firefrost-gaming/antigravity-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

feat: add codebase-audit-pre-push skill and sync generated files

Browse Source
This commit is contained in:
sck_0
2026-03-05 16:10:31 +01:00
parent 8c42024a29
commit f358ad2c4d
6 changed files with 369 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
CATALOG.md
View File

@@ -2,7 +2,7 @@
Generated at: 2026-02-08T00:00:00.000Z
Total skills: 1002
Total skills: 1006
## architecture (69)
@@ -136,7 +136,7 @@ calculations | startup, business, analyst, market, opportunity | startup, busine
| `startup-financial-modeling` | This skill should be used when the user asks to \\\"create financial projections", "build a financial model", "forecast revenue", "calculate burn rate", "est... | startup, financial, modeling | startup, financial, modeling, skill, should, used, user, asks, projections, model, forecast, revenue |
| `whatsapp-automation` | Automate WhatsApp Business tasks via Rube MCP (Composio): send messages, manage templates, upload media, and handle contacts. Always search tools first for c... | whatsapp | whatsapp, automation, automate, business, tasks, via, rube, mcp, composio, send, messages, upload |
## data-ai (181)
## data-ai (182)
| Skill | Description | Tags | Triggers |
| --- | --- | --- | --- |
@@ -241,6 +241,7 @@ calculations | startup, business, analyst, market, opportunity | startup, busine
| `dbt-transformation-patterns` | Master dbt (data build tool) for analytics engineering with model organization, testing, documentation, and incremental strategies. Use when building data tr... | dbt, transformation | dbt, transformation, data, analytics, engineering, model, organization, testing, documentation, incremental, building, transformations |
| `documentation-generation-doc-generate` | You are a documentation expert specializing in creating comprehensive, maintainable documentation from code. Generate API docs, architecture diagrams, user g... | documentation, generation, doc, generate | documentation, generation, doc, generate, specializing, creating, maintainable, code, api, docs, architecture, diagrams |
| `documentation-templates` | Documentation templates and structure guidelines. README, API docs, code comments, and AI-friendly documentation. | documentation | documentation, structure, guidelines, readme, api, docs, code, comments, ai, friendly |
| `drizzle-orm-expert` | Expert in Drizzle ORM for TypeScript — schema design, relational queries, migrations, and serverless database integration. Use when building type-safe databa... | drizzle, orm | drizzle, orm, typescript, schema, relational, queries, migrations, serverless, database, integration, building, type |
| `embedding-strategies` | Select and optimize embedding models for semantic search and RAG applications. Use when choosing embedding models, implementing chunking strategies, or optim... | embedding, strategies | embedding, strategies, select, optimize, models, semantic, search, rag, applications, choosing, implementing, chunking |
| `fal-audio` | Text-to-speech and speech-to-text using fal.ai audio models | fal, audio | fal, audio, text, speech, ai, models |
| `fal-generate` | Generate images and videos using fal.ai AI models | fal, generate | fal, generate, images, videos, ai, models |
@@ -810,7 +811,7 @@ scripts. | bash | bash, pro, defensive, scripting, automation, ci, cd, pipelines
| `workflow-automation` | Workflow automation is the infrastructure that makes AI agents reliable. Without durable execution, a network hiccup during a 10-step payment flow means lost... | | automation, infrastructure, makes, ai, agents, reliable, without, durable, execution, network, hiccup, during |
| `x-twitter-scraper` | X (Twitter) data platform skill — tweet search, user lookup, follower extraction, engagement metrics, giveaway draws, monitoring, webhooks, 19 extraction too... | [twitter, x-api, scraping, mcp, social-media, data-extraction, giveaway, monitoring, webhooks] | [twitter, x-api, scraping, mcp, social-media, data-extraction, giveaway, monitoring, webhooks], twitter, scraper, data |
## security (118)
## security (121)
| Skill | Description | Tags | Triggers |
