[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-skill-charon-fan-security-auditor-de":3,"guides-for-charon-fan-security-auditor":623,"similar-k17ct36xpczv4bfdrm65qhchx586mzy0-de":624},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":15,"identity":236,"isFallback":222,"parentExtension":241,"providers":242,"relations":247,"repo":249,"tags":620,"workflow":621},1778683644393.578,"k17ct36xpczv4bfdrm65qhchx586mzy0",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":13,"sourceUrl":14},"Security vulnerability expert covering OWASP Top 10 and common security issues. Use when conducting security audits or reviewing code for vulnerabilities.",{"claudeCode":12},"charon-fan/agent-playbook","security-auditor","https://github.com/charon-fan/agent-playbook",{"_creationTime":16,"_id":17,"extensionId":5,"locale":18,"result":19,"trustSignals":220,"workflow":234},1778684133289.9744,"kn7cn0yqgd34e9wj3h3xsw6ag586m329","en",{"checks":20,"evaluatedAt":191,"extensionSummary":192,"features":193,"nonGoals":198,"promptVersionExtension":202,"promptVersionScoring":203,"purpose":204,"rationale":205,"score":206,"summary":207,"tags":208,"targetMarket":214,"tier":215,"useCases":216},[21,26,29,32,36,39,43,47,50,53,58,62,65,69,72,75,78,81,84,87,90,94,98,102,106,109,112,115,119,122,125,128,131,134,137,141,145,149,152,156,159,162,165,168,172,175,178,181,184,188],{"category":22,"check":23,"severity":24,"summary":25},"Practical Utility","Problem relevance","pass","The description clearly states the problem of security vulnerability assessment, covering OWASP Top 10 and common security issues, and provides usage context when conducting security audits or reviewing code.",{"category":22,"check":27,"severity":24,"summary":28},"Unique selling proposition","The skill implements specific checks for OWASP Top 10 categories and common security issues using shell and Python scripts, going beyond basic LLM capabilities for vulnerability assessment.",{"category":22,"check":30,"severity":24,"summary":31},"Production readiness","The skill is production-ready, covering the full lifecycle of a security audit by providing checks, remediation guidance, and scripts for execution.",{"category":33,"check":34,"severity":24,"summary":35},"Scope","Single responsibility principle","The skill focuses on security auditing and vulnerability assessment, adhering to a single responsibility principle by not incorporating unrelated domains like code formatting or deployment.",{"category":33,"check":37,"severity":24,"summary":38},"Description quality","The displayed description accurately reflects the skill's capability as a security vulnerability expert covering OWASP Top 10 and common issues.",{"category":40,"check":41,"severity":24,"summary":42},"Invocation","Scoped tools","The skill uses narrow, scoped tools like 'Read', 'Grep', 'Glob', 'Bash', and 'WebSearch', which are well-defined for security auditing tasks.",{"category":44,"check":45,"severity":24,"summary":46},"Documentation","Configuration & parameter reference","All script arguments and parameters are documented through argparse, and the SKILL.md clearly outlines the expected usage and scope.",{"category":33,"check":48,"severity":24,"summary":49},"Tool naming","The tools used (Read, Grep, Glob, Bash, WebSearch) are descriptive and commonly understood within the domain.",{"category":33,"check":51,"severity":24,"summary":52},"Minimal I/O surface","The scripts and tools used have well-defined inputs and outputs, focusing only on data relevant to security auditing tasks.",{"category":54,"check":55,"severity":56,"summary":57},"License","License usability","not_applicable","The license information was not explicitly detected in the provided files, but given the context of agent-playbook, a permissive license is likely. However, without a dedicated LICENSE file or SPDX identifier, it cannot be confirmed from the source.",{"category":59,"check":60,"severity":24,"summary":61},"Maintenance","Commit recency","The last commit was on 2026-04-16, which is within the last 3 months.",{"category":59,"check":63,"severity":24,"summary":64},"Dependency Management","The Python scripts use standard libraries, and the `package.json` and `requirements.txt` (mentioned in SKILL.md) imply standard dependency management, though explicit lockfiles are not provided.",{"category":66,"check":67,"severity":24,"summary":68},"Security","Secret Management","The skill's `find_secrets.py` script is designed to detect secrets, and the general approach focuses on analysis rather than handling or echoing secrets.",{"category":66,"check":70,"severity":24,"summary":71},"Injection","The script uses `grep` for pattern matching and Python's `pathlib` and `re` modules for text processing, which treat loaded data as text and avoid direct execution of untrusted content.",{"category":66,"check":73,"severity":24,"summary":74},"Transitive Supply-Chain Grenades","The skill relies on bundled scripts and standard