0xDarkMatter/atomise
skills/atomise/SKILL.md
Atom of Thoughts (AoT) reasoning - decompose complex problems into atomic units with confidence tracking and backtracking. For genuinely complex reasoning, not everyday questions. Triggers on: atomise, complex reasoning, decompose problem, structured thinking, verify hypothesis.
$ install --global
skillsauthnpx skillsauth add 0xDarkMatter/claude-mods atomiseInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 1:19 PM19.3s1 file scanned
SKILL.md
- name:
- atomise
- description:
- Atom of Thoughts (AoT) reasoning - decompose complex problems into atomic units with confidence tracking and backtracking. For genuinely complex reasoning, not everyday questions. Triggers on: atomise, complex reasoning, decompose problem, structured thinking, verify hypothesis.
- license:
- MIT
- compatibility:
- Pure reasoning framework, no external dependencies.
- allowed-tools:
- Read
- author:
- claude-mods
Atomise - Atom of Thoughts Reasoning
Decompose complex problems into minimal, verifiable "atoms" of thought. Unlike chain-of-thought (linear, error-accumulating), AoT treats each step as independently verifiable and backtracks when confidence drops.
Use for: Security analysis, architectural decisions, complex debugging, multi-step proofs. Don't use for: Simple questions, trivial calculations, information lookup.
/atomise "<problem>" [--light | --deep] [--math | --code | --security | --design]
The Core Loop
1. DECOMPOSE -> Break into atomic subquestions (1-2 sentences each)
2. SOLVE -> Answer leaf nodes first, propagate up
3. VERIFY -> Test each hypothesis (counterexample, consistency, domain check)
4. CONTRACT -> Summarize verified state in 2 sentences (drop history)
5. EVALUATE -> Confident enough? Done. Too uncertain? Backtrack and try another path.
Repeat until confident or all paths exhausted.
Atoms
Each atom is a minimal unit:
{id, type, content, depends_on[], confidence, verified}
| Type | Purpose | Starting Confidence | |------|---------|---------------------| | premise | Given facts | 1.0 | | reasoning | Logical inference | Inherited from parents | | hypothesis | Claim to test | Max 0.7 until verified | | verification | Test result | Based on test outcome | | conclusion | Final answer | Propagated from chain |
Confidence propagates: A child can't be more confident than its least-confident parent.
Confidence (Honest Caveat)
These numbers are heuristic, not calibrated probabilities. They're useful for tracking relative certainty, not for actual risk assessment.
| Threshold | Meaning | |-----------|---------| | > 0.85 | Confident enough to conclude | | 0.6 - 0.85 | Needs more verification | | < 0.6 | Decompose further or backtrack | | < 0.5 | Backtrack - this path isn't working |
Verification adjusts confidence:
- Confirmed -> maintain or slight boost
- Partial -> reduce ~15%
- Refuted -> major reduction, likely backtrack
Modes
Depth:
--light- Fast: max 3 levels, 0.70 confidence threshold- (default) - Standard: max 5 levels, 0.85 threshold
--deep- Exhaustive: max 7 levels, 0.90 threshold
Domain (adjusts verification style):
--math- Arithmetic checks, proof validation, boundary tests--code- Type checking, invariant verification, test generation--security- Threat modeling, attack surface, adversarial thinking--design- Tradeoff analysis, constraint satisfaction, feasibility
Output
ANSWER: {result}
CONFIDENCE: {0.0-1.0} - {why}
KEY CHAIN: P1 -> R1 -> H1 -> V1 -> C1
ATOMS:
| id | type | content | conf | verified |
|----|------|---------|------|----------|
| P1 | premise | Given: ... | 1.0 | Y |
| R1 | reasoning | Therefore: ... | 0.95 | Y |
| ... | ... | ... | ... | ... |
RISKS: {what could change this}
Add --verbose for full trace, --quiet for just the answer.
Execution Guide
Phase 0: Setup
- Restate the problem in one sentence
- Extract premises as atoms (given facts = 1.0, assumptions = 0.6)
- Sketch approaches: Direct solve? Decompose? Reframe? Pick best.
Phase 1+: Iterate
- Atomicity gate: Can you answer from verified atoms? Yes -> solve. No -> decompose.
- Decompose: Build dependency tree of atomic subquestions
- Solve + Verify: Leaves first, propagate up. Every hypothesis needs verification.
- Contract: Summarize in <=2 sentences. Drop everything else.