| --- | --- | --- | --- |
@@ -838,6 +839,7 @@ scripts. | bash | bash, pro, defensive, scripting, automation, ci, cd, pipelines
| `clerk-auth` | Expert patterns for Clerk auth implementation, middleware, organizations, webhooks, and user sync Use when: adding authentication, clerk auth, user authentic... | clerk, auth | clerk, auth, middleware, organizations, webhooks, user, sync, adding, authentication, sign, up |
| `cloud-penetration-testing` | This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exp... | cloud, penetration | cloud, penetration, testing, skill, should, used, user, asks, perform, assess, azure, aws |
| `code-review-checklist` | Comprehensive checklist for conducting thorough code reviews covering functionality, security, performance, and maintainability | code, checklist | code, checklist, review, conducting, thorough, reviews, covering, functionality, security, performance, maintainability |
| `codebase-audit-pre-push` | Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness. | codebase, audit, pre, push | codebase, audit, pre, push, deep, before, github, removes, junk, files, dead, code |
| `codebase-cleanup-deps-audit` | You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for ... | codebase, cleanup, deps, audit | codebase, cleanup, deps, audit, dependency, security, specializing, vulnerability, scanning, license, compliance, supply |
| `convex` | Convex reactive backend expert: schema design, TypeScript functions, real-time subscriptions, auth, file storage, scheduling, and deployment. | convex | convex, reactive, backend, schema, typescript, functions, real, time, subscriptions, auth, file, storage |
| `crypto-bd-agent` | Autonomous crypto business development patterns — multi-chain token discovery, 100-point scoring with wallet forensics, x402 micropayments, ERC-8004 on-chain... | crypto, bd, agent | crypto, bd, agent, autonomous, business, development, multi, chain, token, discovery, 100, point |
@@ -850,6 +852,8 @@ scripts. | bash | bash, pro, defensive, scripting, automation, ci, cd, pipelines
| `docker-expert` | Docker containerization expert with deep knowledge of multi-stage builds, image optimization, container security, Docker Compose orchestration, and productio... | docker | docker, containerization, deep, knowledge, multi, stage, image, optimization, container, security, compose, orchestration |
| `dotnet-backend` | Build ASP.NET Core 8+ backend services with EF Core, auth, background jobs, and production API patterns. | dotnet, backend | dotnet, backend, asp, net, core, ef, auth, background, jobs, api |
| `ethical-hacking-methodology` | This skill should be used when the user asks to "learn ethical hacking", "understand penetration testing lifecycle", "perform reconnaissance", "conduct secur... | ethical, hacking, methodology | ethical, hacking, methodology, skill, should, used, user, asks, learn, understand, penetration, testing |
| `fda-food-safety-auditor` | Expert AI auditor for FDA Food Safety (FSMA), HACCP, and PCQI compliance. Reviews food facility records and preventive controls. | fda, food, safety, auditor | fda, food, safety, auditor, ai, fsma, haccp, pcqi, compliance, reviews, facility, records |
| `fda-medtech-compliance-auditor` | Expert AI auditor for Medical Device (SaMD) compliance, IEC 62304, and 21 CFR Part 820. Reviews DHFs, technical files, and software validation. | fda, medtech, compliance, auditor | fda, medtech, compliance, auditor, ai, medical, device, samd, iec, 62304, 21, cfr |
| `find-bugs` | Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit ... | find, bugs | find, bugs, security, vulnerabilities, code, quality, issues, local, branch, changes, asked, review |
| `firebase` | Firebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules a... | firebase | firebase, gives, complete, backend, minutes, auth, database, storage, functions, hosting, ease, setup |
| `firmware-analyst` | Expert firmware analyst specializing in embedded systems, IoT security, and hardware reverse engineering. | firmware, analyst | firmware, analyst, specializing, embedded, iot, security, hardware, reverse, engineering |

