Dev (#231)
* Improve senior-fullstack skill description and workflow validation
- Expand frontmatter description with concrete actions and trigger clauses
- Add validation steps to scaffolding workflow (verify scaffold succeeded)
- Add re-run verification step to audit workflow (confirm P0 fixes)
* chore: sync codex skills symlinks [automated]
* fix(skill): normalize senior-fullstack frontmatter to inline format
Normalize YAML description from block scalar (>) to inline single-line
format matching all other 50+ skills. Align frontmatter trigger phrases
with the body's Trigger Phrases section to eliminate duplication.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(ci): add GITHUB_TOKEN to checkout + restore corrupted skill descriptions
- Add token: ${{ secrets.GITHUB_TOKEN }} to actions/checkout@v4 in
sync-codex-skills.yml so git-auto-commit-action can push back to branch
(fixes: fatal: could not read Username, exit 128)
- Restore correct description for incident-commander (was: 'Skill from engineering-team')
- Restore correct description for senior-fullstack (was: '>')
* fix(ci): pass PROJECTS_TOKEN to fix automated commits + remove duplicate checkout
Fixes PROJECTS_TOKEN passthrough for git-auto-commit-action and removes duplicate checkout step in pr-issue-auto-close workflow.
* fix(ci): remove stray merge conflict marker in sync-codex-skills.yml (#221)
Co-authored-by: Leo <leo@leo-agent-server>
* fix(ci): fix workflow errors + add OpenClaw support (#222)
* feat: add 20 new practical skills for professional Claude Code users
New skills across 5 categories:
Engineering (12):
- git-worktree-manager: Parallel dev with port isolation & env sync
- ci-cd-pipeline-builder: Generate GitHub Actions/GitLab CI from stack analysis
- mcp-server-builder: Build MCP servers from OpenAPI specs
- changelog-generator: Conventional commits to structured changelogs
- pr-review-expert: Blast radius analysis & security scan for PRs
- api-test-suite-builder: Auto-generate test suites from API routes
- env-secrets-manager: .env management, leak detection, rotation workflows
- database-schema-designer: Requirements to migrations & types
- codebase-onboarding: Auto-generate onboarding docs from codebase
- performance-profiler: Node/Python/Go profiling & optimization
- runbook-generator: Operational runbooks from codebase analysis
- monorepo-navigator: Turborepo/Nx/pnpm workspace management
Engineering Team (2):
- stripe-integration-expert: Subscriptions, webhooks, billing patterns
- email-template-builder: React Email/MJML transactional email systems
Product Team (3):
- saas-scaffolder: Full SaaS project generation from product brief
- landing-page-generator: High-converting landing pages with copy frameworks
- competitive-teardown: Structured competitive product analysis
Business Growth (1):
- contract-and-proposal-writer: Contracts, SOWs, NDAs per jurisdiction
Marketing (1):
- prompt-engineer-toolkit: Systematic prompt development & A/B testing
Designed for daily professional use and commercial distribution.
* chore: sync codex skills symlinks [automated]
* docs: update README with 20 new skills, counts 65→86, new skills section
* docs: add commercial distribution plan (Stan Store + Gumroad)
* docs: rewrite CHANGELOG.md with v2.0.0 release (65 skills, 9 domains) (#226)
* docs: rewrite CHANGELOG.md with v2.0.0 release (65 skills, 9 domains)
- Consolidate 191 commits since v1.0.2 into proper v2.0.0 entry
- Document 12 POWERFUL-tier skills, 37 refactored skills
- Add new domains: business-growth, finance
- Document Codex support and marketplace integration
- Update version history summary table
- Clean up [Unreleased] to only planned work
* docs: add 24 POWERFUL-tier skills to plugin, fix counts to 85 across all docs
- Add engineering-advanced-skills plugin (24 POWERFUL-tier skills) to marketplace.json
- Add 13 missing skills to CHANGELOG v2.0.0 (agent-workflow-designer, api-test-suite-builder,
changelog-generator, ci-cd-pipeline-builder, codebase-onboarding, database-schema-designer,
env-secrets-manager, git-worktree-manager, mcp-server-builder, monorepo-navigator,
performance-profiler, pr-review-expert, runbook-generator)
- Fix skill count: 86→85 (excl sample-skill) across README, CHANGELOG, marketplace.json
- Fix stale 53→85 references in README
- Add engineering-advanced-skills install command to README
- Update marketplace.json version to 2.0.0
---------
Co-authored-by: Leo <leo@openclaw.ai>
* feat: add skill-security-auditor POWERFUL-tier skill (#230)
Security audit and vulnerability scanner for AI agent skills before installation.
Scans for:
- Code execution risks (eval, exec, os.system, subprocess shell injection)
- Data exfiltration (outbound HTTP, credential harvesting, env var extraction)
- Prompt injection in SKILL.md (system override, role hijack, safety bypass)
- Dependency supply chain (typosquatting, unpinned versions, runtime installs)
- File system abuse (boundary violations, binaries, symlinks, hidden files)
- Privilege escalation (sudo, SUID, cron manipulation, shell config writes)
- Obfuscation (base64, hex encoding, chr chains, codecs)
Produces clear PASS/WARN/FAIL verdict with per-finding remediation guidance.
Supports local dirs, git repo URLs, JSON output, strict mode, and CI/CD integration.
Includes:
- scripts/skill_security_auditor.py (1049 lines, zero dependencies)
- references/threat-model.md (complete attack vector documentation)
- SKILL.md with usage guide and report format
Tested against: rag-architect (PASS), agent-designer (PASS), senior-secops (FAIL - correctly flagged eval/exec patterns).
Co-authored-by: Leo <leo@openclaw.ai>
* docs: add skill-security-auditor to marketplace, README, and CHANGELOG
- Add standalone plugin entry for skill-security-auditor in marketplace.json
- Update engineering-advanced-skills plugin description to include it
- Update skill counts: 85→86 across README, CHANGELOG, marketplace
- Add install command to README Quick Install section
- Add to CHANGELOG [Unreleased] section
---------
Co-authored-by: Baptiste Fernandez <fernandez.baptiste1@gmail.com>
Co-authored-by: alirezarezvani <5697919+alirezarezvani@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Leo <leo@leo-agent-server>
Co-authored-by: Leo <leo@openclaw.ai>
c7d7babb00