[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-skill-ckorhonen-security-audit-de":3,"guides-for-ckorhonen-security-audit":478,"similar-k17cbddq3srr2f7k210q5d940586nb94-de":479},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":15,"identity":240,"isFallback":226,"parentExtension":245,"providers":267,"relations":271,"repo":272,"tags":476,"workflow":477},1778683790179.7827,"k17cbddq3srr2f7k210q5d940586nb94",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":13,"sourceUrl":14},"Audits a repository, workspace, or monorepo for dependency vulnerabilities, outdated security-sensitive packages, license issues, and dependency hygiene gaps, then compiles one evidence-backed report. Use when a user says `run a security audit`, `check dependencies and licenses`, `audit this monorepo for vulnerable packages`, or asks for a package-level security review. Do NOT use for a general secure-code review, threat model, or speculative vulnerability hunt without manifests, lockfiles, or package surfaces to inspect.",{"claudeCode":12},"ckorhonen/swe-skills","security-audit","https://github.com/ckorhonen/swe-skills",{"_creationTime":16,"_id":17,"extensionId":5,"locale":18,"result":19,"trustSignals":224,"workflow":238},1778684175108.2954,"kn76awadkq2q2kf1e1nekjgpf986nsqp","en",{"checks":20,"evaluatedAt":192,"extensionSummary":193,"features":194,"nonGoals":200,"promptVersionExtension":205,"promptVersionScoring":206,"purpose":207,"rationale":208,"score":209,"summary":210,"tags":211,"targetMarket":217,"tier":218,"useCases":219},[21,26,29,32,36,39,43,48,51,54,58,62,65,69,72,75,78,81,84,87,91,95,99,103,107,110,113,116,120,123,126,129,132,135,138,142,146,150,153,157,160,163,166,169,173,176,179,182,185,189],{"category":22,"check":23,"severity":24,"summary":25},"Practical Utility","Problem relevance","pass","The description clearly names the problem of auditing dependencies, outdated packages, and license issues for repositories and monorepos.",{"category":22,"check":27,"severity":24,"summary":28},"Unique selling proposition","The skill offers significant value beyond a simple prompt by providing a structured, evidence-backed audit report and handling complex monorepo structures.",{"category":22,"check":30,"severity":24,"summary":31},"Production readiness","The skill appears to cover the complete lifecycle of a security audit, from identifying units to aggregating findings, and is designed to work with available tools.",{"category":33,"check":34,"severity":24,"summary":35},"Scope","Single responsibility principle","The skill has a single, coherent domain: auditing dependencies and packages for security and hygiene issues.",{"category":33,"check":37,"severity":24,"summary":38},"Description quality","The description accurately reflects the skill's capabilities and provides clear usage guidelines and boundaries.",{"category":40,"check":41,"severity":24,"summary":42},"Invocation","Scoped tools","The skill's instructions describe running specific audit and license checks for detected ecosystems, implying scoped tools rather than a single generalist command.",{"category":44,"check":45,"severity":46,"summary":47},"Documentation","Configuration & parameter reference","not_applicable","The skill does not appear to have explicit configuration options or parameters beyond what is inferred from the user's prompt and the repository context.",{"category":33,"check":49,"severity":46,"summary":50},"Tool naming","No specific tools are listed in the SKILL.md, so this check is not applicable.",{"category":33,"check":52,"severity":24,"summary":53},"Minimal I/O surface","The skill focuses on collecting evidence and compiling a report, with inputs clearly defined by the user's request and outputs being a structured report.",{"category":55,"check":56,"severity":24,"summary":57},"License","License usability","The license is MIT, a permissive open-source license, clearly stated in the LICENSE file.",{"category":59,"check":60,"severity":24,"summary":61},"Maintenance","Commit recency","The last commit was on 2026-05-09, which is within the last 3 months.",{"category":59,"check":63,"severity":46,"summary":64},"Dependency Management","The skill itself does not appear to directly manage third-party dependencies in a way that would require automated updates or vulnerability checks for its own operation.",{"category":66,"check":67,"severity":46,"summary":68},"Security","Secret Management","The skill performs audits and does not appear to handle or expose secrets.",{"category":66,"check":70,"severity":24,"summary":71},"Injection","The skill's instructions focus on analyzing existing manifests and lockfiles, not on executing arbitrary code