Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

andretauan/tao-onboarding

Name: tao-onboarding
Author: andretauan

skills/en/tao-onboarding/SKILL.md

npx skillsauth add andretauan/tao tao-onboarding

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

TAO Onboarding Guide

When to use this skill

Use when someone is new to TAO, asks how it works, or needs help setting up their first project.

What is TAO?

TAO (Trace · Align · Operate) is an AI-native development framework that organizes coding with AI agents into three layers:

Trace (Think) — Brainstorm ideas, evaluate trade-offs, make decisions
Align (Plan) — Decompose work into phases with tasks, acceptance criteria, and effort estimates
Operate (Execute) — Execute tasks in an autonomous loop with quality gates

Key Files

| File | Purpose | |------|---------| | CLAUDE.md | Project identity + code patterns (root) | | .github/tao/tao.config.json | Single source of truth for config | | .github/tao/CONTEXT.md | Current state — active phase, decisions | | .github/tao/CHANGELOG.md | History — what changed, when, by whom | | .github/tao/RULES.md | Framework rules (R0-R7) | | .github/skills/INDEX.md | Skill catalog (if exists) | | .github/agents/*.agent.md | Agent definitions |

First Execution Checklist

Review .github/tao/tao.config.json — customize models, paths, lint
Edit CLAUDE.md — add project-specific rules and code patterns
Set first phase in .github/tao/CONTEXT.md
Enable chat.useCustomAgentHooks in VS Code settings
In Copilot Chat: select @Execute-Tao and say "execute"

The Loop

@Execute-Tao → reads CONTEXT.md → finds active phase
  → reads PLAN.md → picks next task
  → routes to right model (Sonnet/Opus/GPT-4.1)
  → executes task → runs lint → updates CONTEXT.md
  → commits → picks next task → repeats

Agents

| Agent | When to use | |-------|-------------| | @Execute-Tao | Full autonomous execution loop | | @Brainstorm-Wu | Planning, ideation, trade-off analysis | | @Investigate-Shen | Complex debugging, architecture decisions, security audits |

Rules (R0-R7)

R0: Compliance check at start of every code-modifying response
R1: Lint check after every edit
R2: Handoff audit on session end
R3: Skill check before any code task
R4: Timestamp in all documentation (YYYY-MM-DD HH:MM)
R5: NEVER edit without reading first
R6: Update CONTEXT.md after every file edit
R7: Session must end with clean git status

andretauan/tao-onboarding

skills/en/tao-onboarding/SKILL.md

Guide new users through TAO framework setup, concepts, and first execution. Use when someone asks about TAO, how to get started, or needs help understanding the workflow.

18 stars

development

Updated Apr 23, 2026

$ install --global

skillsauth

npx skillsauth add andretauan/tao tao-onboarding

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 23, 2026, 2:36 PM370.9s1 file scanned

SKILL.md

name:: tao-onboarding
description:: Guide new users through TAO framework setup, concepts, and first execution. Use when someone asks about TAO, how to get started, or needs help understanding the workflow.
user-invocable:: false

TAO Onboarding Guide

When to use this skill

Use when someone is new to TAO, asks how it works, or needs help setting up their first project.

What is TAO?

TAO (Trace · Align · Operate) is an AI-native development framework that organizes coding with AI agents into three layers:

Trace (Think) — Brainstorm ideas, evaluate trade-offs, make decisions
Align (Plan) — Decompose work into phases with tasks, acceptance criteria, and effort estimates
Operate (Execute) — Execute tasks in an autonomous loop with quality gates

Key Files

First Execution Checklist

Review .github/tao/tao.config.json — customize models, paths, lint
Edit CLAUDE.md — add project-specific rules and code patterns
Set first phase in .github/tao/CONTEXT.md
Enable chat.useCustomAgentHooks in VS Code settings
In Copilot Chat: select @Execute-Tao and say "execute"

The Loop

@Execute-Tao → reads CONTEXT.md → finds active phase
  → reads PLAN.md → picks next task
  → routes to right model (Sonnet/Opus/GPT-4.1)
  → executes task → runs lint → updates CONTEXT.md
  → commits → picks next task → repeats

Agents

Rules (R0-R7)

R0: Compliance check at start of every code-modifying response
R1: Lint check after every edit
R2: Handoff audit on session end
R3: Skill check before any code task
R4: Timestamp in all documentation (YYYY-MM-DD HH:MM)
R5: NEVER edit without reading first
R6: Update CONTEXT.md after every file edit
R7: Session must end with clean git status

Related Skills

andretauan/tao-test-strategy

testing

VerifiedTrustedCommunity

Estratégia de pirâmide de testes com análise de cobertura, identificação de edge cases e planejamento de testes. Use ao planejar testes, melhorar cobertura, identificar edge cases ou escrever especificações de teste.

18SKILL.mdUpdated Apr 23, 2026

andretauan/tao-test-strategy

andretauan/tao-security-audit

development

VerifiedTrustedCommunity

Auditoria de segurança alinhada ao OWASP Top 10 com checklist para injection, XSS, autenticação, autorização, gestão de secrets e vulnerabilidades comuns. Use ao auditar segurança, revisar código de auth ou hardening de aplicação.

18SKILL.mdUpdated Apr 23, 2026

andretauan/tao-security-audit

andretauan/tao-refactoring

development

VerifiedTrustedCommunity

Metodologia de refatoração segura com detecção de code smells, transformação passo-a-passo e prevenção de regressão. Use ao refatorar código, reduzir dívida técnica ou melhorar estrutura.

18SKILL.mdUpdated Apr 23, 2026

andretauan/tao-refactoring

andretauan/tao-plan-writing

testing

VerifiedTrustedCommunity

Decomposição expert de tarefas para criar PLAN.md no TAO. Quebra features em fases e tarefas com critérios de aceite, estimativas e dependências. Use ao planejar trabalho, criar fases ou decompor features.

18SKILL.mdUpdated Apr 23, 2026

andretauan/tao-plan-writing

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/andretauan/tao.git

# Copy into Claude Code skills folder (global)
cp -r tao/skills/en/tao-onboarding ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

andretauan/tao

18 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT