{"id":51146329,"url":"https://github.com/jfrog/jfrog-skills","last_synced_at":"2026-06-26T03:01:29.089Z","repository":{"id":351809134,"uuid":"1209436519","full_name":"jfrog/jfrog-skills","owner":"jfrog","description":"AI agent skills for the JFrog Platform. Search and download artifacts, query CVEs and exposures, check curation and compliance, trace builds, and more. Install in your AI coding agent and interact with JFrog through natural language.","archived":false,"fork":false,"pushed_at":"2026-06-11T14:34:03.000Z","size":157,"stargazers_count":15,"open_issues_count":3,"forks_count":5,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-06-11T16:18:34.578Z","etag":null,"topics":["ai-agent","ai-skills","artifact-managment","artifactory","cli","devops","devsecops","jfrog","security","xray"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jfrog.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-13T12:31:28.000Z","updated_at":"2026-05-27T16:52:16.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/jfrog/jfrog-skills","commit_stats":null,"previous_names":["jfrog/jfrog-skills"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/jfrog/jfrog-skills","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fjfrog-skills","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fjfrog-skills/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fjfrog-skills/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fjfrog-skills/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jfrog","download_url":"https://codeload.github.com/jfrog/jfrog-skills/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fjfrog-skills/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34801014,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-26T02:00:06.560Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agent","ai-skills","artifact-managment","artifactory","cli","devops","devsecops","jfrog","security","xray"],"created_at":"2026-06-26T03:01:28.288Z","updated_at":"2026-06-26T03:01:29.075Z","avatar_url":"https://github.com/jfrog.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# JFrog Skills\n\n\u003e **Beta Notice:** This software is in beta and licensed under the [Apache License 2.0](LICENSE). For clarity: This software is provided \"as-is\" without warranty of any kind. Behavior, APIs, conventions, and structure may change without notice between releases. JFrog makes no guarantees of backward compatibility during the 0.x release cycle. Use in production environments is at your own risk.\n\nThis repository ships AI agent skills for the JFrog Platform: \n\n- **`jfrog`** (required): The base skill covering CLI setup, artifact operations, security queries, AQL, and GraphQL. All other skills depend on it.\n- **`jfrog-package-safety-and-download`**: A workflow skill for package safety checks and curation-aware downloads. Requires `jfrog`.\n- **`jfrog-ai-catalog-skills`**: A workflow skill to discover, install, update, and publish agent skills in the JFrog AI Catalog. Requires `jfrog`.\n\nInstall them in your AI coding agent and interact with JFrog through natural language. The `jfrog` skill must always be installed — workflow skills build on top of it.\n\n## Requirements\n\n- [`jf` CLI](https://jfrog.com/getcli/) **≥ 2.100.0** (required for `jf api`), `curl`, and `jq` on PATH\n- A configured JFrog instance (`jf config add`)\n\n## Installation\n\nFrom remote repository:\n\n```bash\nnpx skills add git@github.com:jfrog/jfrog-skills.git -g --skill jfrog --skill jfrog-package-safety-and-download --skill jfrog-ai-catalog-skills\n```\n\nFrom a local clone:\n\n```bash\nnpx skills add . -g --skill jfrog --skill jfrog-package-safety-and-download --skill jfrog-ai-catalog-skills\n```\n\nThe `-g` flag installs into the global scope (recommended). Drop it to install into the current project only. Run `npx skills --help` for more usage information.\n\n## Feedback\n\nThis project is in beta and your feedback directly shapes what comes next. If something doesn't work as expected, a prompt produces surprising results, or you have ideas for new capabilities, we want to hear about it.\n\n- **Open an issue** on this repository for bug reports, feature requests, or general feedback.\n- **Email us** at `skills.feedback@jfrog.com`.\n\n## What Can You Do With This?\n\n\u003c!-- markdownlint-disable MD028 --\u003e\n\n### Search and Download Artifacts\n\nDownload, search, version queries, metadata, evidence.\n\nTry asking:\n\n\u003e What's the latest version of *package-name*?\n\n\u003e Download *package-name* version *X.Y.Z* from *repo-name*\n\n\u003e What versions of *package-name* are available between *X* and *Y*?\n\n\u003e Find all artifacts matching *pattern* in *repo-name*\n\n\u003e Show me metadata for *artifact-name* in *repo-name*\n\n\u003e List all artifacts under groupId *group-id* in *repo-name*\n\n\u003e I have a file with SHA256 `abc123...`. Find it in Artifactory\n\n\u003e Find recently modified items under path *repo-name*/*path*\n\n\u003e Download the JAR, sources, and javadoc for guava 33.2.1-jre from libs-release-local\n\n\u003e List all tags for Docker image `myapp` in docker-local\n\n### Manage Security and Vulnerabilities\n\nCVE lookups, upgrade safety checks, security profiles, exposures (secrets, IaC, application security).\n\nTry asking:\n\n\u003e Does *package-name* version *X.Y.Z* have any known vulnerabilities?\n\n\u003e Is it safe to upgrade to *package-name* version *X.Y.Z*?\n\n\u003e Which of my artifacts are affected by *CVE-ID*?\n\n\u003e Give me a full security profile for *package-name* version *X.Y.Z*\n\n\u003e Show me exposure findings for *repo-name*. Any leaked secrets or IaC issues?\n\n\u003e What application security risks has Xray found in *build-name*?\n\n### Work with Compliance and Curation\n\nCuration status, license risks, audit events, violation tracking.\n\nTry asking:\n\n\u003e Is *package-name* version *X.Y.Z* approved?\n\n\u003e Any license risks for *package-name* version *X.Y.Z*?\n\n\u003e Show me curation audit events from the last 7 days\n\n\u003e Summarize curation activity this month: how many packages were blocked and why?\n\n### Examine Builds and Provenance\n\nBuild info, artifact-to-build tracing, checksum verification.\n\nTry asking:\n\n\u003e Show me the artifacts, dependencies, and VCS info for *build-name* build *N*\n\n\u003e Which build produced *artifact-name* in *repo-name*?\n\n\u003e Show me the last 5 builds of *build-name*\n\n\u003e What artifacts were produced by the last build of *build-name*?\n\n\u003e What changed between build *N* and build *M* of *build-name*?\n\n### Manage Storage and Cleanup\n\nStale artifacts, large files, download activity, property queries.\n\nTry asking:\n\n\u003e Find artifacts in *repo-name* not downloaded in the last 3 months, larger than 1MB\n\n\u003e What are the largest files in *repo-name*?\n\n\u003e Show me the top 20 most downloaded artifacts in *repo-name*\n\n\u003e Show me artifacts in *repo-name* that have never been downloaded\n\n\u003e Find all SNAPSHOT JARs in *repo-name* created more than 90 days ago\n\n\u003e Find all files in *repo-name* modified in the last 7 days\n\n\u003e Show me artifacts uploaded by *username* in the last 60 days\n\n\u003e Find all artifacts in *repo-name* with property *key*=*value*\n\n\u003e Find all JARs in *repo-name* larger than 50MB or created in the last 3 days\n\n\u003e Find all files in *repo-name* but exclude anything under *path*\n\n\u003e Show me everything Artifactory knows about *artifact-name* in *repo-name*\n\n\u003e I have SHA-256 `d919d904...`. Which repos and paths contain this artifact?\n\n### Administer your JFrog Platform\n\nCLI setup, multi-instance management, access tokens.\n\n### Discover and Install AI Catalog Skills\n\nBrowse, install, update, and publish agent skills hosted in the JFrog AI Catalog.\n\nTry asking:\n\n\u003e What skills are available in my JFrog AI Catalog project *project-name*?\n\n\u003e Install the *skill-name* skill from my JFrog AI Catalog project *project-name*\n\n\u003e What skills do I have installed from the JFrog AI Catalog?\n\n\u003e Show me the versions of *skill-name* in my JFrog AI Catalog project *project-name*\n\n\u003e Update the *skill-name* skill from the JFrog AI Catalog to the latest version\n\n\u003e Publish the skill at *path* to my JFrog AI Catalog project *project-name*\n\n### Execute Multi-Step Workflows\n\nThe skill also handles real-world scenarios that span multiple capabilities:\n\n\u003e I want to upgrade *package-name* to the latest safe version. Show me available versions, check for vulnerabilities and curation status, and download the best candidate.\n\n\u003e Which build produced *artifact-name* in *repo-name*? Show me build info, VCS commit, and verify the checksum.\n\n\u003e Which packages in *repo-name* have critical CVEs? Check curation status for the top 3 and whether they've been downloaded despite the vulnerability.\n\n\u003e Set up the JFrog CLI, show me available repositories, download *package-name* from *repo-name*, and check it for vulnerabilities.\n\n\u003e Analyze Docker image *image:tag* in *repo-name*: layers, size, and security findings\n\n\u003e Verify that `./lib/my-artifact.jar` hasn't been tampered with. Check it against Artifactory and show me its build provenance\n\n\u003e Search for all *package-name* packages across our repos. Show me metadata, curation status, and any CVEs.\n\n\u003c!-- markdownlint-enable MD028 --\u003e\n\n## How It Works\n\nWhen your agent receives a JFrog-related request, it reads the skill and matches the task to the appropriate reference files. It loads only the context needed for the current operation, typically 1-3 reference files, keeping the agent focused and efficient. All operations execute through the `jf` CLI or REST/GraphQL APIs.\n\nSee [ARCHITECTURE.md](ARCHITECTURE.md) for architecture details.\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for conventions, naming rules, and guidelines.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fjfrog-skills","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjfrog%2Fjfrog-skills","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fjfrog-skills/lists"}