6
README.md
View File

@@ -1,6 +1,6 @@
# 🌌 Antigravity Awesome Skills: 179+ Agentic Skills for Claude Code, Gemini CLI, Cursor, Copilot & More
# 🌌 Antigravity Awesome Skills: 1006+ Agentic Skills for Claude Code, Gemini CLI, Cursor, Copilot & More
> **The Ultimate Collection of 179+ Universal Agentic Skills for AI Coding Assistants — Claude Code, Gemini CLI, Codex CLI, Antigravity IDE, GitHub Copilot, Cursor, OpenCode**
> **The Ultimate Collection of 1006+ Universal Agentic Skills for AI Coding Assistants — Claude Code, Gemini CLI, Codex CLI, Antigravity IDE, GitHub Copilot, Cursor, OpenCode**
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Claude Code](https://img.shields.io/badge/Claude%20Code-Anthropic-purple)](https://claude.ai)
@@ -11,7 +11,7 @@
[![OpenCode](https://img.shields.io/badge/OpenCode-CLI-gray)](https://github.com/opencode-ai/opencode)
[![Antigravity](https://img.shields.io/badge/Antigravity-DeepMind-red)](https://github.com/anthropics/antigravity)
**Antigravity Awesome Skills** is a curated, battle-tested library of **179 high-performance agentic skills** designed to work seamlessly across all major AI coding assistants:
**Antigravity Awesome Skills** is a curated, battle-tested library of **1006 high-performance agentic skills** designed to work seamlessly across all major AI coding assistants:
- 🟣 **Claude Code** (Anthropic CLI)
- 🔵 **Gemini CLI** (Google DeepMind)

1
data/bundles.json
View File

@@ -279,6 +279,7 @@
"clerk-auth",
"cloud-penetration-testing",
"code-review-checklist",
"codebase-audit-pre-push",
"codebase-cleanup-deps-audit",
"convex",
"customs-trade-compliance",

108
data/catalog.json
View File

@@ -1,6 +1,6 @@
{
"generatedAt": "2026-02-08T00:00:00.000Z",
"total": 1002,
"total": 1006,
"skills": [
{
"id": "00-andruia-consultant",
@@ -7314,6 +7314,33 @@
],
"path": "skills/code-reviewer/SKILL.md"
},
{
"id": "codebase-audit-pre-push",
"name": "codebase-audit-pre-push",
"description": "Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness.",
"category": "security",
"tags": [
"codebase",
"audit",
"pre",
"push"
],
"triggers": [
"codebase",
"audit",
"pre",
"push",
"deep",
"before",
"github",
"removes",
"junk",
"files",
"dead",
"code"
],
"path": "skills/codebase-audit-pre-push/SKILL.md"
},
{
"id": "codebase-cleanup-deps-audit",
"name": "codebase-cleanup-deps-audit",
@@ -9871,6 +9898,31 @@
],
"path": "skills/dotnet-backend-patterns/SKILL.md"
},
{
"id": "drizzle-orm-expert",
"name": "drizzle-orm-expert",
"description": "Expert in Drizzle ORM for TypeScript — schema design, relational queries, migrations, and serverless database integration. Use when building type-safe database layers with Drizzle.",
"category": "data-ai",
"tags": [
"drizzle",
"orm"
],
"triggers": [
"drizzle",
"orm",
"typescript",
"schema",
"relational",
"queries",
"migrations",
"serverless",
"database",
"integration",
"building",
"type"
],
"path": "skills/drizzle-orm-expert/SKILL.md"
},
{
"id": "dropbox-automation",
"name": "dropbox-automation",
@@ -10676,6 +10728,60 @@
],
"path": "skills/fastapi-templates/SKILL.md"
},
{
"id": "fda-food-safety-auditor",
"name": "fda-food-safety-auditor",
"description": "Expert AI auditor for FDA Food Safety (FSMA), HACCP, and PCQI compliance. Reviews food facility records and preventive controls.",
"category": "security",
"tags": [
"fda",
"food",
"safety",
"auditor"
],
"triggers": [
"fda",
"food",
"safety",
"auditor",
"ai",
"fsma",
"haccp",
"pcqi",
"compliance",
"reviews",
"facility",
"records"
],
"path": "skills/fda-food-safety-auditor/SKILL.md"
},
{
"id": "fda-medtech-compliance-auditor",
"name": "fda-medtech-compliance-auditor",
"description": "Expert AI auditor for Medical Device (SaMD) compliance, IEC 62304, and 21 CFR Part 820. Reviews DHFs, technical files, and software validation.",
"category": "security",
"tags": [
"fda",
"medtech",
"compliance",
"auditor"
],
"triggers": [
"fda",
"medtech",
"compliance",
"auditor",
"ai",
"medical",
"device",
"samd",
"iec",
"62304",
"21",
"cfr"
],
"path": "skills/fda-medtech-compliance-auditor/SKILL.md"
},
{
"id": "ffuf-claude-skill",
"name": "ffuf-claude-skill",

