Skip to main content

About Getting Started

Verify Personas AI News Submit Get In Touch

Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub

Goose Amp Cursor Claude Code

Letta OpenCode Claude OpenAI Codex

Factory VS Code Gemini CLI GitHub

Goose Amp Cursor Claude Code

Letta OpenCode Claude OpenAI Codex

Get in touch

Let's build the future of AI skills together

We're building this out of love for the community and would really love your feedback, suggestions, and ideas. Whether you're a skill author, an enterprise team, or just curious — we want to hear from you.

Community-driven

Built by developers, for developers. Your feedback directly shapes the platform.

Security-first

Every skill passes a 4-layer security scan before it's published.

Open ecosystem

Contribute skills, report issues, or suggest new features on GitHub.

Stockholm, Sweden

Name

Email

Phone (optional)

Message

The marketplace for AI agent skills. Discover, download, and share.

Browse

All Skills
Blog
Publishers
Personas
Trending This Week
Security Scanning
Submit a Skill
Claude Code vs Cursor
Best Skills for Cursor
Python Skills
TypeScript Skills
Token Economics

Popular

Skills for Claude Code
Skills for Cursor
Skills for Codex CLI
Skills for Windsurf
Skills for Gemini CLI
Skills for Copilot
Skills for Product Managers
Skills for Superpower
Skills for Graphify

Top Skills

Anthropic Skills
OpenAI Skills
Cloudflare Skills
Vercel Skills
Hugging Face Skills
Most Installed

About

About Us
Docs
Getting Started
News
Blog
GitHub
Discord

© 2026 SkillsAuth. All rights reserved.

Terms of Service Privacy

Home/Skills/kissrosecicd-hub

kissrosecicd-hub

40 verified skills1,040 total stars

github.com/kissrosecicd-hub

avoid-ai-writing

Audit and rewrite content to remove AI writing patterns ("AI-isms"). Use this skill when asked to "remove AI-isms," "clean up AI writing," "edit writing for AI patterns," "audit writing for AI tells," or "make this sound less like AI." Supports a detection-only mode that flags patterns without rewriting.

codex-cli-permissions-and-session-resume

Use when the user asks how to check Codex access mode, continue the previous dialog instantly, use `codex resume`, or recover the latest session id from local Codex session files without rereading old chats.

critique

Evaluate design from a UX perspective, assessing visual hierarchy, information architecture, emotional resonance, cognitive load, and overall quality with quantitative scoring, persona-based testing, and actionable feedback. Use when the user asks to review, critique, evaluate, or give feedback on a design or component.

autofix-bot-api

Scan code for security vulnerabilities, leaked secrets, and dependency issues using the Autofix Bot API (api.autofix.bot), and auto-fix detected issues. Use this skill when asked to: (1) Scan or analyze a repository or code for security issues, secrets, or vulnerabilities using Autofix Bot, (2) Upload/sync a local git repository to Autofix Bot for analysis, (3) Run Autofix Bot on code changes, pull requests, or patches, (4) Apply auto-fixes from Autofix Bot analysis results. Requires an Autofix Bot API key (environment variable AUTOFIX_BOT_API_KEY).

explain-complex-code

Навык объяснять сложный код простым языком. Активируется только по запросу: объясни, разбери, что тут, как работает, eli5.

.agents/skills/external-resources-catalog

# External Resources Catalog Триггеры: "каталог скиллов", "где найти скилл", "MCP сервер", "найти MCP", "UI компоненты", "дизайн инспирация", "external resources", "источники", "найди готовый", "есть ли готовое" ## Контекст Когда нужна внешняя ресурса: скилл, MCP-сервер, UI-компонент. НЕ писать с нуля — сначала проверить каталоги. ## Алгоритм поиска ### Шаг 1: Определи что нужно | Нужно | Куда | |-------|------| | Скилл для AI CLI/агента | skills.sh → awesome-agent-skills → GitHub | | MCP-се

secrets-env-manager

Validates environment variables in CI, prevents secret leaks, enforces masking, and provides fail-fast validation with clear documentation. Use for "secrets management", "env var validation", "credential security", or "secret masking".

env-secrets-manager

Manages environment variables and secrets securely with encryption, rotation, and provider integration. Use when users request "secrets management", "environment variables", "API keys", "credentials storage", or "secret rotation".

secrets-scanner

Detects leaked API keys, tokens, passwords, and credentials in code with pre-commit hooks, CI checks, scanning rules, and remediation procedures. Use for "secret scanning", "credential detection", "API key leaks", or "secret management".

