Dev ( #255 ) ...
* docs: restructure README.md — 2,539 → 209 lines (#247 )
- Cut from 2,539 lines / 73 sections to 209 lines / 18 sections
- Consolidated 4 install methods into one unified section
- Moved all skill details to domain-level READMEs (linked from table)
- Front-loaded value prop and keywords for SEO
- Added POWERFUL tier highlight section
- Added skill-security-auditor showcase section
- Removed stale Q4 2025 roadmap, outdated ROI claims, duplicate content
- Fixed all internal links
- Clean heading hierarchy (H2 for main sections only)
Closes #233
Co-authored-by: Leo <leo@openclaw.ai >
* fix: enhance 5 skills with scripts, references, and Anthropic best practices (#248 )
* fix(skill): enhance git-worktree-manager with scripts, references, and Anthropic best practices
* fix(skill): enhance mcp-server-builder with scripts, references, and Anthropic best practices
* fix(skill): enhance changelog-generator with scripts, references, and Anthropic best practices
* fix(skill): enhance ci-cd-pipeline-builder with scripts, references, and Anthropic best practices
* fix(skill): enhance prompt-engineer-toolkit with scripts, references, and Anthropic best practices
* docs: update README, CHANGELOG, and plugin metadata
* fix: correct marketing plugin count, expand thin references
---------
Co-authored-by: Leo <leo@openclaw.ai >
* ci: Add VirusTotal security scan for skills (#252 )
* Dev (#231 )
* Improve senior-fullstack skill description and workflow validation
- Expand frontmatter description with concrete actions and trigger clauses
- Add validation steps to scaffolding workflow (verify scaffold succeeded)
- Add re-run verification step to audit workflow (confirm P0 fixes)
* chore: sync codex skills symlinks [automated]
* fix(skill): normalize senior-fullstack frontmatter to inline format
Normalize YAML description from block scalar (>) to inline single-line
format matching all other 50+ skills. Align frontmatter trigger phrases
with the body's Trigger Phrases section to eliminate duplication.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
* fix(ci): add GITHUB_TOKEN to checkout + restore corrupted skill descriptions
- Add token: ${{ secrets.GITHUB_TOKEN }} to actions/checkout@v4 in
sync-codex-skills.yml so git-auto-commit-action can push back to branch
(fixes: fatal: could not read Username, exit 128)
- Restore correct description for incident-commander (was: 'Skill from engineering-team')
- Restore correct description for senior-fullstack (was: '>')
* fix(ci): pass PROJECTS_TOKEN to fix automated commits + remove duplicate checkout
Fixes PROJECTS_TOKEN passthrough for git-auto-commit-action and removes duplicate checkout step in pr-issue-auto-close workflow.
* fix(ci): remove stray merge conflict marker in sync-codex-skills.yml (#221 )
Co-authored-by: Leo <leo@leo-agent-server>
* fix(ci): fix workflow errors + add OpenClaw support (#222 )
* feat: add 20 new practical skills for professional Claude Code users
New skills across 5 categories:
Engineering (12):
- git-worktree-manager: Parallel dev with port isolation & env sync
- ci-cd-pipeline-builder: Generate GitHub Actions/GitLab CI from stack analysis
- mcp-server-builder: Build MCP servers from OpenAPI specs
- changelog-generator: Conventional commits to structured changelogs
- pr-review-expert: Blast radius analysis & security scan for PRs
- api-test-suite-builder: Auto-generate test suites from API routes
- env-secrets-manager: .env management, leak detection, rotation workflows
- database-schema-designer: Requirements to migrations & types
- codebase-onboarding: Auto-generate onboarding docs from codebase
- performance-profiler: Node/Python/Go profiling & optimization
- runbook-generator: Operational runbooks from codebase analysis
- monorepo-navigator: Turborepo/Nx/pnpm workspace management
Engineering Team (2):
- stripe-integration-expert: Subscriptions, webhooks, billing patterns
- email-template-builder: React Email/MJML transactional email systems
Product Team (3):
- saas-scaffolder: Full SaaS project generation from product brief
- landing-page-generator: High-converting landing pages with copy frameworks
- competitive-teardown: Structured competitive product analysis
Business Growth (1):
- contract-and-proposal-writer: Contracts, SOWs, NDAs per jurisdiction
Marketing (1):
- prompt-engineer-toolkit: Systematic prompt development & A/B testing
Designed for daily professional use and commercial distribution.