241
skills/codebase-audit-pre-push/SKILL.md Normal file
View File

@@ -0,0 +1,241 @@
---
name: codebase-audit-pre-push
description: "Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness."
category: development
risk: safe
source: community
date_added: "2026-03-05"
---
# Pre-Push Codebase Audit
As a senior engineer, you're doing the final review before pushing this code to GitHub. Check everything carefully and fix problems as you find them.
## When to Use This Skill
- User requests "audit the codebase" or "review before push"
- Before making the first push to GitHub
- Before making a repository public
- Pre-production deployment review
- User asks to "clean up the code" or "optimize everything"
## Your Job
Review the entire codebase file by file. Read the code carefully. Fix issues right away. Don't just note problems—make the necessary changes.
## Audit Process
### 1. Clean Up Junk Files
Start by looking for files that shouldn't be on GitHub:
**Delete these immediately:**
- OS files: `.DS_Store`, `Thumbs.db`, `desktop.ini`
- Logs: `*.log`, `npm-debug.log*`, `yarn-error.log*`
- Temp files: `*.tmp`, `*.temp`, `*.cache`, `*.swp`
- Build output: `dist/`, `build/`, `.next/`, `out/`, `.cache/`
- Dependencies: `node_modules/`, `vendor/`, `__pycache__/`, `*.pyc`
- IDE files: `.idea/`, `.vscode/` (ask user first), `*.iml`, `.project`
- Backup files: `*.bak`, `*_old.*`, `*_backup.*`, `*_copy.*`
- Test artifacts: `coverage/`, `.nyc_output/`, `test-results/`
- Personal junk: `TODO.txt`, `NOTES.txt`, `scratch.*`, `test123.*`
**Critical - Check for secrets:**
- `.env` files (should never be committed)
- Files containing: `password`, `api_key`, `token`, `secret`, `private_key`
- `*.pem`, `*.key`, `*.cert`, `credentials.json`, `serviceAccountKey.json`
If you find secrets in the code, mark it as a CRITICAL BLOCKER.
### 2. Fix .gitignore
Check if the `.gitignore` file exists and is thorough. If its missing or not complete, update it to include all junk file patterns above. Ensure that `.env.example` exists with keys but no values.
### 3. Audit Every Source File
Look through each code file and check:
**Dead Code (remove immediately):**
- Commented-out code blocks
- Unused imports/requires
- Unused variables (declared but never used)
- Unused functions (defined but never called)
- Unreachable code (after `return`, inside `if (false)`)
- Duplicate logic (same code in multiple places—combine)
**Code Quality (fix issues as you go):**
- Vague names: `data`, `info`, `temp`, `thing` → rename to be descriptive
- Magic numbers: `if (status === 3)` → extract to named constant
- Debug statements: remove `console.log`, `print()`, `debugger`
- TODO/FIXME comments: either resolve them or delete them
- TypeScript `any`: add proper types or explain why `any` is used
- Use `===` instead of `==` in JavaScript
- Functions longer than 50 lines: consider splitting
- Nested code greater than 3 levels: refactor with early returns
**Logic Issues (critical):**
- Missing null/undefined checks
- Array operations on potentially empty arrays
- Async functions that are not awaited
- Promises without `.catch()` or try/catch
- Possibilities for infinite loops
- Missing `default` in switch statements
### 4. Security Check (Zero Tolerance)
**Secrets:** Search for hardcoded passwords, API keys, and tokens. They must be in environment variables.
**Injection vulnerabilities:**
- SQL: No string concatenation in queries—use parameterized queries only
- Command injection: No `exec()` with user-provided input
- Path traversal: No file paths from user input without validation
- XSS: No `innerHTML` or `dangerouslySetInnerHTML` with user data
**Auth/Authorization:**
- Passwords hashed with bcrypt/argon2 (never MD5 or plain text)
- Protected routes check for authentication
- Authorization checks on the server side, not just in the UI
- No IDOR: verify users own the resources they are accessing
**Data exposure:**
- API responses do not leak unnecessary information
- Error messages do not expose stack traces or database details
- Pagination is present on list endpoints
**Dependencies:**
- Run `npm audit` or an equivalent tool