system tools (`grep`, `bash`), not fetching external code or markdown at runtime for execution.",{"category":66,"check":76,"severity":24,"summary":77},"Sandbox Isolation","The scripts operate within the provided project directory and use standard commands, adhering to sandbox isolation principles.",{"category":66,"check":79,"severity":24,"summary":80},"Sandbox escape primitives","The scripts use standard Python and Bash commands without detached process spawns or retry loops around denied calls.",{"category":66,"check":82,"severity":24,"summary":83},"Data Exfiltration","The skill is designed for security analysis and does not contain instructions to read or submit confidential data to a third party.",{"category":66,"check":85,"severity":24,"summary":86},"Hidden Text Tricks","The bundled content is clean, uses standard Markdown and Python code, and does not contain hidden-steering tricks or unusual Unicode characters.",{"category":66,"check":88,"severity":24,"summary":89},"Opaque code execution","The bundled scripts are plain Python and Bash, not obfuscated, minified, or using `eval` with base64 payloads.",{"category":91,"check":92,"severity":24,"summary":93},"Portability","Structural Assumption","The scripts operate on the provided project structure or specified paths, and the `security_audit.py` script's default path is the current directory, avoiding OS-specific or rigid structural assumptions.",{"category":95,"check":96,"severity":24,"summary":97},"Trust","Issues Attention","There are 0 open and 0 closed issues in the last 90 days, indicating low current activity or resolution of prior issues.",{"category":99,"check":100,"severity":24,"summary":101},"Versioning","Release Management","The skill frontmatter has a `name` and `description` that are not version numbers, and the installation instructions refer to `agent-playbook` which implies versioning. However, no explicit versioning is detected on the skill itself.",{"category":103,"check":104,"severity":24,"summary":105},"Code Execution","Validation","Python scripts use `argparse` for argument validation, and `grep` commands are pattern-based, providing a level of validation for inputs.",{"category":66,"check":107,"severity":24,"summary":108},"Unguarded Destructive Operations","The skill is read-only and analytical, performing scans and checks without any destructive operations.",{"category":103,"check":110,"severity":24,"summary":111},"Error Handling","The Python scripts use standard Python error handling, and the `grep` commands will exit with non-zero status on failure, providing basic error reporting.",{"category":103,"check":113,"severity":56,"summary":114},"Logging","The skill is read-only and analytical, performing scans and checks without destructive actions or outbound calls that would necessitate an audit log.",{"category":116,"check":117,"severity":24,"summary":118},"Compliance","GDPR","The skill focuses on code structure and potential vulnerabilities, not on processing personal data. It does not submit personal data to third parties.",{"category":116,"check":120,"severity":24,"summary":121},"Target market","The skill's functionality is general and not tied to any specific geography or legal jurisdiction, making it globally applicable.",{"category":91,"check":123,"severity":24,"summary":124},"Runtime stability","The skill relies on standard Python 3 and Bash, which are widely available, and does not make assumptions about specific editors, shells, or OS versions.",{"category":44,"check":126,"severity":24,"summary":127},"README","A README file exists and clearly states the extension's purpose as a Claude Code skill for security audits and vulnerability assessment.",{"category":33,"check":129,"severity":24,"summary":130},"Tool surface size","The skill primarily uses standard shell commands and two Python scripts, with a limited set of core functionalities.",{"category":40,"check":132,"severity":24,"summary":133},"Overlapping near-synonym tools","The skill uses distinct tools like `grep`, `read`, `glob`, and `WebSearch` for specific security auditing tasks, without significant overlap in functionality.",{"category":44,"check":135,"severity":24,"summary":136},"Phantom features","All advertised features, such as OWASP Top 10 coverage and specific script executions, are implemented in the provided code and documentation.",{"category":138,"check":139,"severity":24,"summary":140},"Install","Installation instruction","The README provides clear installation instructions as part of the agent-playbook and includes copy-pasteable usage examples for triggering the skill.",{"category":142,"check":143,"severity":24,"summary":144},"Errors","Actionable error messages","The Python scripts provide informative messages for arguments and file existence, and standard `grep` command failures will indicate issues.",{"category":146,"check":147,"severity":24,"summary":148},"Execution","Pinned dependencies","The Python scripts