The library
Everything we index — ranked by what works, never by stars.
forSalesMarketingHRFinanceLegalOpsProductEngineeringDataProductivitySupportsetup≤ plug & play≤ + a key≤ multi-tool
● works · ● untested / no effect · ● hurts — every rank is measured against a no-skill baseline
untested★20→untested★2,144→untested★43→untested★69→untested★6→untested★13→untested★13→untested★2,144→untested★13→untested★1→untested★13→untested★1→untested★13→untested★1→untested★13→untested★0→untested★10→untested★13→untested★0→untested★13→untested★2,144→untested★20→untested★1→untested★2,144→untested★1→untested★2,144→untested★9→untested★1→untested★2,144→untested★18→untested★0→untested★2,144→untested★15→untested★2,144→untested★142→untested★45→untested★2,144→untested★22→untested★2,144→untested★7→untested★2,144→untested★2,144→untested★7→untested★2,144→untested★2,144→untested★44→untested★2,144→untested★19→untested★12→untested★0→
Generate technical diagrams and visualizationsskillProductEngineeringL2
tesserax · Automating workflows for tesserax without manual intervention.
Identify security bugs in code reviewskillEngineeringL1
offensive-bug-identification · Developing and validating exploits for vulnerable software in controlled lab environments.
Build AWS Lambda functions with best practicesskillEngineeringL2
powertools-aws · When writing Lambda functions that need structured logging, distributed tracing, and metrics in production.
Measure test coverage against requirementsskillEngineeringL2
ac-coverage · When you need to verify that acceptance criteria are actually tested before release.
Remote control Compose Desktop UI interactionsskillEngineeringL2
compose-ui-control · When you need to test Compose Desktop UI automatically via HTTP without native frameworks.
Auto-validate and commit code changesskillEngineeringL2
commit · When you need to commit code with automatic service detection and cross-service validation.
Create production hotfix with backmergeskillEngineeringL2
hotfix · When you need a safe prod hotfix with guaranteed backmerge to test and main.
Reference offensive vulnerability classesskillEngineeringL1
offensive-vuln-classes · When learning memory corruption exploit techniques with real CVE case studies.
Run validation lint and testsskillEngineeringL2
validate · When you need to quickly check if all affected services pass their lint/format/test rules.
Generate production CRUD REST APIskillEngineeringL2
api-crud-generator · When you need a complete, tested REST API with auth and docs from a single prompt.
Create isolated git worktreeskillEngineeringL2
worktree · When you need isolated branches without stashing or checking out locally.
Generate production CRUD REST APIskillEngineeringL2
api-crud-generator · When you need a complete, tested REST API with auth and docs from a single prompt.
Auto-fix lint and format issuesskillEngineeringL1
fix-lint · When you have lint errors and want automatic fixes before manual intervention.
Gate multi-step output with quality pipelineskillEngineeringL2
micro-pipeline · When building any multi-step output (docs, code, reports) and you need quality gates.
Create properly formatted pull requestskillEngineeringL2
create-pr · When you need to create a PR with automatic base branch detection.
Assess code against Claude Code patternsskillEngineeringL1
what-would-cc-do · When unsure what Claude Code skill to invoke next.
Optimize App Store listing metadataskillMarketingL1
aso-appstore-listing-skill · When optimizing app listings for higher search ranking and conversion.
Review PR in isolated worktreeskillEngineeringL2
review-pr · When you need multi-angle code review (correctness, efficiency, style) with inline comments.
Search academic literature and papersskillDataL2
openalex · When you need comprehensive academic metadata with proper citation tracking beyond simple Google Scholar.
Automate hotfix backmerge flowskillEngineeringL2
backmerge · When releasing a hotfix and need to synchronize prod-test-main in proper order.
Reference Windows security mitigationsskillEngineeringL1
offensive-windows-mitigations · When auditing Windows binary defenses or preparing Week 8 exploit bypass techniques.
Validate types with Zod schemasskillEngineeringL1
zod · When needing runtime type checking tied to static types in form data or API payloads.
