Tighten the repo-state automation so canonical bot commits remain
predictable while leaving main clean after each sync.
Make the public catalog UI more honest by hiding dev-only sync,
turning stars into explicit browser-local saves, aligning risk types,
and removing hardcoded catalog counts.
Add shared public asset URL helpers, risk suggestion plumbing,
safer unpack/sync guards, and CI coverage gates so release and
maintainer workflows catch drift earlier.
Sanitize WhatsApp Cloud API validator output across the root skill and plugin copies so code scanning no longer flags clear-text exposure.
Add a regression test that verifies successful and failed validation runs do not print sensitive response fields or API error details.
Major update across all 11 Three.js skills:
- Fix meta skill targeting r128 (5 years old) → modern r183 import map patterns
- Fix deprecated outputEncoding → outputColorSpace
- Add Clock → Timer migration (recommended in r183)
- Add WebGPU/TSL awareness across shader and material skills
- Add BatchedMesh, OrbitControls, GLTFLoader r183 features
- Fix incorrect WebGPU post-processing patterns
- Add setAnimationLoop as preferred animation pattern
- Remove stale CapsuleGeometry and OrbitControls warnings
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add a When to Use section for akf-trust-metadata so release validation stays within the current warning budget.\n\nRefresh the generated plugin-safe and catalog artifacts produced by the maintainer sync after the PR batch landed.
* feat: add adhx skill for X/Twitter post reading
Adds the ADHX community skill for fetching X/Twitter posts as clean LLM-friendly JSON.
ADHX (https://adhx.com) is an open-source Claude Code skill that converts any x.com, twitter.com, or adhx.com link into structured JSON data with full article content, author info, and engagement metrics. No scraping or browser required.
Install:
- /plugin marketplace add itsmemeworks/adhx
- curl -sL https://raw.githubusercontent.com/itsmemeworks/adhx/main/skills/adhx/SKILL.md -o ~/.claude/skills/adhx/SKILL.md
Source: https://github.com/itsmemeworks/adhx
* fix: correct markdown indentation in SKILL.md
Fix escalating indentation in JSON response schema and remove leading
whitespace from all sections after the code block, which caused markdown
to render them as preformatted text instead of proper headings.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Pete Cheyne <pete.cheyne@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add fourteen skills from Dimillian/Skills, integrate the merged Snowflake and WordPress updates into the maintainer sync, and refresh registry metadata, attributions, walkthrough notes, and the 8.9.0 release notes while keeping validation warnings within budget.
* chore: sync repo state [ci skip]
* Enhance WordPress skill documentation with 7.0 features
Updated the WordPress skill documentation to include new features from WordPress 7.0, such as Real-Time Collaboration, AI Connectors, and Abilities API. Enhanced the overview and workflow sections to reflect these changes.
* chore: sync repo state [ci skip]
* Enhance WordPress theme development for version 7.0
Updated the WordPress theme development workflow to include new features from WordPress 7.0, such as DataViews, Pattern Editing, Navigation Overlays, and admin refresh. Enhanced the overview and added sections for new theme features and testing checklist.
* chore: sync repo state [ci skip]
* Enhance WordPress plugin development for version 7.0
Updated WordPress plugin development workflow to include new features from WordPress 7.0, such as Real-Time Collaboration, AI Connectors, and the Abilities API. Enhanced descriptions and added sections for modern plugin development practices.
* chore: sync repo state [ci skip]
* Enhance WooCommerce workflow with WP 7.0 features
Updated WooCommerce development workflow to include WordPress 7.0 features such as AI connectors, DataViews, and collaboration tools. Enhanced descriptions and added new sections for AI-powered functionalities.
* chore: sync repo state [ci skip]
* Enhance WordPress penetration testing documentation
Updated the description to include WordPress 7.0 security considerations and added new sections on security testing for AI Connector, Abilities API, Real-Time Collaboration, and DataViews endpoints.
* chore: update star history chart
* chore(pr394): Drop derived artifacts from PR
Keep the pull request source-only so maintainer workflows and CI can regenerate canonical artifacts on main after merge.
* fix(pr394): Shorten WordPress pen-test description
Keep the imported WordPress 7.0 update within repository validation limits so source-validation passes on the contributor PR.
* chore: sync repo state [ci skip]
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: sck_0 <samujackson1337@gmail.com>
* feat: add xvary-stock-research skill for EDGAR-backed equity analysis
Made-with: Cursor
* docs: add When to Use section for xvary-stock-research
Made-with: Cursor
---------
Co-authored-by: victor <SenSei2121@users.noreply.github.com>
Refresh maintainer-owned artifacts after the PR merge batch, convert the\nJetski loader example to a directly importable Node ESM module, and add\nthe 8.7.0 changelog entry before release preparation.\n\nRefs #382\nRefs #388
Integrate the JobGPT skill directly on main because the fork does not\nallow maintainer edits and the reviewed content still needed workflow and\nauth guidance fixes before release prep.\n\nRefs #388\nCo-authored-by: Yashveer Rana <captainjackrana@gmail.com>
* Add windows-shell-reliability skill
* Fix validation errors in windows-shell-reliability skill
* fix(windows-shell-reliability): Correct shell guidance
Scope the UTF-8 workaround to older Windows PowerShell behavior,\ninclude stderr in the logging recipe, and replace the foreground\nredirection example with a true detached Start-Process pattern.