use standard libraries, and shebangs are present for interpreters. Lockfiles are not explicitly shown but implied by the `agent-playbook` context.",{"category":33,"check":150,"severity":56,"summary":151},"Dry-run preview","The skill is purely analytical and performs read-only operations, thus a dry-run preview is not applicable.",{"category":153,"check":154,"severity":56,"summary":155},"Protocol","Idempotent retry & timeouts","The skill's operations are primarily local file analysis and do not involve external calls or state-changing operations that would require idempotency or timeouts.",{"category":116,"check":157,"severity":24,"summary":158},"Telemetry opt-in","There is no indication of telemetry being emitted by this skill; it focuses on local analysis and reporting.",{"category":40,"check":160,"severity":24,"summary":161},"Precise Purpose","The skill's purpose is precisely defined as a security vulnerability expert covering OWASP Top 10 and common security issues, activated when requesting audits or reviews.",{"category":40,"check":163,"severity":24,"summary":164},"Concise Frontmatter","The frontmatter is concise, clearly stating the skill's name, description, and activation triggers.",{"category":44,"check":166,"severity":24,"summary":167},"Concise Body","The SKILL.md content is well-structured and reasonably concise, with detailed checks within Markdown and external references for deeper material.",{"category":169,"check":170,"severity":24,"summary":171},"Context","Progressive Disclosure","The SKILL.md outlines the OWASP Top 10 categories and provides bash checks, with references to external markdown files for more details, demonstrating progressive disclosure.",{"category":169,"check":173,"severity":56,"summary":174},"Forked exploration","This skill performs analysis and checks, not deep exploration or multi-file inspection, so `context: fork` is not applicable.",{"category":22,"check":176,"severity":24,"summary":177},"Usage examples","The README and SKILL.md provide clear usage examples, including specific trigger phrases and bash commands to run the security audit scripts.",{"category":22,"check":179,"severity":24,"summary":180},"Edge cases","The scripts handle basic edge cases like file existence and argument parsing. The `grep` commands will report if patterns are not found, implicitly handling some 'not found' scenarios.",{"category":103,"check":182,"severity":56,"summary":183},"Tool Fallback","The skill uses standard system tools and Python, not relying on external MCP servers or custom tools that would require fallbacks.",{"category":185,"check":186,"severity":24,"summary":187},"Safety","Halt on unexpected state","The Python scripts include basic argument validation, and `grep` commands will exit non-zero if patterns are not found or errors occur, halting the workflow.",{"category":91,"check":189,"severity":24,"summary":190},"Cross-skill coupling","The skill operates as a standalone security auditor and does not appear to implicitly rely on other skills or handle adjacent tasks without explicit cross-linking.",1778684133184,"This skill acts as a security vulnerability expert, leveraging shell commands and Python scripts to perform code reviews and identify issues based on OWASP Top 10 standards and common security best practices.",[194,195,196,197],"Covers OWASP Top 10 vulnerabilities","Performs static code analysis for security issues","Includes scripts for finding secrets and generating audit reports","Provides remediation guidance and best practices",[199,200,201],"Performing dynamic security testing","Remediating vulnerabilities automatically","Acting as a real-time intrusion detection system","3.0.0","4.4.0","To conduct thorough security audits and vulnerability assessments on codebases, identifying common security flaws and providing guidance for remediation.","The skill is a high-quality, focused security auditing tool with excellent documentation and clear implementation. Minor points on license detection and implicit versioning do not detract from its overall reliability.",98,"A robust and well-documented security auditing skill.",[209,210,211,212,213],"security","vulnerability","auditing","owasp","code-review","global","verified",[217,218,219],"When requesting a security audit of code","When needing a security review for vulnerabilities","When concerned about common security risks like injection or access control