10 developers
- Long-term (12+ months)
- Multiple domains (billing, users, core)
Architecture Decisions:
App Structure: Modular Monolith (team size optimal)
Framework: NestJS (modular by design)
Data Layer: Repository pattern (testing, flexibility)
Domain Model: Partial DDD (rich entities)
Authentication: OAuth + JWT
Caching: Redis
Database: PostgreSQL
Trade-offs Accepted:
- Modular Monolith → Some module coupling (microservices not justified)
- Partial DDD → No full aggregates (no domain experts)
- RabbitMQ later → Initial synchronous (add when proven needed)
Migration Path:
- Team > 10 → Consider microservices
- Domains conflict → Extract bounded contexts
- Read performance issues → Add CQRS
```
---
## Example 3: Enterprise (100K+ Users)
```yaml
Requirements:
- 100K+ users
- 10+ developers
- Multiple business domains
- Different scaling needs
- 24/7 availability
Architecture Decisions:
App Structure: Microservices (independent scale)
API Gateway: Kong/AWS API GW
Domain Model: Full DDD
Consistency: Event-driven (eventual OK)
Message Bus: Kafka
Authentication: OAuth + SAML (enterprise SSO)
Database: Polyglot (right tool per job)
CQRS: Selected services
Operational Requirements:
- Service mesh (Istio/Linkerd)
- Distributed tracing (Jaeger/Tempo)
- Centralized logging (ELK/Loki)
- Circuit breakers (Resilience4j)
- Kubernetes/Helm
```

68
skills/architecture/pattern-selection.md Normal file
View File

@@ -0,0 +1,68 @@
# Pattern Selection Guidelines
> Decision trees for choosing architectural patterns.
## Main Decision Tree
```
START: What's your MAIN concern?
┌─ Data Access Complexity?
│ ├─ HIGH (complex queries, testing needed)
│ │ → Repository Pattern + Unit of Work
│ │ VALIDATE: Will data source change frequently?
│ │ ├─ YES → Repository worth the indirection
│ │ └─ NO → Consider simpler ORM direct access
│ └─ LOW (simple CRUD, single database)
│ → ORM directly (Prisma, Drizzle)
│ Simpler = Better, Faster
├─ Business Rules Complexity?
│ ├─ HIGH (domain logic, rules vary by context)
│ │ → Domain-Driven Design
│ │ VALIDATE: Do you have domain experts on team?
│ │ ├─ YES → Full DDD (Aggregates, Value Objects)
│ │ └─ NO → Partial DDD (rich entities, clear boundaries)
│ └─ LOW (mostly CRUD, simple validation)
│ → Transaction Script pattern
│ Simpler = Better, Faster
├─ Independent Scaling Needed?
│ ├─ YES (different components scale differently)
│ │ → Microservices WORTH the complexity
│ │ REQUIREMENTS (ALL must be true):
│ │ - Clear domain boundaries
│ │ - Team > 10 developers
│ │ - Different scaling needs per service
│ │ IF NOT ALL MET → Modular Monolith instead
│ └─ NO (everything scales together)
│ → Modular Monolith
│ Can extract services later when proven needed
└─ Real-time Requirements?
├─ HIGH (immediate updates, multi-user sync)
│ → Event-Driven Architecture
│ → Message Queue (RabbitMQ, Redis, Kafka)
│ VALIDATE: Can you handle eventual consistency?
│ ├─ YES → Event-driven valid
│ └─ NO → Synchronous with polling
└─ LOW (eventual consistency acceptable)
→ Synchronous (REST/GraphQL)
Simpler = Better, Faster
```
## The 3 Questions (Before ANY Pattern)
1. **Problem Solved**: What SPECIFIC problem does this pattern solve?
2. **Simpler Alternative**: Is there a simpler solution?
3. **Deferred Complexity**: Can we add this LATER when needed?
## Red Flags (Anti-patterns)
| Pattern | Anti-pattern | Simpler Alternative |
|---------|-------------|-------------------|
| Microservices | Premature splitting | Start monolith, extract later |
| Clean/Hexagonal | Over-abstraction | Concrete first, interfaces later |
| Event Sourcing | Over-engineering | Append-only audit log |
| CQRS | Unnecessary complexity | Single model |
| Repository | YAGNI for simple CRUD | ORM direct access |

50
skills/architecture/patterns-reference.md Normal file
View File

@@ -0,0 +1,50 @@
# Architecture Patterns Reference
> Quick reference for common patterns with usage guidance.
## Data Access Patterns
| Pattern | When to Use | When NOT to Use | Complexity |
|---------|-------------|-----------------|------------|
| **Active Record** | Simple CRUD, rapid prototyping | Complex queries, multiple sources | Low |
| **Repository** | Testing needed, multiple sources | Simple CRUD, single database | Medium |
| **Unit of Work** | Complex transactions | Simple operations | High |
| **Data Mapper** | Complex domain, performance | Simple CRUD, rapid dev | High |
## Domain Logic Patterns
| Pattern | When to Use | When NOT to Use | Complexity |
|---------|-------------|-----------------|------------|
| **Transaction Script** | Simple CRUD, procedural | Complex business rules | Low |
| **Table Module** | Record-based logic | Rich behavior needed | Low |
| **Domain Model** | Complex business logic | Simple CRUD | Medium |
| **DDD (Full)** | Complex domain, domain experts | Simple domain, no experts | High |
## Distributed System Patterns
| Pattern | When to Use | When NOT to Use | Complexity |
|---------|-------------|-----------------|------------|
| **Modular Monolith** | Small teams, unclear boundaries | Clear contexts, different scales | Medium |
| **Microservices** | Different scales, large teams | Small teams, simple domain | Very High |
| **Event-Driven** | Real-time, loose coupling | Simple workflows, strong consistency | High |
| **CQRS** | Read/write performance diverges | Simple CRUD, same model | High |
| **Saga** | Distributed transactions | Single database, simple ACID | High |
## API Patterns
| Pattern | When to Use | When NOT to Use | Complexity |
|---------|-------------|-----------------|------------|
| **REST** | Standard CRUD, resources | Real-time, complex queries | Low |
| **GraphQL** | Flexible queries, multiple clients | Simple CRUD, caching needs | Medium |
| **gRPC** | Internal services, performance | Public APIs, browser clients | Medium |
| **WebSocket** | Real-time updates | Simple request/response | Medium |
---
## Simplicity Principle
**"Start simple, add complexity only when proven necessary."**
- You can always add patterns later
- Removing complexity is MUCH harder than adding it
- When in doubt, choose simpler option

77
skills/architecture/trade-off-analysis.md Normal file
View File

@@ -0,0 +1,77 @@
# Trade-off Analysis & ADR
> Document every architectural decision with trade-offs.
## Decision Framework
For EACH architectural component, document:
```markdown
## Architecture Decision Record
### Context
- **Problem**: [What problem are we solving?]
- **Constraints**: [Team size, scale, timeline, budget]
### Options Considered
| Option | Pros | Cons | Complexity | When Valid |
|--------|------|------|------------|-----------|
| Option A | Benefit 1 | Cost 1 | Low | [Conditions] |
| Option B | Benefit 2 | Cost 2 | High | [Conditions] |
### Decision
**Chosen**: [Option B]
### Rationale
1. [Reason 1 - tied to constraints]
2. [Reason 2 - tied to requirements]
### Trade-offs Accepted
- [What we're giving up]
- [Why this is acceptable]
### Consequences
- **Positive**: [Benefits we gain]
- **Negative**: [Costs/risks we accept]
- **Mitigation**: [How we'll address negatives]
### Revisit Trigger
- [When to reconsider this decision]
```
## ADR Template
```markdown
# ADR-[XXX]: [Decision Title]
## Status
Proposed | Accepted | Deprecated | Superseded by [ADR-YYY]
## Context
[What problem? What constraints?]