or instructions from untrusted external data.",{"category":66,"check":73,"severity":24,"summary":74},"Transitive Supply-Chain Grenades","The skill operates on committed files within a repository and does not fetch external content at runtime for execution.",{"category":66,"check":76,"severity":24,"summary":77},"Sandbox Isolation","The skill's operations are focused on analyzing existing files and running specified audit tools, not on modifying files outside the project's scope.",{"category":66,"check":79,"severity":24,"summary":80},"Sandbox escape primitives","No detached process spawns or deny-retry loops were found in the skill's description.",{"category":66,"check":82,"severity":24,"summary":83},"Data Exfiltration","The skill focuses on local analysis and report generation; there are no instructions to read or submit confidential data to a third party.",{"category":66,"check":85,"severity":24,"summary":86},"Hidden Text Tricks","The bundled content appears to be free of hidden-steering tricks, with clean printable ASCII and expected Unicode.",{"category":88,"check":89,"severity":24,"summary":90},"Hooks","Opaque code execution","The skill's instructions do not involve obfuscated code, base64 payloads, or runtime script fetching.",{"category":92,"check":93,"severity":24,"summary":94},"Portability","Structural Assumption","The skill operates on provided manifests and lockfiles, not assuming specific project structures beyond what is implied by typical repository layouts.",{"category":96,"check":97,"severity":24,"summary":98},"Trust","Issues Attention","0 issues opened and 0 issues closed in the last 90 days, indicating a low volume of activity or issues being disabled.",{"category":100,"check":101,"severity":24,"summary":102},"Versioning","Release Management","A meaningful version number (semver) is declared in the SKILL.md frontmatter.",{"category":104,"check":105,"severity":24,"summary":106},"Code Execution","Validation","The skill's instructions focus on running existing audit tools and capturing their output, implying that the validation is handled by those tools.",{"category":66,"check":108,"severity":24,"summary":109},"Unguarded Destructive Operations","The skill is purely analytical and does not perform any destructive operations.",{"category":104,"check":111,"severity":24,"summary":112},"Error Handling","The instructions imply that errors from the underlying audit tools will be captured and reported, with a focus on providing evidence.",{"category":104,"check":114,"severity":46,"summary":115},"Logging","The skill is analytical and does not perform destructive actions or outbound calls that would require local logging.",{"category":117,"check":118,"severity":46,"summary":119},"Compliance","GDPR","The skill audits dependency information and does not operate on personal data.",{"category":117,"check":121,"severity":24,"summary":122},"Target market","The skill is a general-purpose security audit tool with no regional or jurisdictional limitations, so the target market is global.",{"category":92,"check":124,"severity":24,"summary":125},"Runtime stability","The skill relies on standard repository files and common audit tools, without assuming specific OS, shell, or editor environments.",{"category":44,"check":127,"severity":24,"summary":128},"README","The README file exists and provides a good overview of the SWE Skills repository, including conventions and development practices.",{"category":33,"check":130,"severity":46,"summary":131},"Tool surface size","This is a single skill that orchestrates other tools rather than exposing multiple distinct tools itself.",{"category":40,"check":133,"severity":46,"summary":134},"Overlapping near-synonym tools","The skill itself does not expose tools directly, but rather orchestrates external audit commands.",{"category":44,"check":136,"severity":24,"summary":137},"Phantom features","All advertised capabilities in the description and SKILL.md appear to be implemented as described.",{"category":139,"check":140,"severity":24,"summary":141},"Install","Installation instruction","The README provides clear installation instructions using `npx skills install`.",{"category":143,"check":144,"severity":24,"summary":145},"Errors","Actionable error messages","The skill's instructions and troubleshooting section imply that errors will be clearly reported with reasons and recovery steps.",{"category":147,"check":148,"severity":24,"summary":149},"Execution","Pinned dependencies","The repository includes a lockfile (`package-lock.json` or similar implied by `npm install`), and the skill relies on standard OS/runtime tools.",{"category":33,"check":151,"severity":46,"summary":152},"Dry-run