failures",{"codeQuality":221,"collectedAt":223,"documentation":224,"maintenance":227,"security":232,"testCoverage":233},{"hasLockfile":222},true,1778684110636,{"descriptionLength":225,"readmeSize":226},154,12573,{"closedIssues90d":8,"forks":228,"hasChangelog":229,"openIssues90d":8,"pushedAt":230,"stars":231},9,false,1776343074000,53,{"hasNpmPackage":229,"smitheryVerified":229},{"hasCi":222,"hasTests":222},{"updatedAt":235},1778684133290,{"basePath":237,"githubOwner":238,"githubRepo":239,"locale":18,"slug":13,"type":240},"skills/security-auditor","charon-fan","agent-playbook","skill",null,{"evaluate":243,"extract":245},{"promptVersionExtension":202,"promptVersionScoring":203,"score":206,"tags":244,"targetMarket":214,"tier":215},[209,210,211,212,213],{"commitSha":246},"HEAD",{"repoId":248},"kd7cf5d43dzccs0fw9c2rp131n86mrv4",{"_creationTime":250,"_id":248,"identity":251,"providers":252,"workflow":616},1778683636062.0115,{"githubOwner":238,"githubRepo":239,"sourceUrl":14},{"classify":253,"discover":610,"github":613},{"commitSha":246,"extensions":254},[255,279,298,307,316,333,350,359,374,393,412,423,434,451,460,469,480,499,513,528,545,554,563,583,592],{"basePath":256,"description":257,"displayName":258,"installMethods":259,"rationale":260,"selectedPaths":261,"source":278,"sourceLanguage":18,"type":240},"skills/api-designer","REST and GraphQL API architect for designing robust, scalable APIs. Use when designing new APIs or improving existing ones.","api-designer",{"claudeCode":12},"SKILL.md frontmatter at skills/api-designer/SKILL.md",[262,265,268,271,273,276],{"path":263,"priority":264},"SKILL.md","mandatory",{"path":266,"priority":267},"README.md","high",{"path":269,"priority":270},"references/graphql-patterns.md","medium",{"path":272,"priority":270},"references/rest-patterns.md",{"path":274,"priority":275},"scripts/generate_api.py","low",{"path":277,"priority":275},"scripts/validate_api.py","rule",{"basePath":280,"description":281,"displayName":282,"installMethods":283,"rationale":284,"selectedPaths":285,"source":278,"sourceLanguage":18,"type":240},"skills/api-documenter","API documentation specialist for OpenAPI/Swagger specifications. Use when documenting REST or GraphQL APIs.","api-documenter",{"claudeCode":12},"SKILL.md frontmatter at skills/api-documenter/SKILL.md",[286,287,288,290,292,294,296],{"path":263,"priority":264},{"path":266,"priority":267},{"path":289,"priority":270},"references/examples/README.md",{"path":291,"priority":270},"references/examples/openapi-example.yaml",{"path":293,"priority":270},"references/openapi-template.yaml",{"path":295,"priority":275},"scripts/generate_openapi.py",{"path":297,"priority":275},"scripts/validate_openapi.py",{"basePath":299,"description":300,"displayName":301,"installMethods":302,"rationale":303,"selectedPaths":304,"source":278,"sourceLanguage":18,"type":240},"skills/architecting-solutions","Designs technical solutions and architecture. Use when user says \"design solution\", \"architecture design\", \"technical design\", or \"方案设计\" WITHOUT mentioning PRD. For PRD-specific work, use prd-planner skill instead.","architecting-solutions",{"claudeCode":12},"SKILL.md frontmatter at skills/architecting-solutions/SKILL.md",[305,306],{"path":263,"priority":264},{"path":266,"priority":267},{"basePath":308,"description":309,"displayName":310,"installMethods":311,"rationale":312,"selectedPaths":313,"source":278,"sourceLanguage":18,"type":240},"skills/auto-trigger","Workflow automation hooks for agent-playbook skills. This skill defines automatic triggers between skills - DO NOT use directly, it's a configuration skill that other skills reference.","auto-trigger",{"claudeCode":12},"SKILL.md frontmatter at skills/auto-trigger/SKILL.md",[314,315],{"path":263,"priority":264},{"path":266,"priority":267},{"basePath":317,"description":318,"displayName":319,"installMethods":320,"rationale":321,"selectedPaths":322,"source":278,"sourceLanguage":18,"type":240},"skills/code-reviewer","Reviews pull requests and code changes for quality, security, and best practices. Use when user asks for code review, PR review, or mentions reviewing changes.","code-reviewer",{"claudeCode":12},"SKILL.md frontmatter at skills/code-reviewer/SKILL.md",[323,324,325,327,329,331],{"path":263,"priority":264},{"path":266,"priority":267},{"path":326,"priority":270},"references/checklist.md",{"path":328,"priority":270},"references/patterns.md",{"path":330,"priority":270},"references/security.md",{"path":332,"priority":275},"scripts/review_checklist.py",{"basePath":334,"description":335,"displayName":336,"installMethods":337,"rationale":338,"selectedPaths":339,"source":278,"sourceLanguage":18,"type":240},"skills/commit-helper","Helps write Git commit messages following the Conventional Commits specification. Use this skill when the user asks to commit changes, write commit messages, format commits, or mentions git commits.","commit-helper",{"claudeCode":12},"SKILL.md frontmatter at skills/commit-helper/SKILL.md",[340,341,342,344,346,348],{"path":263,"priority":264},{"path":266,"priority":267},{"path":343,"priority":270},"references/conventional-commits.md",{"path":345,"priority":270},"references/examples.md",{"path":347,"priority":270},"references/scopes.md",{"path":349,"priority":275},"scripts/validate_commit.py",{"basePath":351,"description":352,"displayName":353,"installMethods":354,"rationale":355,"selectedPaths":356,"source":278,"sourceLanguage":18,"type":240},"skills/create-pr","Creates