afd3192965
* docs: restructure README.md — 2,539 → 209 lines (#247) - Cut from 2,539 lines / 73 sections to 209 lines / 18 sections - Consolidated 4 install methods into one unified section - Moved all skill details to domain-level READMEs (linked from table) - Front-loaded value prop and keywords for SEO - Added POWERFUL tier highlight section - Added skill-security-auditor showcase section - Removed stale Q4 2025 roadmap, outdated ROI claims, duplicate content - Fixed all internal links - Clean heading hierarchy (H2 for main sections only) Closes #233 Co-authored-by: Leo <leo@openclaw.ai> * fix: enhance 5 skills with scripts, references, and Anthropic best practices (#248) * fix(skill): enhance git-worktree-manager with scripts, references, and Anthropic best practices * fix(skill): enhance mcp-server-builder with scripts, references, and Anthropic best practices * fix(skill): enhance changelog-generator with scripts, references, and Anthropic best practices * fix(skill): enhance ci-cd-pipeline-builder with scripts, references, and Anthropic best practices * fix(skill): enhance prompt-engineer-toolkit with scripts, references, and Anthropic best practices * docs: update README, CHANGELOG, and plugin metadata * fix: correct marketing plugin count, expand thin references --------- Co-authored-by: Leo <leo@openclaw.ai> * ci: Add VirusTotal security scan for skills (#252) * Dev (#231) * Improve senior-fullstack skill description and workflow validation - Expand frontmatter description with concrete actions and trigger clauses - Add validation steps to scaffolding workflow (verify scaffold succeeded) - Add re-run verification step to audit workflow (confirm P0 fixes) * chore: sync codex skills symlinks [automated] * fix(skill): normalize senior-fullstack frontmatter to inline format Normalize YAML description from block scalar (>) to inline single-line format matching all other 50+ skills. Align frontmatter trigger phrases with the body's Trigger Phrases section to eliminate duplication. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(ci): add GITHUB_TOKEN to checkout + restore corrupted skill descriptions - Add token: ${{ secrets.GITHUB_TOKEN }} to actions/checkout@v4 in sync-codex-skills.yml so git-auto-commit-action can push back to branch (fixes: fatal: could not read Username, exit 128) - Restore correct description for incident-commander (was: 'Skill from engineering-team') - Restore correct description for senior-fullstack (was: '>') * fix(ci): pass PROJECTS_TOKEN to fix automated commits + remove duplicate checkout Fixes PROJECTS_TOKEN passthrough for git-auto-commit-action and removes duplicate checkout step in pr-issue-auto-close workflow. * fix(ci): remove stray merge conflict marker in sync-codex-skills.yml (#221) Co-authored-by: Leo <leo@leo-agent-server> * fix(ci): fix workflow errors + add OpenClaw support (#222) * feat: add 20 new practical skills for professional Claude Code users New skills across 5 categories: Engineering (12): - git-worktree-manager: Parallel dev with port isolation & env sync - ci-cd-pipeline-builder: Generate GitHub Actions/GitLab CI from stack analysis - mcp-server-builder: Build MCP servers from OpenAPI specs - changelog-generator: Conventional commits to structured changelogs - pr-review-expert: Blast radius analysis & security scan for PRs - api-test-suite-builder: Auto-generate test suites from API routes - env-secrets-manager: .env management, leak detection, rotation workflows - database-schema-designer: Requirements to migrations & types - codebase-onboarding: Auto-generate onboarding docs from codebase - performance-profiler: Node/Python/Go profiling & optimization - runbook-generator: Operational runbooks from codebase analysis - monorepo-navigator: Turborepo/Nx/pnpm workspace management Engineering Team (2): - stripe-integration-expert: Subscriptions, webhooks, billing patterns - email-template-builder: React Email/MJML transactional email systems Product Team (3): - saas-scaffolder: Full SaaS project generation from product brief - landing-page-generator: High-converting landing pages with copy frameworks - competitive-teardown: Structured competitive product analysis Business Growth (1): - contract-and-proposal-writer: Contracts, SOWs, NDAs per jurisdiction Marketing (1): - prompt-engineer-toolkit: Systematic prompt development & A/B testing Designed for daily professional use and commercial distribution. * chore: sync codex skills symlinks [automated] * docs: update README with 20 new skills, counts 65→86, new skills section * docs: add commercial distribution plan (Stan Store + Gumroad) * docs: rewrite CHANGELOG.md with v2.0.0 release (65 skills, 9 domains) (#226) * docs: rewrite CHANGELOG.md with v2.0.0 release (65 skills, 9 domains) - Consolidate 191 commits since v1.0.2 into proper v2.0.0 entry - Document 12 POWERFUL-tier skills, 37 refactored skills - Add new domains: business-growth, finance - Document Codex support and marketplace integration - Update version history summary table - Clean up [Unreleased] to only planned work * docs: add 24 POWERFUL-tier skills to plugin, fix counts to 85 across all docs - Add engineering-advanced-skills plugin (24 POWERFUL-tier skills) to marketplace.json - Add 13 missing skills to CHANGELOG v2.0.0 (agent-workflow-designer, api-test-suite-builder, changelog-generator, ci-cd-pipeline-builder, codebase-onboarding, database-schema-designer, env-secrets-manager, git-worktree-manager, mcp-server-builder, monorepo-navigator, performance-profiler, pr-review-expert, runbook-generator) - Fix skill count: 86→85 (excl sample-skill) across README, CHANGELOG, marketplace.json - Fix stale 53→85 references in README - Add engineering-advanced-skills install command to README - Update marketplace.json version to 2.0.0 --------- Co-authored-by: Leo <leo@openclaw.ai> * feat: add skill-security-auditor POWERFUL-tier skill (#230) Security audit and vulnerability scanner for AI agent skills before installation. Scans for: - Code execution risks (eval, exec, os.system, subprocess shell injection) - Data exfiltration (outbound HTTP, credential harvesting, env var extraction) - Prompt injection in SKILL.md (system override, role hijack, safety bypass) - Dependency supply chain (typosquatting, unpinned versions, runtime installs) - File system abuse (boundary violations, binaries, symlinks, hidden files) - Privilege escalation (sudo, SUID, cron manipulation, shell config writes) - Obfuscation (base64, hex encoding, chr chains, codecs) Produces clear PASS/WARN/FAIL verdict with per-finding remediation guidance. Supports local dirs, git repo URLs, JSON output, strict mode, and CI/CD integration. Includes: - scripts/skill_security_auditor.py (1049 lines, zero dependencies) - references/threat-model.md (complete attack vector documentation) - SKILL.md with usage guide and report format Tested against: rag-architect (PASS), agent-designer (PASS), senior-secops (FAIL - correctly flagged eval/exec patterns). Co-authored-by: Leo <leo@openclaw.ai> * docs: add skill-security-auditor to marketplace, README, and CHANGELOG - Add standalone plugin entry for skill-security-auditor in marketplace.json - Update engineering-advanced-skills plugin description to include it - Update skill counts: 85→86 across README, CHANGELOG, marketplace - Add install command to README Quick Install section - Add to CHANGELOG [Unreleased] section --------- Co-authored-by: Baptiste Fernandez <fernandez.baptiste1@gmail.com> Co-authored-by: alirezarezvani <5697919+alirezarezvani@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Leo <leo@leo-agent-server> Co-authored-by: Leo <leo@openclaw.ai> * Dev (#249) * docs: restructure README.md — 2,539 → 209 lines (#247) - Cut from 2,539 lines / 73 sections to 209 lines / 18 sections - Consolidated 4 install methods into one unified section - Moved all skill details to domain-level READMEs (linked from table) - Front-loaded value prop and keywords for SEO - Added POWERFUL tier highlight section - Added skill-security-auditor showcase section - Removed stale Q4 2025 roadmap, outdated ROI claims, duplicate content - Fixed all internal links - Clean heading hierarchy (H2 for main sections only) Closes #233 Co-authored-by: Leo <leo@openclaw.ai> * fix: enhance 5 skills with scripts, references, and Anthropic best practices (#248) * fix(skill): enhance git-worktree-manager with scripts, references, and Anthropic best