- Evaluate:
- Confident? -> Terminate
- Uncertain but viable? -> Continue
- Low confidence? -> Backtrack, try alternative
Backtracking
When a path yields confidence < 0.5 after verification:
- Prune that branch
- Restore to last contracted state
- Try alternative from initial sketch
Examples
# Complex debugging
/atomise "Why does this function return null on the second call?" --code
# Security review
/atomise "Is this authentication flow vulnerable to session fixation?" --security
# Architecture decision
/atomise "Should we use event sourcing for this domain?" --deep --design
# Quick decision (light mode)
/atomise "Redis vs Memcached for this cache layer?" --light
Anti-Patterns
BAD: /atomise "What's 2+2?" -> Just answer it
BAD: /atomise "Rewrite this function" -> That's implementation, not reasoning
BAD: Forcing conclusion despite low confidence -> Let it backtrack
GOOD: /atomise for genuine uncertainty requiring structured decomposition
Remember
- Atomic = minimal. 1-2 sentences per atom.
- Verify everything. Hypotheses need tests.
- Contract aggressively. Keep only what's needed for next step.
- Backtrack freely. Low confidence means try another path.
- Confidence is heuristic. Useful for structure, not actual probabilities.
Related Skills
0xDarkMatter/supply-chain-defense
tools
VerifiedTrustedCommunity
Behavioural-first software supply chain defense - catches poisoned npm/PyPI packages in the publish-to-advisory window that CVE tools miss. Use BEFORE every install or version bump (not only when an attack is suspected) - the 7-day cooldown gate + behavioural score catches freshly-published malware that CVE tools won't see for days. Socket.dev integration (free CLI + GitHub app + depscore MCP for Claude Code), stale-OIDC audit, dependency cooldown policy, publish-token rotation, VS Code extension audit, and a self-integrity scan that detects worm persistence hooks injected into Claude Code / VS Code settings. Triggers on: pip install, uv add, uv tool install, npm install, pnpm add, yarn add, cargo add, go get, composer require, gem install, upgrade dependency, dependency upgrade, version bump, bump version, bump package, adding dependency, new dependency, vetting a dependency, vet package, is this package safe, safe to install, should I install, before installing, pre-install check, preinstall scan, preinstall-check, PyPI cooldown, npm cooldown, release cooldown, minimumReleaseAge, score a package, package score, depscore, socket score, supply chain, supply chain attack, malicious package, poisoned dependency, npm worm, Shai-Hulud, behavioural scanning, Socket.dev, socket scan, dependency security, postinstall malware, OIDC token theft, compromised maintainer, typosquat, dependency confusion, package provenance, SLSA, persistence hook, malicious VS Code extension.
22SKILL.mdUpdated May 25, 2026
0xDarkMatter/github-ops
testing
VerifiedTrustedCommunity
GitHub remote operations — repo creation, metadata (description/homepage/topics), releases, README 'Recent Updates' enforcement, and issue / PR management with preview-before-send discipline. Companion to git-ops (local) and push-gate (pre-push safety). Three modes: new (first publish), update (subsequent release), audit (read-only checklist), plus atomic operations for issues and PRs. Triggers on: push to github, publish repo, ship release, cut release, gh release, set topics, repo description, github metadata, recent updates section, audit github repo, repo visibility, make repo public, gh repo create, gh issue, gh pr, create issue, comment on issue, close issue, triage issue, create PR, review PR, merge PR, pre-merge check, pr checks.
20SKILL.mdUpdated Apr 27, 2026
0xDarkMatter/prompt-injection-defense
tools
VerifiedTrustedCommunity
Defend the agent's instruction surface against adversarial content - hidden-Unicode prompt injection (Trojan Source bidi reordering, U+E0000 tag-block ASCII smuggling, zero-width text), homoglyph confusables, and poisoned context that a human reviewer can't see but the model obeys. Scan CLAUDE.md / AGENTS.md / SKILL.md / .cursorrules and MCP tool descriptions; sanitize fetched web pages, issue/PR bodies, and dependency READMEs before they enter context. Triggers on: prompt injection, hidden unicode, invisible characters, zero-width space, bidi override, Trojan Source, ASCII smuggling, tag characters, homoglyph, confusable, unicode steganography, poisoned CLAUDE.md, malicious tool description, MCP tool poisoning, instruction injection, jailbreak in file, is this file safe, sanitize untrusted content, scan for hidden text.
19SKILL.mdUpdated May 26, 2026
0xDarkMatter/setperms
tools
VerifiedTrustedCommunity
Set tool permissions for Claude Code. Configures allowed commands, rules, and preferences in .claude/ directory. Triggers on: setperms, init tools, configure permissions, setup project, set permissions, init claude.
19SKILL.mdUpdated Apr 25, 2026