pull requests with bilingual documentation updates. Use when user asks to create PR, make a pull request, or submit changes for review. Automatically updates both English and Chinese README files.","create-pr",{"claudeCode":12},"SKILL.md frontmatter at skills/create-pr/SKILL.md",[357,358],{"path":263,"priority":264},{"path":266,"priority":267},{"basePath":360,"description":361,"displayName":362,"installMethods":363,"rationale":364,"selectedPaths":365,"source":278,"sourceLanguage":18,"type":240},"skills/debugger","Advanced debugging specialist for diagnosing and resolving code issues. Use when user encounters bugs, errors, unexpected behavior, or mentions debugging.","debugger",{"claudeCode":12},"SKILL.md frontmatter at skills/debugger/SKILL.md",[366,367,368,369,371,372],{"path":263,"priority":264},{"path":266,"priority":267},{"path":326,"priority":270},{"path":370,"priority":270},"references/errors.md",{"path":328,"priority":270},{"path":373,"priority":275},"scripts/debug_report.py",{"basePath":375,"description":376,"displayName":377,"installMethods":378,"rationale":379,"selectedPaths":380,"source":278,"sourceLanguage":18,"type":240},"skills/deployment-engineer","Deployment automation specialist for CI/CD pipelines and infrastructure. Use when setting up deployment, configuring CI/CD, or managing releases.","deployment-engineer",{"claudeCode":12},"SKILL.md frontmatter at skills/deployment-engineer/SKILL.md",[381,382,383,385,387,389,391],{"path":263,"priority":264},{"path":266,"priority":267},{"path":384,"priority":270},"references/kubernetes.md",{"path":386,"priority":270},"references/monitoring.md",{"path":388,"priority":270},"references/pipelines.md",{"path":390,"priority":275},"scripts/generate_deploy.py",{"path":392,"priority":275},"scripts/validate_deploy.py",{"basePath":394,"description":395,"displayName":396,"installMethods":397,"rationale":398,"selectedPaths":399,"source":278,"sourceLanguage":18,"type":240},"skills/documentation-engineer","Technical documentation expert for creating clear, comprehensive documentation. Use when user asks to write docs, create README, or document code.","documentation-engineer",{"claudeCode":12},"SKILL.md frontmatter at skills/documentation-engineer/SKILL.md",[400,401,402,404,406,408,410],{"path":263,"priority":264},{"path":266,"priority":267},{"path":403,"priority":270},"references/api-template.md",{"path":405,"priority":270},"references/readme-template.md",{"path":407,"priority":270},"references/style-guide.md",{"path":409,"priority":275},"scripts/generate_docs.py",{"path":411,"priority":275},"scripts/validate_docs.py",{"basePath":413,"description":414,"displayName":415,"installMethods":416,"rationale":417,"selectedPaths":418,"source":278,"sourceLanguage":18,"type":240},"skills/figma-designer","Analyzes Figma designs and generates implementation-ready PRDs with detailed visual specifications. Use when user provides Figma link or uploads design screenshots. Requires Figma MCP server connection.","figma-designer",{"claudeCode":12},"SKILL.md frontmatter at skills/figma-designer/SKILL.md",[419,420,421],{"path":263,"priority":264},{"path":266,"priority":267},{"path":422,"priority":270},"references/example-output.md",{"basePath":424,"description":425,"displayName":426,"installMethods":427,"rationale":428,"selectedPaths":429,"source":278,"sourceLanguage":18,"type":240},"skills/long-task-coordinator","Coordinates multi-session, delegated, or long-running work with persistent state, recovery checks, and explicit status transitions. Use when a task spans multiple turns, multiple agents, background jobs, or scheduled loops, or when interrupted work must be resumed reliably.","long-task-coordinator",{"claudeCode":12},"SKILL.md frontmatter at skills/long-task-coordinator/SKILL.md",[430,431,432],{"path":263,"priority":264},{"path":266,"priority":267},{"path":433,"priority":270},"references/workflow.md",{"basePath":435,"description":436,"displayName":437,"installMethods":438,"rationale":439,"selectedPaths":440,"source":278,"sourceLanguage":18,"type":240},"skills/performance-engineer","Performance optimization specialist for improving application speed and efficiency. Use when investigating performance issues or optimizing code.","performance-engineer",{"claudeCode":12},"SKILL.md frontmatter at skills/performance-engineer/SKILL.md",[441,442,443,444,445,447,449],{"path":263,"priority":264},{"path":266,"priority":267},{"path":326,"priority":270},{"path":386,"priority":270},{"path":446,"priority":270},"references/optimization.md",{"path":448,"priority":275},"scripts/perf_report.py",{"path":450,"priority":275},"scripts/profile.py",{"basePath":452,"description":453,"displayName":454,"installMethods":455,"rationale":456,"selectedPaths":457,"source":278,"sourceLanguage":18,"type":240},"skills/planning-with-files","Uses persistent markdown files for general planning, progress tracking, and knowledge storage (Manus-style workflow). Use for multi-step