chelch5/skill-packager
01-package-scaffolding/skill-packager/SKILL.md
Build distributable bundles, manifests, and checksums for publishing or sharing one or more skills. Use when packaging skills for release, building a distribution bundle, creating CI/CD skill artifacts, or releasing a new library version. Do not use for packaging a single skill in isolation (just create its manifest directly) or when skills aren't ready for release.
development
Updated Apr 20, 2026
$ install --global
skillsauthnpx skillsauth add chelch5/skilllibrary skill-packagerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:19 AM19.5s11 files scanned
SKILL.md
- name:
- skill-packager
- description:
- Build distributable bundles, manifests, and checksums for publishing or sharing one or more skills. Use when packaging skills for release, building a distribution bundle, creating CI/CD skill artifacts, or releasing a new library version. Do not use for packaging a single skill in isolation (just create its manifest directly) or when skills aren't ready for release.
- license:
- Apache-2.0
- clients:
- [openai-codex, gemini-cli, opencode, github-copilot]
Skill Packager
Orchestrates the full packaging workflow: validate, generate overlays, create manifests, produce release-ready bundles.
Procedure
1. Scan for skills
# Find all skill directories
find . -name "SKILL.md" -not -path "*/ARCHIVE/*" | sort
Filter by maturity if specified (e.g., only stable skills).
2. Validate each skill
For each skill:
- Parse YAML frontmatter — required fields:
name,description - Verify referenced files exist
- Check for placeholder text (
[...],TODO) - Flag invalid skills, continue with valid ones
3. Determine target clients
From each skill's compatibility.clients field, or from a global config parameter. Default: all compatible clients per frontmatter.
4. Generate overlays
For each valid skill × compatible client, generate client-specific overlay files using overlay-generator patterns.
5. Create per-skill manifests
name: <skill-name>
version: <semver from git tags or config>
checksum: <sha256 of SKILL.md>
files:
- SKILL.md
- metadata.json # if generated
6. Build bundles
Per skill: skill-name-version.tar.gz containing SKILL.md + overlays + manifest.
Combined (optional): skills-bundle-version.tar.gz with all skills + index.
7. Generate release notes
# Release Notes: v[version]
## Skills Included
| Name | Version | Status |
|------|---------|--------|
| [name] | [ver] | [new | updated | unchanged] |
## Changes
- Added: [new skills]
- Updated: [modified skills]
- Deprecated: [retired skills]
Output contract
dist/
├── index.yaml # Combined manifest
├── skills-bundle-X.Y.Z.tar.gz # Combined bundle
├── skill-a-X.Y.Z.tar.gz # Per-skill bundles
└── RELEASE-NOTES.md
Failure handling
- Some skills invalid: Package valid ones, report invalid with specific errors
- Version conflict: Use highest version or flag for manual resolution
- Missing git tags: Fall back to
0.0.0-dev - Overlay generation fails: Package base without overlay, note limitation in manifest
References
- Semver: https://semver.org/
- Anthropic Skills format: https://github.com/anthropics/skills
Related Skills
chelch5/context-intelligence
testing
VerifiedTrustedCommunity
Manages context window budgets, loading strategies, and compaction techniques for AI-assisted coding sessions. Trigger on 'context window', 'what to load', 'context management', 'context overflow', 'token budget'. DO NOT USE for loading specific project docs into agent context (use project-context) or prompt wording and optimization (use prompt-crafting).
SKILL.mdUpdated Apr 20, 2026
chelch5/auth-patterns
development
VerifiedTrustedCommunity
Implements authentication, session, token, and authorization patterns for the current stack. Trigger on 'add auth', 'JWT', 'OAuth', 'login endpoint', 'session management', 'API key auth'. DO NOT USE for OWASP hardening checklists (use security-hardening), threat modeling (use security-threat-model), or secret rotation/storage (use security-best-practices).
SKILL.mdUpdated Apr 20, 2026
chelch5/api-schema
tools
VerifiedTrustedCommunity
Defines request/response shapes, versioning, validation, and compatibility rules for API-first work. Trigger on 'design API', 'OpenAPI spec', 'REST schema', 'API versioning', 'generate client SDK'. DO NOT USE for GraphQL schemas, gRPC/protobuf definitions (use stack-standards), auth endpoint logic (use auth-patterns), or external API client wrappers (use external-api-client).
SKILL.mdUpdated Apr 20, 2026
chelch5/ticket-pack-builder
development
VerifiedTrustedCommunity
Create a repo-local ticket system with an index, machine-readable manifest, board, and individual ticket files. Use when a repo needs task decomposition that autonomous agents can follow without re-planning the whole project each session. Do not use for executing tickets (use ticket-execution) or quick fixes that don't warrant formal tickets.
SKILL.mdUpdated Apr 20, 2026