## Decision
[What we chose - be specific]
## Rationale
[Why - tie to requirements and constraints]
## Trade-offs
[What we're giving up - be honest]
## Consequences
- **Positive**: [Benefits]
- **Negative**: [Costs]
- **Mitigation**: [How to address]
```
## ADR Storage
```
docs/
└── architecture/
├── adr-001-use-nextjs.md
├── adr-002-postgresql-over-mongodb.md
└── adr-003-adopt-repository-pattern.md
```

59
skills/avalonia-layout-zafiro/SKILL.md Normal file
View File

@@ -0,0 +1,59 @@
---
name: avalonia-layout-zafiro
description: Guidelines for modern Avalonia UI layout using Zafiro.Avalonia, emphasizing shared styles, generic components, and avoiding XAML redundancy.
allowed-tools: Read, Write, Edit, Glob, Grep
---
# Avalonia Layout with Zafiro.Avalonia
> Master modern, clean, and maintainable Avalonia UI layouts.
> **Focus on semantic containers, shared styles, and minimal XAML.**
## 🎯 Selective Reading Rule
**Read ONLY files relevant to the layout challenge!**
---
## 📑 Content Map
| File | Description | When to Read |
|------|-------------|--------------|
| `themes.md` | Theme organization and shared styles | Setting up or refining app themes |
| `containers.md` | Semantic containers (`HeaderedContainer`, `EdgePanel`, `Card`) | Structuring views and layouts |
| `icons.md` | Icon usage with `IconExtension` and `IconOptions` | Adding and customizing icons |
| `behaviors.md` | `Xaml.Interaction.Behaviors` and avoiding Converters | Implementing complex interactions |
| `components.md` | Generic components and avoiding nesting | Creating reusable UI elements |
---
## 🔗 Related Project (Exemplary Implementation)
For a real-world example, refer to the **Angor** project:
`/mnt/fast/Repos/angor/src/Angor/Avalonia/Angor.Avalonia.sln`
---
## ✅ Checklist for Clean Layouts
- [ ] **Used semantic containers?** (e.g., `HeaderedContainer` instead of `Border` with manual header)
- [ ] **Avoided redundant properties?** Use shared styles in `axaml` files.
- [ ] **Minimized nesting?** Flatten layouts using `EdgePanel` or generic components.
- [ ] **Icons via extension?** Use `{Icon fa-name}` and `IconOptions` for styling.
- [ ] **Behaviors over code-behind?** Use `Interaction.Behaviors` for UI-logic.
- [ ] **Avoided Converters?** Prefer ViewModel properties or Behaviors unless necessary.
---
## ❌ Anti-Patterns
**DON'T:**
- Use hardcoded colors or sizes (literals) in views.
- Create deep nesting of `Grid` and `StackPanel`.
- Repeat visual properties across multiple elements (use Styles).
- Use `IValueConverter` for simple logic that belongs in the ViewModel.
**DO:**
- Use `DynamicResource` for colors and brushes.
- Extract repeated layouts into generic components.
- Leverage `Zafiro.Avalonia` specific panels like `EdgePanel` for common UI patterns.

35
skills/avalonia-layout-zafiro/behaviors.md Normal file
View File

@@ -0,0 +1,35 @@
# Interactions and Logic
To keep XAML clean and maintainable, minimize logic in views and avoid excessive use of converters.
## 🎭 Xaml.Interaction.Behaviors
Use `Interaction.Behaviors` to handle UI-related logic that doesn't belong in the ViewModel, such as focus management, animations, or specialized event handling.
```xml
<TextBox Text="{Binding Address}">
<Interaction.Behaviors>
<UntouchedClassBehavior />
</Interaction.Behaviors>
</TextBox>
```
### Why use Behaviors?
- **Encapsulation**: UI logic is contained in a reusable behavior class.
- **Clean XAML**: Avoids code-behind and complex XAML triggers.
- **Testability**: Behaviors can be tested independently of the View.
## 🚫 Avoiding Converters
Converters often lead to "magical" logic hidden in XAML. Whenever possible, prefer:
1. **ViewModel Properties**: Let the ViewModel provide the final data format (e.g., a `string` formatted for display).
2. **MultiBinding**: Use for simple logic combinations (And/Or) directly in XAML.
3. **Behaviors**: For more complex interactions that involve state or events.
### When to use Converters?
Only use them when the conversion is purely visual and highly reusable across different contexts (e.g., `BoolToOpacityConverter`).
## 🧩 Simplified Interactions
If you find yourself needing a complex converter or behavior, consider if the component can be simplified or if the data model can be adjusted to make the view binding more direct.

41
skills/avalonia-layout-zafiro/components.md Normal file
View File

@@ -0,0 +1,41 @@
# Building Generic Components
Reducing nesting and complexity is achieved by breaking down views into generic, reusable components.
## 🧊 Generic Components
Instead of building large, complex views, extract recurring patterns into small `UserControl`s.
### Example: A generic "Summary Item"
Instead of repeating a `Grid` with labels and values:
```xml
<!-- ❌ BAD: Repeated Grid -->
<Grid ColumnDefinitions="*,Auto">
<TextBlock Text="Total:" />
<TextBlock Grid.Column="1" Text="{Binding Total}" />
</Grid>
```
Create a generic component (or use `EdgePanel` with a Style):
```xml
<!-- ✅ GOOD: Use a specialized control or style -->
<EdgePanel StartContent="Total:" EndContent="{Binding Total}" Classes="SummaryItem" />
```
## 📉 Flattening Layouts
Avoid deep nesting. Deeply nested XAML is hard to read and can impact performance.
- **StackPanel vs Grid**: Use `StackPanel` (with `Spacing`) for simple linear layouts.
- **EdgePanel**: Great for "Label - Value" or "Icon - Text - Action" rows.
- **UniformGrid**: Use for grids where all cells are the same size.
## 🔧 Component Granularity
- **Atomical**: Small controls like custom buttons or icons.
- **Molecular**: Groups of atoms like a `HeaderedContainer` with specific content.
- **Organisms**: Higher-level sections of a page.
Aim for components that are generic enough to be reused but specific enough to simplify the parent view significantly.

50
skills/avalonia-layout-zafiro/containers.md Normal file
View File

@@ -0,0 +1,50 @@
# Semantic Containers
Using the right container for the data type simplifies XAML and improves maintainability. `Zafiro.Avalonia` provides specialized controls for common layout patterns.
## 📦 HeaderedContainer
Prefer `HeaderedContainer` over a `Border` or `Grid` when a section needs a title or header.
```xml
<HeaderedContainer Header="Security Settings" Classes="WizardSection">
<StackPanel>
<!-- Content here -->
</StackPanel>
</HeaderedContainer>
```
### Key Properties:
- `Header`: The content or string for the header.
- `HeaderBackground`: Brush for the header area.
- `ContentPadding`: Padding for the content area.
## ↔️ EdgePanel
Use `EdgePanel` to position elements at the edges of a container without complex `Grid` definitions.
```xml
<EdgePanel StartContent="{Icon fa-wallet}"
Content="Wallet Balance"
EndContent="$1,234.00" />
```
### Slots:
- `StartContent`: Aligned to the left (or beginning).
- `Content`: Fills the remaining space in the middle.
- `EndContent`: Aligned to the right (or end).
## 📇 Card
A simple container for grouping related information, often used inside `HeaderedContainer` or as a standalone element in a list.
```xml
<Card Header="Enter recipient address:">
<TextBox Text="{Binding Address}" />
</Card>
```
## 📐 Best Practices
- Use `Classes` to apply themed variants (e.g., `Classes="Section"`, `Classes="Highlight"`).
- Customize internal parts of the containers using templates in your styles when necessary, rather than nesting more controls.