practices * fix(skill): enhance mcp-server-builder with scripts, references, and Anthropic best practices * fix(skill): enhance changelog-generator with scripts, references, and Anthropic best practices * fix(skill): enhance ci-cd-pipeline-builder with scripts, references, and Anthropic best practices * fix(skill): enhance prompt-engineer-toolkit with scripts, references, and Anthropic best practices * docs: update README, CHANGELOG, and plugin metadata * fix: correct marketing plugin count, expand thin references --------- Co-authored-by: Leo <leo@openclaw.ai> --------- Co-authored-by: Leo <leo@openclaw.ai> * Dev (#250) * docs: restructure README.md — 2,539 → 209 lines (#247) - Cut from 2,539 lines / 73 sections to 209 lines / 18 sections - Consolidated 4 install methods into one unified section - Moved all skill details to domain-level READMEs (linked from table) - Front-loaded value prop and keywords for SEO - Added POWERFUL tier highlight section - Added skill-security-auditor showcase section - Removed stale Q4 2025 roadmap, outdated ROI claims, duplicate content - Fixed all internal links - Clean heading hierarchy (H2 for main sections only) Closes #233 Co-authored-by: Leo <leo@openclaw.ai> * fix: enhance 5 skills with scripts, references, and Anthropic best practices (#248) * fix(skill): enhance git-worktree-manager with scripts, references, and Anthropic best practices * fix(skill): enhance mcp-server-builder with scripts, references, and Anthropic best practices * fix(skill): enhance changelog-generator with scripts, references, and Anthropic best practices * fix(skill): enhance ci-cd-pipeline-builder with scripts, references, and Anthropic best practices * fix(skill): enhance prompt-engineer-toolkit with scripts, references, and Anthropic best practices * docs: update README, CHANGELOG, and plugin metadata * fix: correct marketing plugin count, expand thin references --------- Co-authored-by: Leo <leo@openclaw.ai> --------- Co-authored-by: Leo <leo@openclaw.ai> * ci: add VirusTotal security scan for skills - Scans changed skill directories on PRs to dev/main - Scans all skills on release publish - Posts scan results as PR comment with analysis links - Rate-limited to 4 req/min (free tier compatible) - Appends VirusTotal links to release body on publish * fix: resolve YAML lint errors in virustotal workflow - Add document start marker (---) - Quote 'on' key for truthy lint rule - Remove trailing spaces - Break long lines under 160 char limit --------- Co-authored-by: Baptiste Fernandez <fernandez.baptiste1@gmail.com> Co-authored-by: alirezarezvani <5697919+alirezarezvani@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Leo <leo@leo-agent-server> Co-authored-by: Leo <leo@openclaw.ai> * feat: add playwright-pro plugin — production-grade Playwright testing toolkit (#254) Complete Claude Code plugin with: - 9 skills (/pw:init, generate, review, fix, migrate, coverage, testrail, browserstack, report) - 3 specialized agents (test-architect, test-debugger, migration-planner) - 55 test case templates across 11 categories (auth, CRUD, checkout, search, forms, dashboard, settings, onboarding, notifications, API, accessibility) - TestRail MCP server (TypeScript) — 8 tools for bidirectional sync - BrowserStack MCP server (TypeScript) — 7 tools for cross-browser testing - Smart hooks (auto-validate tests, auto-detect Playwright projects) - 6 curated reference docs (golden rules, locators, assertions, fixtures, pitfalls, flaky tests) - Leverages Claude Code built-ins (/batch, /debug, Explore subagent) - Zero-config for core features; TestRail/BrowserStack via env vars - Both TypeScript and JavaScript support throughout Co-authored-by: Leo <leo@openclaw.ai> --------- Co-authored-by: Leo <leo@openclaw.ai> Co-authored-by: Baptiste Fernandez <fernandez.baptiste1@gmail.com> Co-authored-by: alirezarezvani <5697919+alirezarezvani@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Leo <leo@leo-agent-server>
Claude Skills Library
86 production-ready skill packages for Claude Code, OpenAI Codex, and OpenClaw — reusable expertise bundles that transform AI agents into specialized professionals across engineering, product, marketing, compliance, and more.