* chore: sync codex skills symlinks [automated]
* docs: update README with 20 new skills, counts 65→86, new skills section
* docs: add commercial distribution plan (Stan Store + Gumroad)
* docs: rewrite CHANGELOG.md with v2.0.0 release (65 skills, 9 domains) (#226 )
* docs: rewrite CHANGELOG.md with v2.0.0 release (65 skills, 9 domains)
- Consolidate 191 commits since v1.0.2 into proper v2.0.0 entry
- Document 12 POWERFUL-tier skills, 37 refactored skills
- Add new domains: business-growth, finance
- Document Codex support and marketplace integration
- Update version history summary table
- Clean up [Unreleased] to only planned work
* docs: add 24 POWERFUL-tier skills to plugin, fix counts to 85 across all docs
- Add engineering-advanced-skills plugin (24 POWERFUL-tier skills) to marketplace.json
- Add 13 missing skills to CHANGELOG v2.0.0 (agent-workflow-designer, api-test-suite-builder,
changelog-generator, ci-cd-pipeline-builder, codebase-onboarding, database-schema-designer,
env-secrets-manager, git-worktree-manager, mcp-server-builder, monorepo-navigator,
performance-profiler, pr-review-expert, runbook-generator)
- Fix skill count: 86→85 (excl sample-skill) across README, CHANGELOG, marketplace.json
- Fix stale 53→85 references in README
- Add engineering-advanced-skills install command to README
- Update marketplace.json version to 2.0.0
---------
Co-authored-by: Leo <leo@openclaw.ai >
* feat: add skill-security-auditor POWERFUL-tier skill (#230 )
Security audit and vulnerability scanner for AI agent skills before installation.
Scans for:
- Code execution risks (eval, exec, os.system, subprocess shell injection)
- Data exfiltration (outbound HTTP, credential harvesting, env var extraction)
- Prompt injection in SKILL.md (system override, role hijack, safety bypass)
- Dependency supply chain (typosquatting, unpinned versions, runtime installs)
- File system abuse (boundary violations, binaries, symlinks, hidden files)
- Privilege escalation (sudo, SUID, cron manipulation, shell config writes)
- Obfuscation (base64, hex encoding, chr chains, codecs)
Produces clear PASS/WARN/FAIL verdict with per-finding remediation guidance.
Supports local dirs, git repo URLs, JSON output, strict mode, and CI/CD integration.
Includes:
- scripts/skill_security_auditor.py (1049 lines, zero dependencies)
- references/threat-model.md (complete attack vector documentation)
- SKILL.md with usage guide and report format
Tested against: rag-architect (PASS), agent-designer (PASS), senior-secops (FAIL - correctly flagged eval/exec patterns).
Co-authored-by: Leo <leo@openclaw.ai >
* docs: add skill-security-auditor to marketplace, README, and CHANGELOG
- Add standalone plugin entry for skill-security-auditor in marketplace.json
- Update engineering-advanced-skills plugin description to include it
- Update skill counts: 85→86 across README, CHANGELOG, marketplace
- Add install command to README Quick Install section
- Add to CHANGELOG [Unreleased] section
---------
Co-authored-by: Baptiste Fernandez <fernandez.baptiste1@gmail.com >
Co-authored-by: alirezarezvani <5697919+alirezarezvani@users.noreply.github.com >
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com >
Co-authored-by: Leo <leo@leo-agent-server>
Co-authored-by: Leo <leo@openclaw.ai >
* Dev (#249 )
* docs: restructure README.md — 2,539 → 209 lines (#247 )
- Cut from 2,539 lines / 73 sections to 209 lines / 18 sections
- Consolidated 4 install methods into one unified section
- Moved all skill details to domain-level READMEs (linked from table)
- Front-loaded value prop and keywords for SEO
- Added POWERFUL tier highlight section
- Added skill-security-auditor showcase section
- Removed stale Q4 2025 roadmap, outdated ROI claims, duplicate content
- Fixed all internal links
- Clean heading hierarchy (H2 for main sections only)
Closes #233
Co-authored-by: Leo <leo@openclaw.ai >
* fix: enhance 5 skills with scripts, references, and Anthropic best practices (#248 )
* fix(skill): enhance git-worktree-manager with scripts, references, and Anthropic best practices