tasks, research projects, or general organization WITHOUT mentioning PRD. For PRD-specific work, use prd-planner skill instead.","planning-with-files",{"claudeCode":12},"SKILL.md frontmatter at skills/planning-with-files/SKILL.md",[458,459],{"path":263,"priority":264},{"path":266,"priority":267},{"basePath":461,"description":462,"displayName":463,"installMethods":464,"rationale":465,"selectedPaths":466,"source":278,"sourceLanguage":18,"type":240},"skills/prd-implementation-precheck","Implement PRDs/specs with a mandatory precheck review before coding. Use when a user asks to implement a PRD/feature spec/requirements doc or says \"implement PRD/spec\". Perform a preflight review, raise questions on scope/consistency/risks, then implement after confirmation.","prd-implementation-precheck",{"claudeCode":12},"SKILL.md frontmatter at skills/prd-implementation-precheck/SKILL.md",[467,468],{"path":263,"priority":264},{"path":266,"priority":267},{"basePath":470,"description":471,"displayName":472,"installMethods":473,"rationale":474,"selectedPaths":475,"source":278,"sourceLanguage":18,"type":240},"skills/prd-planner","Creates PRDs using persistent file-based planning. Use when user explicitly says \"PRD\", \"product requirements document\", or \"产品需求文档\". Combines PRD methodology with planning-with-files to avoid context switching.","prd-planner",{"claudeCode":12},"SKILL.md frontmatter at skills/prd-planner/SKILL.md",[476,477,478],{"path":263,"priority":264},{"path":266,"priority":267},{"path":479,"priority":270},"references/edge-case-analysis.md",{"basePath":481,"description":482,"displayName":483,"installMethods":484,"rationale":485,"selectedPaths":486,"source":278,"sourceLanguage":18,"type":240},"skills/qa-expert","Quality assurance expert for testing strategies and quality gates. Use when planning test coverage, setting up QA processes, or improving quality standards.","qa-expert",{"claudeCode":12},"SKILL.md frontmatter at skills/qa-expert/SKILL.md",[487,488,489,491,493,495,497],{"path":263,"priority":264},{"path":266,"priority":267},{"path":490,"priority":270},"references/gates.md",{"path":492,"priority":270},"references/metrics.md",{"path":494,"priority":270},"references/strategy.md",{"path":496,"priority":275},"scripts/coverage_analysis.py",{"path":498,"priority":275},"scripts/generate_test_plan.py",{"basePath":500,"description":501,"displayName":502,"installMethods":503,"rationale":504,"selectedPaths":505,"source":278,"sourceLanguage":18,"type":240},"skills/refactoring-specialist","Code refactoring expert for improving code structure, readability, and maintainability. Use when user asks to refactor, clean up, or improve code quality.","refactoring-specialist",{"claudeCode":12},"SKILL.md frontmatter at skills/refactoring-specialist/SKILL.md",[506,507,508,509,511],{"path":263,"priority":264},{"path":266,"priority":267},{"path":326,"priority":270},{"path":510,"priority":270},"references/smells.md",{"path":512,"priority":270},"references/techniques.md",{"basePath":237,"description":10,"displayName":13,"installMethods":514,"rationale":515,"selectedPaths":516,"source":278,"sourceLanguage":18,"type":240},{"claudeCode":12},"SKILL.md frontmatter at skills/security-auditor/SKILL.md",[517,518,519,520,522,524,526],{"path":263,"priority":264},{"path":266,"priority":267},{"path":326,"priority":270},{"path":521,"priority":270},"references/owasp.md",{"path":523,"priority":270},"references/remediation.md",{"path":525,"priority":275},"scripts/find_secrets.py",{"path":527,"priority":275},"scripts/security_audit.py",{"basePath":529,"description":530,"displayName":531,"installMethods":532,"rationale":533,"selectedPaths":534,"source":278,"sourceLanguage":18,"type":240},"skills/self-improving-agent","A universal self-improving agent that learns from ALL skill experiences. Uses multi-memory architecture (semantic + episodic + working) to continuously evolve the codebase. Auto-triggers on skill completion/error with hooks-based self-correction.","self-improving-agent",{"claudeCode":12},"SKILL.md frontmatter at skills/self-improving-agent/SKILL.md",[535,536,537,539,541,543],{"path":263,"priority":264},{"path":266,"priority":267},{"path":538,"priority":270},"references/appendix.md",{"path":540,"priority":275},"templates/correction-template.md",{"path":542,"priority":275},"templates/pattern-template.md",{"path":544,"priority":275},"templates/validation-template.md",{"basePath":546,"description":547,"displayName":548,"installMethods":549,"rationale":550,"selectedPaths":551,"source":278,"sourceLanguage":18,"type":240},"skills/session-logger","Saves conversation history to session log files. Use when user says \"保存对话\", \"保存对话信息\", \"记录会话\", \"save session\", or \"save conversation\". Automatically creates timestamped session log in sessions/ directory.","session-logger",{"claudeCode":12},"SKILL.md frontmatter at