{"id":51379680,"url":"https://github.com/zcaceres/skills","last_synced_at":"2026-07-03T16:00:37.162Z","repository":{"id":363459706,"uuid":"1251865618","full_name":"zcaceres/skills","owner":"zcaceres","description":"AI Skills for software engineers and founders","archived":false,"fork":false,"pushed_at":"2026-07-03T14:06:35.000Z","size":1034,"stargazers_count":3,"open_issues_count":17,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-07-03T16:00:14.608Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zcaceres.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-05-28T01:29:29.000Z","updated_at":"2026-07-03T14:06:23.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/zcaceres/skills","commit_stats":null,"previous_names":["zcaceres/skills"],"tags_count":39,"template":false,"template_full_name":null,"purl":"pkg:github/zcaceres/skills","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zcaceres%2Fskills","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zcaceres%2Fskills/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zcaceres%2Fskills/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zcaceres%2Fskills/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zcaceres","download_url":"https://codeload.github.com/zcaceres/skills/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zcaceres%2Fskills/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35092184,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-03T02:00:05.635Z","response_time":110,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-07-03T16:00:16.414Z","updated_at":"2026-07-03T16:00:37.155Z","avatar_url":"https://github.com/zcaceres.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Zach's Awesome AI Skills\n\n[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/zcaceres/skills/badge)](https://scorecard.dev/viewer/?uri=github.com/zcaceres/skills)\n\nOpen-source AI agent skills focused on engineering and personal productivity.\n\nSkills conform to [skills.sh / Agent Skills standard](https://github.com/vercel-labs/skills)\nand are versioned/released independently.\n\n## Install\n\nSkills install via the [`skills` CLI](https://github.com/vercel-labs/skills). The CLI auto-detects\nyour agent (Claude Code, Codex, Cursor, etc.) and drops files in the right place.\n\n```bash\n# Install every skill in this repo (project-local)\nnpx skills add zcaceres/skills\n\n# Install globally (~/.claude/skills/ for Claude Code)\nnpx skills add zcaceres/skills -g\n\n# Browse without installing\nnpx skills add zcaceres/skills --list\n```\n\nInstall one or more specific skills with `-s \u003cname\u003e`:\n\n```bash\nnpx skills add zcaceres/skills -s acid-trip\nnpx skills add zcaceres/skills -s audit-aws-costs\nnpx skills add zcaceres/skills -s audit-memories\nnpx skills add zcaceres/skills -s quality-chaos-monkey\nnpx skills add zcaceres/skills -s cleanup-computer\nnpx skills add zcaceres/skills -s clean-ai-slop\nnpx skills add zcaceres/skills -s quality-cli-agent-friendly-audit\nnpx skills add zcaceres/skills -s quality-dead-code-analyzer\nnpx skills add zcaceres/skills -s quality-perf-review\nnpx skills add zcaceres/skills -s copywriting\nnpx skills add zcaceres/skills -s decompose\nnpx skills add zcaceres/skills -s code-tour\nnpx skills add zcaceres/skills -s quality-docs-update\nnpx skills add zcaceres/skills -s find-docs\nnpx skills add zcaceres/skills -s gemini-deep-research\nnpx skills add zcaceres/skills -s gh-project\nnpx skills add zcaceres/skills -s investigate-repo\nnpx skills add zcaceres/skills -s laconic\nnpx skills add zcaceres/skills -s optimize-permissions\nnpx skills add zcaceres/skills -s optimize-skill-activation\nnpx skills add zcaceres/skills -s pr\nnpx skills add zcaceres/skills -s quality-project-health\nnpx skills add zcaceres/skills -s record-gif\nnpx skills add zcaceres/skills -s nano-banana-generator\nnpx skills add zcaceres/skills -s reflect-on-conversation\nnpx skills add zcaceres/skills -s review-code\nnpx skills add zcaceres/skills -s safety-dotenv-guard\nnpx skills add zcaceres/skills -s safety-git-reset-guard\nnpx skills add zcaceres/skills -s safety-op-creds\nnpx skills add zcaceres/skills -s safety-rm-rf-guard\nnpx skills add zcaceres/skills -s security-bumblebee\nnpx skills add zcaceres/skills -s security-gitleaks\nnpx skills add zcaceres/skills -s security-openssf\nnpx skills add zcaceres/skills -s security-scfw\nnpx skills add zcaceres/skills -s security-snyk\nnpx skills add zcaceres/skills -s security-socket\nnpx skills add zcaceres/skills -s storage-cleanup\nnpx skills add zcaceres/skills -s transcribe-youtube\nnpx skills add zcaceres/skills -s trip-planner\nnpx skills add zcaceres/skills -s zoom\n```\n\nAdd `-g` for global, or `-a \u003cagent\u003e` to target a specific agent (e.g. `-a claude-code`).\n\n**Hook skills.** `safety-dotenv-guard`, `safety-git-reset-guard`,\n`safety-op-creds`, `safety-rm-rf-guard`, and `pr` each ship a\n`scripts/install.sh` that idempotently wires\nthe hook into `~/.claude/settings.json` (with a timestamped backup).\nTwo-step install:\n\n```sh\nnpx skills add zcaceres/skills -s \u003chook-skill\u003e\n~/.claude/skills/\u003chook-skill\u003e/scripts/install.sh\n```\n\nWhy two steps: the `skills` CLI is a pure file copier and runs no\npublisher code on install. The SKILL.md frontmatter `hooks:` block only\nfires while the skill is active in context — not always-on. `install.sh`\ngets the hook onto every matching tool call. Requires `jq`. See each\nskill's `SKILL.md` for `--project` / `--target` flags and manual wiring\nas an alternative. The script self-locates, so the same command works\nwhether the skill was installed at user scope or project scope.\n\n## Install as a Claude Code plugin\n\nThe prefix-grouped skills are also bundled as [Claude Code plugins](https://code.claude.com/docs/en/plugins)\nin a marketplace, so a whole group installs at once and its skills are\nnamespaced under the group name:\n\n```shell\n/plugin marketplace add zcaceres/skills\n/plugin install security@zcaceres-skills   # then /security:openssf, /security:gitleaks, …\n/plugin install quality@zcaceres-skills    # /quality:chaos-monkey, /quality:perf-review, …\n```\n\nSame skills as `npx skills add`, grouped and namespaced. The plugin tree under\n`plugins/` and the catalog at `.claude-plugin/marketplace.json` are **generated**\nfrom `skills/` — see [Workflow](#workflow). The `safety-*` guards aren't bundled\nyet: their hooks run a compiled binary that a file-copy marketplace can't ship\n(see the deferral note in `scripts/build-plugins.ts`).\n\n## Skills\n\n| Skill | Description |\n|---|---|\n| `acid-trip` | Generate frontend designs from random rolls (Wikipedia × document type × aesthetic lineage). |\n| `audit-aws-costs` | **Slash command.** Read-only audit of an AWS account — sweeps CloudTrail for recent write activity, inventories idle-billing resources, breaks down Cost Explorer spend by service/region, and prints a decision-ready keep/shutdown report. Never modifies anything. |\n| `audit-memories` | Audit an agent's saved memories — inventory by type/age, flag stale/contradictory/redundant/orphaned ones (verified against the repo), then walk keep/update/merge/delete decisions. Curates, never bulk-deletes. |\n| `quality-chaos-monkey` | Trace code paths to find bugs, race conditions, and edge cases. |\n| `cleanup-computer` | Interactive file-by-file cleanup of Downloads/Desktop/Documents — delete, move, or keep. |\n| `clean-ai-slop` | Diff the current branch against `main` and strip AI-generated slop — superfluous comments, defensive `try/catch`, `any`-casts, style inconsistent with the file. |\n| `quality-cli-agent-friendly-audit` | Audit a CLI tool against the agent-friendliness checklist for agent ergonomics. |\n| `quality-dead-code-analyzer` | Find dead code, duplicates, and circular deps via knip/jscpd/madge (run on demand with npx/bunx). |\n| `quality-perf-review` | Analyze a full-stack web app for evidence-based performance bottlenecks, interactively. |\n| `copywriting` | Refine and edit text into clear, concise copy — Anglo-Saxon swaps, banned AI-tells, worked examples. |\n| `decompose` | Break stuck problems into tractable pieces using diagnostic lenses. |\n| `code-tour` | **Slash command.