⭐ 2,300+ GitHub stars — the most comprehensive open-source skill library for AI coding agents.
What Is This?
Skills are modular instruction packages that give AI agents domain expertise they don't have out of the box. Each skill includes a SKILL.md (instructions + workflows), Python CLI tools, and reference documentation — everything the agent needs to perform like a specialist.
One repo, three platforms: Works natively with Claude Code, OpenAI Codex, and OpenClaw.
Quick Install
Claude Code (Recommended)
# Add the marketplace
/plugin marketplace add alirezarezvani/claude-skills
# Install by domain
/plugin install engineering-skills@claude-code-skills # 21 core engineering
/plugin install engineering-advanced-skills@claude-code-skills # 25 POWERFUL-tier
/plugin install product-skills@claude-code-skills # 8 product skills
/plugin install marketing-skills@claude-code-skills # 7 marketing skills
/plugin install ra-qm-skills@claude-code-skills # 12 regulatory/quality
/plugin install pm-skills@claude-code-skills # 6 project management
/plugin install c-level-skills@claude-code-skills # 2 C-level advisory
/plugin install business-growth-skills@claude-code-skills # 4 business & growth
/plugin install finance-skills@claude-code-skills # 1 finance
# Or install individual skills
/plugin install skill-security-auditor@claude-code-skills # Security scanner
/plugin install content-creator@claude-code-skills # Single skill
OpenAI Codex
npx agent-skills-cli add alirezarezvani/claude-skills --agent codex
# Or: git clone + ./scripts/codex-install.sh
OpenClaw
bash <(curl -s https://raw.githubusercontent.com/alirezarezvani/claude-skills/main/scripts/openclaw-install.sh)
Manual Installation
git clone https://github.com/alirezarezvani/claude-skills.git
# Copy any skill folder to ~/.claude/skills/ (Claude Code) or ~/.codex/skills/ (Codex)
Skills Overview
86 skills across 9 domains:
| Domain | Skills | Highlights | Details |
|---|---|---|---|
| 🔧 Engineering — Core | 21 | Architecture, frontend, backend, fullstack, QA, DevOps, SecOps, AI/ML, data | engineering-team/ |
| ⚡ Engineering — POWERFUL | 25 | Agent designer, RAG architect, database designer, CI/CD builder, security auditor, MCP builder | engineering/ |
| 🎯 Product | 8 | Product manager, agile PO, strategist, UX researcher, UI design, landing pages, SaaS scaffolder | product-team/ |
| 📣 Marketing | 7 | Content creator, demand gen, PMM strategy, ASO, social media, campaign analytics, prompt engineering | marketing-skill/ |
| 📋 Project Management | 6 | Senior PM, scrum master, Jira, Confluence, Atlassian admin, templates | project-management/ |
| 🏥 Regulatory & QM | 12 | ISO 13485, MDR 2017/745, FDA, ISO 27001, GDPR, CAPA, risk management | ra-qm-team/ |
| 💼 C-Level Advisory | 2 | CEO advisor, CTO advisor | c-level-advisor/ |
| 📈 Business & Growth | 4 | Customer success, sales engineer, revenue ops, contracts & proposals | business-growth/ |
| 💰 Finance | 1 | Financial analyst (DCF, budgeting, forecasting) | finance/ |
⚡ POWERFUL Tier
25 advanced skills with deep, production-grade capabilities:
| Skill | What It Does |
|---|---|
| agent-designer | Multi-agent orchestration, tool schemas, performance evaluation |
| agent-workflow-designer | Sequential, parallel, router, orchestrator, and evaluator patterns |
| rag-architect | RAG pipeline builder, chunking optimizer, retrieval evaluator |
| database-designer | Schema analyzer, ERD generation, index optimizer, migration generator |
| database-schema-designer | Requirements → migrations, types, seed data, RLS policies |
| migration-architect | Migration planner, compatibility checker, rollback generator |
| skill-security-auditor | 🔒 Security gate — scan skills for malicious code before installation |
| ci-cd-pipeline-builder | Analyze stack → generate GitHub Actions / GitLab CI configs |
