The library
Everything we index — ranked by what works, never by stars.
forSalesMarketingHRFinanceLegalOpsProductEngineeringDataProductivitySupportsetup≤ plug & play≤ + a key≤ multi-tool
● works · ● untested / no effect · ● hurts — every rank is measured against a no-skill baseline
untested★1→untested★97→untested★13→untested★1→untested★13→untested★1→untested★13→untested★0→untested★2,144→untested★10→untested★13→untested★0→untested★13→untested★2,144→untested★10→untested★2,144→untested★181→untested★2,144→untested★20→untested★1→untested★2,144→untested★9→untested★1→untested★2,144→untested★9→untested★1→untested★2,144→untested★18→untested★0→untested★2,144→untested★15→untested★0→untested★2,144→untested★142→untested★45→untested★0→untested★2,144→untested★22→untested★0→untested★2,144→untested★7→untested★0→untested★2,144→untested★0→untested★2,144→untested★7→untested★0→untested★2,144→untested★45→untested★0→
Generate production CRUD REST APIskillEngineeringL2
api-crud-generator · When you need a complete, tested REST API with auth and docs from a single prompt.
Query on-chain intelligence and transactionsskillDataL3
pinion-chain-intel · When you need lightweight on-chain queries at $0.01 per call via micropayments.
Create isolated git worktreeskillEngineeringL2
worktree · When you need isolated branches without stashing or checking out locally.
Generate production CRUD REST APIskillEngineeringL2
api-crud-generator · When you need a complete, tested REST API with auth and docs from a single prompt.
Auto-fix lint and format issuesskillEngineeringL1
fix-lint · When you have lint errors and want automatic fixes before manual intervention.
Gate multi-step output with quality pipelineskillEngineeringL2
micro-pipeline · When building any multi-step output (docs, code, reports) and you need quality gates.
Create properly formatted pull requestskillEngineeringL2
create-pr · When you need to create a PR with automatic base branch detection.
Assess code against Claude Code patternsskillEngineeringL1
what-would-cc-do · When unsure what Claude Code skill to invoke next.
Develop offensive shellcode for securityskillEngineeringL3
offensive-shellcode · When you need robust, testable shellcode with immediate verification.
Optimize App Store listing metadataskillMarketingL1
aso-appstore-listing-skill · When optimizing app listings for higher search ranking and conversion.
Review PR in isolated worktreeskillEngineeringL2
review-pr · When you need multi-angle code review (correctness, efficiency, style) with inline comments.
Search academic literature and papersskillDataL2
openalex · When you need comprehensive academic metadata with proper citation tracking beyond simple Google Scholar.
Automate hotfix backmerge flowskillEngineeringL2
backmerge · When releasing a hotfix and need to synchronize prod-test-main in proper order.
Reference Windows security mitigationsskillEngineeringL1
offensive-windows-mitigations · When auditing Windows binary defenses or preparing Week 8 exploit bypass techniques.
Digest arXiv announcements into ZoteroskillDataL3
arxiv-digest · When tracking robotics research trends daily with automated Zotero library sync.
Test IoT and embedded device securityskillEngineeringL3
offensive-iot · When assessing smart-home or ICS device security via hardware and firmware analysis.
Write publish-ready articles from GEOskillMarketingL3
content-writer · When deriving SEO article topics from real GEO data rather than guessed keywords.
Penetrate Android and iOS applicationsskillEngineeringL3
offensive-mobile · When auditing mobile app security including deep-links WebView APIs and exported IPC.
Validate types with Zod schemasskillEngineeringL1
zod · When needing runtime type checking tied to static types in form data or API payloads.
Call Codex runtime from Claude CodeskillEngineeringL2
codex-cli-runtime · When delegating complex code repairs to Codex from within Claude Code subagents.
Run offensive OSINT methodologyskillOpsEngineeringL2
offensive-osint-methodology · When teaching or systematizing OSINT workflows to avoid ad-hoc recon drift.
Audit AI agent skills for safety and costskillEngineeringOpsL3
skill-eval · When vetting skills for inclusion in agent harnesses or production use.
Handle Codex output for end usersskillEngineeringL1
codex-result-handling · When consuming Codex outputs in automated Claude Code workflows.
Execute comprehensive OSINT reconnaissanceskillOpsEngineeringL2
offensive-osint · When starting reconnaissance on a target with only name or domain known.
Generate Postman API collection from RailsskillEngineeringL2
SKILL · When onboarding a new skill into a framework or verifying structure.
Compose prompts for Codex and GPT-5.4skillEngineeringL1
gpt-5-4-prompting · When crafting prompts for Codex subagents or other LLM-heavy workflows.
Run fast security checksskillEngineeringOpsL1
offensive-fast-checking · When needing a quick vulnerability surface scan before in-depth testing.
When setting up skill-based agents in a framework or CI environment.skillL1
SKILL · When setting up skill-based agents in a framework or CI environment.
Map codebase architecture for securityskillEngineeringOpsL2
sast-analysis · When auditing source code in CI/CD or pre-release security review.
Write penetration test reportsskillOpsEngineeringL2
offensive-reporting · When translating raw pentest data into boardroom-ready security reports.
Build and publish TypeScript packagesskillEngineeringL2
ts-library · When releasing TypeScript utility libraries to npm with strong type guarantees.
Find business logic vulnerabilitiesskillEngineeringOpsL3
sast-businesslogic · Finding exploitable gaps in payment, workflow, and authorization logic that scanners miss
Test business logic for exploitsskillOpsEngineeringL2
offensive-business-logic · Finding high-value logic chains in fintech/marketplace apps where scanners miss compound flows
Grow Reddit community organicallyskillMarketingSalesL2
reddit-growth · Organic growth in niche communities where bot-detection is high and authenticity matters
Write tests before implementationskillEngineeringL1
cm-tdd · Catching regressions and hidden edge cases that manual testing cannot verify
Detect file upload vulnerabilitiesskillEngineeringOpsL3
sast-fileupload · Finding RCE paths through file upload that extension blocklists and static analysis miss
Find deserialization vulnerabilitiesskillEngineeringOpsL2
offensive-deserialization · Achieving RCE on Java/.NET/PHP/Python apps that deserialize untrusted objects without allowlists
Quick emotional state snapshot without introspection when you need gut-check interpretationskillL1
limbic · Quick emotional state snapshot without introspection when you need gut-check interpretation
Detect GraphQL injection vulnerabilitiesskillEngineeringOpsL3
sast-graphql · Finding query string injection that reaches GraphQL parsers (not resolver SQL injection)
Test file upload securityskillEngineeringOpsL2
offensive-file-upload · Finding RCE or XSS through file upload when MIME validation or extension checks are sole defense
Manage Poke agents and session historyskillEngineeringL2
poke-agents-mcp · Headless orchestration of local agent runs without UI when scripting multi-agent workflows
Find hardcoded secrets in codeskillEngineeringOpsL3
sast-hardcodedsecrets · Finding exposed API keys, credentials, and tokens that code review and linters miss
Test GraphQL for security flawsskillEngineeringOpsL2
offensive-graphql · Bypassing GraphQL authorization when individual resolvers don't check permissions uniformly
Detect IDOR vulnerabilitiesskillEngineeringOpsL3
sast-idor · Finding authorization gaps where IDs are trusted directly without ownership verification
Exploit insecure direct object referencesskillEngineeringL2
offensive-idor · Accessing other users' data when IDs are sequential or predictable and authorization is missing
Prevent App Store rejectionsskillProductL1
apple-app-review-skills · Reducing App Store submission failures by catching common violations before review
Detect insecure JWT implementationsskillEngineeringL3
sast-jwt · Finding JWT signature bypass, algorithm confusion, and key exposure in token handling
Find and exploit open redirectsskillEngineeringL2
offensive-open-redirect · Chaining open redirect with phishing or SSRF when URL parameters trust user input
Execute code from idea to productionskillEngineeringL3
cm-start · Setting up codymaster scaffolding for new projects without manual config
Detect missing authentication vulnerabilitiesskillEngineeringL3
sast-missingauth · Finding unprotected endpoints that forgot authentication decorators or checks