53
skills/avalonia-layout-zafiro/icons.md Normal file
View File

@@ -0,0 +1,53 @@
# Icon Usage
`Zafiro.Avalonia` simplifies icon management using a specialized markup extension and styling options.
## 🛠️ IconExtension
Use the `{Icon}` markup extension to easily include icons from libraries like FontAwesome.
```xml
<!-- Positional parameter -->
<Button Content="{Icon fa-wallet}" />
<!-- Named parameter -->
<ContentControl Content="{Icon Source=fa-gear}" />
```
## 🎨 IconOptions
`IconOptions` allows you to customize icons without manually wrapping them in other controls. It's often used in styles to provide a consistent look.
```xml
<Style Selector="HeaderedContainer /template/ ContentPresenter#Header EdgePanel /template/ ContentControl#StartContent">
<Setter Property="IconOptions.Size" Value="20" />
<Setter Property="IconOptions.Fill" Value="{DynamicResource Accent}" />
<Setter Property="IconOptions.Padding" Value="10" />
<Setter Property="IconOptions.CornerRadius" Value="10" />
</Style>
```
### Common Properties:
- `IconOptions.Size`: Sets the width and height of the icon.
- `IconOptions.Fill`: The color/brush of the icon.
- `IconOptions.Background`: Background brush for the icon container.
- `IconOptions.Padding`: Padding inside the icon container.
- `IconOptions.CornerRadius`: Corner radius if a background is used.
## 📁 Shared Icon Resources
Define icons as resources for reuse across the application.
```xml
<ResourceDictionary xmlns="https://github.com/avaloniaui">
<Icon x:Key="fa-wallet" Source="fa-wallet" />
</ResourceDictionary>
```
Then use them with `StaticResource` if they are already defined:
```xml
<Button Content="{StaticResource fa-wallet}" />
```
However, the `{Icon ...}` extension is usually preferred for its brevity and ability to create new icon instances on the fly.

51
skills/avalonia-layout-zafiro/themes.md Normal file
View File

@@ -0,0 +1,51 @@
# Theme Organization and Shared Styles
Efficient theme organization is key to avoiding redundant XAML and ensuring visual consistency.
## 🏗️ Structure
Follow the pattern from Angor:
1. **Colors & Brushes**: Define in a dedicated `Colors.axaml`. Use `DynamicResource` to support theme switching.
2. **Styles**: Group styles by category (e.g., `Buttons.axaml`, `Containers.axaml`, `Typography.axaml`).
3. **App-wide Theme**: Aggregate all styles in a main `Theme.axaml`.
## 🎨 Avoiding Redundancy
Instead of setting properties directly on elements:
```xml
<!-- ❌ BAD: Redundant properties -->
<HeaderedContainer CornerRadius="10" BorderThickness="1" BorderBrush="Blue" Background="LightBlue" />
<HeaderedContainer CornerRadius="10" BorderThickness="1" BorderBrush="Blue" Background="LightBlue" />
<!-- ✅ GOOD: Use Classes and Styles -->
<HeaderedContainer Classes="BlueSection" />
<HeaderedContainer Classes="BlueSection" />
```
Define the style in a shared `axaml` file:
```xml
<Style Selector="HeaderedContainer.BlueSection">
<Setter Property="CornerRadius" Value="10" />
<Setter Property="BorderThickness" Value="1" />
<Setter Property="BorderBrush" Value="{DynamicResource Accent}" />
<Setter Property="Background" Value="{DynamicResource SurfaceSubtle}" />
</Style>
```
## 🧩 Shared Icons and Resources
Centralize icon definitions and other shared resources in `Icons.axaml` and include them in the `MergedDictionaries` of your theme or `App.axaml`.
```xml
<Application.Resources>
<ResourceDictionary>
<ResourceDictionary.MergedDictionaries>
<MergeResourceInclude Source="UI/Themes/Styles/Containers.axaml" />
<MergeResourceInclude Source="UI/Shared/Resources/Icons.axaml" />
</ResourceDictionary.MergedDictionaries>
</ResourceDictionary>
</Application.Resources>
```

29
skills/avalonia-viewmodels-zafiro/SKILL.md Normal file
View File

@@ -0,0 +1,29 @@
---
name: avalonia-viewmodels-zafiro
description: Optimal ViewModel and Wizard creation patterns for Avalonia using Zafiro and ReactiveUI.
---
# Avalonia ViewModels with Zafiro
This skill provides a set of best practices and patterns for creating ViewModels, Wizards, and managing navigation in Avalonia applications, leveraging the power of **ReactiveUI** and the **Zafiro** toolkit.
## Core Principles
1. **Functional-Reactive Approach**: Use ReactiveUI (`ReactiveObject`, `WhenAnyValue`, etc.) to handle state and logic.
2. **Enhanced Commands**: Utilize `IEnhancedCommand` for better command management, including progress reporting and name/text attributes.
3. **Wizard Pattern**: Implement complex flows using `SlimWizard` and `WizardBuilder` for a declarative and maintainable approach.
4. **Automatic Section Discovery**: Use the `[Section]` attribute to register and discover UI sections automatically.
5. **Clean Composition**: map ViewModels to Views using `DataTypeViewLocator` and manage dependencies in the `CompositionRoot`.
## Guides
- [ViewModels & Commands](viewmodels.md): Creating robust ViewModels and handling commands.
- [Wizards & Flows](wizards.md): Building multi-step wizards with `SlimWizard`.
- [Navigation & Sections](navigation_sections.md): Managing navigation and section-based UIs.
- [Composition & Mapping](composition.md): Best practices for View-ViewModel wiring and DI.
## Example Reference
For real-world implementations, refer to the **Angor** project:
- `CreateProjectFlowV2.cs`: Excellent example of complex Wizard building.
- `HomeViewModel.cs`: Simple section ViewModel using functional-reactive commands.

75
skills/avalonia-viewmodels-zafiro/composition.md Normal file
View File

@@ -0,0 +1,75 @@
# Composition & Mapping
Ensuring your ViewModels are correctly instantiated and mapped to their corresponding Views is crucial for a maintainable application.
## ViewModel-to-View Mapping
Zafiro uses the `DataTypeViewLocator` to automatically map ViewModels to Views based on their data type.
### Integration in App.axaml
Register the `DataTypeViewLocator` in your application's data templates:
```xml
<Application.DataTemplates>
<DataTypeViewLocator />
<DataTemplateInclude Source="avares://Zafiro.Avalonia/DataTemplates.axaml" />
</Application.DataTemplates>
```
### Registration
Mappings can be registered globally or locally. Common practice in Zafiro projects is to use naming conventions or explicit registrations made by source generators.
## Composition Root
Use a central `CompositionRoot` to manage dependency injection and service registration.
```csharp
public static class CompositionRoot
{
public static IShellViewModel CreateMainViewModel(Control topLevelView)
{
var services = new ServiceCollection();
services
.AddViewModels()
.AddUIServices(topLevelView);
var serviceProvider = services.BuildServiceProvider();
return serviceProvider.GetRequiredService<IShellViewModel>();
}
}
```
### Registering ViewModels
Register ViewModels with appropriate scopes (Transient, Scoped, or Singleton).
```csharp
public static IServiceCollection AddViewModels(this IServiceCollection services)
{
return services
.AddTransient<IHomeSectionViewModel, HomeSectionSectionViewModel>()
.AddSingleton<IShellViewModel, ShellViewModel>();
}
```
## View Injection
Use the `Connect` helper (if available) or manual instantiation in `OnFrameworkInitializationCompleted`:
```csharp
public override void OnFrameworkInitializationCompleted()
{
this.Connect(
() => new ShellView(),
view => CompositionRoot.CreateMainViewModel(view),
() => new MainWindow());
base.OnFrameworkInitializationCompleted();
}
```
> [!TIP]
> Use `ActivatorUtilities.CreateInstance` when you need to manually instantiate a class while still resolving its dependencies from the `IServiceProvider`.

