The library
Everything we index — ranked by what works, never by stars.
forSalesMarketingHRFinanceLegalOpsProductEngineeringDataProductivitySupportsetup≤ plug & play≤ + a key≤ multi-tool
● works · ● untested / no effect · ● hurts — every rank is measured against a no-skill baseline
untested★2,144→untested★14→untested★20→untested★2,144→untested★43→untested★69→untested★6→untested★13→untested★2,144→untested★13→untested★2,144→untested★41→untested★13→untested★1→untested★97→untested★13→untested★1→untested★13→untested★1→untested★13→untested★0→untested★2,144→untested★10→untested★13→untested★0→untested★13→untested★2,144→untested★10→untested★2,144→untested★181→untested★2,144→untested★20→untested★1→untested★2,144→untested★9→untested★1→untested★2,144→untested★9→untested★1→untested★2,144→untested★18→untested★0→untested★2,144→untested★15→untested★0→untested★2,144→untested★142→untested★45→untested★0→untested★2,144→
Exploit race conditions across system layersskillEngineeringL2
offensive-toctou · Developing and validating exploits for vulnerable software in controlled lab environments.
Instrument code for reliable metrics collectionskillEngineeringDataL2
sentry-instrumentation · Automating workflows for sentry instrumentation without manual intervention.
Generate technical diagrams and visualizationsskillProductEngineeringL2
tesserax · Automating workflows for tesserax without manual intervention.
Identify security bugs in code reviewskillEngineeringL1
offensive-bug-identification · Developing and validating exploits for vulnerable software in controlled lab environments.
Build AWS Lambda functions with best practicesskillEngineeringL2
powertools-aws · When writing Lambda functions that need structured logging, distributed tracing, and metrics in production.
Measure test coverage against requirementsskillEngineeringL2
ac-coverage · When you need to verify that acceptance criteria are actually tested before release.
Remote control Compose Desktop UI interactionsskillEngineeringL2
compose-ui-control · When you need to test Compose Desktop UI automatically via HTTP without native frameworks.
Auto-validate and commit code changesskillEngineeringL2
commit · When you need to commit code with automatic service detection and cross-service validation.
Run offensive fuzzing campaignsskillEngineeringL3
offensive-fuzzing · When you need a methodical approach to finding memory vulnerabilities in any target.
Create production hotfix with backmergeskillEngineeringL2
hotfix · When you need a safe prod hotfix with guaranteed backmerge to test and main.
Reference offensive vulnerability classesskillEngineeringL1
offensive-vuln-classes · When learning memory corruption exploit techniques with real CVE case studies.
End-to-end QA test Agent2 agentsskillEngineeringL3
agent-qa · When you need to validate agent behavior and confidence across multiple test cases.
Run validation lint and testsskillEngineeringL2
validate · When you need to quickly check if all affected services pass their lint/format/test rules.
Generate production CRUD REST APIskillEngineeringL2
api-crud-generator · When you need a complete, tested REST API with auth and docs from a single prompt.
Query on-chain intelligence and transactionsskillDataL3
pinion-chain-intel · When you need lightweight on-chain queries at $0.01 per call via micropayments.
Create isolated git worktreeskillEngineeringL2
worktree · When you need isolated branches without stashing or checking out locally.
Generate production CRUD REST APIskillEngineeringL2
api-crud-generator · When you need a complete, tested REST API with auth and docs from a single prompt.
Auto-fix lint and format issuesskillEngineeringL1
fix-lint · When you have lint errors and want automatic fixes before manual intervention.
Gate multi-step output with quality pipelineskillEngineeringL2
micro-pipeline · When building any multi-step output (docs, code, reports) and you need quality gates.
Create properly formatted pull requestskillEngineeringL2
create-pr · When you need to create a PR with automatic base branch detection.
Assess code against Claude Code patternsskillEngineeringL1
what-would-cc-do · When unsure what Claude Code skill to invoke next.
Develop offensive shellcode for securityskillEngineeringL3
offensive-shellcode · When you need robust, testable shellcode with immediate verification.
