alexei-led/evolving-config
dist/codex/plugins/dev-tools/skills/evolving-config/SKILL.md
Audit AI coding-agent configuration against current features and local usage. Use when the user wants to improve Claude Code, Pi, Codex, Gemini, skill, hook, or agent configuration. NOT for writing new application code, fixing bugs, or any task that isn't about agent/tool configuration files. NOT for review-only audits without applying changes (use `reviewing-cc-config`).
$ install --global
skillsauthnpx skillsauth add alexei-led/claude-code-config evolving-configInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 18, 2026, 3:40 AM111.0s1 file scanned
SKILL.md
- description:
- Audit AI coding-agent configuration against current features and local
- name:
- evolving-config
Evolving Agent Configuration in Pi
Audit config with local evidence first, then current docs or web evidence when needed. Do not rewrite config because a blog post looked shiny. That way lies confetti architecture.
Scope
Review:
AGENTS.md,CLAUDE.md,GEMINI.md.claude/,.pi/,.codex/,.agents/- plugin skills, agents, hooks, commands, and generated exports
- chezmoi-managed copies when deployment is part of the request
Workflow
- Identify the config surface and the user's goal.
- Read current files before suggesting changes.
- Check generated-file rules before editing generated outputs.
- Use
looking-up-docsfor library or tool docs when syntax is uncertain. - Use
web_searchorweb_answerfor current public docs, release notes, or feature availability. - Prefer small, reversible changes. Ask before deleting or moving private config.
- Verify with the repo's validation commands.
Findings To Prioritize
- unsupported tool names
- stale generated docs or overlays
- duplicate skills or agents
- broad trigger descriptions that cause accidental activation
- hooks that can block safe work or hide errors
- secrets or private data in prompt/config files
- generated files edited by hand
Failure Cases
- Config target is ambiguous (e.g., user says "my config" with multiple agents present): list all detected config surfaces and ask which to audit.
- Generated file detected (e.g.,
dist/overlay or exported skill): do not edit it; report the source path and regeneration command instead. - Validation command fails after a proposed change: revert the change and report the failure with the exact error line.
Output Contract
## Config Audit
### Critical
- `path:line` — issue. Fix: action.
### Important
- `path:line` — issue. Fix: action.
### Suggested
- `path:line` — issue. Fix: action.
### Verification
- command to run
Related Skills
alexei-led/writing-shell
tools
VerifiedTrustedCommunity
Idiomatic shell development for POSIX sh, Bash, Zsh, Fish, hooks, CI shell steps, and scriptable CLI glue. Use when writing or changing `.sh`, `.bash`, `.zsh`, `.fish`, `.bats`, shell functions, shell pipelines, or command-runner recipes. Emphasizes portability, quoting, safe filesystem/process handling, non-TUI CLI tools, ShellCheck, shfmt, Bats, and ShellSpec. NOT for Python, TypeScript, Go, web code, or infrastructure operations.
33SKILL.mdUpdated Jun 5, 2026
alexei-led/spec-flow
tools
VerifiedTrustedCommunity
Use when planning, executing, checkpointing, finishing, or inspecting lightweight spec-driven work. Runs one task at a time using `.spec/` markdown files and the bundled `specctl` helper. NOT for broad product discovery beyond a short requirement interview.
33SKILL.mdUpdated Jun 5, 2026
alexei-led/operating-infra
testing
VerifiedTrustedCommunity
Author, inspect, troubleshoot, and review infrastructure across IaC, Kubernetes, cloud resources, containers, CI/CD, and Linux hosts. Use when changing Terraform/OpenTofu, Kubernetes, Helm, Kustomize, Dockerfiles, GitHub Actions, AWS, GCP, Cloud Run, BigQuery, IAM, logs, instances, or service health. NOT for deploy/apply/rollback workflows (see deploying-infra). NOT for shell scripts or generic command pipelines (see writing-shell).
33SKILL.mdUpdated Jun 5, 2026
alexei-led/configuring-git-hygiene
development
VerifiedTrustedCommunity
Configure safe git workflow hygiene: pre-commit/pre-push hooks, Gitleaks secret scanning, .gitignore rules, local git config, and guardrails. Use when setting up git hooks, gitleaks/git leaks, staged pre-commit checks, pre-push validation, core.hooksPath, .gitignore, or git config best practices. NOT for creating commits (use committing-code), cleaning branches/worktrees (use cleanup-git), or creating worktrees (use using-git-worktrees).
33SKILL.mdUpdated Jun 5, 2026