53
skills/avalonia-viewmodels-zafiro/navigation_sections.md Normal file
View File

@@ -0,0 +1,53 @@
# Navigation & Sections
Zafiro provides powerful abstractions for managing application-wide navigation and modular UI sections.
## Navigation with INavigator
The `INavigator` interface is used to switch between different views or viewmodels.
```csharp
public class MyViewModel(INavigator navigator)
{
public async Task GoToDetails()
{
await navigator.Navigate(() => new DetailsViewModel());
}
}
```
## UI Sections
Sections are modular parts of the UI (like tabs or sidebar items) that can be automatically registered.
### The [Section] Attribute
ViewModels intended to be sections should be marked with the `[Section]` attribute.
```csharp
[Section("Wallet", icon: "fa-wallet")]
public class WalletSectionViewModel : IWalletSectionViewModel
{
// ...
}
```
### Automatic Registration
In the `CompositionRoot`, sections can be automatically registered:
```csharp
services.AddAnnotatedSections(logger);
services.AddSectionsFromAttributes(logger);
```
### Switching Sections
You can switch the current active section via the `IShellViewModel`:
```csharp
shellViewModel.SetSection("Browse");
```
> [!IMPORTANT]
> The `icon` parameter in the `[Section]` attribute supports FontAwesome icons (e.g., `fa-home`) when configured with `ProjektankerIconControlProvider`.

68
skills/avalonia-viewmodels-zafiro/viewmodels.md Normal file
View File

@@ -0,0 +1,68 @@
# ViewModels & Commands
In a Zafiro-based application, ViewModels should be functional, reactive, and resilient.
## Reactive ViewModels
Use `ReactiveObject` as the base class. Properties should be defined using the `[Reactive]` attribute (from ReactiveUI.SourceGenerators) for brevity.
```csharp
public partial class MyViewModel : ReactiveObject
{
[Reactive] private string name;
[Reactive] private bool isBusy;
}
```
### Observation and Transformation
Use `WhenAnyValue` to react to property changes:
```csharp
this.WhenAnyValue(x => x.Name)
.Select(name => !string.IsNullOrEmpty(name))
.ToPropertyEx(this, x => x.CanSubmit);
```
## Enhanced Commands
Zafiro uses `IEnhancedCommand`, which extends `ICommand` and `IReactiveCommand` with additional metadata like `Name` and `Text`.
### Creating a Command
Use `ReactiveCommand.Create` or `ReactiveCommand.CreateFromTask` and then `Enhance()` it.
```csharp
public IEnhancedCommand Submit { get; }
public MyViewModel()
{
Submit = ReactiveCommand.CreateFromTask(OnSubmit, canSubmit)
.Enhance(text: "Submit Data", name: "SubmitCommand");
}
```
### Error Handling
Use `HandleErrorsWith` to automatically channel command errors to the `NotificationService`.
```csharp
Submit.HandleErrorsWith(uiServices.NotificationService, "Submission Failed")
.DisposeWith(disposable);
```
## Disposables
Always use a `CompositeDisposable` to manage subscriptions and command lifetimes.
```csharp
public class MyViewModel : ReactiveObject, IDisposable
{
private readonly CompositeDisposable disposables = new();
public void Dispose() => disposables.Dispose();
}
```
> [!TIP]
> Use `.DisposeWith(disposables)` on any observable subscription or command to ensure proper cleanup.

47
skills/avalonia-viewmodels-zafiro/wizards.md Normal file
View File

@@ -0,0 +1,47 @@
# Wizards & Flows
Complex multi-step processes are handled using the `SlimWizard` pattern. This provides a declarative way to define steps, navigation logic, and final results.
## Defining a Wizard
Use `WizardBuilder` to define the steps. Each step corresponds to a ViewModel.
```csharp
SlimWizard<string> wizard = WizardBuilder
.StartWith(() => new Step1ViewModel(data))
.NextUnit()
.WhenValid()
.Then(prevResult => new Step2ViewModel(prevResult))
.NextCommand(vm => vm.CustomNextCommand)
.Then(result => new SuccessViewModel("Done!"))
.Next((_, s) => s, "Finish")
.WithCompletionFinalStep();
```
### Navigation Rules
- **NextUnit()**: Advances when a simple signal is emitted.
- **NextCommand()**: Advances when a specific command in the ViewModel execution successfully.
- **WhenValid()**: Wait until the current ViewModel's validation passes before allowing navigation.
- **Always()**: Navigation is always allowed.
## Navigation Integration
The wizard is navigated using an `INavigator`:
```csharp
public async Task CreateSomething()
{
var wizard = BuildWizard();
var result = await wizard.Navigate(navigator);
// Handle result
}
```
## Step Configuration
- **WithCompletionFinalStep()**: Marks the wizard as finished when the last step completes.
- **WithCommitFinalStep()**: Typically used for wizards that perform a final "Save" or "Deploy" action.
> [!NOTE]
> The `SlimWizard` handles the "Back" command automatically, providing a consistent user experience across different flows.

29
skills/avalonia-zafiro-development/SKILL.md Normal file
View File

@@ -0,0 +1,29 @@
---
name: avalonia-zafiro-development
description: Mandatory skills, conventions, and behavioral rules for Avalonia UI development using the Zafiro toolkit.
---
# Avalonia Zafiro Development
This skill defines the mandatory conventions and behavioral rules for developing cross-platform applications with Avalonia UI and the Zafiro toolkit. These rules prioritize maintainability, correctness, and a functional-reactive approach.
## Core Pillars
1. **Functional-Reactive MVVM**: Pure MVVM logic using DynamicData and ReactiveUI.
2. **Safety & Predictability**: Explicit error handling with `Result` types and avoidance of exceptions for flow control.
3. **Cross-Platform Excellence**: Strictly Avalonia-independent ViewModels and composition-over-inheritance.
4. **Zafiro First**: Leverage existing Zafiro abstractions and helpers to avoid redundancy.
## Guides
- [Core Technical Skills & Architecture](core-technical-skills.md): Fundamental skills and architectural principles.
- [Naming & Coding Standards](naming-standards.md): Rules for naming, fields, and error handling.
- [Avalonia, Zafiro & Reactive Rules](avalonia-reactive-rules.md): Specific guidelines for UI, Zafiro integration, and DynamicData pipelines.
- [Zafiro Shortcuts](zafiro-shortcuts.md): Concise mappings for common Rx/Zafiro operations.
- [Common Patterns](patterns.md): Advanced patterns like `RefreshableCollection` and Validation.
## Procedure Before Writing Code
1. **Search First**: Search the codebase for similar implementations or existing Zafiro helpers.
2. **Reusable Extensions**: If a helper is missing, propose a new reusable extension method instead of inlining complex logic.
3. **Reactive Pipelines**: Ensure DynamicData operators are used instead of plain Rx where applicable.

49
skills/avalonia-zafiro-development/avalonia-reactive-rules.md Normal file
View File

@@ -0,0 +1,49 @@
# Avalonia, Zafiro & Reactive Rules
## Avalonia UI Rules
- **Strict Avalonia**: Never use `System.Drawing`; always use Avalonia types.
- **Pure ViewModels**: ViewModels must **never** reference Avalonia types.
- **Bindings Over Code-Behind**: Logic should be driven by bindings.
- **DataTemplates**: Prefer explicit `DataTemplate`s and typed `DataContext`s.
- **VisualStates**: Avoid using `VisualStates` unless absolutely required.
## Zafiro Guidelines
- **Prefer Abstractions**: Always look for existing Zafiro helpers, extension methods, and abstractions before re-implementing logic.
- **Validation**: Use Zafiro's `ValidationRule` and validation extensions instead of ad-hoc reactive logic.