** Walk an unfamiliar codebase and write a concise `CODE_TOUR.md` onboarding guide — key components, a Mermaid diagram of how they connect, and the areas worth a closer look to understand it. |\n| `quality-docs-update` | Audit project docs against the codebase via parallel Explore agents, produce a per-file revision plan, and apply approved fixes. |\n| `find-docs` | Retrieve current docs, API references, and code examples for any library via the Context7 CLI. |\n| `gemini-deep-research` | Run Google Gemini Deep Research reports — submit a topic, background-poll, save the markdown report. Needs `GEMINI_API_KEY`. |\n| `gh-project` | **Slash command.** Manage the repo's GitHub Projects kanban board with one skill — `setup`, `next`, `new-task`, `update`, `review`, `decompose`, `delete` subcommands. |\n| `investigate-repo` | Audit an unfamiliar repository for malicious patterns and supply-chain risk. |\n| `laconic` | **Hook + slash command.** Answer in a spare, plain register — economical full sentences, not fragments. Toggle per project or per user with `/laconic on\\|off`, in `prose-only` or `prose+code` mode; a SessionStart hook injects it each session. Governs presentation, not reasoning. |\n| `optimize-permissions` | Scan recent transcripts for safe commands the user keeps approving, preview the proposals, and write them to the right agent config (Claude Code, Codex, Cursor). |\n| `optimize-skill-activation` | Right-size each installed skill's activation mode — slash-only, model-invocable, or eager-loaded — then rewrite its `SKILL.md` frontmatter. |\n| `pr` | **Hook + slash command.** Commit work and open PRs with `/pr`. Normal mode (default) commits your conversation changes, pushes, and opens a single PR against the trunk; stacked mode turns `/pr` into a stacked-PR workflow (`checkpoint`, `submit`, `sync`, bottom-up `merge`). Toggle with `/pr setup`. Also bundles the diff-size nudge hook. Runs under both Claude Code and Gemini CLI (`install.sh --agent gemini`). |\n| `quality-project-health` | **Slash command.** Assess the current repo and work tracker, then rate overall project health from 0-10. |\n| `record-gif` | Record animated GIFs of web page animations via Playwright frame capture + ffmpeg palette encoding. |\n| `nano-banana-generator` | Generate one-off graphic assets (logos, icons, illustrations, UI elements) via Google's Nano Banana / Gemini image generation. |\n| `reflect-on-conversation` | Structured retrospective on the current conversation — prompting, gaps, efficiency. |\n| `review-code` | **Slash command.** One skill for the full code-review pipeline: `/review-code` reviews the branch diff and reports findings (default), `repro` reproduces each finding to filter false positives, `fix` plans fixes, gates on approval, then applies and verifies, and `comments` processes the review comments a reviewer left on your PR. Supersedes `review-code-repro` and `review-code-fix`. |\n| `safety-dotenv-guard` | **Hook.** Blocks `Read`/`Bash`/`Grep`/`Glob` tool calls that touch `.env` files; allows `.env.example`-style templates. |\n| `safety-git-reset-guard` | **Hook.** Blocks destructive git commands (`reset --hard`, `push --force`, etc.); redirects to safer alternatives. |\n| `safety-op-creds` | **Hook + wrapper.** Use 1Password-stored credentials via `op` CLI + bash process substitution / `op run`; blocks bare `op read` and other secret-printing op subcommands. |\n| `safety-rm-rf-guard` | **Hook.** Blocks `rm`, `shred`, `unlink`, `find -delete`, and sudo/xargs/subshell variants. |\n| `security-bumblebee` | **Slash command.** Run Perplexity's bumblebee endpoint scanner for supply-chain exposure checks; `setup` baselines and schedules scans, `review` reads the latest and surfaces drift. |\n| `security-gitleaks` | **Slash command.** Set up gitleaks secret-scanning — scans history first, then scaffolds `.gitleaks.toml`, a pre-commit hook, and a pinned CI workflow. |\n| `security-openssf` | **Slash command.** Scaffold OpenSSF Scorecard CI on a public repo with a safe two-phase rollout; `fix` turns a report into a remediation plan. Public repos only. |\n| `security-scfw` | **Slash command.