Skills

An orchestrator for the complete academic research pipeline from research to final manuscript, coordinating deep-research, academic-paper, and academic-paper-reviewer skills through a 10-stage workflow with mandatory integrity verification, two-stage peer review, and reproducible quality gates.

An indexion-powered skill for maintaining project wiki pages, indexes, linting, source logs, and detecting code-to-documentation drift.

A skill for automating web browser interactions using Puppeteer and Playwright via MCP tools, supporting page navigation, element clicking and typing, data extraction and scraping, screenshot capture, PDF generation, and multi-page workflow automation.

Generates a pre-edit structure brief from a cached orientation map using the indexion tool, enabling zero-knowledge agents to infer code owners, consumer surfaces, and unsafe edit locations before making changes. Part of the indexion-skills plugin for source code exploration and analysis.

Detects drift between file, folder, and symbol names and their actual implementation contents, then classifies actions as rename, move, split, hollow, or keep. Part of the indexion-skills plugin for source code exploration, identity auditing, and documentation tools.

Optimizes Redis performance by providing comprehensive guidelines for data structures, caching, vector search, and query engine best practices across 29 rules.

Unify scattered notifications across GitHub, Linear, local hooks, desktop alerts, and connected chat/email into one ECC-native lane with a severity model (Critical/High/Medium/Low), event pipeline (capture → classify → route → collapse duplicates → attach action), and digest-first defaults. Prefers existing ECC primitives (skill, hook, agent, MCP) over a new notification product and always pairs each signal with the next operator action.

Solidity AMM / liquidity-pool / swap-flow security checklist with hardened OpenZeppelin patterns — enforces CEI ordering and `nonReentrant`, blocks donation/inflation attacks by tracking internal `_totalAssets` instead of `token.balanceOf(address(this))`, requires Uniswap V3 TWAP instead of spot price, mandatory `amountOutMin`/`deadline` on swaps, `FullMath.mulDiv` for overflow-sensitive reserve math, and `Ownable2Step` admin controls. Ends with a slither / echidna / forge fuzz audit step.

A collection of 65 Claude Code skills and 9 workflows with progressive disclosure, covering full-stack development including context engineering and Atlassian integration.

Generates comprehensive software testing handbooks covering test cases, scenarios, and best practices for development and QA teams

A CLI and MCP tool that lets AI agents access 36 platforms (Twitter, Reddit, YouTube, Zhihu, and more) through your real browser's login state, bypassing the need for API keys or scraping by running commands directly inside your authenticated browser tabs.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Evidence-first burn audit for the sibling ECC-Tools GitHub App repo targeting runaway PR creation, quota bypass, premium-model leakage on free tiers, duplicate-job fanout, and app-generated branches re-entering the webhook. Traces webhook → queue → worker paths end to end and fixes in burn order (stop PR multiplication → stop quota bypass → stop premium leakage → stop retry burn → close rerun safety gaps) rather than cosmetic cleanup.

A Claude office skill for generating high-converting ad copy across Google Ads, Meta/Facebook, TikTok, and LinkedIn. Provides platform-specific character limits, A/B testing variants, and copywriting frameworks like AIDA, PAS, and BAB for optimized advertising content.

Evidence-first live-messaging workflow for iMessage/DM retrieval, recovering a recent one-time code, and inspecting a thread before replying — not email work. Forces the agent to name the exact message surface (local Messages, X/social DM, other browser-gated source), sender/service, and time window, and returns explicit status (`read` / `code-found` / `blocked` / `awaiting reply draft`) instead of improvising raw database access.

Scans Algorand blockchain smart contracts for security vulnerabilities and provides detailed remediation insights

Write [Hookify](https://claudelog.com/hookify) rules as `.claude/hookify.{name}.local.md` markdown files with YAML frontmatter that watch for patterns (regex or multi-condition) on bash/file/stop/prompt/all events and either `warn` or `block`. Covers frontmatter fields (`name`, `enabled`, `event`, `action`, `pattern`, `conditions`), operators like `regex_match`/`contains`/`starts_with`, common pitfalls (over-broad regexes, YAML escaping), and the `/hookify`, `/hookify-list`, `/hookify-configure` commands.

Tests cryptographic code for timing vulnerabilities that could expose sensitive data through execution time variations

Triages GitHub issues through a label-based state machine with interactive grilling sessions. Use when reviewing incoming bugs or feature requests, preparing issues for an AFK agent, or managing issue workflow via the `gh` CLI.

Claude skills for designing polished UIs in single HTML files with Tailwind CSS, styled after modern design systems like Linear, Stripe, and Vercel.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Prevent silent decimal mismatch bugs across EVM chains — always call `decimals()` at runtime, cache by `(chain_id, token_address)` (not symbol), use `Decimal`/`BigInt` exact math (never float), re-query after bridging, and normalize to 18-decimal WAD when comparing across tokens. Ships Python (`web3.py`), TypeScript (`ethers`), and Solidity examples plus a `cast call <token> "decimals()(uint8)"` quick check.

Provides LibFuzzer patterns for coverage-guided fuzzing of C/C++ libraries, including harness writing, corpus management, and crash analysis

Scans TON blockchain smart contracts for security vulnerabilities using static analysis techniques

Integrates projects with Google OSS-Fuzz for continuous fuzzing of open source software, covering configuration and integration best practices

from supercent-io/skills-template

Provides AFL++ patterns for advanced coverage-guided fuzzing including custom mutators, persistent mode, and crash deduplication

Official Sentry agent skills for employees, providing code review guidelines, commit conventions, PR creation/iteration workflows, bug finding, Claude settings auditing, and CI integration following the Agent Skills open format.

Interprets Culture Index assessment results to provide insights on team dynamics, work patterns, and leadership style compatibility

Downloads YouTube videos, generates semantic chapters, clips segments, translates subtitles to bilingual format, and burns subtitles into video.