[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-skill-iamzhihuix-happy-app-audit-pl":3,"guides-for-iamzhihuix-happy-app-audit":269,"similar-k17aab7728qde32evr2nk2thws867g62":270},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":22,"identity":186,"isFallback":191,"parentExtension":192,"providers":247,"relations":250,"repo":251,"workflow":268},1778053197391.385,"k17aab7728qde32evr2nk2thws867g62",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":12,"sourceUrl":13,"tags":14},"Audit a local macOS app's telemetry / reporting behavior using static analysis only. Reverse-engineers an .app bundle to identify embedded SDKs (AppLog/TEA, Parfait, TTNet, mars, MMKV, Sentry, Firebase, Bugly, Umeng, etc.), mapped upload endpoints, local on-disk queues, and privacy-relevant fields — without packet capture, network requests, debugger attach, or DRM bypass. Use when user asks to investigate, audit, or reverse-engineer a macOS app for telemetry, reporting, data upload, privacy, or SDK fingerprinting. Targets /Applications, ~/Applications, /Library/Input Methods, /Library/PrivilegedHelperTools, and similar local install paths.",{},"Happy App Audit","https://github.com/iamzhihuix/happy-claude-skills/tree/HEAD/skills/happy-app-audit",[15,16,17,18,19,20,21],"macos","app-audit","telemetry","static-analysis","sdk-fingerprinting","privacy","reverse-engineering",{"_creationTime":23,"_id":24,"extensionId":5,"locale":25,"result":26,"trustSignals":175,"workflow":184},1778053284450.3167,"kn74r1qmg0x7fz5rq7ze4yvw9h8679ck","en",{"checks":27,"evaluatedAt":165,"extensionSummary":166,"promptVersionExtension":167,"promptVersionScoring":168,"rationale":169,"score":170,"summary":171,"tags":172,"targetMarket":173,"tier":174},[28,33,36,39,43,46,50,55,58,61,65,70,73,77,80,83,86,89,92,95,98,102,106,110,114,117,120,123,127,130,133,136,139,142,146,149,152,155,158,162],{"category":29,"check":30,"severity":31,"summary":32},"Practical Utility","Problem relevance","pass","The description clearly states the problem: auditing a macOS app's telemetry using static analysis, targeting specific SDKs and data locations. It also provides explicit negative constraints (when *not* to invoke).",{"category":29,"check":34,"severity":31,"summary":35},"Unique selling proposition","The skill offers significant value over a simple prompt by implementing a complex, multi-phase static analysis workflow that reverse-engineers app bundles, identifies SDKs, maps endpoints, and inventories local data, which is far beyond default LLM capabilities.",{"category":29,"check":37,"severity":31,"summary":38},"Production readiness","The skill covers its stated use case comprehensively with detailed phases, scripts, and clear error handling, ready for professional use. It specifies runtime requirements and dependencies.",{"category":40,"check":41,"severity":31,"summary":42},"Scope","Single responsibility principle","The skill has a clear, single responsibility: performing static analysis of macOS app bundles for telemetry and reporting behavior, without extending into unrelated domains.",{"category":40,"check":44,"severity":31,"summary":45},"Description quality","The description is accurate, concise, and clearly explains the skill's capabilities, targets, and limitations, matching the implementation.",{"category":47,"check":48,"severity":31,"summary":49},"Invocation","Scoped tools","The skill uses narrowly scoped tools like `strings`, `plutil`, `codesign`, and `sqlite3` with specific arguments, adhering to safe practices without relying on general-purpose shell execution.",{"category":51,"check":52,"severity":53,"summary":54},"Documentation","Configuration & parameter reference","not_applicable","The skill does not appear to use configurable parameters or environment variables beyond standard command-line arguments for its scripts, nor does it reference precedence order for configuration files.",{"category":40,"check":56,"severity":31,"summary":57},"Tool naming","The tools used (e.g., `snapshot_app.ts`, `classify_strings.ts`, `match_fingerprints.ts`) are descriptive and clearly indicate their function within the overall workflow.",{"category":40,"check":59,"severity":31,"summary":60},"Minimal I/O surface","Input parameters