preview","The skill is analytical and does not perform state-changing operations, thus a dry-run is not applicable.",{"category":154,"check":155,"severity":46,"summary":156},"Protocol","Idempotent retry & timeouts","The skill orchestrates external tools; it does not make direct remote calls or state-changing operations itself.",{"category":117,"check":158,"severity":24,"summary":159},"Telemetry opt-in","There is no indication of telemetry being emitted by this skill; it is assumed to be off by default.",{"category":40,"check":161,"severity":24,"summary":162},"Precise Purpose","The description clearly defines what the skill does (audits dependencies/licenses) and when to use it (specific audit requests) with clear non-goals.",{"category":40,"check":164,"severity":24,"summary":165},"Concise Frontmatter","The frontmatter description is concise and self-contained, clearly stating the core capability and providing trigger phrases.",{"category":44,"check":167,"severity":24,"summary":168},"Concise Body","The SKILL.md is reasonably concise and delegates deeper material appropriately, adhering to progressive disclosure principles.",{"category":170,"check":171,"severity":24,"summary":172},"Context","Progressive Disclosure","The SKILL.md outlines the workflow and refers to external concepts and tooling appropriately, without embedding excessive bulk material.",{"category":170,"check":174,"severity":46,"summary":175},"Forked exploration","The skill is an audit that returns a report, not a deep exploration skill that would flood the conversation.",{"category":22,"check":177,"severity":24,"summary":178},"Usage examples","The SKILL.md provides two clear, actionable examples demonstrating user input, expected actions, and outcomes.",{"category":22,"check":180,"severity":24,"summary":181},"Edge cases","The troubleshooting section addresses key edge cases like missing lockfiles and unavailable scanners with clear explanations and recovery steps.",{"category":104,"check":183,"severity":46,"summary":184},"Tool Fallback","The skill orchestrates external tools but does not depend on a specific MCP server; it uses standard ecosystem tools.",{"category":186,"check":187,"severity":24,"summary":188},"Safety","Halt on unexpected state","The instructions imply that issues like missing lockfiles or scanners will be reported as findings, halting that specific audit path if unresolvable.",{"category":92,"check":190,"severity":24,"summary":191},"Cross-skill coupling","The skill is self-contained and does not implicitly rely on other skills, focusing solely on its defined audit task.",1778684174846,"This skill audits repositories, workspaces, or monorepos for dependency vulnerabilities, outdated security-sensitive packages, and license issues. It uses available ecosystem audit tools and compiles a consolidated, evidence-backed report.",[195,196,197,198,199],"Audits for dependency vulnerabilities","Identifies outdated security-sensitive packages","Checks for license issues","Detects dependency hygiene gaps","Compiles a consolidated, evidence-backed report",[201,202,203,204],"Broad application code review","Threat modeling","Hand-auditing runtime bugs unrelated to dependencies","Guessing about security posture without manifests or lockfiles","3.0.0","4.4.0","To provide a thorough, evidence-based security audit of a repository's dependencies and licenses, helping users identify and address potential risks.","The skill demonstrates high quality across all evaluated criteria, with no critical or warning findings. Minor informational findings or not-applicable checks do not detract from its robust implementation and clear documentation.",98,"A high-quality skill for comprehensive security and dependency auditing of code repositories.",[212,213,214,215,216],"security","audit","dependency-management","licensing","repository-analysis","global","verified",[220,221,222,223],"Audit a repository or monorepo for vulnerable packages","Check dependency freshness and license risk","Review package surfaces service by service","Produce a consolidated dependency-security report",{"codeQuality":225,"collectedAt":227,"documentation":228,"maintenance":231,"security":235,"testCoverage":237},{"hasLockfile":226},true,1778684157384,{"descriptionLength":229,"readmeSize":230},527,8683,{"closedIssues90d":8,"forks":8,"hasChangelog":232,"openIssues90d":8,"pushedAt":233,"stars":234},false,1778361321000,1,{"hasNpmPackage":232,"license":236,"smitheryVerified":232},"MIT",{"hasCi":226,"hasTests":232},{"updatedAt":239},1778684175108,{"basePath":241,"githubOwner":242,"githubRepo":243,"locale":18,"slug":13,"type":244},"skills/security-audit","ckorhonen","swe-skills","skill",{"_creationTime":246,"_id":247,"community":248,"display":249,"identity":252,"parentExtension":255,"providers":256,"relations":262,"tags":264,"workflow":265},1778683790179.7788,"k17d2yq229g61qvea0x8t60w1h86mgr8",{"reviewCount":8},{"description":250,"installMethods":251,"name":243,"sourceUrl":14},"17 