skills/session-logger/SKILL.md",[552,553],{"path":263,"priority":264},{"path":266,"priority":267},{"basePath":555,"description":556,"displayName":557,"installMethods":558,"rationale":559,"selectedPaths":560,"source":278,"sourceLanguage":18,"type":240},"skills/skill-router","Intelligently routes user requests to the most appropriate Claude Code skill. ALWAYS use this skill FIRST when user asks for help, mentions \"skill\", \"which\", \"how to\", or seems unsure about which approach to take. This is the default entry point for all skill-related requests.","skill-router",{"claudeCode":12},"SKILL.md frontmatter at skills/skill-router/SKILL.md",[561,562],{"path":263,"priority":264},{"path":266,"priority":267},{"basePath":564,"description":565,"displayName":566,"installMethods":567,"rationale":568,"selectedPaths":569,"source":278,"sourceLanguage":18,"type":240},"skills/test-automator","Test automation framework expert for creating and maintaining automated tests. Use when user asks to write tests, automate testing, or improve test coverage.","test-automator",{"claudeCode":12},"SKILL.md frontmatter at skills/test-automator/SKILL.md",[570,571,572,574,575,577,579,581],{"path":263,"priority":264},{"path":266,"priority":267},{"path":573,"priority":270},"references/best-practices.md",{"path":289,"priority":270},{"path":576,"priority":270},"references/examples/unit-test-example.md",{"path":578,"priority":270},"references/mocking.md",{"path":580,"priority":275},"scripts/coverage_report.py",{"path":582,"priority":275},"scripts/generate_test.py",{"basePath":584,"description":585,"displayName":586,"installMethods":587,"rationale":588,"selectedPaths":589,"source":278,"sourceLanguage":18,"type":240},"skills/workflow-orchestrator","Automatically coordinates multi-skill workflows and triggers follow-up actions. Use when completing PRD creation, implementation, or any milestone that should trigger additional skills. This skill reads the auto-trigger configuration and executes the workflow chain.","workflow-orchestrator",{"claudeCode":12},"SKILL.md frontmatter at skills/workflow-orchestrator/SKILL.md",[590,591],{"path":263,"priority":264},{"path":266,"priority":267},{"basePath":593,"description":594,"displayName":595,"installMethods":596,"license":597,"rationale":598,"selectedPaths":599,"source":278,"sourceLanguage":18,"type":609},"packages/agent-playbook","Local skill manager and installer for agent-playbook across Claude Code, Codex, and Gemini.","@codeharbor/agent-playbook",{"npm":595},"MIT","cli ecosystem detected at packages/agent-playbook",[600,602,603,605,607],{"path":601,"priority":264},"package.json",{"path":266,"priority":264},{"path":604,"priority":267},"LICENSE",{"path":606,"priority":270},"bin/agent-playbook.js",{"path":608,"priority":275},"src/cli.js","cli",{"sources":611},[612],"manual",{"closedIssues90d":8,"description":614,"forks":228,"openIssues90d":8,"pushedAt":230,"readmeSize":226,"stars":231,"topics":615},"",[],{"classifiedAt":617,"discoverAt":618,"extractAt":619,"githubAt":619,"updatedAt":617},1778683644178,1778683636062,1778683642414,[211,213,212,209,210],{"evaluatedAt":235,"extractAt":622,"updatedAt":235},1778683644393,[],[625,654,681,710,735,763],{"_creationTime":626,"_id":627,"community":628,"display":629,"identity":635,"providers":640,"relations":648,"tags":650,"workflow":651},1778691193352.5176,"k17fczm34j9645kq7jcp1b4hss86mz0t",{"reviewCount":8},{"description":630,"installMethods":631,"name":633,"sourceUrl":634},"Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida \"Revisión diff develop\", \"revisión diff develop\", \"diff develop\", \"revisar diff\", \"codex diff\" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.",{"claudeCode":632},"j4rk0r/claude-skills","codex-diff-develop","https://github.com/j4rk0r/claude-skills",{"basePath":636,"githubOwner":637,"githubRepo":638,"locale":639,"slug":633,"type":240},"skills/codex-diff-develop","j4rk0r","claude-skills","es",{"evaluate":641,"extract":647},{"promptVersionExtension":202,"promptVersionScoring":203,"score":642,"tags":643,"targetMarket":214,"tier":215},100,[644,213,645,209,211,646],"drupal","diff","developer-tools",{"commitSha":246},{"repoId":649},"kd79shaph0e07035621cxd7x1n86m944",[211,213,646,645,644,209],{"evaluatedAt":652,"extractAt":653,"updatedAt":652},1778691216358,1778691193352,{"_creationTime":655,"_id":656,"community":657,"display":658,"identity":664,"providers":668,"relations":675,"tags":677,"workflow":678},1778695753353.633,"k17fxb9fnez7bhk0sy8znxzx8n86m48r",{"reviewCount":8},{"description":659,"installMethods":660,"name":662,"sourceUrl":663},"Drift detection + baseline integrity guard for agent workspace files with automatic alerting support",{"claudeCode":661},"prompt-security/clawsec","soul-guardian","https://github.com/prompt-security/clawsec",{"basePath":665,"githubOwner":666,"githubRepo":667,"locale":18,"slug":662,"type":240},"skills/soul-guardian","prompt-security","clawsec",{"evaluate":669,"extract":674},{"promptVersionExtension":202,"promptVersionScoring":203,"score":642,"tags":670,"targetMarket":214,"tier":215},[209,671,211,672,673],"integrity","file-guard","workspace",{"commitSha":246},{"repoId":676},"kd72phsqkbk8w57ctvf7ac9nqs86n9t4",[211,672,671,209,673],{"evaluatedAt":679,"extractAt":680,"updatedAt":679},1778696065248,1778695753353,{"_creationTime":682,"_id":683,"community":684,"display":685,"identity":691,"providers":695,"relations":703,"tags":706,"workflow":707},1778695548458.3328,"k17cyw0d6mk1vdgew2xmncx1f186npdm",{"reviewCount":8},{"description":686,"installMethods":687,"name":689,"sourceUrl":690},"Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.