Optimize App Store listing metadataskillMarketingL1
aso-appstore-listing-skill · When optimizing app listings for higher search ranking and conversion.
Review PR in isolated worktreeskillEngineeringL2
review-pr · When you need multi-angle code review (correctness, efficiency, style) with inline comments.
Search academic literature and papersskillDataL2
openalex · When you need comprehensive academic metadata with proper citation tracking beyond simple Google Scholar.
Automate hotfix backmerge flowskillEngineeringL2
backmerge · When releasing a hotfix and need to synchronize prod-test-main in proper order.
Reference Windows security mitigationsskillEngineeringL1
offensive-windows-mitigations · When auditing Windows binary defenses or preparing Week 8 exploit bypass techniques.
Digest arXiv announcements into ZoteroskillDataL3
arxiv-digest · When tracking robotics research trends daily with automated Zotero library sync.
Test IoT and embedded device securityskillEngineeringL3
offensive-iot · When assessing smart-home or ICS device security via hardware and firmware analysis.
Write publish-ready articles from GEOskillMarketingL3
content-writer · When deriving SEO article topics from real GEO data rather than guessed keywords.
Penetrate Android and iOS applicationsskillEngineeringL3
offensive-mobile · When auditing mobile app security including deep-links WebView APIs and exported IPC.
Validate types with Zod schemasskillEngineeringL1
zod · When needing runtime type checking tied to static types in form data or API payloads.
Call Codex runtime from Claude CodeskillEngineeringL2
codex-cli-runtime · When delegating complex code repairs to Codex from within Claude Code subagents.
Run offensive OSINT methodologyskillOpsEngineeringL2
offensive-osint-methodology · When teaching or systematizing OSINT workflows to avoid ad-hoc recon drift.
Audit AI agent skills for safety and costskillEngineeringOpsL3
skill-eval · When vetting skills for inclusion in agent harnesses or production use.
Handle Codex output for end usersskillEngineeringL1
codex-result-handling · When consuming Codex outputs in automated Claude Code workflows.
Execute comprehensive OSINT reconnaissanceskillOpsEngineeringL2
offensive-osint · When starting reconnaissance on a target with only name or domain known.
Generate Postman API collection from RailsskillEngineeringL2
SKILL · When onboarding a new skill into a framework or verifying structure.
Compose prompts for Codex and GPT-5.4skillEngineeringL1
gpt-5-4-prompting · When crafting prompts for Codex subagents or other LLM-heavy workflows.
Run fast security checksskillEngineeringOpsL1
offensive-fast-checking · When needing a quick vulnerability surface scan before in-depth testing.
When setting up skill-based agents in a framework or CI environment.skillL1
SKILL · When setting up skill-based agents in a framework or CI environment.
Map codebase architecture for securityskillEngineeringOpsL2
sast-analysis · When auditing source code in CI/CD or pre-release security review.
Write penetration test reportsskillOpsEngineeringL2
offensive-reporting · When translating raw pentest data into boardroom-ready security reports.
Build and publish TypeScript packagesskillEngineeringL2
ts-library · When releasing TypeScript utility libraries to npm with strong type guarantees.
Find business logic vulnerabilitiesskillEngineeringOpsL3
sast-businesslogic · Finding exploitable gaps in payment, workflow, and authorization logic that scanners miss
Test business logic for exploitsskillOpsEngineeringL2
offensive-business-logic · Finding high-value logic chains in fintech/marketplace apps where scanners miss compound flows
Grow Reddit community organicallyskillMarketingSalesL2
reddit-growth · Organic growth in niche communities where bot-detection is high and authenticity matters
Write tests before implementationskillEngineeringL1
cm-tdd · Catching regressions and hidden edge cases that manual testing cannot verify
Detect file upload vulnerabilitiesskillEngineeringOpsL3
sast-fileupload · Finding RCE paths through file upload that extension blocklists and static analysis miss
Find deserialization vulnerabilitiesskillEngineeringOpsL2
offensive-deserialization · Achieving RCE on Java/.NET/PHP/Python apps that deserialize untrusted objects without allowlists