agent skills for engineering analysis and judgment — PR risk review, repo introspection, audits, ownership maps, refactor opportunities. See https://cdd.dev/skill/.",{"claudeCode":243},{"basePath":253,"githubOwner":242,"githubRepo":243,"locale":18,"slug":243,"type":254},"","plugin",null,{"extract":257},{"commitSha":258,"plugin":259},"HEAD",{"mcpCount":8,"provider":260,"skillCount":261},"classify",17,{"repoId":263},"kd7b5kvzw3q7dgvym5bdx3m53986mann",[],{"extractAt":266,"updatedAt":266},1778683790179,{"evaluate":268,"extract":270},{"promptVersionExtension":205,"promptVersionScoring":206,"score":209,"tags":269,"targetMarket":217,"tier":218},[212,213,214,215,216],{"commitSha":258},{"parentExtensionId":247,"repoId":263},{"_creationTime":273,"_id":263,"identity":274,"providers":275,"workflow":472},1778683785537.182,{"githubOwner":242,"githubRepo":243,"sourceUrl":14},{"classify":276,"discover":460,"github":463},{"commitSha":258,"extensions":277},[278,326,335,343,351,359,367,375,383,391,399,407,415,423,431,439,447,452],{"basePath":253,"description":250,"displayName":243,"installMethods":279,"rationale":280,"selectedPaths":281,"source":325,"sourceLanguage":18,"type":254},{"claudeCode":243},"plugin manifest at .claude-plugin/plugin.json",[282,285,287,290,293,295,297,299,301,303,305,307,309,311,313,315,317,319,321,323],{"path":283,"priority":284},".claude-plugin/plugin.json","mandatory",{"path":286,"priority":284},"README.md",{"path":288,"priority":289},"LICENSE","high",{"path":291,"priority":292},"skills/babysit-pr/SKILL.md","medium",{"path":294,"priority":292},"skills/capture-knowledge/SKILL.md",{"path":296,"priority":292},"skills/change-validation-planner/SKILL.md",{"path":298,"priority":292},"skills/create-skill/SKILL.md",{"path":300,"priority":292},"skills/docs-drift-audit/SKILL.md",{"path":302,"priority":292},"skills/incident-followup-audit/SKILL.md",{"path":304,"priority":292},"skills/init/SKILL.md",{"path":306,"priority":292},"skills/merged-pr-monitoring/SKILL.md",{"path":308,"priority":292},"skills/observability-gap-hunt/SKILL.md",{"path":310,"priority":292},"skills/ownership-risk-map/SKILL.md",{"path":312,"priority":292},"skills/performance-hunt/SKILL.md",{"path":314,"priority":292},"skills/pr-risk-review/SKILL.md",{"path":316,"priority":292},"skills/recent-commit-bug-hunt/SKILL.md",{"path":318,"priority":292},"skills/refactor-opportunities/SKILL.md",{"path":320,"priority":292},"skills/repo-introspection/SKILL.md",{"path":322,"priority":292},"skills/security-audit/SKILL.md",{"path":324,"priority":292},"skills/test-gap-hunt/SKILL.md","rule",{"basePath":327,"description":328,"displayName":329,"installMethods":330,"rationale":331,"selectedPaths":332,"source":325,"sourceLanguage":18,"type":244},"skills/babysit-pr","Babysits an open pull request end-to-end by polling every minute, triaging new comments and reviews, handling CI failures, iterating on reviewer scores, and stopping only when the PR is ready to merge. Use when a user says `babysit this PR`, `watch this PR until it's merge-ready`, `handle review feedback on my PR`, or `keep iterating on this PR until reviewers are happy`. Do NOT use for a one-shot PR risk review, merged PR production monitoring, or repo-wide CI debugging with no scoped PR.","babysit-pr",{"claudeCode":12},"SKILL.md frontmatter at skills/babysit-pr/SKILL.md",[333],{"path":334,"priority":284},"SKILL.md",{"basePath":336,"description":337,"displayName":338,"installMethods":339,"rationale":340,"selectedPaths":341,"source":325,"sourceLanguage":18,"type":244},"skills/capture-knowledge","Audits a repository's code and docs to find important conventions, workflows, and architectural decisions that are missing from agent-facing guidance, then drafts review-ready updates. Use when a user says `capture repo knowledge`, `document implicit conventions`, `turn repo patterns into agent rules`, or asks what future agents should remember about a codebase. Do NOT use for a generic repo tour, onboarding walkthrough, or architecture summary that does not need reusable guidance updates.","capture-knowledge",{"claudeCode":12},"SKILL.md frontmatter at skills/capture-knowledge/SKILL.md",[342],{"path":334,"priority":284},{"basePath":344,"description":345,"displayName":346,"installMethods":347,"rationale":348,"selectedPaths":349,"source":325,"sourceLanguage":18,"type":244},"skills/change-validation-planner","Plans