\n",{"claudeCode":688},"pjt222/agent-almanac","audit-dependency-versions","https://github.com/pjt222/agent-almanac",{"basePath":692,"githubOwner":693,"githubRepo":694,"locale":18,"slug":689,"type":240},"skills/audit-dependency-versions","pjt222","agent-almanac",{"evaluate":696,"extract":702},{"promptVersionExtension":202,"promptVersionScoring":203,"score":642,"tags":697,"targetMarket":214,"tier":215},[698,211,209,699,700,701],"dependencies","upgrades","versioning","maintenance",{"commitSha":246},{"parentExtensionId":704,"repoId":705},"k170h0janaa9kwn7cfgfz2ykss86mmh9","kd7aryv63z61j39n2td1aeqkvh86mh12",[211,698,701,209,699,700],{"evaluatedAt":708,"extractAt":709,"updatedAt":708},1778696062378,1778695548458,{"_creationTime":711,"_id":712,"community":713,"display":714,"identity":718,"providers":722,"relations":729,"tags":731,"workflow":732},1778691370980.6204,"k175r5wzz8n1wk65qfwqv70vkn86n2kg",{"reviewCount":8},{"description":715,"installMethods":716,"name":717,"sourceUrl":634},"Überprüft Pull Requests in Drupal 11 (oder anderen) Projekten gemäß der Codex-Methodik (Geschäftslogik, Edge Cases von Hooks/Queries, Sicherheit, Performance, Vollständigkeit). Generiert einen .md-Bericht im erkannten IDE-Ordner (.antigravity/, .cursor/, .vscode/ oder docs/) mit Befunden nach Schweregrad und umsetzbaren Lösungen. Verwenden Sie dies, wenn der Benutzer \"Codex-Überprüfung\", \"PR-Überprüfung\", \"PR überprüfen\", \"PR überprüfen\" anfordert.",{"claudeCode":632},"Codex PR Review",{"basePath":719,"githubOwner":637,"githubRepo":638,"locale":720,"slug":721,"type":240},"skills/codex-pr-review","de","codex-pr-review",{"evaluate":723,"extract":728},{"promptVersionExtension":202,"promptVersionScoring":203,"score":642,"tags":724,"targetMarket":214,"tier":215},[644,213,725,726,209,727],"pull-request","codex","quality-assurance",{"commitSha":246,"license":597},{"repoId":649,"translatedFrom":730},"k175cj68ewyej64segk2xnppss86n5ad",[213,726,644,725,727,209],{"evaluatedAt":733,"extractAt":653,"updatedAt":734},1778691239127,1778691370980,{"_creationTime":736,"_id":737,"community":738,"display":739,"identity":745,"providers":749,"relations":756,"tags":759,"workflow":760},1778685949178.8015,"k1735tzhh2g75x6j2tcjwshcj586m3m7",{"reviewCount":8},{"description":740,"installMethods":741,"name":743,"sourceUrl":744},"Deep security audit covering OWASP Top 10, authentication, authorization, data protection, dependency vulnerabilities, and secrets scanning. Delegates to the Centinela (QA) agent.",{"claudeCode":742},"davepoon/buildwithclaude","security-audit","https://github.com/davepoon/buildwithclaude",{"basePath":746,"githubOwner":747,"githubRepo":748,"locale":18,"slug":743,"type":240},"plugins/agent-triforce/skills/security-audit","davepoon","buildwithclaude",{"evaluate":750,"extract":755},{"promptVersionExtension":202,"promptVersionScoring":203,"score":751,"tags":752,"targetMarket":214,"tier":215},99,[209,753,212,210,754],"audit","scanning",{"commitSha":246},{"parentExtensionId":757,"repoId":758},"k17eq6cjyjedtcvvzycxanmpg586naxx","kd719kw54vhmcscq7ckdp59fg586mnt6",[753,212,754,209,210],{"evaluatedAt":761,"extractAt":762,"updatedAt":761},1778688723658,1778685949178,{"_creationTime":764,"_id":765,"community":766,"display":767,"identity":771,"providers":773,"relations":778,"tags":779,"workflow":780},1778695548458.397,"k17d68v0edq4e45xvt9sbkb77d86mr3q",{"reviewCount":8},{"description":768,"installMethods":769,"name":770,"sourceUrl":690},"Perform a security audit of a codebase checking for exposed secrets, vulnerable dependencies, injection vulnerabilities, insecure configurations, and OWASP Top 10 issues. Use before publishing or deploying a project, for periodic security reviews, after adding authentication or API integration, before open-sourcing a private repository, or when preparing for a security compliance audit.\n",{"claudeCode":688},"security-audit-codebase",{"basePath":772,"githubOwner":693,"githubRepo":694,"locale":18,"slug":770,"type":240},"skills/security-audit-codebase",{"evaluate":774,"extract":777},{"promptVersionExtension":202,"promptVersionScoring":203,"score":206,"tags":775,"targetMarket":214,"tier":215},[209,753,212,776,210,213],"secrets",{"commitSha":246},{"parentExtensionId":704,"repoId":705},[753,213,212,776,209,210],{"evaluatedAt":781,"extractAt":709,"updatedAt":781},1778701195746]