are well-defined script arguments, and outputs are structured JSON or Markdown files. The scripts are designed to process only the necessary data for their specific task.",{"category":62,"check":63,"severity":31,"summary":64},"License","License usability","The repository includes an MIT License file, which is a permissive open-source license.",{"category":66,"check":67,"severity":68,"summary":69},"Maintenance","Commit recency","warning","There are no commits on the default branch in the last 12 months, suggesting the extension may be unmaintained.",{"category":66,"check":71,"severity":68,"summary":72},"Dependency Management","The skill uses bun and TypeScript, and its scripts depend on Node.js modules. While dependency installation is mentioned (e.g., `npm install --prefix skills/browser`), there are no explicit measures for vulnerability scanning or automated updates for these dependencies.",{"category":74,"check":75,"severity":31,"summary":76},"Security","Secret Management","The skill operates purely on static analysis of local files and does not handle or expose any user secrets.",{"category":74,"check":78,"severity":31,"summary":79},"Injection","The skill processes data from local files and bundle contents as untrusted input, and its scripts are explicitly designed for static analysis without executing any part of the target app or its data.",{"category":74,"check":81,"severity":31,"summary":82},"Transitive Supply-Chain Grenades","All necessary scripts and analysis tools are bundled within the repository, and the skill does not fetch external code or data at runtime.",{"category":74,"check":84,"severity":31,"summary":85},"Sandbox Isolation","The skill operates solely on local application bundles and generated analysis files within its own working directory. It does not modify any files outside its scope or outside the user's project directory.",{"category":74,"check":87,"severity":31,"summary":88},"Sandbox escape primitives","The provided scripts and their execution context do not appear to contain any primitives for escaping the sandbox environment.",{"category":74,"check":90,"severity":31,"summary":91},"Data Exfiltration","The skill performs static analysis locally and has no outbound network calls. Sensitive data is scrubbed during report generation.",{"category":74,"check":93,"severity":31,"summary":94},"Hidden Text Tricks","The bundled files (scripts, markdown, templates) do not contain any hidden text, invisible characters, or obfuscation techniques designed to manipulate the model.",{"category":74,"check":96,"severity":31,"summary":97},"Opaque code execution","All bundled scripts are written in readable TypeScript and do not use obfuscation, base64 payloads, eval, or runtime fetching of code.",{"category":99,"check":100,"severity":31,"summary":101},"Portability","Structural Assumption","The skill correctly uses relative paths and standard macOS conventions for app locations, and explicitly states its runtime requirements (bun/npx) without assuming a specific user project structure.",{"category":103,"check":104,"severity":53,"summary":105},"Trust","Issues Attention","No issues data available.",{"category":107,"check":108,"severity":68,"summary":109},"Versioning","Release Management","The manifest specifies a version ('0.1.0'), but there are no GitHub releases or CHANGELOG.md, and the commit history is empty, making it difficult to track updates.",{"category":111,"check":112,"severity":31,"summary":113},"Code Execution","Validation","The skill's internal scripts parse inputs like file paths and command arguments, and the `shell.ts` library handles execution safely. The `snapshot_app.ts` script uses `plutil` and `codesign` with specific flags, implying validated input.",{"category":74,"check":115,"severity":31,"summary":116},"Unguarded Destructive Operations","The skill is purely read-only and performs no destructive operations on the target app or the user's system.",{"category":111,"check":118,"severity":31,"summary":119},"Error Handling","The scripts appear to handle errors gracefully, with explicit exit codes and messages (e.g., in `shell.ts` and `snapshot_app.ts`), and report issues during execution to the user.",{"category":111,"check":121,"severity":53,"summary":122},"Logging","The