## DynamicData & Reactive Rules
### The Mandatory Approach
- **Operator Preference**: Always prefer **DynamicData** operators (`Connect`, `Filter`, `Transform`, `Sort`, `Bind`, `DisposeMany`) over plain Rx operators when working with collections.
- **Readable Pipelines**: Build and maintain pipelines as a single, readable chain.
- **Lifecycle**: Use `DisposeWith` for lifecycle management.
- **Minimal Subscriptions**: Subscriptions should be minimal, centralized, and strictly for side-effects.
### Forbidden Anti-Patterns
- **Ad-hoc Sources**: Do NOT create new `SourceList` / `SourceCache` on the fly for local problems.
- **Logic in Subscribe**: Do NOT place business logic inside `Subscribe`.
- **Operator Mismatch**: Do NOT use `System.Reactive` operators if a DynamicData equivalent exists.
### Canonical Patterns
**Validation of Dynamic Collections:**
```csharp
this.ValidationRule(
StagesSource
.Connect()
.FilterOnObservable(stage => stage.IsValid)
.IsEmpty(),
b => !b,
_ => "Stages are not valid")
.DisposeWith(Disposables);
```
**Filtering Nulls:**
Use `WhereNotNull()` in reactive pipelines.
```csharp
this.WhenAnyValue(x => x.DurationPreset).WhereNotNull()
```

19
skills/avalonia-zafiro-development/core-technical-skills.md Normal file
View File

@@ -0,0 +1,19 @@
# Core Technical Skills & Architecture
## Mandatory Expertise
The developer must possess strong expertise in:
- **C# and modern .NET**: Utilizing the latest features of the language and framework.
- **Avalonia UI**: For cross-platform UI development.
- **MVVM Architecture**: Maintaining strict separation between UI and business logic.
- **Clean Code & Clean Architecture**: Focusing on maintainability and inward dependency flow.
- **Functional Programming in C#**: Embracing immutability and functional patterns.
- **Reactive Programming**: Expertise in DynamicData and System.Reactive.
## Architectural Principles
- **Pure MVVM**: Mandatory for all UI code. Logic must be independent of UI concerns.
- **Composition over Inheritance**: Favor modular building blocks over deep inheritance hierarchies.
- **Inward Dependency Flow**: Abstractions must not depend on implementations.
- **Immutability**: Prefer immutable structures where practical to ensure predictability.
- **Stable Public APIs**: Design APIs carefully to ensure long-term stability and clarity.

15
skills/avalonia-zafiro-development/naming-standards.md Normal file
View File

@@ -0,0 +1,15 @@
# Naming & Coding Standards
## General Standards
- **Explicit Names**: Favor clarity over cleverness.
- **Async Suffix**: Do **NOT** use the `Async` suffix in method names, even if they return `Task`.
- **Private Fields**: Do **NOT** use the `_` prefix for private fields.
- **Static State**: Avoid static state unless explicitly justified and documented.
- **Method Design**: Keep methods small, expressive, and with low cyclomatic complexity.
## Error Handling
- **Result & Maybe**: Use types from **CSharpFunctionalExtensions** for flow control and error handling.
- **Exceptions**: Reserved strictly for truly exceptional, unrecoverable situations.
- **Boundaries**: Never allow exceptions to leak across architectural boundaries.

45
skills/avalonia-zafiro-development/patterns.md Normal file
View File

@@ -0,0 +1,45 @@
# Common Patterns in Angor/Zafiro
## Refreshable Collections
The `RefreshableCollection` pattern is used to manage lists that can be refreshed via a command, maintaining an internal `SourceCache`/`SourceList` and exposing a `ReadOnlyObservableCollection`.
### Implementation
```csharp
var refresher = RefreshableCollection.Create(
() => GetDataTask(),
model => model.Id)
.DisposeWith(disposable);
LoadData = refresher.Refresh;
Items = refresher.Items;
```
### Benefits
- **Automatic Loading**: Handles the command execution and results.
- **Efficient Updates**: Uses `EditDiff` internally to update items without clearing the list.
- **UI Friendly**: Exposes `Items` as a `ReadOnlyObservableCollection` suitable for binding.
## Mandatory Validation Pattern
When validating dynamic collections, always use the Zafiro validation extension:
```csharp
this.ValidationRule(
StagesSource
.Connect()
.FilterOnObservable(stage => stage.IsValid)
.IsEmpty(),
b => !b,
_ => "Stages are not valid")
.DisposeWith(Disposables);
```
## Error Handling Pipeline
Instead of manual `Subscribe`, use `HandleErrorsWith` to pipe errors directly to the user:
```csharp
LoadProjects.HandleErrorsWith(uiServices.NotificationService, "Could not load projects");
```

43
skills/avalonia-zafiro-development/zafiro-shortcuts.md Normal file
View File

@@ -0,0 +1,43 @@
# Zafiro Reactive Shortcuts
Use these Zafiro extension methods to replace standard, more verbose Reactive and DynamicData patterns.
## General Observable Helpers
| Standard Pattern | Zafiro Shortcut |
| :--- | :--- |
| `Replay(1).RefCount()` | `ReplayLastActive()` |
| `Select(_ => Unit.Default)` | `ToSignal()` |
| `Select(b => !b)` | `Not()` |
| `Where(b => b).ToSignal()` | `Trues()` |
| `Where(b => !b).ToSignal()` | `Falses()` |
| `Select(x => x is null)` | `Null()` |
| `Select(x => x is not null)` | `NotNull()` |
| `Select(string.IsNullOrWhiteSpace)` | `NullOrWhitespace()` |
| `Select(s => !string.IsNullOrWhiteSpace(s))` | `NotNullOrEmpty()` |
## Result & Maybe Extensions
| Standard Pattern | Zafiro Shortcut |
| :--- | :--- |
| `Where(r => r.IsSuccess).Select(r => r.Value)` | `Successes()` |
| `Where(r => r.IsFailure).Select(r => r.Error)` | `Failures()` |
| `Where(m => m.HasValue).Select(m => m.Value)` | `Values()` |
| `Where(m => !m.HasValue).ToSignal()` | `Empties()` |
## Lifecycle Management
| Description | Method |
| :--- | :--- |
| Dispose previous item before emitting new one | `DisposePrevious()` |
| Manage lifecycle within a disposable | `DisposeWith(disposables)` |
## Command & Interaction
| Description | Method |
| :--- | :--- |
| Add metadata/text to a ReactiveCommand | `Enhance(text, name)` |
| Automatically show errors in UI | `HandleErrorsWith(notificationService)` |
> [!TIP]
> Always check `Zafiro.Reactive.ObservableMixin` and `Zafiro.CSharpFunctionalExtensions.ObservableExtensions` before writing custom Rx logic.

3
skills/aws-penetration-testing/SKILL.md
View File

@@ -1,6 +1,9 @@
---
name: AWS Penetration Testing
description: This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.
metadata:
author: zebbern
version: "1.1"
---
# AWS Penetration Testing

492
skills/backend-dev-guidelines/SKILL.md
View File

@@ -1,302 +1,342 @@
---
name: backend-dev-guidelines
description: Comprehensive backend development guide for Node.js/Express/TypeScript microservices. Use when creating routes, controllers, services, repositories, middleware, or working with Express APIs, Prisma database access, Sentry error tracking, Zod validation, unifiedConfig, dependency injection, or async patterns. Covers layered architecture (routes → controllers → services → repositories), BaseController pattern, error handling, performance monitoring, testing strategies, and migration from legacy patterns.
description: Opinionated backend development standards for Node.js + Express + TypeScript microservices. Covers layered architecture, BaseController pattern, dependency injection, Prisma repositories, Zod validation, unifiedConfig, Sentry error tracking, async safety, and testing discipline.