.agents/skills/project-bootstrap

# Project Bootstrap Триггеры: "новая директория", "новый проект", "начни работу", "создай AGENTS.md", "project bootstrap", "инициализируй проект", "новая папка проект", "подготовь проект", "настрой правила для проекта", "init project rules" ## Контекст ИИ начинает работу в новой директории (проект, папка, репозиторий). Нужно чтобы любой CLI/IDE загрузил правила из `~/AGENTS.md`. ## Алгоритм ### Шаг 1: Проверка 1. Есть ли `AGENTS.md`, `QWEN.md`, `CLAUDE.md`, `GEMINI.md`, `.cursorrules` в теку

git-workflow

Git workflow patterns - conventional commits, branch naming, PR templates, merge strategies. Use when: commit, PR, branch naming, git workflow, conventional commits, semantic versioning.

skill-file-structure

Паттерн организации файлов скилла: SKILL.md + подпапки для скриптов/ресурсов. Никогда не держать инлайн-код в SKILL.md — выносить в scripts/.

spec-mode

Use when the user asks to structure work as specifications, requirements, design docs, team task lists, or a `.spec/<slug>/TASK.md + Requirements.md + Design.md` workflow in Russian. Use this skill to scaffold and maintain spec packs with traceability between subtasks and requirements.

fp-check

Systematically verifies suspected security bugs to eliminate false positives. Produces TRUE POSITIVE or FALSE POSITIVE verdicts with documented evidence for each bug.

insecure-defaults

Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.

sharp-edges

Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes. Use when reviewing API designs, configuration schemas, cryptographic library ergonomics, or evaluating whether code follows 'secure by default' and 'pit of success' principles. Triggers: footgun, misuse-resistant, secure defaults, API usability, dangerous configuration.

semgrep

Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes — "run all" (full ruleset coverage) and "important only" (high-confidence security vulnerabilities). Automatically detects and uses Semgrep Pro for cross-file taint analysis when available. Use when asked to scan code for vulnerabilities, run a security audit with Semgrep, find bugs, or perform static analysis. Spawns parallel workers for multi-language codebases.

engineering-principles

Pragmatic coding principles: SOLID, KISS, DRY, YAGNI in balance. Use when writing code, refactoring, reviewing, or designing architecture. Prevents over-engineering while maintaining code quality. Триггеры: "напиши код", "рефактори", "code review", "архитектура", "engineering principles", "SOLID", "KISS", "DRY", "YAGNI", "design this", "how to structure", "разбей на модули", "спроектируй архитектуру", "создай проект", "структура проекта", "объясни архитектуру"

.agents/skills/git-secrets-precommit-scanner

# Git Secrets Pre-Commit Scanner Scans git diffs for exposed secrets using truffleHog entropy detection and custom regex patterns. Integrates with pre-commit hooks and GitHub push protection API for real-time blocking. | Field | Value | | ---------- | ----------------------------------------------- | | Identifier | `agentskillexchange-skills-git-secrets-precommit-scanner` | | Version | 1.0.1

.agents/skills/live-runner

--- name: live-runner description: Запуск скриптов, серверов, тестов, билдов на лету. Реалтайм-мониторинг, точечная остановка процессов, отладка по ходу выполнения. Триггеры: «запусти», «прогони», «проверь», «почини», «останови», «посмотри логи», «на ходу», «реалтайм», «realtime», «на лету», «мониторь», «отслеживай», «проверяй в процессе». --- # Live Runner — запуск и управление процессами на лету ## Контекст ИИ не ждёт. Запускает скрипты/серверы/тесты/билды сразу. Мониторит вывод в реальном

meta-agent-spawn

Мета-скилл решения о параллельном запуске субагентов: кого, когда и сколько. Trigger when: почини всё, полный аудит, провери весь проект, комплексный анализ, запусти тесты, параллельный запуск, spawn agents, orchestrator

outline-vpn-basic

KISS operations skill for Outline VPN on VPS (install, key lifecycle, status, limits).

secret-guard

Mandatory secret scanning before any git operation. MUST trigger automatically before git commit, git push, git add, PR creation, or any commit-related skill. Scans staged files for API keys, tokens, credentials, and other secrets to prevent accidental exposure in version control.