the narrowest trustworthy validation path for a scoped code change or diff. Use when a user asks what to run before merging, how to validate a specific change, whether the current checks are enough, or wants a bounded command order from narrow to broad. Do NOT use for writing tests, fixing the code change itself, broad QA sweeps, or generic debugging that needs root cause analysis.","change-validation-planner",{"claudeCode":12},"SKILL.md frontmatter at skills/change-validation-planner/SKILL.md",[350],{"path":334,"priority":284},{"basePath":352,"description":353,"displayName":354,"installMethods":355,"rationale":356,"selectedPaths":357,"source":325,"sourceLanguage":18,"type":244},"skills/create-skill","Creates or revises `swe:` skills for this repository using a repeatable authoring workflow: define concrete use cases, tune trigger boundaries, apply progressive disclosure, add matching eval assets, and validate the package. Use when adding a new skill, tightening an existing skill that over- or under-triggers, or distilling an external workflow into a repo-ready skill. Do NOT use for generic documentation edits or for executing the workflow the skill would describe.","create-skill",{"claudeCode":12},"SKILL.md frontmatter at skills/create-skill/SKILL.md",[358],{"path":334,"priority":284},{"basePath":360,"description":361,"displayName":362,"installMethods":363,"rationale":364,"selectedPaths":365,"source":325,"sourceLanguage":18,"type":244},"skills/docs-drift-audit","Audits a repository for human-facing or operational documentation that drifted from code, config, interfaces, workflows, or repo structure changes. Use when a user says `check docs drift`, `docs are stale`, `update the runbook after this change`, or `what documentation is missing after this change`. Do NOT use for agent-guidance updates, generic documentation rewrites, or writing docs without evidence that they are stale.","docs-drift-audit",{"claudeCode":12},"SKILL.md frontmatter at skills/docs-drift-audit/SKILL.md",[366],{"path":334,"priority":284},{"basePath":368,"description":369,"displayName":370,"installMethods":371,"rationale":372,"selectedPaths":373,"source":325,"sourceLanguage":18,"type":244},"skills/incident-followup-audit","Audits post-incident engineering follow-through after a sev or incident to verify whether the durable follow-up happened: regression tests, monitors, docs, runbooks, ownership updates, tickets, rollback learnings, and remaining backlog. Use when a user asks whether incident follow-up is complete, what still needs to be done after a postmortem, or how to close the engineering loop. Do NOT use for live incident response, root-cause analysis, or a generic bug hunt unrelated to an incident.","incident-followup-audit",{"claudeCode":12},"SKILL.md frontmatter at skills/incident-followup-audit/SKILL.md",[374],{"path":334,"priority":284},{"basePath":376,"description":377,"displayName":378,"installMethods":379,"rationale":380,"selectedPaths":381,"source":325,"sourceLanguage":18,"type":244},"skills/init","Initializes an optional repo-local agent collaboration preference file at `.ai/swe.json` by running a short interview or a zero-question quick mode. Use when a user says `initialize agent settings for this repo`, `set up my local agent prefs here`, `run quick init for this project`, or `create .ai/swe.json for how I like to work`. Do NOT use for `npm init`, project scaffolding, dependency installation, or environment bootstrap.","init",{"claudeCode":12},"SKILL.md frontmatter at skills/init/SKILL.md",[382],{"path":334,"priority":284},{"basePath":384,"description":385,"displayName":386,"installMethods":387,"rationale":388,"selectedPaths":389,"source":325,"sourceLanguage":18,"type":244},"skills/merged-pr-monitoring","Reviews recently merged pull requests, confirms whether they reached production, compares pre- and post-deploy signals, and summarizes observable impact. Use when a user says `monitor merged PRs`, `did this deploy hurt prod`, `check production impact of yesterday's merges`, or asks for a post-deploy readout tied to merged GitHub PRs. Do NOT use for a pre-merge code review, incident analysis with no PR scope, or generic dashboard triage disconnected from merged changes.","merged-pr-monitoring",{"claudeCode":12},"SKILL.md frontmatter at skills/merged-pr-monitoring/SKILL.md",[390],{"path":334,"priority":284},{"basePath":392,"description":393,"displayName":394,"installMethods":395,"rationale":396,"selectedPaths":397,"source":325,"sourceLanguage":18,"type":244},"skills/observability-gap-hunt","Inspects services, jobs, and code paths for missing or