From 76bd5bf93357b5bd707aa3b3627d9181b04cae2c Mon Sep 17 00:00:00 2001
From: Leo <leo@openclaw.ai>
Date: Wed, 4 Mar 2026 03:00:47 +0100
Subject: [PATCH] docs: add skill-security-auditor to marketplace, README, and
 CHANGELOG
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add standalone plugin entry for skill-security-auditor in marketplace.json
- Update engineering-advanced-skills plugin description to include it
- Update skill counts: 85→86 across README, CHANGELOG, marketplace
- Add install command to README Quick Install section
- Add to CHANGELOG [Unreleased] section
---
 .claude-plugin/marketplace.json | 32 ++++++++++++++++++++++++++++----
 CHANGELOG.md                    |  9 ++++++---
 README.md                       |  5 +++--
 3 files changed, 37 insertions(+), 9 deletions(-)

diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json
index 05da048..deb4f69 100644
--- a/.claude-plugin/marketplace.json
+++ b/.claude-plugin/marketplace.json
@@ -4,11 +4,11 @@
         "name": "Alireza Rezvani",
         "url": "https://alirezarezvani.com"
     },
-    "description": "Production-ready skill packages for Claude AI - 85 expert skills across marketing, engineering, product, C-level advisory, project management, regulatory compliance, business growth, and finance",
+    "description": "Production-ready skill packages for Claude AI - 86 expert skills across marketing, engineering, product, C-level advisory, project management, regulatory compliance, business growth, and finance",
     "homepage": "https://github.com/alirezarezvani/claude-skills",
     "repository": "https://github.com/alirezarezvani/claude-skills",
     "metadata": {
-        "description": "85 production-ready skill packages across 9 domains: marketing, engineering, engineering-advanced, product, C-level advisory, project management, regulatory compliance, business growth, and finance",
+        "description": "86 production-ready skill packages across 9 domains: marketing, engineering, engineering-advanced, product, C-level advisory, project management, regulatory compliance, business growth, and finance",
         "version": "2.0.0"
     },
     "plugins": [
@@ -53,7 +53,7 @@
         {
             "name": "engineering-advanced-skills",
             "source": "./engineering",
-            "description": "24 POWERFUL-tier engineering skills: agent designer, RAG architect, database designer, migration architect, observability designer, dependency auditor, release manager, API reviewer, CI/CD pipeline builder, MCP server builder, and more",
+            "description": "25 POWERFUL-tier engineering skills: agent designer, RAG architect, database designer, migration architect, observability designer, dependency auditor, release manager, API reviewer, CI/CD pipeline builder, MCP server builder, skill security auditor, and more",
             "version": "2.0.0",
             "author": {
                 "name": "Alireza Rezvani"
@@ -75,7 +75,9 @@
                 "runbook",
                 "changelog",
                 "onboarding",
-                "worktree"
+                "worktree",
+                "security-audit",
+                "vulnerability-scanner"
             ],
             "category": "development"
         },
@@ -279,6 +281,28 @@
                 "retrospective"
             ],
             "category": "project-management"
+        },
+        {
+            "name": "skill-security-auditor",
+            "source": "./engineering/skill-security-auditor",
+            "description": "Security audit and vulnerability scanner for AI agent skills. Scans for malicious code, prompt injection, data exfiltration, supply chain risks, and privilege escalation before installation. Zero dependencies, PASS/WARN/FAIL verdicts with remediation guidance.",
+            "version": "2.0.0",
+            "author": {
+                "name": "Alireza Rezvani"
+            },
+            "keywords": [
+                "security",
+                "audit",
+                "vulnerability",
+                "scanner",
+                "malware",
+                "prompt-injection",
+                "supply-chain",
+                "code-review",
+                "safety",
+                "pre-install"
+            ],
+            "category": "security"
         }
     ]
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8e1495a..9d93692 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+- **skill-security-auditor** (POWERFUL tier) — Security audit and vulnerability scanner for AI agent skills. Scans for malicious code, prompt injection, data exfiltration, supply chain risks, and privilege escalation. Zero dependencies, PASS/WARN/FAIL verdicts.
+
 ### Planned
 - Complete Anthropic best practices refactoring (5/42 skills remaining)
 - Production Python tools for remaining RA/QM skills
@@ -99,9 +102,9 @@ Major rewrite of existing skills following Anthropic's agent skills specificatio
 - **Codex skills sync** — Automated symlink workflow for Codex integration
 
 ### 📊 Stats
-- **85 total skills** across 9 domains (up from 42 across 6)
+- **86 total skills** across 9 domains (up from 42 across 6)
 - **92+ Python automation tools** (up from 20+)
-- **25 POWERFUL-tier skills** in new `engineering/` domain
+- **26 POWERFUL-tier skills** in `engineering/` domain (including skill-security-auditor)
 - **37/42 original skills refactored** to Anthropic best practices
 
 ### Fixed
@@ -250,7 +253,7 @@ Major rewrite of existing skills following Anthropic's agent skills specificatio
 
 | Version | Date | Skills | Domains | Key Changes |
 |---------|------|--------|---------|-------------|
-| 2.0.0 | 2026-02-16 | 85 | 9 | 25 POWERFUL-tier skills, 37 refactored, Codex support, 3 new domains |
+| 2.0.0 | 2026-02-16 | 86 | 9 | 26 POWERFUL-tier skills, 37 refactored, Codex support, 3 new domains |
 | 1.1.0 | 2025-10-21 | 42 | 6 | Anthropic best practices refactoring (5 skills) |
 | 1.0.2 | 2025-10-21 | 42 | 6 | GitHub repository pages (LICENSE, CONTRIBUTING, etc.) |
 | 1.0.1 | 2025-10-21 | 42 | 6 | Star History, link fixes |
diff --git a/README.md b/README.md
index fc0932f..9b49caf 100644
--- a/README.md
+++ b/README.md
@@ -34,6 +34,7 @@ Use Claude Code's built-in plugin system for native integration:
 /plugin install finance-skills@claude-code-skills           # 1 finance skill
 
 # Or install individual skills:
+/plugin install skill-security-auditor@claude-code-skills  # Security scanner
 /plugin install content-creator@claude-code-skills      # Single skill
 /plugin install fullstack-engineer@claude-code-skills   # Single skill
 ```
@@ -112,7 +113,7 @@ Or preview first with `--dry-run`:
 Install to Claude Code, Cursor, VS Code, Amp, Goose, and more - all with one command:
 
 ```bash
-# Install all 85 skills to all supported agents
+# Install all 86 skills to all supported agents
 npx agent-skills-cli add alirezarezvani/claude-skills
 
 # Install to specific agent (Claude Code)
@@ -2251,7 +2252,7 @@ Explore our complete ecosystem of Claude Code augmentation tools and utilities:
 
 ### Current Status (Q4 2025)
 
-**✅ Phase 1: Complete - 85 Production-Ready Skills**
+**✅ Phase 1: Complete - 86 Production-Ready Skills**
 
 **Marketing Skills (6):**
 - Content Creator - Brand voice analysis, SEO optimization, social media frameworks