---
# Backend Development Guidelines
## Purpose
**(Node.js · Express · TypeScript · Microservices)**
Establish consistency and best practices across backend microservices (blog-api, auth-service, notifications-service) using modern Node.js/Express/TypeScript patterns.
You are a **senior backend engineer** operating production-grade services under strict architectural and reliability constraints.
## When to Use This Skill
Your goal is to build **predictable, observable, and maintainable backend systems** using:
Automatically activates when working on:
- Creating or modifying routes, endpoints, APIs
- Building controllers, services, repositories
- Implementing middleware (auth, validation, error handling)
- Database operations with Prisma
- Error tracking with Sentry
- Input validation with Zod
- Configuration management
- Backend testing and refactoring
* Layered architecture
* Explicit error boundaries
* Strong typing and validation
* Centralized configuration
* First-class observability
This skill defines **how backend code must be written**, not merely suggestions.
---
## Quick Start
## 1. Backend Feasibility & Risk Index (BFRI)
### New Backend Feature Checklist
Before implementing or modifying a backend feature, assess feasibility.
- [ ] **Route**: Clean definition, delegate to controller
- [ ] **Controller**: Extend BaseController
- [ ] **Service**: Business logic with DI
- [ ] **Repository**: Database access (if complex)
- [ ] **Validation**: Zod schema
- [ ] **Sentry**: Error tracking
- [ ] **Tests**: Unit + integration tests
- [ ] **Config**: Use unifiedConfig
### BFRI Dimensions (15)
### New Microservice Checklist
| Dimension | Question |
| ----------------------------- | ---------------------------------------------------------------- |
| **Architectural Fit** | Does this follow routes → controllers → services → repositories? |
| **Business Logic Complexity** | How complex is the domain logic? |
| **Data Risk** | Does this affect critical data paths or transactions? |
| **Operational Risk** | Does this impact auth, billing, messaging, or infra? |
| **Testability** | Can this be reliably unit + integration tested? |
- [ ] Directory structure (see [architecture-overview.md](architecture-overview.md))
- [ ] instrument.ts for Sentry
- [ ] unifiedConfig setup
- [ ] BaseController class
- [ ] Middleware stack
- [ ] Error boundary
- [ ] Testing framework
### Score Formula
```
BFRI = (Architectural Fit + Testability) (Complexity + Data Risk + Operational Risk)
```
**Range:** `-10 → +10`
### Interpretation
| BFRI | Meaning | Action |
| -------- | --------- | ---------------------- |
| **610** | Safe | Proceed |
| **35** | Moderate | Add tests + monitoring |
| **02** | Risky | Refactor or isolate |
| **< 0** | Dangerous | Redesign before coding |
---
## Architecture Overview
## 2. When to Use This Skill
### Layered Architecture
Automatically applies when working on:
```
HTTP Request
Routes (routing only)
Controllers (request handling)
Services (business logic)
Repositories (data access)
Database (Prisma)
```
**Key Principle:** Each layer has ONE responsibility.
See [architecture-overview.md](architecture-overview.md) for complete details.
* Routes, controllers, services, repositories
* Express middleware
* Prisma database access
* Zod validation
* Sentry error tracking
* Configuration management
* Backend refactors or migrations
---
## Directory Structure
## 3. Core Architecture Doctrine (Non-Negotiable)
### 1. Layered Architecture Is Mandatory
```
service/src/
├── config/ # UnifiedConfig
├── controllers/ # Request handlers
Routes → Controllers → Services → Repositories → Database
```
* No layer skipping
* No cross-layer leakage
* Each layer has **one responsibility**
---
### 2. Routes Only Route
```ts
// ❌ NEVER
router.post('/create', async (req, res) => {
await prisma.user.create(...);
});
// ✅ ALWAYS
router.post('/create', (req, res) =>
userController.create(req, res)
);
```
Routes must contain **zero business logic**.
---
### 3. Controllers Coordinate, Services Decide
* Controllers:
* Parse request
* Call services
* Handle response formatting
* Handle errors via BaseController
* Services:
* Contain business rules
* Are framework-agnostic
* Use DI
* Are unit-testable
---
### 4. All Controllers Extend `BaseController`
```ts
export class UserController extends BaseController {
async getUser(req: Request, res: Response): Promise<void> {
try {
const user = await this.userService.getById(req.params.id);
this.handleSuccess(res, user);
} catch (error) {
this.handleError(error, res, 'getUser');
}
}
}
```
No raw `res.json` calls outside BaseController helpers.
---
### 5. All Errors Go to Sentry
```ts
catch (error) {
Sentry.captureException(error);
throw error;
}
```
`console.log`
❌ silent failures
❌ swallowed errors
---
### 6. unifiedConfig Is the Only Config Source
```ts
// ❌ NEVER
process.env.JWT_SECRET;
// ✅ ALWAYS
import { config } from '@/config/unifiedConfig';
config.auth.jwtSecret;
```
---
### 7. Validate All External Input with Zod
* Request bodies
* Query params
* Route params
* Webhook payloads
```ts
const schema = z.object({
email: z.string().email(),
});
const input = schema.parse(req.body);
```
No validation = bug.
---
## 4. Directory Structure (Canonical)
```
src/
├── config/ # unifiedConfig
├── controllers/ # BaseController + controllers
├── services/ # Business logic
├── repositories/ # Data access
├── routes/ # Route definitions
├── middleware/ # Express middleware
├── types/ # TypeScript types
├── repositories/ # Prisma access
├── routes/ # Express routes
├── middleware/ # Auth, validation, errors
├── validators/ # Zod schemas
├── utils/ # Utilities
├── tests/ # Tests
├── types/ # Shared types
├── utils/ # Helpers
├── tests/ # Unit + integration tests
├── instrument.ts # Sentry (FIRST IMPORT)
├── app.ts # Express setup
├── app.ts # Express app
└── server.ts # HTTP server
```
**Naming Conventions:**
- Controllers: `PascalCase` - `UserController.ts`
- Services: `camelCase` - `userService.ts`
- Routes: `camelCase + Routes` - `userRoutes.ts`
- Repositories: `PascalCase + Repository` - `UserRepository.ts`
---
## 5. Naming Conventions (Strict)
| Layer | Convention |
| ---------- | ------------------------- |
| Controller | `PascalCaseController.ts` |
| Service | `camelCaseService.ts` |
| Repository | `PascalCaseRepository.ts` |
| Routes | `camelCaseRoutes.ts` |
| Validators | `camelCase.schema.ts` |
---
## Core Principles (7 Key Rules)
## 6. Dependency Injection Rules
### 1. Routes Only Route, Controllers Control
* Services receive dependencies via constructor
* No importing repositories directly inside controllers
* Enables mocking and testing
```typescript
// ❌ NEVER: Business logic in routes
router.post('/submit', async (req, res) => {
// 200 lines of logic
});
// ✅ ALWAYS: Delegate to controller
router.post('/submit', (req, res) => controller.submit(req, res));
```
### 2. All Controllers Extend BaseController
```typescript
export class UserController extends BaseController {
async getUser(req: Request, res: Response): Promise<void> {
try {
const user = await this.userService.findById(req.params.id);
this.handleSuccess(res, user);
} catch (error) {
this.handleError(error, res, 'getUser');
}
}
```ts
export class UserService {
constructor(
private readonly userRepository: UserRepository
) {}
}
```
### 3. All Errors to Sentry
---
```typescript
try {
await operation();
} catch (error) {
Sentry.captureException(error);
throw error;
}
## 7. Prisma & Repository Rules
* Prisma client **never used directly in controllers**
* Repositories:
* Encapsulate queries
* Handle transactions
* Expose intent-based methods
```ts
await userRepository.findActiveUsers();
```
### 4. Use unifiedConfig, NEVER process.env
---
```typescript
// ❌ NEVER
const timeout = process.env.TIMEOUT_MS;
## 8. Async & Error Handling
// ✅ ALWAYS
import { config } from './config/unifiedConfig';
const timeout = config.timeouts.default;
### asyncErrorWrapper Required
All async route handlers must be wrapped.
