Skills
The open registry for AI agent skills — structured prompts and workflows with recommended models, example prompts, and compatible tools.
Skills
173
Categories
9
Compatible tools
5
Contributors
1
Showing 43–63 of 100 skills
Turns merged pull requests, commits, and issue references into clear, audience-appropriate release notes. Groups changes into features, fixes, and breaking changes, translates technical detail into user-facing value, and produces both a concise highlights section and a complete changelog.
Builds cross-browser extensions on Manifest V3 with background service workers, content scripts, popup and options UIs, and message passing. Covers permissions scoping, storage sync, context menus, and store submission requirements for Chrome, Edge, and Firefox. Emphasizes least-privilege permissions and secure content-script isolation.
Generates and validates Software Bills of Materials in CycloneDX or SPDX formats. Covers dependency inventory, transitive resolution, license and vulnerability annotation, VEX statements, container image SBOMs, and CI integration for supply-chain compliance. Helps teams meet regulatory requirements and track what is actually shipped.
Builds robust webhook producers and consumers. Covers signature verification, idempotency keys, retry with exponential backoff, dead-letter handling, event ordering, and replay endpoints, and generates handler code plus tests so integrations survive duplicates and outages.
Modernizes legacy codebases incrementally and safely. Establishes characterization tests to lock in current behavior, then applies the strangler-fig pattern, dependency updates, and idiomatic refactors in small verifiable steps, producing a migration plan that avoids big-bang rewrites.
Defines data contracts between producers and consumers to prevent breaking changes in pipelines. Covers schema definitions, semantic types, freshness and quality SLAs, ownership, versioning, and backward/forward compatibility rules. Generates contract specs (e.g., ODCS-style) and CI checks that fail builds when a producer violates the contract.
Scans code, configuration, and git history for leaked credentials such as API keys, tokens, private keys, and connection strings. Classifies findings by severity and false-positive likelihood, and provides safe remediation steps including rotation, history scrubbing, and pre-commit prevention.
Generates property-based tests that assert invariants across randomly generated inputs using frameworks like Hypothesis, fast-check, or jqwik. Identifies properties (round-trip, idempotence, invariants, oracle comparison), defines generators and shrinking, and sets up stateful testing for complex APIs. Surfaces edge cases that example-based tests miss.
Writes end-to-end UI tests with Playwright or Cypress that mirror real user journeys. Covers resilient selectors (roles/test-ids), network stubbing, auth setup, fixtures, waiting strategies that avoid flakiness, visual and accessibility assertions, and CI integration. Produces maintainable specs and a page-object structure.
Helps researchers and nonprofits draft compelling grant proposals. Structures the significance, aims, methodology, timeline, and budget justification to match a funder's priorities and review criteria, tightens the narrative, and flags gaps a reviewer would penalize before submission.
Diagnoses and fixes flaky tests by analyzing test code and CI failure history for common sources of nondeterminism such as time and timezone dependence, order dependence, shared mutable state, race conditions, and unmocked network calls. Proposes targeted fixes and quarantine strategies to keep the suite trustworthy.
Helps design and implement features for machine learning models from raw tabular, time-series, or text data. Suggests transformations, encodings, aggregations, and leakage-safe splits, explains the rationale, and generates reproducible feature pipeline code with validation.
Adds production-grade observability to a codebase by instrumenting it with structured logs, metrics, and distributed traces. Recommends span boundaries, cardinality-safe labels, and OpenTelemetry conventions, then generates the wiring code and dashboards needed to make a service debuggable in production.
Analyzes LLM usage and reduces inference cost without sacrificing quality. Covers prompt compression, context trimming, caching (prompt and semantic), model routing by task difficulty, batching, structured output to cut retries, and token accounting. Produces a concrete plan with estimated savings and quality guardrails.
Configures HTTP security headers to harden web applications. Covers Content-Security-Policy (including nonces and strict-dynamic), HSTS, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP, and cookie flags. Produces server/CDN configuration, explains tradeoffs, and provides a rollout plan using report-only mode to avoid breakage.
Sets up and interprets mutation testing to measure real test-suite effectiveness beyond line coverage. Configures tools like Stryker, PIT, or mutmut, explains surviving mutants, recommends targeted tests to kill them, and tunes performance for CI. Helps teams find tests that assert nothing and coverage that lies.
Drafts clear product requirements documents from rough ideas or stakeholder notes. Structures the problem statement, goals and non-goals, user stories, acceptance criteria, success metrics, and open questions, and surfaces ambiguities and edge cases that need decisions before engineering starts.
Reviews cloud IAM policies for least-privilege violations, overly broad wildcards, privilege escalation paths, and risky trust relationships across AWS, GCP, and Azure. Explains the risk of each finding and rewrites policies to grant only the permissions actually needed.
Designs evaluation harnesses for LLM applications, covering dataset construction, task-specific metrics, LLM-as-judge rubrics with bias controls, and regression gates. Helps teams measure quality, catch regressions across model or prompt changes, and report results with confidence intervals rather than vibes.
Curates high-quality datasets for supervised fine-tuning (SFT) and preference optimization (DPO/RLHF). Covers deduplication, quality filtering, formatting into chat/instruction templates, train/validation splits, label balancing, contamination checks against eval sets, and PII scrubbing. Produces clean, well-documented datasets ready for training.
Turns strategy into well-formed Objectives and Key Results. Coaches on ambitious yet measurable objectives, outcome-based (not output-based) key results, leading vs lagging indicators, alignment across teams, and quarterly cadence with check-ins and scoring. Flags common anti-patterns like task lists disguised as OKRs.
Skills vs MCP servers
what's the difference?Skillsthe “what to do”
A skillA reusable, structured prompt/workflow with recommended models, an example prompt, and compatible tools. packages know-how — instructions, an example promptA ready-to-use prompt template that demonstrates how to invoke the skill., and recommended models — so an agent performs a task consistently. Skills add knowledge, not new connections.
MCP serversthe “how to connect”
An MCP serverModel Context Protocol server — a standard way to expose tools, resources, and prompts to AI agents and IDEs. gives an agent new capabilities by connecting it to real systems (databases, APIs, files) over a transportHow the client talks to the server: stdio (local process), SSE, or HTTP streaming.. MCP adds connections and actions, not task instructions.
Rule of thumb: reach for a skill when you need the model to do a task well, and an MCP server when you need it to reach a tool or system. They compose — a skill can rely on tools an MCP server provides.
Built a useful skill?
Submit a SKILL.md — it's open source and community-maintained.