skill is read-only and does not perform destructive actions or outbound calls, thus local audit logging is not applicable.",{"category":124,"check":125,"severity":31,"summary":126},"Compliance","GDPR","The skill performs static analysis on app bundles and does not process personal data directly. Sensitive fields in output are redacted, and no personal data is submitted to third parties.",{"category":124,"check":128,"severity":31,"summary":129},"Target market","The skill targets macOS applications and uses standard command-line tools available on macOS. No regional restrictions are identified.",{"category":99,"check":131,"severity":31,"summary":132},"Runtime stability","The skill explicitly lists its runtime requirements (bun/npx) and uses standard macOS tools, ensuring compatibility across different macOS environments.",{"category":47,"check":134,"severity":31,"summary":135},"Precise Purpose","The description clearly defines the skill's purpose (static analysis of macOS app telemetry) and its scope, including specific invocation triggers and explicit non-goals.",{"category":47,"check":137,"severity":31,"summary":138},"Concise Frontmatter","The frontmatter is concise, clearly stating the skill's core capability and providing specific trigger phrases and usage boundaries.",{"category":51,"check":140,"severity":31,"summary":141},"Concise Body","The SKILL.md body is well-structured, uses progressive disclosure for detailed information, and remains under the ~500-line guideline.",{"category":143,"check":144,"severity":31,"summary":145},"Context","Progressive Disclosure","The skill effectively uses external markdown files (`references/`) for detailed procedures, methodology examples, and command lists, keeping the main SKILL.md concise.",{"category":143,"check":147,"severity":53,"summary":148},"Forked exploration","The skill does not involve deep exploration or code review that would necessitate a forked context.",{"category":29,"check":150,"severity":31,"summary":151},"Usage examples","The skill includes detailed usage examples for single and multiple app audits, including options for generating shareable cards, demonstrating inputs, invocations, and expected outputs.",{"category":29,"check":153,"severity":31,"summary":154},"Edge cases","The skill handles potential issues like malformed app bundles, large files, missing dependencies (bun/npx), and inaccessible paths gracefully, with clear notes and error reporting.",{"category":111,"check":156,"severity":53,"summary":157},"Tool Fallback","The skill uses standard macOS tools and bun, which are either expected to be present or installed via standard methods, and does not rely on optional external tools like MCP.",{"category":159,"check":160,"severity":31,"summary":161},"Safety","Halt on unexpected state","The skill includes hard rules and checks for app validity (e.g., rejecting system paths, checking bundle ID) and stops execution with clear messages if preconditions are not met.",{"category":99,"check":163,"severity":31,"summary":164},"Cross-skill coupling","The skill is self-contained and does not rely on other skills being loaded. It focuses solely on its defined task of analyzing macOS app bundles.",1778053282998,"This skill performs a deep static analysis of macOS application bundles. It identifies embedded SDKs, maps network endpoints, inventories local data storage, and generates a detailed markdown report without executing any part of the target application.","2.0.0","3.4.0","The skill is exceptionally well-implemented, with thorough documentation, clear scope, robust error handling, and excellent security practices. It fails only on commit recency and lack of formal versioning/release management, which are minor concerns given the overall quality.",85,"A high-quality skill for statically analyzing macOS applications to identify telemetry, SDKs, and data