weak logs, metrics, traces, alerts, dashboards, or deployment-linked telemetry, then returns a tightly scoped backlog of observability gaps. Use when a user says `find observability gaps`, `audit telemetry coverage`, `what logs or metrics are missing`, `check alerting coverage`, or asks for a recurring telemetry review. Do NOT use for live incident response, root-cause analysis, generic performance tuning, or a broad code review.","observability-gap-hunt",{"claudeCode":12},"SKILL.md frontmatter at skills/observability-gap-hunt/SKILL.md",[398],{"path":334,"priority":284},{"basePath":400,"description":401,"displayName":402,"installMethods":403,"rationale":404,"selectedPaths":405,"source":325,"sourceLanguage":18,"type":244},"skills/ownership-risk-map","Maps engineering ownership risk in a repository using repo evidence such as git history, churn, bus factor, CODEOWNERS coverage, test density, and orphaned or unclear-owner surfaces. Use when a user says `map ownership risk`, `find bus factor hotspots`, `which files look orphaned`, `high-change low-test areas`, or asks for a recurring maintenance pass that identifies risky surfaces before they become incidents. Do NOT use for org charts, HR ownership assignments, or generic maintainer lists without repo evidence.","ownership-risk-map",{"claudeCode":12},"SKILL.md frontmatter at skills/ownership-risk-map/SKILL.md",[406],{"path":334,"priority":284},{"basePath":408,"description":409,"displayName":410,"installMethods":411,"rationale":412,"selectedPaths":413,"source":325,"sourceLanguage":18,"type":244},"skills/performance-hunt","Hunts for concrete performance bottlenecks in a scoped repository surface using profiler output, benchmarks, query plans, traces, bundle analysis, or repo evidence, then returns the smallest high-value follow-up experiments or fixes. Use when a user says `find performance bottlenecks`, `why is this slow`, `profile this flow`, `hunt hot paths`, or asks for a recurring performance review. Do NOT use for live incident response, generic observability audits, speculative micro-optimization, or broad architecture rewrites with no bottleneck evidence.","performance-hunt",{"claudeCode":12},"SKILL.md frontmatter at skills/performance-hunt/SKILL.md",[414],{"path":334,"priority":284},{"basePath":416,"description":417,"displayName":418,"installMethods":419,"rationale":420,"selectedPaths":421,"source":325,"sourceLanguage":18,"type":244},"skills/pr-risk-review","Reviews open or draft pull requests for engineering risk before merge, focusing on missing validation, hidden coupling, rollout and rollback gaps, migrations, feature flags, and other agent-safe next actions. Use when a user says `review this PR for risk`, `pre-merge review`, `is this PR safe to merge`, or asks for a risk-focused PR review. Do NOT use for post-merge production monitoring, broad code smell review, or commit-scoped bug hunting.","pr-risk-review",{"claudeCode":12},"SKILL.md frontmatter at skills/pr-risk-review/SKILL.md",[422],{"path":334,"priority":284},{"basePath":424,"description":425,"displayName":426,"installMethods":427,"rationale":428,"selectedPaths":429,"source":325,"sourceLanguage":18,"type":244},"skills/recent-commit-bug-hunt","Scans recent commits in one or more repositories, identifies likely bugs using concrete repo evidence only, and proposes tightly scoped remediation sessions. Use when a user says `scan recent commits for bugs`, `what did I probably break`, `review yesterday's changes for regressions`, or asks for a commit-scoped bug hunt. Do NOT use for a broad code health review, full security audit, or speculative bug hunting with no repo or time scope.","recent-commit-bug-hunt",{"claudeCode":12},"SKILL.md frontmatter at skills/recent-commit-bug-hunt/SKILL.md",[430],{"path":334,"priority":284},{"basePath":432,"description":433,"displayName":434,"installMethods":435,"rationale":436,"selectedPaths":437,"source":325,"sourceLanguage":18,"type":244},"skills/refactor-opportunities","Reviews a repository and returns a short, best-first backlog of small, low-risk refactor tickets with clear write boundaries and validation paths. Use when a user says `find refactor opportunities`, `what small cleanup tickets should we hand to agents`, `give me parallelizable refactors`, or asks for narrow maintainability wins in an existing repo. Do NOT use for a broad architecture redesign, style-only cleanup sweep, or bug hunt focused on functional regressions.","refactor-opportunities",{"claudeCode":12},"SKILL.md frontmatter at skills/refactor-opportunities/SKILL.md",[438],{"path":334,"priority":284},{"basePath":440,"description":441,"displayName":442,"installMethods":443,"rationale":444,"selectedPaths":445,"source":325,"sourceLanguage":18,"type":244},"skills/repo-introspection","Inspects