Call Codex runtime from Claude CodeskillEngineeringL2
codex-cli-runtime · When delegating complex code repairs to Codex from within Claude Code subagents.
Run offensive OSINT methodologyskillOpsEngineeringL2
offensive-osint-methodology · When teaching or systematizing OSINT workflows to avoid ad-hoc recon drift.
Handle Codex output for end usersskillEngineeringL1
codex-result-handling · When consuming Codex outputs in automated Claude Code workflows.
Execute comprehensive OSINT reconnaissanceskillOpsEngineeringL2
offensive-osint · When starting reconnaissance on a target with only name or domain known.
Generate Postman API collection from RailsskillEngineeringL2
SKILL · When onboarding a new skill into a framework or verifying structure.
Compose prompts for Codex and GPT-5.4skillEngineeringL1
gpt-5-4-prompting · When crafting prompts for Codex subagents or other LLM-heavy workflows.
Run fast security checksskillEngineeringOpsL1
offensive-fast-checking · When needing a quick vulnerability surface scan before in-depth testing.
When setting up skill-based agents in a framework or CI environment.skillL1
SKILL · When setting up skill-based agents in a framework or CI environment.
Map codebase architecture for securityskillEngineeringOpsL2
sast-analysis · When auditing source code in CI/CD or pre-release security review.
Write penetration test reportsskillOpsEngineeringL2
offensive-reporting · When translating raw pentest data into boardroom-ready security reports.
Build and publish TypeScript packagesskillEngineeringL2
ts-library · When releasing TypeScript utility libraries to npm with strong type guarantees.
Test business logic for exploitsskillOpsEngineeringL2
offensive-business-logic · Finding high-value logic chains in fintech/marketplace apps where scanners miss compound flows
Grow Reddit community organicallyskillMarketingSalesL2
reddit-growth · Organic growth in niche communities where bot-detection is high and authenticity matters
Write tests before implementationskillEngineeringL1
cm-tdd · Catching regressions and hidden edge cases that manual testing cannot verify
Find deserialization vulnerabilitiesskillEngineeringOpsL2
offensive-deserialization · Achieving RCE on Java/.NET/PHP/Python apps that deserialize untrusted objects without allowlists
Quick emotional state snapshot without introspection when you need gut-check interpretationskillL1
limbic · Quick emotional state snapshot without introspection when you need gut-check interpretation
Test file upload securityskillEngineeringOpsL2
offensive-file-upload · Finding RCE or XSS through file upload when MIME validation or extension checks are sole defense
Manage Poke agents and session historyskillEngineeringL2
poke-agents-mcp · Headless orchestration of local agent runs without UI when scripting multi-agent workflows
Test GraphQL for security flawsskillEngineeringOpsL2
offensive-graphql · Bypassing GraphQL authorization when individual resolvers don't check permissions uniformly
Exploit insecure direct object referencesskillEngineeringL2
offensive-idor · Accessing other users' data when IDs are sequential or predictable and authorization is missing
Prevent App Store rejectionsskillProductL1
apple-app-review-skills · Reducing App Store submission failures by catching common violations before review
Find and exploit open redirectsskillEngineeringL2
offensive-open-redirect · Chaining open redirect with phishing or SSRF when URL parameters trust user input
Exploit HTTP parameter pollutionskillEngineeringL2
offensive-parameter-pollution · Bypassing security controls when backend and frontend parse parameters differently
Automate UK grocery shoppingskillOpsL2
uk-grocery-cli · Automating recurring grocery orders across multiple UK chains with price comparison before checkout
Exploit race condition bugsskillEngineeringL2
offensive-race-condition · Bug bounty race condition testing on registration, payments, and single-use tokens
Stage and commit code changesskillEngineeringL1
commit · Rapid multi-file commits with auto-generated messages matching repo conventions
Track Discord channel memoryskillOpsL2
discord-channel-memory · Maintaining agent memory across 3+ Discord channels without loading full history at session start
Generate consolidated security reportskillEngineeringL1
sast-report · Executive-facing security report consolidating 10+ vulnerability types into one prioritized list