storage.",[15,16,17,18,19,20,21],"global","verified",{"codeQuality":176,"collectedAt":177,"documentation":178,"maintenance":180,"security":181,"testCoverage":183},{},1778053266350,{"descriptionLength":179,"readmeSize":8},647,{},{"hasNpmPackage":182,"smitheryVerified":182},false,{"hasCi":182,"hasTests":182},{"updatedAt":185},1778053284450,{"githubOwner":187,"githubRepo":188,"locale":25,"slug":189,"type":190},"iamzhihuix","happy-claude-skills","happy-app-audit","skill",true,{"_creationTime":193,"_id":194,"community":195,"display":196,"identity":201,"parentExtension":203,"providers":241,"relations":245,"workflow":246},1778053197391.3845,"k175aae18kq7v569756xecvxdx866r17",{"reviewCount":8},{"description":197,"name":189,"sourceUrl":198,"tags":199},"Audit a local macOS app's telemetry / reporting via static analysis only. Identifies embedded SDKs (AppLog, Parfait, TTNet, mars, MMKV, Sentry, Firebase, Bugly, Umeng, etc.), maps upload endpoints, inventories on-disk queues. No packet capture, no debugger, no DRM bypass.","https://github.com/iamzhihuix/happy-claude-skills",[15,16,17,18,200,20],"sdk-detection",{"githubOwner":187,"githubRepo":188,"locale":25,"slug":189,"type":202},"plugin",{"_creationTime":204,"_id":205,"community":206,"display":207,"identity":224,"providers":226,"relations":236,"workflow":238},1778053197391.3733,"k179bs7h81fd44w43crascabax866n51",{"reviewCount":8},{"description":208,"installMethods":209,"name":210,"sourceUrl":198,"tags":211},"Practical Claude Code skill plugins for document format replication, video processing, and content creation",{},"Happy Claude Skills",[212,213,214,215,216,217,218,219,220,221,222,223,16],"ai","coding-assistant","developer-tools","document-processing","video-processing","content-creation","image-generation","video-generation","audio-generation","browser-automation","password-management","oss-prep",{"githubOwner":187,"githubRepo":188,"locale":25,"slug":188,"type":225},"marketplace",{"extract":227,"llm":233},{"commitSha":228,"license":229,"marketplace":230},"f49e7782a551759c9f9e0a4d4417ff053f0a86fd","MIT",{"name":188,"pluginCount":231,"version":232},12,"1.0.0",{"promptVersionExtension":167,"promptVersionScoring":168,"score":234,"targetMarket":173,"tier":235},78,"evaluated",{"repoId":237},"kd7dbbtdq95nkcs3k7fg9w6fdn864j0b",{"anyEnrichmentAt":239,"extractAt":240,"githubAt":239,"llmAt":185,"updatedAt":185},1778053199195,1778053197391,{"extract":242,"llm":243},{"commitSha":228,"license":229},{"promptVersionExtension":167,"promptVersionScoring":168,"score":244,"targetMarket":173,"tier":235},75,{"parentExtensionId":205,"repoId":237},{"anyEnrichmentAt":239,"extractAt":240,"githubAt":239,"llmAt":185,"updatedAt":185},{"extract":248,"llm":249},{"commitSha":228,"license":229},{"promptVersionExtension":167,"promptVersionScoring":168,"score":170,"targetMarket":173,"tier":174},{"parentExtensionId":194,"repoId":237},{"_creationTime":252,"_id":237,"identity":253,"providers":254,"workflow":265},1777995558409.8823,{"githubOwner":187,"githubRepo":188,"sourceUrl":198},{"discover":255,"github":258},{"sources":256},[257],"skills-sh",{"closedIssues90d":8,"forks":259,"license":229,"openIssues90d":260,"pushedAt":261,"readmeSize":262,"stars":263,"topics":264},28,1,1776647239000,9879,285,[],{"discoverAt":266,"extractAt":267,"githubAt":267,"updatedAt":267},1777995558409,1778053200076,{"anyEnrichmentAt":239,"extractAt":240,"githubAt":239,"llmAt":185,"updatedAt":185},[],[271,302,336,366],{"_creationTime":272,"_id":273,"community":274,"display":275,"identity":287,"providers":291,"relations":296,"workflow":298},1778053622473.6667,"k17c19n9kd9d0ay3552bzzqdex867rdp",{"reviewCount":8},{"description":276,"installMethods":277,"name":278,"sourceUrl":279,"tags":280},"Guide AI agents through TypeScript coding best practices including type safety, error handling, code organization, and architecture patterns. This skill should be used when generating TypeScript code, reviewing TypeScript files, creating new TypeScript modules, refactoring JavaScript to TypeScript, or when the user asks about TypeScript patterns, types, or coding standards. Keywords: typescript, types, coding standards, best practices, type safety, generics, architecture, refactoring.",{},"TypeScript Best