Loading...
Loading...
Found 1,850 Skills
Connect Claude to any app. Send emails, create issues, post messages, update databases - take real actions across Gmail, Slack, GitHub, Notion, and 1000+ services.
Analyze agent skills for security risks, malicious patterns, and potential dangers before installation. Use when asked to "audit a skill", "check if a skill is safe", "analyze skill security", "review skill risk", "should I install this skill", "is this skill safe", or when evaluating any skill directory for trust and safety. Also triggers when the user pastes a skill install command like "npx skills add https://github.com/org/repo --skill name". Produces a comprehensive security report with a clear install/reject verdict.
Entrypoint for AI coding assistant rule authoring across GitHub Copilot, Cursor, and Claude Code. USE FOR: setting up rules, reviewing existing rules, scaffolding instruction files, or asking which editor format to use. DO NOT USE FOR: authoring skills (SKILL.md), agent definitions (.agent.md), or CI enforcement of rule files.
Luban - Skill Polishing Workshop. Transform a "usable Skill" into a public Skill asset that is "understandable, installable, shareable, verifiable, and continuously evolvable". The methodology consists of five craftsman-like steps: 1. Material Inspection: First challenge whether the premise of this Skill is valid; directly state if the "material" is not worth polishing. 2. Peer Research: Search for similar Skills online to clarify its position in the ecosystem. 3. Dimension Measurement: Evaluate using three metrics - structure, actual testing, and live verification (live verification means reconciling with real running outputs; a green CI can be deceptive). 4. Iterative Refinement: Freeze the original version as a baseline; only retain changes that pass the verification gate, otherwise revert. Try to institutionalize verification methods as tools and rules in the repository. 5. Post-Release Iteration: Release is not the end; maintain a benchmark observation list, and start the next iteration based on real feedback. This tool is used when users want to upgrade, optimize, polish, productize, or release their self-developed Skills. The final deliverables include a structured Skill Polishing Report, directly replaceable rewritten segments, and a shareable "Graduation Certificate" result card that can be screenshot. Trigger phrases include but are not limited to: "Let Luban take a look at this skill", "Polish at Luban's Workshop", "Polish my skill", "Upgrade my skill", "Optimize this skill", "Skill check-up", "Skill audit", "Productize my skill", "How to release this skill", "Benchmark against similar skills", "Why no one installs my skill", "Help me publish my skill to GitHub/ClawHub", "Improve SKILL.md". Even if users only provide a Skill directory, GitHub repository link, or a segment of SKILL.md saying "Help me figure out how to modify it", it should be triggered as long as the context is about making the Skill more usable and shareable. Do NOT use this for creating a new Skill from scratch (use skill-creator), regular code review (use code-review), or rewriting ordinary prompts unrelated to Skill assets.
Stage, commit, and push git changes with conventional commit messages. Use when user wants to commit and push changes, mentions pushing to remote, or asks to save and push their work. Also activates when user says "push changes", "commit and push", "push this", "push to github", or similar git workflow requests.
Tool discovery and shell one-liner reference for sysadmin, DevOps, and security tasks. AUTO-CONSULT this skill when the user is: troubleshooting network issues, debugging processes, analyzing logs, working with SSL/TLS, managing DNS, testing HTTP endpoints, auditing security, working with containers, writing shell scripts, or asks 'what tool should I use for X'. Source: github.com/trimstray/the-book-of-secret-knowledge
Creates Prowler security checks following SDK architecture patterns. Trigger: When creating or updating a Prowler SDK security check (implementation + metadata) for any provider (AWS, Azure, GCP, K8s, GitHub, etc.).
Use this skill to manage already-installed skills across Claude Code, Codex, Gemini, OpenCode, OpenClaw, Cursor, Copilot, and other configured agent tools by comparing skill status and linking from configured source directories such as ~/.cc-switch/skills/ and ~/.agents/skills/. Trigger it in two major cases: first, when the user wants to sync, remove, repair, or align skills or agent skills across multiple agents; second, when the user does not yet know the current skill state and wants to inspect skill differences, missing skills, per-agent skill coverage, per-skill coverage, or decide what skill changes to make next. Use this skill when the topic is cross-agent skill or agent-skill management, not for general agent comparison, general model capability questions, or creating, editing, or installing skills from GitHub.
After installing the full k-skill bundle, configure and verify the shared cross-platform setup with sops plus age, then optionally wire update checks and GitHub starring with explicit user consent.
Free unlimited web search via self-hosted SearXNG (aggregates Google, Bing, DuckDuckGo, Reddit, GitHub and 70+ more engines). Use whenever the user needs to search the web for anything — news, docs, code examples, prices, people, places — even if they just say "search for X" or "look up Y". Prefer this over paid APIs. Run setup.sh first if SearXNG is not running.
Production-ready authentication framework for TypeScript with first-class Cloudflare D1 support. Use this skill when building auth systems as a self-hosted alternative to Clerk or Auth.js, particularly for Cloudflare Workers projects. Supports social providers (Google, GitHub, Microsoft, Apple), email/password, magic links, 2FA, passkeys, organizations, and RBAC. Prevents 10+ common authentication errors including session serialization issues, CORS misconfigurations, D1 adapter setup, social provider OAuth flows, and JWT token handling. Keywords: better-auth, authentication, cloudflare d1 auth, self-hosted auth, typescript auth, clerk alternative, auth.js alternative, social login, oauth providers, session management, jwt tokens, 2fa, two-factor, passkeys, webauthn, multi-tenant auth, organizations, teams, rbac, role-based access, google auth, github auth, microsoft auth, apple auth, magic links, email password, better-auth setup, session serialization error, cors auth, d1 adapter
Review secret detection patterns and scanning workflows. Use for identifying high-signal secrets like AWS keys, GitHub tokens, and DB passwords. Use proactively during all security audits to scan code and history. Examples: - user: "Scan for secrets in this repo" → run high-signal rg patterns and gitleaks - user: "Check for AWS keys" → scan for AKIA patterns and server-side exposure - user: "Audit my .env files" → ensure secrets are gitignored and not committed - user: "Verify secret redaction" → check that reported secrets follow 4+4 format - user: "Scan build artifacts for keys" → search dist/ and build/ for secret patterns