```ts
router.get(
'/users',
asyncErrorWrapper((req, res) =>
controller.list(req, res)
)
);
```
### 5. Validate All Input with Zod
No unhandled promise rejections.
```typescript
const schema = z.object({ email: z.string().email() });
const validated = schema.parse(req.body);
```
---
### 6. Use Repository Pattern for Data Access
## 9. Observability & Monitoring
```typescript
// Service → Repository → Database
const users = await userRepository.findActive();
```
### Required
### 7. Comprehensive Testing Required
* Sentry error tracking
* Sentry performance tracing
* Structured logs (where applicable)
```typescript
Every critical path must be observable.
---
## 10. Testing Discipline
### Required Tests
* **Unit tests** for services
* **Integration tests** for routes
* **Repository tests** for complex queries
```ts
describe('UserService', () => {
it('should create user', async () => {
expect(user).toBeDefined();
});
it('creates a user', async () => {
expect(user).toBeDefined();
});
});
```
---
## Common Imports
```typescript
// Express
import express, { Request, Response, NextFunction, Router } from 'express';
// Validation
import { z } from 'zod';
// Database
import { PrismaClient } from '@prisma/client';
import type { Prisma } from '@prisma/client';
// Sentry
import * as Sentry from '@sentry/node';
// Config
import { config } from './config/unifiedConfig';
// Middleware
import { SSOMiddlewareClient } from './middleware/SSOMiddleware';
import { asyncErrorWrapper } from './middleware/errorBoundary';
```
No tests → no merge.
---
## Quick Reference
### HTTP Status Codes
| Code | Use Case |
|------|----------|
| 200 | Success |
| 201 | Created |
| 400 | Bad Request |
| 401 | Unauthorized |
| 403 | Forbidden |
| 404 | Not Found |
| 500 | Server Error |
### Service Templates
**Blog API** (✅ Mature) - Use as template for REST APIs
**Auth Service** (✅ Mature) - Use as template for authentication patterns
---
## Anti-Patterns to Avoid
## 11. Anti-Patterns (Immediate Rejection)
❌ Business logic in routes
Direct process.env usage
Missing error handling
No input validation
Direct Prisma everywhere
Skipping service layer
Direct Prisma in controllers
Missing validation
process.env usage
❌ console.log instead of Sentry
❌ Untested business logic
---
## Navigation Guide
## 12. Integration With Other Skills
| Need to... | Read this |
|------------|-----------|
| Understand architecture | [architecture-overview.md](architecture-overview.md) |
| Create routes/controllers | [routing-and-controllers.md](routing-and-controllers.md) |
| Organize business logic | [services-and-repositories.md](services-and-repositories.md) |
| Validate input | [validation-patterns.md](validation-patterns.md) |
| Add error tracking | [sentry-and-monitoring.md](sentry-and-monitoring.md) |
| Create middleware | [middleware-guide.md](middleware-guide.md) |
| Database access | [database-patterns.md](database-patterns.md) |
| Manage config | [configuration.md](configuration.md) |
| Handle async/errors | [async-and-errors.md](async-and-errors.md) |
| Write tests | [testing-guide.md](testing-guide.md) |
| See examples | [complete-examples.md](complete-examples.md) |
* **frontend-dev-guidelines** → API contract alignment
* **error-tracking** → Sentry standards
* **database-verification** → Schema correctness
* **analytics-tracking** → Event pipelines
* **skill-developer** → Skill governance
---
## Resource Files
## 13. Operator Validation Checklist
### [architecture-overview.md](architecture-overview.md)
Layered architecture, request lifecycle, separation of concerns
Before finalizing backend work:
### [routing-and-controllers.md](routing-and-controllers.md)
Route definitions, BaseController, error handling, examples
### [services-and-repositories.md](services-and-repositories.md)
Service patterns, DI, repository pattern, caching
### [validation-patterns.md](validation-patterns.md)
Zod schemas, validation, DTO pattern
### [sentry-and-monitoring.md](sentry-and-monitoring.md)
Sentry init, error capture, performance monitoring
### [middleware-guide.md](middleware-guide.md)
Auth, audit, error boundaries, AsyncLocalStorage
### [database-patterns.md](database-patterns.md)
PrismaService, repositories, transactions, optimization
### [configuration.md](configuration.md)
UnifiedConfig, environment configs, secrets
### [async-and-errors.md](async-and-errors.md)
Async patterns, custom errors, asyncErrorWrapper
### [testing-guide.md](testing-guide.md)
Unit/integration tests, mocking, coverage
### [complete-examples.md](complete-examples.md)
Full examples, refactoring guide
* [ ] BFRI ≥ 3
* [ ] Layered architecture respected
* [ ] Input validated
* [ ] Errors captured in Sentry
* [ ] unifiedConfig used
* [ ] Tests written
* [ ] No anti-patterns present
---
## Related Skills
- **database-verification** - Verify column names and schema consistency
- **error-tracking** - Sentry integration patterns
- **skill-developer** - Meta-skill for creating and managing skills
## 14. Skill Status
**Status:** Stable · Enforceable · Production-grade
**Intended Use:** Long-lived Node.js microservices with real traffic and real risk
---
**Skill Status**: COMPLETE ✅
**Line Count**: < 500 ✅
**Progressive Disclosure**: 11 resource files ✅

199
skills/bash-linux/SKILL.md Normal file
View File

@@ -0,0 +1,199 @@
---
name: bash-linux
description: Bash/Linux terminal patterns. Critical commands, piping, error handling, scripting. Use when working on macOS or Linux systems.
allowed-tools: Read, Write, Edit, Glob, Grep, Bash
---
# Bash Linux Patterns
> Essential patterns for Bash on Linux/macOS.
---
## 1. Operator Syntax
### Chaining Commands
| Operator | Meaning | Example |
|----------|---------|---------|
| `;` | Run sequentially | `cmd1; cmd2` |
| `&&` | Run if previous succeeded | `npm install && npm run dev` |
| `\|\|` | Run if previous failed | `npm test \|\| echo "Tests failed"` |
| `\|` | Pipe output | `ls \| grep ".js"` |
---
## 2. File Operations
### Essential Commands
| Task | Command |
|------|---------|
| List all | `ls -la` |
| Find files | `find . -name "*.js" -type f` |
| File content | `cat file.txt` |
| First N lines | `head -n 20 file.txt` |
| Last N lines | `tail -n 20 file.txt` |
| Follow log | `tail -f log.txt` |
| Search in files | `grep -r "pattern" --include="*.js"` |
| File size | `du -sh *` |
| Disk usage | `df -h` |
---
## 3. Process Management
| Task | Command |
|------|---------|
| List processes | `ps aux` |
| Find by name | `ps aux \| grep node` |
| Kill by PID | `kill -9 <PID>` |
| Find port user | `lsof -i :3000` |
| Kill port | `kill -9 $(lsof -t -i :3000)` |
| Background | `npm run dev &` |
| Jobs | `jobs -l` |
| Bring to front | `fg %1` |
---
## 4. Text Processing
### Core Tools
| Tool | Purpose | Example |
|------|---------|---------|
| `grep` | Search | `grep -rn "TODO" src/` |
| `sed` | Replace | `sed -i 's/old/new/g' file.txt` |
| `awk` | Extract columns | `awk '{print $1}' file.txt` |
| `cut` | Cut fields | `cut -d',' -f1 data.csv` |
| `sort` | Sort lines | `sort -u file.txt` |
| `uniq` | Unique lines | `sort file.txt \| uniq -c` |
| `wc` | Count | `wc -l file.txt` |
---
## 5. Environment Variables
| Task | Command |
|------|---------|
| View all | `env` or `printenv` |
| View one | `echo $PATH` |
| Set temporary | `export VAR="value"` |
| Set in script | `VAR="value" command` |
| Add to PATH | `export PATH="$PATH:/new/path"` |
---
## 6. Network
| Task | Command |
|------|---------|
| Download | `curl -O https://example.com/file` |
| API request | `curl -X GET https://api.example.com` |
| POST JSON | `curl -X POST -H "Content-Type: application/json" -d '{"key":"value"}' URL` |
| Check port | `nc -zv localhost 3000` |
| Network info | `ifconfig` or `ip addr` |
---
## 7. Script Template
```bash
#!/bin/bash
set -euo pipefail # Exit on error, undefined var, pipe fail
# Colors (optional)
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m'
# Script directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# Functions
log_info() { echo -e "${GREEN}[INFO]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1" >&2; }
# Main
main() {
log_info "Starting..."
