Skills

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A collection of 65 Claude Code skills and 9 workflows with progressive disclosure, covering full-stack development including context engineering and Atlassian integration.

Incident response skill from Anthropic Knowledge Work Plugins for managing security incidents with structured triage, investigation, and remediation workflows.

Expert guidance for Swift Testing framework covering test structure, #expect/#require macros, traits and tags, parameterized tests, test plans, parallel execution, async waiting patterns, and XCTest migration. Prioritizes readable tests, robust parallel execution, and incremental migration from XCTest.

Operate the Resend platform from the terminal via the `resend` CLI — send emails (including React Email .tsx templates via `--react-email`), manage domains, contacts, broadcasts, templates, webhooks, API keys, logs, automations, and events. Designed for shell, scripts, and CI/CD pipelines, and always loads the non-interactive flag contract and gotchas to avoid silent failures.

A Claude Code skill for TanStack Query that provides guidance on async state management with caching, mutations, and SSR support.

A curated collection of awesome LLM applications with skills for building AI-powered apps, covering RAG, agents, and various use cases.

Forge a complete "lobster soul" persona for an OpenClaw AI agent — identity, SOUL.md / IDENTITY.md, character-bound rules, name, and avatar prompt — via guided Q&A or a gacha engine (`gacha.py`) that draws from 8 million combinations. If an approved image-gen skill is installed, automatically produces a matching avatar image.

Builds operator-focused monitoring dashboards for Grafana, SigNoz, and similar platforms by starting from operating questions (health, latency, throughput, saturation, service-specific risk) instead of visual layout. Produces structured boards (overview / performance / resources / service-specific) with example panel sets for Elasticsearch, Kafka, and API gateways, plus a quality checklist enforcing units, thresholds, and variables.

A tool for searching and retrieving 200,000+ icons from 150+ collections, working as an MCP server for AI agents or CLI tool with automated setup for multiple editors.

Agent-powered lead intelligence and outreach pipeline that replaces Apollo, Clay, and ZoomInfo by doing signal scoring, mutual ranking, warm-path discovery, voice modeling from real sources, and channel-specific outreach across email, LinkedIn, and X. Requires Exa MCP plus X API, with optional LinkedIn, Apollo/Clay, GitHub MCP, and Mail.app integrations.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Part of Anthropic's knowledge-work-plugins collection that turns Claude into a role-based specialist. The debug plugin is one of 11 open-source plugins covering productivity, sales, customer support, product management, marketing, legal, finance, data, enterprise search, and bio-research, each bundling skills, connectors, and slash commands for specific job functions.

Operate across Google Drive, Docs, Sheets, and Slides as one workflow surface — finding, summarizing, editing, migrating, or cleaning up shared assets like plans, trackers, and decks. Uses Drive as the entry point, then switches to Docs/Sheets/Slides specialists with index-aware edits for Docs and explicit tab/range targeting for Sheets.

Parses SARIF (Static Analysis Results Interchange Format) files to process outputs from security scanners like CodeQL, Semgrep, and other static analysis tools

Official Apollo GraphQL agent skills for AI coding agents, covering Apollo Client, Apollo Server, Apollo Connectors, and GraphQL development workflows.

Hunt for remotely reachable, bounty-worthy vulnerabilities (SSRF, auth bypass, deserialization/upload-to-RCE, SQLi, command injection, path traversal, auto-triggered XSS) instead of low-signal best-practice findings. Enforces scope/`SECURITY.md` checks, duplicate search, a reachable-user-control-to-sink proof requirement, and a standardized report template (Description / Vulnerable Code / PoC / Impact / Affected Version) before submission to Huntr, HackerOne, and similar.

Fetches design context, screenshots, and assets from Figma, translating Figma nodes into production-ready code with project-specific conventions.

Provides guidance for writing marimo notebooks in the correct Python file format, covering script mode detection, interactive vs. CLI usage, UI widget patterns, and best practices for keeping notebook cells simple.

A lightweight AST-based semantic code search tool that reduces token usage by 70%, built on CocoIndex's Rust-based data transformation engine. Integrates with Claude Code, Codex, and Cursor via skill or MCP server, with zero-config setup.

Teaches Claude to read, write, and validate HADS (Human-AI Document Standard) Markdown docs using four block types: `**[SPEC]**` (authoritative facts), `**[NOTE]**` (human context), `**[BUG]**` (symptom + fix), and `**[?]**` (unverified). Requires an AI manifest section so models know which blocks to read and which to skip.

Persona skill distilled by 女娲 — encodes Tong Jincheng (童锦程, the "deep-emotion ancestor")'s cognitive frameworks (吸引力 > 讨好, 给台阶, 人性不可考验, 炫耀即暴露不安全感, 成功前后是两个世界) and 9 decision heuristics into a runnable Claude Code skill, grounded in ~200,000 characters of first-hand video transcripts (livestream compilations + dating vlogs) for relationship, dating, and personal-growth analysis.

Multi-agent harness inspired by Anthropic's March 2026 harness-design paper that separates Generator from Evaluator in an adversarial GAN-style loop to drive quality far beyond single-agent self-critique. Use for application builds, frontend design, or full-stack work where AI-slop aesthetics are unacceptable and you want to invest $50–200 on production-quality output.

Market research skill using Apify Actors to extract data from Google Maps, Facebook, Instagram, Booking.com, and TripAdvisor for analyzing market conditions, geographic opportunities, pricing, and consumer behavior.

Idiomatic C# and .NET patterns for building robust ASP.NET Core applications, covering immutable `record` types, explicit nullability, dependency injection via interfaces, async/await with `CancellationToken`, the Options pattern, the Result pattern, EF Core repositories, custom middleware, and Minimal API route groups.

Intelligently organizes and renames files based on content analysis and metadata, suggesting folder structures, generating consistent naming conventions, identifying duplicates, and creating organization systems for documents, images, invoices, and projects.

Operate real customer billing workflows via connected tools like Stripe — subscriptions, refunds, duplicate charges, failed renewals, churn triage, and billing-portal recovery. Enforces classifying the issue (accidental duplicate vs multi-seat vs broken product vs cancellation) before acting, and never refunds blindly or exposes secret keys or PII.

Configures a `PreToolUse` hook in `.claude/settings.json` that inspects every Bash tool call and blocks `git` commands containing `--no-verify` or `--no-gpg-sign` by exiting with code 2. Prevents AI agents from bypassing pre-commit hooks, lint/test gates, and GPG signing policies.

Three-stage pipeline (Fork → Sanitize → Package) that turns any private project into a safely public release — stripping secrets, verifying the repo is clean, then generating CLAUDE.md, setup.sh, and README. Triggered by `/opensource fork|verify|package` or phrases like "open source this" and "make this public".

Translates Figma designs into production-ready code with pixel-perfect accuracy using design context, screenshots, and project conventions.