- Flag critically outdated or vulnerable packages
### 5. Scalability Check
**Database:**
- N+1 queries: loops with database calls inside → use JOINs or batch queries
- Missing indexes on WHERE/ORDER BY columns
- Unbounded queries: add LIMIT or pagination
- Avoid `SELECT *`: specify columns
**API Design:**
- Heavy operations (like email, reports, file processing) → move to a background queue
- Rate limiting on public endpoints
- Caching for data that is read frequently
- Timeouts on external calls
**Code:**
- No global mutable state
- Clean up event listeners (to avoid memory leaks)
- Stream large files instead of loading them into memory
### 6. Architecture Check
**Organization:**
- Clear folder structure
- Files are in logical locations
- No "misc" or "stuff" folders
**Separation of concerns:**
- UI layer: only responsible for rendering
- Business logic: pure functions
- Data layer: isolated database queries
- No 500+ line "god files"
**Reusability:**
- Duplicate code → extract to shared utilities
- Constants defined once and imported
- Types/interfaces reused, not redefined
### 7. Performance
**Backend:**
- Expensive operations do not block requests
- Batch database calls when possible
- Set cache headers correctly
**Frontend (if applicable):**
- Implement code splitting
- Optimize images
- Avoid massive dependencies for small utilities
- Use lazy loading for heavy components
### 8. Documentation
**README.md must include:**
- Description of what the project does
- Instructions for installation and execution
- Required environment variables
- Guidance on running tests
**Code comments:**
- Explain WHY, not WHAT
- Provide explanations for complex logic
- Avoid comments that merely repeat the code
### 9. Testing
- Critical paths should have tests (auth, payments, core features)
- No `test.only` or `fdescribe` should remain in the code
- Avoid `test.skip` without an explanation
- Tests should verify behavior, not implementation details
### 10. Final Verification
After making all changes, run the app. Ensure nothing is broken. Check that:
- The app starts without errors
- Main features work
- Tests pass (if they exist)
- No regressions have been introduced
## Output Format
After auditing, provide a report:
```
CODEBASE AUDIT COMPLETE
FILES REMOVED:
- node_modules/ (build artifact)
- .env (contained secrets)
- old_backup.js (unused duplicate)
CODE CHANGES:
[src/api/users.js]
✂ Removed unused import: lodash
✂ Removed dead function: formatOldWay()
🔧 Renamed 'data' → 'userData' for clarity
🛡 Added try/catch around API call (line 47)
[src/db/queries.js]
⚡ Fixed N+1 query: now uses JOIN instead of loop
SECURITY ISSUES:
🚨 CRITICAL: Hardcoded API key in config.js (line 12) → moved to .env
⚠️ HIGH: SQL injection risk in search.js (line 34) → fixed with parameterized query
SCALABILITY:
⚡ Added pagination to /api/users endpoint
⚡ Added index on users.email column
FINAL STATUS:
✅ CLEAN - Ready to push to GitHub
Scores:
Security: 9/10 (one minor header missing)
Code Quality: 10/10
Scalability: 9/10
Overall: 9/10
```
## Key Principles
- Read the code thoroughly, don't skim
- Fix issues immediately, dont just document them
- If uncertain about removing something, ask the user
- Test after making changes
- Be thorough but practical—focus on real problems
- Security issues are blockers—nothing should ship with critical vulnerabilities
## Related Skills
- `@security-auditor` - Deeper security review
- `@systematic-debugging` - Investigate specific issues
- `@git-pushing` - Push code after audit

10
skills_index.json
View File

@@ -2959,6 +2959,16 @@
"source": "community",
"date_added": "2026-02-27"
},
{
"id": "codebase-audit-pre-push",
"path": "skills/codebase-audit-pre-push",
"category": "development",
"name": "codebase-audit-pre-push",
"description": "Deep audit before GitHub push: removes junk files, dead code, security holes, and optimization issues. Checks every file line-by-line for production readiness.",
"risk": "safe",
"source": "community",
"date_added": "2026-03-05"
},
{
"id": "codebase-cleanup-deps-audit",
"path": "skills/codebase-cleanup-deps-audit",