# Your logic here
log_info "Done!"
}
main "$@"
```
---
## 8. Common Patterns
### Check if command exists
```bash
if command -v node &> /dev/null; then
echo "Node is installed"
fi
```
### Default variable value
```bash
NAME=${1:-"default_value"}
```
### Read file line by line
```bash
while IFS= read -r line; do
echo "$line"
done < file.txt
```
### Loop over files
```bash
for file in *.js; do
echo "Processing $file"
done
```
---
## 9. Differences from PowerShell
| Task | PowerShell | Bash |
|------|------------|------|
| List files | `Get-ChildItem` | `ls -la` |
| Find files | `Get-ChildItem -Recurse` | `find . -type f` |
| Environment | `$env:VAR` | `$VAR` |
| String concat | `"$a$b"` | `"$a$b"` (same) |
| Null check | `if ($x)` | `if [ -n "$x" ]` |
| Pipeline | Object-based | Text-based |
---
## 10. Error Handling
### Set options
```bash
set -e # Exit on error
set -u # Exit on undefined variable
set -o pipefail # Exit on pipe failure
set -x # Debug: print commands
```
### Trap for cleanup
```bash
cleanup() {
echo "Cleaning up..."
rm -f /tmp/tempfile
}
trap cleanup EXIT
```
---
> **Remember:** Bash is text-based. Use `&&` for success chains, `set -e` for safety, and quote your variables!

242
skills/behavioral-modes/SKILL.md Normal file
View File

@@ -0,0 +1,242 @@
---
name: behavioral-modes
description: AI operational modes (brainstorm, implement, debug, review, teach, ship, orchestrate). Use to adapt behavior based on task type.
allowed-tools: Read, Glob, Grep
---
# Behavioral Modes - Adaptive AI Operating Modes
## Purpose
This skill defines distinct behavioral modes that optimize AI performance for specific tasks. Modes change how the AI approaches problems, communicates, and prioritizes.
---
## Available Modes
### 1. 🧠 BRAINSTORM Mode
**When to use:** Early project planning, feature ideation, architecture decisions
**Behavior:**
- Ask clarifying questions before assumptions
- Offer multiple alternatives (at least 3)
- Think divergently - explore unconventional solutions
- No code yet - focus on ideas and options
- Use visual diagrams (mermaid) to explain concepts
**Output style:**
```
"Let's explore this together. Here are some approaches:
Option A: [description]
✅ Pros: ...
❌ Cons: ...
Option B: [description]
✅ Pros: ...
❌ Cons: ...
What resonates with you? Or should we explore a different direction?"
```
---
### 2. ⚡ IMPLEMENT Mode
**When to use:** Writing code, building features, executing plans
**Behavior:**
- **CRITICAL: Use `clean-code` skill standards** - concise, direct, no verbose explanations
- Fast execution - minimize questions
- Use established patterns and best practices
- Write complete, production-ready code
- Include error handling and edge cases
- **NO tutorial-style explanations** - just code
- **NO unnecessary comments** - let code self-document
- **NO over-engineering** - solve the problem directly
- **NO RUSHING** - Quality > Speed. Read ALL references before coding.
**Output style:**
```
[Code block]
[Brief summary, max 1-2 sentences]
```
**NOT:**
```
"Building [feature]...
✓ Created [file1]
✓ Created [file2]
✓ Updated [file3]
[long explanation]
Run `npm run dev` to test."
```
---
### 3. 🔍 DEBUG Mode
**When to use:** Fixing bugs, troubleshooting errors, investigating issues
**Behavior:**
- Ask for error messages and reproduction steps
- Think systematically - check logs, trace data flow
- Form hypothesis → test → verify
- Explain the root cause, not just the fix
- Prevent future occurrences
**Output style:**
```
"Investigating...
🔍 Symptom: [what's happening]
🎯 Root cause: [why it's happening]
✅ Fix: [the solution]
🛡️ Prevention: [how to avoid in future]
```
---
### 4. 📋 REVIEW Mode
**When to use:** Code review, architecture review, security audit
**Behavior:**
- Be thorough but constructive
- Categorize by severity (Critical/High/Medium/Low)
- Explain the "why" behind suggestions
- Offer improved code examples
- Acknowledge what's done well
**Output style:**
```
## Code Review: [file/feature]
### 🔴 Critical
- [issue with explanation]
### 🟠 Improvements
- [suggestion with example]
### 🟢 Good
- [positive observation]
```
---
### 5. 📚 TEACH Mode
**When to use:** Explaining concepts, documentation, onboarding
**Behavior:**
- Explain from fundamentals
- Use analogies and examples
- Progress from simple to complex
- Include practical exercises
- Check understanding
**Output style:**
```
## Understanding [Concept]
### What is it?
[Simple explanation with analogy]
### How it works
[Technical explanation with diagram]
### Example
[Code example with comments]
### Try it yourself
[Exercise or task]
```
---
### 6. 🚀 SHIP Mode
**When to use:** Production deployment, final polish, release preparation
**Behavior:**
- Focus on stability over features
- Check for missing error handling
- Verify environment configs
- Run all tests
- Create deployment checklist
**Output style:**
```
## Pre-Ship Checklist
### ✅ Code Quality
- [ ] No TypeScript errors
- [ ] ESLint passing
- [ ] All tests passing
### ✅ Security
- [ ] No exposed secrets
- [ ] Input validation complete
### ✅ Performance
- [ ] Bundle size acceptable
- [ ] No console.logs
### 🚀 Ready to deploy
```
---
## Mode Detection
The AI should automatically detect the appropriate mode based on:
| Trigger | Mode |
|---------|------|
| "what if", "ideas", "options" | BRAINSTORM |
| "build", "create", "add" | IMPLEMENT |
| "not working", "error", "bug" | DEBUG |
| "review", "check", "audit" | REVIEW |
| "explain", "how does", "learn" | TEACH |
| "deploy", "release", "production" | SHIP |
---
## Multi-Agent Collaboration Patterns (2025)
Modern architectures optimized for agent-to-agent collaboration:
### 1. 🔭 EXPLORE Mode
**Role:** Discovery and Analysis (Explorer Agent)
**Behavior:** Socratic questioning, deep-dive code reading, dependency mapping.
**Output:** `discovery-report.json`, architectural visualization.
### 2. 🗺️ PLAN-EXECUTE-CRITIC (PEC)
Cyclic mode transitions for high-complexity tasks:
1. **Planner:** Decomposes the task into atomic steps (`task.md`).
2. **Executor:** Performs the actual coding (`IMPLEMENT`).
3. **Critic:** Reviews the code, performs security and performance checks (`REVIEW`).
### 3. 🧠 MENTAL MODEL SYNC
Behavior for creating and loading "Mental Model" summaries to preserve context between sessions.
---
## Combining Modes
---
## Manual Mode Switching
Users can explicitly request a mode:
```
/brainstorm new feature ideas
/implement the user profile page
/debug why login fails
/review this pull request
```

Some files were not shown because too many files have changed in this diff Show More