* fix(skill): enhance mcp-server-builder with scripts, references, and Anthropic best practices
* fix(skill): enhance changelog-generator with scripts, references, and Anthropic best practices
* fix(skill): enhance ci-cd-pipeline-builder with scripts, references, and Anthropic best practices
* fix(skill): enhance prompt-engineer-toolkit with scripts, references, and Anthropic best practices
* docs: update README, CHANGELOG, and plugin metadata
* fix: correct marketing plugin count, expand thin references
---------
Co-authored-by: Leo <leo@openclaw.ai >
---------
Co-authored-by: Leo <leo@openclaw.ai >
* Dev (#250 )
* docs: restructure README.md — 2,539 → 209 lines (#247 )
- Cut from 2,539 lines / 73 sections to 209 lines / 18 sections
- Consolidated 4 install methods into one unified section
- Moved all skill details to domain-level READMEs (linked from table)
- Front-loaded value prop and keywords for SEO
- Added POWERFUL tier highlight section
- Added skill-security-auditor showcase section
- Removed stale Q4 2025 roadmap, outdated ROI claims, duplicate content
- Fixed all internal links
- Clean heading hierarchy (H2 for main sections only)
Closes #233
Co-authored-by: Leo <leo@openclaw.ai >
* fix: enhance 5 skills with scripts, references, and Anthropic best practices (#248 )
* fix(skill): enhance git-worktree-manager with scripts, references, and Anthropic best practices
* fix(skill): enhance mcp-server-builder with scripts, references, and Anthropic best practices
* fix(skill): enhance changelog-generator with scripts, references, and Anthropic best practices
* fix(skill): enhance ci-cd-pipeline-builder with scripts, references, and Anthropic best practices
* fix(skill): enhance prompt-engineer-toolkit with scripts, references, and Anthropic best practices
* docs: update README, CHANGELOG, and plugin metadata
* fix: correct marketing plugin count, expand thin references
---------
Co-authored-by: Leo <leo@openclaw.ai >
---------
Co-authored-by: Leo <leo@openclaw.ai >
* ci: add VirusTotal security scan for skills
- Scans changed skill directories on PRs to dev/main
- Scans all skills on release publish
- Posts scan results as PR comment with analysis links
- Rate-limited to 4 req/min (free tier compatible)
- Appends VirusTotal links to release body on publish
* fix: resolve YAML lint errors in virustotal workflow
- Add document start marker (---)
- Quote 'on' key for truthy lint rule
- Remove trailing spaces
- Break long lines under 160 char limit
---------
Co-authored-by: Baptiste Fernandez <fernandez.baptiste1@gmail.com >
Co-authored-by: alirezarezvani <5697919+alirezarezvani@users.noreply.github.com >
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com >
Co-authored-by: Leo <leo@leo-agent-server>
Co-authored-by: Leo <leo@openclaw.ai >
* feat: add playwright-pro plugin — production-grade Playwright testing toolkit (#254 )
Complete Claude Code plugin with:
- 9 skills (/pw:init, generate, review, fix, migrate, coverage, testrail, browserstack, report)
- 3 specialized agents (test-architect, test-debugger, migration-planner)
- 55 test case templates across 11 categories (auth, CRUD, checkout, search, forms, dashboard, settings, onboarding, notifications, API, accessibility)
- TestRail MCP server (TypeScript) — 8 tools for bidirectional sync
- BrowserStack MCP server (TypeScript) — 7 tools for cross-browser testing
- Smart hooks (auto-validate tests, auto-detect Playwright projects)
- 6 curated reference docs (golden rules, locators, assertions, fixtures, pitfalls, flaky tests)
- Leverages Claude Code built-ins (/batch, /debug, Explore subagent)
- Zero-config for core features; TestRail/BrowserStack via env vars
- Both TypeScript and JavaScript support throughout
Co-authored-by: Leo <leo@openclaw.ai >
---------
Co-authored-by: Leo <leo@openclaw.ai >
Co-authored-by: Baptiste Fernandez <fernandez.baptiste1@gmail.com >
Co-authored-by: alirezarezvani <5697919+alirezarezvani@users.noreply.github.com >
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com >
Co-authored-by: Leo <leo@leo-agent-server>
afd3192965