subagent-creator-universal

Создание кастомных субагентов для ЛЮБОГО AI CLI: Qwen Code, Codex, Claude Code, Factory Droid, Gemini CLI, OpenCode, GitHub Copilot CLI. Use when: создать агент, subagent, custom agent, сабагент, агент для CLI, кастомный субагент, agent for CLI, copilot agent

semgrep-rule-creator

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

supply-chain-risk-auditor

Identifies dependencies at heightened risk of exploitation or takeover. Use when assessing supply chain attack surface, evaluating dependency health, or scoping security engagements.

caveman

Ultra-compressed communication mode. Slash token usage ~75% by speaking like caveman while keeping full technical accuracy. Use when user says "caveman mode", "talk like caveman", "use caveman", "less tokens", "be brief", or invokes /caveman. Also auto-triggers when token efficiency is requested.

differential-review

Performs security-focused differential review of code changes (PRs, commits, diffs). Adapts analysis depth to codebase size, uses git history for context, calculates blast radius, checks test coverage, and generates comprehensive markdown reports. Automatically detects and prevents security regressions.

your-skill-name

Краткое описание скилла (1-2 строки). Используется для авто-определения когда пользователь просит что-то связанное.

deepsource

Retrieve code review results from DeepSource — issues, vulnerabilities, report cards, and analysis runs. Use when asked about code quality, security findings, dependency CVEs, coverage metrics, or analysis status.

kirospec-basic

Create and maintain .kiro specifications from local scripts without external folder dependency.

.agents/skills/logging-helper

--- name: logging-helper description: Стратегия логирования, форматы, уровни, отладка через логи, поиск edge cases и багов. Триггеры: «добавь логи», «логирование», «trace», «отслеживай баг», «edge case», «найди причину», «почему упало», «что тут произошло», «логирование в продакшене». --- # Logging Helper — логирование как инструмент отладки ## Контекст Логи — первый инструмент отладки, не костыль. Логгируй везде: вход/выход функций, ключевые состояния, ошибки, тайминги, неочевидные ветки. По

meta-multi-session-worker

Мета-скилл оркестрации много-сессионных воркеров через tmux: запуск отдельных CLI-процессов, IPC через файлы, мониторинг, сбор результатов. Trigger when: запусти воркеров через tmux, multi-session mode, запусти отдельных работников, распределённые агенты, tmux workers

meta-agent-recovery

Мета-скилл обработки сбоев субагентов: таймауты, зависания, каскадные отказы, fallback. Trigger when: агент упал, агент завис, partial results, таймаут, agent crash, субагент не отвечает, каскадный сбой

meta-agent-synthesis

Мета-скилл сбора и синтеза результатов от параллельных субагентов: дедупликация, приоритизация, конфликтующие рекомендации. Trigger when: синтез результатов, собери отчёты, merge результатов, дедупликация, обобщи результаты

.agents/skills/pre-commit-setup

# Pre-commit & Code Quality Setup Триггеры: "pre-commit", "настроить линтинг", "code quality gate", "lizard", "cyclomatic complexity", "настроить linter", "pre-commit hook", "статический анализ", "настроить проверку перед commit", "check before commit", "автопроверка кода", "настроить code quality" ## Контекст Настройка pre-commit хуков для проверки кода перед commit. Включает linter, formatter, complexity check. ## Обязательный инструмент: Lizard Анализатор cyclomatic complexity для ВСЕХ яз

security

Application security patterns - authentication, secrets management, input validation, OWASP Top 10. Use when: auth, JWT, secrets, API keys, SQL injection, XSS, CSRF, RLS, security audit, pen testing basics.

session-recall

Recover and summarize prior Codex conversations from local Codex history and session logs. Use when the user asks what happened in a previous chat, asks to "remember" past work, wants the last or previous session, gives a specific date or approximate time, wants to search old dialogs by keyword/topic/project, or asks to inspect Codex files/config for prior conversation context.

agentic-actions-auditor

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Detects attack vectors where attacker-controlled input reaches AI agents running in CI/CD pipelines, including env var intermediary patterns, direct expression injection, dangerous sandbox configurations, and wildcard user allowlists. Use when reviewing workflow files that invoke AI coding agents, auditing CI/CD pipeline security for prompt injection risks, or evaluating agentic action configurations.

v2raya-linux-basic

KISS reference skill for v2rayA on Arch/Ubuntu/Fedora with TUN, RoutingA, DoH DNS and Outline key import.