b6k-dev/quarkus
skill/quarkus/SKILL.md
Guides Quarkus development across REST APIs, CDI dependency injection, Hibernate ORM, Panache, configuration, OpenAPI, templates, messaging, security, observability, packaging, and tooling. Use when building Quarkus applications, adding endpoints or clients, configuring datasources or OIDC, debugging build or runtime issues, or choosing extensions.
$ install --global
skillsauthnpx skillsauth add b6k-dev/quarkus-skill quarkusInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 3, 2026, 7:23 PM31.1s157 files scanned
SKILL.md
- name:
- quarkus
- description:
- Guides Quarkus development across REST APIs, CDI dependency injection, Hibernate ORM, Panache, configuration, OpenAPI, templates, messaging, security, observability, packaging, and tooling. Use when building Quarkus applications, adding endpoints or clients, configuring datasources or OIDC, debugging build or runtime issues, or choosing extensions.
- license:
- MIT
- author:
- b6k-dev
- version:
- 0.1.0
Quarkus
Use this as the entrypoint skill for Quarkus work in any kind of project. Use decision tree below to find the right domain, then load detailed references.
Decision Tree
What do you need?
├─ Dependency injection (CDI / ArC)
│ └─ dependency-injection
├─ Application configuration (.properties, profiles, config mapping)
│ └─ configuration
├─ REST and HTTP APIs
│ └─ web-rest
├─ Templates and server-side rendering (Qute)
│ └─ templates
├─ OpenAPI and API contract documentation
│ └─ openapi
├─ Databases, ORM, migrations, data access
│ ├─ Standard JPA / Hibernate ORM usage
│ │ └─ data-orm
│ ├─ Panache entities and repositories for simpler CRUD/data access
│ │ └─ data-panache
│ ├─ Schema migrations and database evolution with Flyway
│ │ └─ data-migrations
│ └─ Advanced Hibernate ORM features: multiple persistence units, multitenancy, caching, extension points
│ └─ data-orm-advanced
├─ Event streaming and asynchronous messaging channels
│ ├─ Is the event crossing a service/process boundary?
│ │ └─ YES -> messaging
│ └─ NO (in-process only)
│ ├─ Need clustering or non-blocking event loop behavior
│ │ └─ YES -> vertx-event-bus
│ └─ Want portability and type safety
│ └─ YES -> cdi-events
├─ Communicating with external APIs, communication between services
│ ├─ Need asynchronous delivery, replay, or broker-managed fan-out
│ │ └─ messaging
│ ├─ Need synchronous request/response calls
│ │ └─ service-communication
│ │ ├─ Shared protobuf contract and HTTP/2 streaming fit well
│ │ │ └─ service-communication-grpc
│ │ └─ Standard HTTP/JSON or simpler interoperability matters more
│ │ └─ service-communication-rest
├─ Authentication, authorization, identity providers
│ ├─ Need core Quarkus security concepts, RBAC, built-in auth mechanisms, or custom policies
│ │ └─ security-core
│ ├─ Protect endpoints with OpenID Connect
│ │ ├─ Inbound bearer tokens, browser login redirects, or hybrid OIDC apps
│ │ │ └─ security-oidc
│ │ └─ Outbound token acquisition, refresh, exchange, or propagation to downstream services
│ │ └─ security-oidc-client
│ ├─ Need JWT verification or token building without full OIDC integration
│ │ └─ security-jwt
│ ├─ Need username/password identity stores backed by JPA, JDBC, or LDAP
│ │ └─ security-identity-providers
│ ├─ Need passkeys or WebAuthn flows
│ │ └─ security-webauthn
│ └─ Need to test secured applications
│ └─ security-testing
├─ Logging, health, metrics, traces
│ ├─ Need help choosing signals, management exposure, or local observability stack
│ │ └─ observability
│ ├─ Logging configuration, JSON logs, MDC, and log shipping
│ │ └─ observability-logging
│ ├─ Liveness/readiness/startup probes and Health UI
│ │ └─ observability-health
│ ├─ Metrics, Micrometer registries, and Prometheus/OTLP export
│ │ └─ observability-metrics
│ └─ Distributed tracing, propagation, and OpenTelemetry
│ └─ observability-tracing
├─ Native image, jars, and container packaging
│ └─ native-and-packaging
│ ├─ Need a native build, closed-world metadata, native SSL, or native-only runtime behavior
│ │ └─ native-image
│ ├─ Need JVM artifact shape decisions: `fast-jar`, `uber-jar`, `mutable-jar`, layout, or re-augmentation
│ │ └─ packaging-jars
│ └─ Need container image packaging: Jib, Docker, Podman, OpenShift, Buildpacks, tags, push, or base images
│ └─ packaging-containers
├─ Testing
│ └─ Start with the feature module you are testing (for example `security-testing` or `native-image`)
└─ Dev mode, CLI, build plugins
└─ tooling
General guidelines
- Quarkus resolves much of its framework wiring at build time, so expect many integration mistakes to fail during build or startup rather than deep at runtime.
- Align all extension versions through the Quarkus platform BOM.
- Start with the smallest extension set, then add only what the feature needs.
- Never skip writing high-level integration tests and prefer them opposed to unit testing individual components. Only write unit tests when they are actually beneficial, e.g. implementing methods with complex logic
Related Skills
openclaw/taskflow
tools
VerifiedTrustedCommunity
Use when work should span one or more detached tasks but still behave like one job with a single owner context. TaskFlow is the durable flow substrate under authoring layers like Lobster, ACPX, plugins, or plain code. Keep conditional logic in the caller; use TaskFlow for flow identity, child-task linkage, waiting state, revision-checked mutations, and user-facing emergence.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/extensions/lobster
tools
VerifiedTrustedCommunity
# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------
357,764SKILL.mdUpdated Apr 10, 2026
steipete/extensions/lobster
tools
VerifiedTrustedCommunity
# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------
357,588SKILL.mdUpdated Apr 13, 2026
steipete/xurl
tools
VerifiedTrustedCommunity
A CLI tool for making authenticated requests to the X (Twitter) API. Use this skill when you need to post tweets, reply, quote, search, read posts, manage followers, send DMs, upload media, or interact with any X API v2 endpoint.
356,423SKILL.mdUpdated Apr 13, 2026