---------
Co-authored-by: sickn33 <sickn33@users.noreply.github.com>
* Add skill: moyu anti-overengineering
* fix(moyu): Align metadata for validation
Match the frontmatter name to the skill directory and shorten the\ndescription so the maintainer validation checks can pass on the PR\nbranch without changing the skill body itself.
---------
Co-authored-by: sickn33 <sickn33@users.noreply.github.com>
This SKILL.md was a point-in-time copy that cannot auto-update
from the canonical source at github.com/covalenthq/goldrush-agent-skills.
Removing to avoid stale/misleading content. The canonical skills
are maintained at: https://github.com/covalenthq/goldrush-agent-skills
Co-authored-by: Jayen Harrill <jayenharrill@Mac.lan>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Add gdb-cli skill for AI-assisted GDB debugging
A GDB debugging skill designed for AI agents that combines source
code analysis with runtime state inspection. Supports core dump
analysis, live process debugging, crash investigation, and deadlock
analysis.
Features:
- Core dump analysis with millisecond-level response
- Live process attach debugging
- Source code correlation with runtime state
- Multi-threaded debugging support
- Common debugging patterns (null pointer, deadlock, memory corruption)
Repository: https://github.com/Cerdore/gdb-cli
* fix(skill): Reclassify gdb-cli risk label
---------
Co-authored-by: sickn33 <sickn33@users.noreply.github.com>
* feat: add bdistill behavioral-xray and knowledge-extraction skills
Two MCP-powered skills for AI model analysis:
- behavioral-xray: Self-probe across 6 dimensions with HTML reports
- knowledge-extraction: Domain knowledge extraction via Ollama for LoRA training
Repository: https://github.com/FrancyJGLisboa/bdistill
Install: pip install bdistill
* fix: remove curl|sh install command, update skills for current capabilities
- Removed pipe-to-shell Ollama install (flagged by docs security policy)
- Replaced with link to https://ollama.com
- Updated knowledge-extraction to reflect in-session mode, adversarial
validation, tabular ML data, and compounding knowledge base
- Updated behavioral-xray with red-team and compliance use cases
- Removed ChatML/fine-tuning language — output is reference data
Guard metadata repair and doc sync scripts against symlink targets so
repo maintenance tasks cannot overwrite arbitrary local files.
Replace recursive skill discovery with an iterative walk that skips
symlinked directories, and harden the VideoDB listener to write only
private regular files in the user-owned state directory.
Also fix the broken pr:preflight script entry and make the last30days
skill stop embedding raw user arguments directly in the shell command.
Import and normalize new skills from anthropics/skills, marketingskills, claude-seo, and obsidian-skills.
Align imported skills to repository validation rules, document provenance, and sync generated registry artifacts after the import.
Add a conservative metadata fixer for missing risk and source fields,
cover it with tests, and backfill the remaining skills using explicit
source inference only when the provenance is clear. Fall back to the
repo-documented defaults when the file does not support a stronger claim.
Refs #365
Harden batch activation, dev refresh gating, Microsoft sync path
handling, and Jetski skill loading against command injection,
symlink traversal, and client-side star tampering.
Add regression coverage for the security-sensitive paths and
update the internal triage addendum for the Jetski loader fix.
Rename the dotnet backend example assets out of the C# source path so CodeQL no longer performs low-quality C# extraction on standalone template files with no project build context. Update the implementation playbook links to the new template filenames.
Keep the Radix component boilerplate as a template asset, but rename it out of the TSX parser path so CodeQL does not treat placeholder syntax as executable source. Update the example README link to the new template filename.
Tighten the remaining high-signal security findings by switching the todo example to a standard Express rate limiter, removing sensitive metadata from boilerplate logging, and replacing fragile HTML tag filtering with parser-based conversion.
Co-Authored-By: Claude <noreply@anthropic.com>
Harden template and example code paths, redact sensitive output, and pin safe transitive npm packages. Consolidate the todo backend on better-sqlite3 so the example no longer pulls the vulnerable sqlite3 chain and still passes build and CRUD smoke checks.
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: add trpc-fullstack skill for end-to-end type-safe API development
* fix: separate App Router and server-side context factories per review feedback
- Replace createContext({ req } as any) in App Router handler with
createTRPCContext(opts: FetchCreateContextFnOptions) — the correct fetch adapter shape
- Add createServerContext() for Server Component callers so auth() is called
directly without an empty or synthetic request object cast
- Update SSR example to use createServerContext() instead of createContext({} as any)
- Add two new pitfall entries covering both auth failure scenarios
Replace malformed frontmatter lines that start with an extra YAML document separator with proper metadata fields. This keeps the skill metadata parseable by strict loaders that only accept a single YAML document in SKILL.md frontmatter.
Co-authored-by: Claude <noreply@anthropic.com>