** Set up Datadog's Supply-Chain Firewall (scfw) to block known-malicious npm/PyPI/Poetry packages at install time; `setup` installs + aliases pip/npm/poetry through the firewall (plus an optional agent hook), `review` reads the local log and audits installed packages. |\n| `security-snyk` | **Slash command.** Walk through the Snyk GitHub App install (login → install → add project) and verify it landed; optionally scaffold a pinned `snyk code test` CI workflow. |\n| `security-socket` | **Slash command.** Walk through the Socket Security (socket.dev) GitHub App OAuth install and verify it landed; optionally scaffold a pinned CI status-check workflow. |\n| `storage-cleanup` | Find large files and directories that are safe to delete. |\n| `transcribe-youtube` | Download and transcribe a YouTube video to a markdown file via yt-dlp + Whisper. |\n| `trip-planner` | Generate a packing list from a destination weather forecast (wttr.in helper bundled). |\n| `zoom` | Shift abstraction level (`in` for internals, `out` for context). |\n\n## Layout\n\n```\nskills/\n├── skills/\u003cname\u003e/\n│   ├── SKILL.md            # required — manifest (YAML frontmatter) + body\n│   ├── scripts/            # executables the skill calls (optional)\n│   ├── references/         # docs the skill reads (optional)\n│   ├── assets/             # templates, samples (optional)\n│   ├── package.json        # monorepo plumbing: workspace, version, scripts\n│   └── README.md\n├── _template/              # scaffold copied by `bun run new`\n├── scripts/                # new-skill, build-skill, build-plugins, release-skill, check-skills, smoke-bundle\n├── plugins/\u003cgroup\u003e/        # GENERATED Claude Code plugins (bun run build:plugins)\n│   ├── .claude-plugin/plugin.json\n│   ├── skills/\u003cname\u003e/SKILL.md\n│   └── hooks/hooks.json    # only if a group's skills declare `hooks:`\n├── .claude-plugin/\n│   └── marketplace.json    # GENERATED catalog of the plugins above\n└── .changeset/             # per-skill versioning\n```\n\n## Workflow\n\n```bash\nbun install                                  # link workspaces\n\nbun run new my-skill \"One-line description\"  # scaffold from _template\nbun run check                                # validate all skills\nbun run build my-skill                       # build to skills/my-skill/dist/my-skill\nbun run build:plugins                        # regenerate plugins/ + marketplace.json from skills/\nbun run changeset                            # record a version bump\nbun run version                              # apply changesets to package.json\nbun run release my-skill                     # tag + GH release (CI mirrors)\n```\n\n`plugins/` and `.claude-plugin/marketplace.json` are generated **and committed**\n(a git-hosted marketplace must contain the plugin files). Edit skills under\n`skills/`, never the copies under `plugins/`; re-run `bun run build:plugins` and\ncommit — CI fails if they drift. Skills are grouped into plugins by name prefix\n(`security-*` → `security`, etc.); the generator strips the prefix, repoints\nscript/hook paths at `${CLAUDE_PLUGIN_ROOT}`, and lifts `hooks:` frontmatter into\nthe plugin's `hooks/hooks.json`. To keep skills.sh-only prose (e.g. an\n`install.sh` walkthrough) out of the plugin copy, wrap it in\n`\u003c!-- plugin:omit --\u003e…\u003c!-- /plugin:omit --\u003e` in the source `SKILL.md` — markdown\nignores the comments; the generator drops the region.\n\nRun once per clone to activate the gitleaks pre-commit hook (blocks commits\ncontaining secrets — requires `brew install gitleaks`):\n\n```bash\ngit config core.hooksPath .githooks\n```\n\n## Bundled tools\n\nSkills with binaries or external code put them in `scripts/` (per the\nspec). If they're fetched from elsewhere — a GitHub release, a build of a\nsibling repo — define a `fetch-tools` npm script in the skill's\n`package.json`; the build pipeline runs it before packaging. Fetched\nbinaries land in `scripts/bin/` and are gitignored.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzcaceres%2Fskills","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzcaceres%2Fskills","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzcaceres%2Fskills/lists"}