Practices","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/development/tooling/typescript-best-practices",[281,282,283,284,18,285,286],"typescript","coding-standards","best-practices","code-generation","refactoring","development-tooling",{"githubOwner":288,"githubRepo":289,"locale":25,"slug":290,"type":190},"jwynia","agent-skills","typescript-best-practices",{"extract":292,"llm":294},{"commitSha":293,"license":229},"e02ec7e226a6e4f8419fd3b88a1d8e472d421b32",{"promptVersionExtension":167,"promptVersionScoring":168,"score":295,"targetMarket":173,"tier":174},96,{"repoId":297},"kd7efn3mprpa8rd8vm5hw5ebzx864fph",{"anyEnrichmentAt":299,"extractAt":300,"githubAt":299,"llmAt":301,"updatedAt":301},1778053625386,1778053622473,1778054012696,{"_creationTime":303,"_id":304,"community":305,"display":306,"identity":320,"providers":324,"relations":330,"workflow":332},1778053148350.4216,"k17f7jthqesn8s51p6k5mnv1ys867knv",{"reviewCount":8},{"description":307,"installMethods":308,"name":309,"sourceUrl":310,"tags":311},"Create and trigger Apple Shortcuts for iOS/macOS automation and cross-platform workflows",{},"Apple Shortcuts Integration","https://github.com/claude-office-skills/skills/tree/HEAD/apple-shortcuts",[312,313,314,15,315,316,317,318,319],"apple","shortcuts","ios","automation","reminders","notes","calendar","mcp",{"githubOwner":321,"githubRepo":322,"locale":25,"slug":323,"type":190},"claude-office-skills","skills","apple-shortcuts-integration",{"extract":325,"llm":328},{"commitSha":326,"license":327},"9c4c7d5cd2813a8936bf2c9fdb174ea883b85a11","MIT-0",{"promptVersionExtension":167,"promptVersionScoring":168,"score":329,"targetMarket":173,"tier":174},95,{"repoId":331},"kd7fw7xbj58qc2z8whrrjptbed8659db",{"anyEnrichmentAt":333,"extractAt":334,"githubAt":333,"llmAt":335,"updatedAt":335},1778053151766,1778053148350,1778053561145,{"_creationTime":337,"_id":338,"community":339,"display":340,"identity":351,"providers":355,"relations":360,"workflow":362},1778053359436.7273,"k17atq5e7xjq7r2h28whqw6wc1866agk",{"reviewCount":8},{"description":341,"installMethods":342,"name":343,"sourceUrl":344,"tags":345},"This skill should be used when the user wants to \"set up tracing\", \"monitor my ADK agent\", \"configure logging\", \"add observability\", \"debug production traffic\", or needs guidance on monitoring deployed ADK (Agent Development Kit) agents. Covers Cloud Trace, prompt-response logging, BigQuery Agent Analytics, third-party integrations (AgentOps, Phoenix, MLflow, etc.), and troubleshooting. Part of the Google ADK (Agent Development Kit) skills suite. Do NOT use for deployment setup (use google-agents-cli-deploy) or API code patterns (use google-agents-cli-adk-code).",{},"ADK Observability Guide","https://github.com/google/agents-cli/tree/HEAD/skills/google-agents-cli-observability",[346,347,348,349,350,17],"observability","logging","tracing","adk","google-cloud",{"githubOwner":352,"githubRepo":353,"locale":25,"slug":354,"type":190},"google","agents-cli","google-agents-cli-observability",{"extract":356,"llm":359},{"commitSha":357,"license":358},"9e2966f509ae8ee8a866cf7ecc6e227209f347ff","Apache-2.0",{"promptVersionExtension":167,"promptVersionScoring":168,"score":329,"targetMarket":173,"tier":174},{"repoId":361},"kd74jrvbwp33xw6azpzkw7r7vs8644t0",{"anyEnrichmentAt":363,"extractAt":364,"githubAt":363,"llmAt":365,"updatedAt":365},1778053359868,1778053359436,1778053387143,{"_creationTime":367,"_id":368,"community":369,"display":370,"identity":382,"providers":386,"relations":394,"workflow":396},1777995614337.987,"k17etr6mbwr8zrp7z29nqmmw1d865qw5",{"reviewCount":8},{"description":371,"installMethods":372,"name":373,"sourceUrl":374,"tags":375},"Tandem TUI binary distribution",{},"Tandem TUI","https://github.com/frumu-ai/tandem/tree/HEAD/packages/tandem-tui",[376,377,378,379,15,380,381],"tui","binary","distribution","cli","linux","windows",{"githubOwner":383,"githubRepo":384,"locale":25,"slug":385,"type":190},"frumu-ai","tandem","frumu-tandem-tui",{"extract":387,"llm":390,"smithery":393},{"commitSha":388,"license":389},"25c8ae7c2f8b20d576a2b8d44946ac2e0ff9408d","MIT OR Apache-2.0",{"promptVersionExtension":167,"promptVersionScoring":168,"score":391,"targetMarket":173,"tier":392},88,"flagged",{"qualityScore":8,"totalActivations":8,"uniqueUsers":8,"useCount":8,"verified":182},{"repoId":395},"kd72pd305er4m7vecv9p6mnd4s865kea",{"anyEnrichmentAt":397,"extractAt":398,"githubAt":399,"llmAt":400,"smitheryAt":397,"updatedAt":400},1777995723550,1777995614338,1777995614791,1777995897177]