| mcp-server-builder | Build MCP servers from OpenAPI specs |
| pr-review-expert | Blast radius analysis, security scan, coverage delta |
| api-design-reviewer | REST API linter, breaking change detector, design scorecard |
| api-test-suite-builder | Scan API routes → generate complete test suites |
| dependency-auditor | Multi-language scanner, license compliance, upgrade planner |
| release-manager | Changelog generator, semantic version bumper, readiness checker |
| observability-designer | SLO designer, alert optimizer, dashboard generator |
| performance-profiler | Node/Python/Go profiling, bundle analysis, load testing |
| monorepo-navigator | Turborepo/Nx/pnpm workspace management & impact analysis |
| changelog-generator | Conventional commits → structured changelogs |
| codebase-onboarding | Auto-generate onboarding docs from codebase analysis |
| runbook-generator | Codebase → operational runbooks with commands |
| git-worktree-manager | Parallel dev with port isolation, env sync |
| env-secrets-manager | .env management, leak detection, rotation workflows |
| incident-commander | Incident response playbook, severity classifier, PIR generator |
| tech-debt-tracker | Codebase debt scanner, prioritizer, trend dashboard |
| interview-system-designer | Interview loop designer, question bank, calibrator |
🔒 Skill Security Auditor
New in v2.0.0 — audit any skill for security risks before installation:
python3 engineering/skill-security-auditor/scripts/skill_security_auditor.py /path/to/skill/
Scans for: command injection, code execution, data exfiltration, prompt injection, dependency supply chain risks, privilege escalation. Returns PASS / WARN / FAIL with remediation guidance.
Zero dependencies. Works anywhere Python runs.
Recently Enhanced Skills
Production-quality upgrades added for:
engineering/git-worktree-manager— worktree lifecycle + cleanup automation scriptsengineering/mcp-server-builder— OpenAPI -> MCP scaffold + manifest validatorengineering/changelog-generator— release note generator + conventional commit linterengineering/ci-cd-pipeline-builder— stack detector + pipeline generatormarketing-skill/prompt-engineer-toolkit— prompt A/B tester + prompt version/diff manager
Each now ships with scripts/, extracted references/, and a usage-focused README.md.
Usage Examples
Architecture Review
Using the senior-architect skill, review our microservices architecture
and identify the top 3 scalability risks.
Content Creation
Using the content-creator skill, write a blog post about AI-augmented
development. Optimize for SEO targeting "Claude Code tutorial".
Compliance Audit
Using the mdr-745-specialist skill, review our technical documentation
for MDR Annex II compliance gaps.
Python Analysis Tools
92+ CLI tools ship with the skills:
# Brand voice analysis
python3 marketing-skill/content-creator/scripts/brand_voice_analyzer.py article.txt
# Tech debt scoring
python3 c-level-advisor/cto-advisor/scripts/tech_debt_analyzer.py /path/to/codebase
# RICE prioritization
python3 product-team/product-manager-toolkit/scripts/rice_prioritizer.py features.csv
# Security audit
python3 engineering/skill-security-auditor/scripts/skill_security_auditor.py /path/to/skill/
Related Projects
| Project | Description |
|---|---|
| Claude Code Skills & Agents Factory | Methodology for building skills at scale |
| Claude Code Tresor | Productivity toolkit with 60+ prompt templates |
Contributing
We welcome contributions! See CONTRIBUTING.md for guidelines.
Quick ideas:
- Add new skills in underserved domains
- Improve existing Python tools
- Add test coverage for scripts
- Translate skills for non-English markets
License
MIT — see LICENSE for details.
Star History
Built by Alireza Rezvani · Medium · Twitter