an unfamiliar software repository and produces a concrete orientation report covering structure, tooling, entry points, boundaries, active surfaces, and safe places to start work. Use when a user says `help me understand this repo`, `map this codebase before I edit it`, `where should I start`, or asks for an engineering walkthrough before planning or delegation. Do NOT use when the user already knows the target change and wants implementation, or when they need a specific bug diagnosis rather than repo orientation.","repo-introspection",{"claudeCode":12},"SKILL.md frontmatter at skills/repo-introspection/SKILL.md",[446],{"path":334,"priority":284},{"basePath":241,"description":10,"displayName":13,"installMethods":448,"rationale":449,"selectedPaths":450,"source":325,"sourceLanguage":18,"type":244},{"claudeCode":12},"SKILL.md frontmatter at skills/security-audit/SKILL.md",[451],{"path":334,"priority":284},{"basePath":453,"description":454,"displayName":455,"installMethods":456,"rationale":457,"selectedPaths":458,"source":325,"sourceLanguage":18,"type":244},"skills/test-gap-hunt","Identifies and prioritizes the highest-value test coverage gaps in a repository or workspace, then incrementally adds or strengthens tests using the local test stack and cleanly scoped subagent work when available. Use when a user says `improve test coverage`, `find weak tests`, `add missing test cases`, `run a recurring test-improvement pass`, or asks for a language-agnostic workflow to strengthen mocks, fixtures, and test structure without chasing raw coverage numbers. Do NOT use for first-time framework selection, broad test-stack migrations, or large production refactors.","test-gap-hunt",{"claudeCode":12},"SKILL.md frontmatter at skills/test-gap-hunt/SKILL.md",[459],{"path":334,"priority":284},{"sources":461},[462],"manual",{"closedIssues90d":8,"description":464,"forks":8,"homepage":465,"license":236,"openIssues90d":8,"pushedAt":233,"readmeSize":230,"stars":234,"topics":466},"Claude Code skills for on-demand engineering work — PR risk review, repo introspection, audits, ownership maps. Published at cdd.dev/skills/swe.","https://cdd.dev/skills/swe/",[467,468,469,470,471],"agent-skills","claude-code","claude-plugins","code-review","codex",{"classifiedAt":473,"discoverAt":474,"extractAt":475,"githubAt":475,"updatedAt":473},1778683789715,1778683785537,1778683787839,[213,214,215,216,212],{"evaluatedAt":239,"extractAt":266,"updatedAt":239},[],[480,510,544,568,597,621],{"_creationTime":481,"_id":482,"community":483,"display":484,"identity":490,"providers":494,"relations":503,"tags":506,"workflow":507},1778675056600.2393,"k17ct63reqgdem6s75y0b76kn186m8xs",{"reviewCount":8},{"description":485,"installMethods":486,"name":488,"sourceUrl":489},"Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for \"run ship gate\", \"am I ready to ship\", \"pre-launch audit\", \"can I deploy\", \"push to production\", \"go live checklist\", \"preflight check\". Not for CI/CD setup or infra provisioning.\n",{"claudeCode":487},"alirezarezvani/claude-skills","ship-gate","https://github.com/alirezarezvani/claude-skills",{"basePath":491,"githubOwner":492,"githubRepo":493,"locale":18,"slug":488,"type":244},"engineering/skills/ship-gate","alirezarezvani","claude-skills",{"evaluate":495,"extract":502},{"promptVersionExtension":205,"promptVersionScoring":206,"score":496,"tags":497,"targetMarket":217,"tier":218},100,[212,498,499,213,500,501],"code-quality","deployment","checklist","devops",{"commitSha":258,"license":236},{"parentExtensionId":504,"repoId":505},"k173223hfbd6c4mx6r1jdx23wn86mbpb","kd7ff9s1w43mfyy1n7hf87816186m6px",[213,500,498,499,501,212],{"evaluatedAt":508,"extractAt":509,"updatedAt":508},1778679066333,1778675056600,{"_creationTime":511,"_id":512,"community":513,"display":514,"identity":520,"providers":526,"relations":535,"tags":539,"workflow":540},1778693798788.0542,"k170ymfjagf8xv5gd19p7dq52986mp9g",{"reviewCount":8},{"description":515,"installMethods":516,"name":518,"sourceUrl":519},"Domänenwissen für die Evolution Engine — LLM-gestützte autonome Strategieentdeckung aus rohen OHLCV-Daten. Behandelt die Schleife Generieren-Backtesten-Auswählen-Entwickeln, vektorisiertes Backtesting, Out-of-Sample-Validierung und Strategiegraduierung. Verwenden Sie es beim Entdecken von Handelspatterns, Ausführen von Backtests, Entwickeln von Strategien oder Überprüfen von Evolutionsprotokollen. Löst aus bei \"evolve\", \"discover patterns\", \"backtest\", \"evolution\", \"strategy generation\", \"candidate strategy\".",{"claudeCode":517},"mnemox-ai/tradememory-protocol","TradeMemory Protocol","https://github.com/mnemox-ai/tradememory-protocol",{"basePath":521,"githubOwner":522,"githubRepo":523,"locale":524,"slug":525,"type":244},"tradememory-plugin/skills/evolution-engine","mnemox-ai","tradememory-protocol","de","evolution-engine",{"evaluate":527,"extract":534},{"promptVersionExtension":205,"promptVersionScoring":206,"score":496,"tags":528,"targetMarket":217,"tier":218},[529,530,531,213,532,533],"trading","ai","memory","compliance","llm",{"commitSha":258,"license":236},{"parentExtensionId":536,"repoId":537,"translatedFrom":538},"k170vxkqee48k2xq1v55a025nh86nzn7","kd73z11kfekksxyrs8ds0snacs86ncdy","k171p5pgbfbm5g4k5sa3y4cj9s86m6hk",[530,213,532,533,531,529],{"evaluatedAt":541,"extractAt":542,"updatedAt":543},1778693678813,1778693539593,1778693798788,{"_creationTime":545,"_id":546,"community":547,"display":548,"identity":552,"providers":554,"relations":563,"tags":565,"workflow":566},1778675056600.272,"k17drhnkxx2ec1cdbwc65e683586n4pq",{"reviewCount":8},{"description":549,"installMethods":550,"name":551,"sourceUrl":489},"GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests. Use for GDPR compliance assessments, privacy audits, data protection planning, DPIA generation, and data subject rights management.",{"claudeCode":487},"gdpr-dsgvo-expert",{"basePath":553,"githubOwner":492,"githubRepo":493,"locale":18,"slug":551,"type":244},"ra-qm-team/skills/gdpr-dsgvo-expert",{"evaluate":555,"extract":562},{"promptVersionExtension":205,"promptVersionScoring":206,"score":496,"tags":556,"targetMarket":217,"tier":218},[557,558,532,559,213,560,561],"gdpr","dsgvo","privacy","documentation","python",{"commitSha":258},{"parentExtensionId":564,"repoId":505},"k17c1bwyjkg950q3ft43gvpadh86nyng",[213,532,560,558,557,559,561],{"evaluatedAt":567,"extractAt":509,"updatedAt":567},1778686181462,{"_creationTime":569,"_id":570,"community":571,"display":572,"identity":578,"providers":582,"relations":590,"tags":593,"workflow":594},1778668208695.1445,"k172151wzg7h0b8j25hjm4024x86ngbp",{"reviewCount":8},{"description":573,"installMethods":574,"name":576,"sourceUrl":577},"Prioritized redesign action plan covering quick wins, medium effort, major rework",{"claudeCode":575},"Aboudjem/ui-ux-suite","refactor-plan","https://github.com/Aboudjem/ui-ux-suite",{"basePath":579,"githubOwner":580,"githubRepo":581,"locale":18,"slug":576,"type":244},"skills/refactor-plan","Aboudjem","ui-ux-suite",{"evaluate":583,"extract":589},{"promptVersionExtension":205,"promptVersionScoring":206,"score":496,"tags":584,"targetMarket":217,"tier":218},[585,586,213,587,588],"design-system","ux","cli","javascript",{"commitSha":258,"license":236},{"parentExtensionId":591,"repoId":592},"k178zeec8jajqdrczrynw6x3fx86mm8h","kd75532596tdmk72j9k55b0qqn86n5et",[213,587,585,588,586],{"evaluatedAt":595,"extractAt":596,"updatedAt":595},1778670100990,1778668208695,{"_creationTime":598,"_id":599,"community":600,"display":601,"identity":605,"providers":608,"relations":617,"tags":618,"workflow":619},1778668208695.1453,"k176sf1kx7rrk3aq3ywq0dfdrs86mwp1",{"reviewCount":8},{"description":602,"installMethods":603,"name":604,"sourceUrl":577},"Typography-only audit covering font selection, type scale, readability, hierarchy, performance",{"claudeCode":575},"Type Audit",{"basePath":606,"githubOwner":580,"githubRepo":581,"locale":18,"slug":607,"type":244},"skills/type-audit","type-audit",{"evaluate":609,"extract":616},{"promptVersionExtension":205,"promptVersionScoring":206,"score":496,"tags":610,"targetMarket":217,"tier":218},[611,586,612,213,613,614,615],"design","typography","css","web-development","frontend",{"commitSha":258,"license":236},{"parentExtensionId":591,"repoId":592},[213,613,611,615,612,586,614],{"evaluatedAt":620,"extractAt":596,"updatedAt":620},1778670163933,{"_creationTime":622,"_id":623,"community":624,"display":625,"identity":629,"providers":631,"relations":637,"tags":638,"workflow":639},1778668208695.1426,"k177xnn65jm40ksxjy30q34rmh86mah9",{"reviewCount":8},{"description":626,"installMethods":627,"name":628,"sourceUrl":577},"Component consistency audit covering state coverage, hierarchy, patterns",{"claudeCode":575},"component-audit",{"basePath":630,"githubOwner":580,"githubRepo":581,"locale":18,"slug":628,"type":244},"skills/component-audit",{"evaluate":632,"extract":636},{"promptVersionExtension":205,"promptVersionScoring":206,"score":496,"tags":633,"targetMarket":217,"tier":218},[634,586,611,213,635,615],"ui","components",{"commitSha":258},{"parentExtensionId":591,"repoId":592},[213,635,611,615,634,586],{"evaluatedAt":640,"extractAt":596,"updatedAt":640},1778669970573]