davepoon/ops-settings
plugins/claude-ops/skills/ops-settings/SKILL.md
Post-setup credential manager. Shows current integration status (configured/missing/expired) and lets you update individual credentials without re-running the full setup wizard. Runs a smoke test after each update.
$ install --global
skillsauthnpx skillsauth add davepoon/buildwithclaude ops-settingsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 10, 2026, 3:00 AM135.9s1 file scanned
SKILL.md
- name:
- ops-settings
- description:
- Post-setup credential manager. Shows current integration status (configured/missing/expired) and lets you update individual credentials without re-running the full setup wizard. Runs a smoke test after each update.
- argument-hint:
- [integration-name] [--status]
- effort:
- low
- maxTurns:
- 20
Runtime Context
PREFS="${CLAUDE_PLUGIN_DATA_DIR:-$HOME/.claude/plugins/data/ops-ops-marketplace}/preferences.json"
cat "$PREFS" 2>/dev/null || echo '{}'
OPS ► SETTINGS
Manage credentials and integration config after initial setup.
Parse arguments
--statusor empty → show full credential status dashboard<integration-name>→ jump directly to updating that integration (e.g./ops:settings stripe)--status <integration-name>→ show status of one integration only
Credential Status Dashboard
Read preferences.json. For each known integration, check whether the key exists and is non-empty. Also probe liveness where possible.
Display as a table:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
OPS ► SETTINGS — Integration Status
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Integration Status Last Updated
─────────────────── ──────────── ─────────────
GitHub (gh cli) ✅ active (always active if gh auth status)
Stripe ✅ configured 2026-04-14
RevenueCat ✅ configured 2026-04-14
Telegram ✅ configured 2026-04-13
Slack ⚠️ missing —
Linear ✅ configured 2026-04-11
Sentry ⚠️ missing —
AWS ✅ active (always active if aws sts works)
Shopify ⚠️ missing —
Klaviyo ⚠️ missing —
Meta Ads ⚠️ missing —
GA4 ⚠️ missing —
ElevenLabs ⚠️ missing —
Datadog ⚠️ missing —
New Relic ⚠️ missing —
...
✅ N configured ⚠️ N missing
──────────────────────────────────────────────────────
Probe liveness
For integrations with a cheap health check, run it to distinguish "configured but expired" from "configured and active":
| Integration | Probe | Active signal |
|-------------|-------|---------------|
| Stripe | curl -s -o /dev/null -w "%{http_code}" -u "${stripe_key}:" https://api.stripe.com/v1/balance | 200 |
| GitHub | gh auth status 2>&1 | "Logged in" |
| AWS | aws sts get-caller-identity --output text 2>/dev/null | exits 0 |
| Linear | cat "$PREFS" | jq -r .linear_team | non-empty |
| Doppler MCP | Check if DOPPLER_TOKEN is set and valid | Token present and MCP server responds |
Show 🔴 expired if probe fails for a previously-configured key.
Update an integration
When a specific integration is selected (via argument or user pick from dashboard):
- Show current value (masked):
sk_live_••••••••••••••••(last 4 chars visible) - Use AskUserQuestion to confirm the update action:
[Enter new value] [Test current value] [Clear this credential] [Back to dashboard] - For "Enter new value": prompt with
AskUserQuestiontext input - Write new value to
preferences.jsonviajqupdate:tmp=$(mktemp) jq --arg v "$NEW_VALUE" --arg k "$KEY_NAME" '.[$k] = $v' "$PREFS" > "$tmp" && mv "$tmp" "$PREFS" - Run smoke test immediately after update (see Smoke Tests section)
- Report:
✅ Stripe key updated — smoke test passedor⚠️ Key saved but smoke test failed: <reason>
Smoke Tests
| Integration | Smoke test command |
|-------------|-------------------|
| Stripe | curl -s -u "${new_key}:" https://api.stripe.com/v1/balance \| jq .object → must be "balance" |
| RevenueCat | curl -s -H "Authorization: Bearer ${new_key}" "https://api.revenuecat.com/v2/projects" \| jq '.items \| length' → non-zero |
| Telegram | node ${CLAUDE_PLUGIN_ROOT}/telegram-server/index.js --health 2>&1 → "healthy" |
| Slack | curl -s -H "Authorization: Bearer ${new_token}" https://slack.com/api/auth.test \| jq .ok → true |
| Shopify | curl -s -H "X-Shopify-Access-Token: ${new_token}" "https://${store_url}/admin/api/2024-01/shop.json" \| jq .shop.name → non-null |
| Klaviyo | curl -s -H "Authorization: Klaviyo-API-Key ${new_key}" https://a.klaviyo.com/api/accounts/ \| jq '.data[0].id' → non-null |
| Datadog | curl -s -H "DD-API-KEY: ${new_key}" https://api.datadoghq.com/api/v1/validate \| jq .valid → true |
| New Relic | curl -s -H "Api-Key: ${new_key}" https://api.newrelic.com/v2/applications.json \| jq '.applications | length' → numeric |
| Doppler MCP | npx -y @dopplerhq/mcp-server --help 2>&1 with DOPPLER_TOKEN set | exits 0 |
CLI/API Reference
| Command | Purpose |
|---------|---------|
| cat "$PREFS" \| jq 'keys' | List all configured keys |
| jq --arg v "$V" --arg k "$K" '.[$k] = $v' "$PREFS" | Update a single key |
| gh auth status | Verify GitHub CLI auth |
| aws sts get-caller-identity | Verify AWS auth |
Related Skills
davepoon/whats-next
tools
VerifiedTrustedCommunity
Assesses the current state of the startup project and recommends what to focus on next. Use when there is a need or a question from the user to understand what the next steps are or what to focus on next.
3,021SKILL.mdUpdated Jun 5, 2026
davepoon/using-startup-superpowers
data-ai
VerifiedTrustedCommunity
Use at the start of any conversation about a startup idea, product validation, founder strategy, or work inside a `startup/` workspace. Establishes file conventions, voice-input handling, subagent dispatch rules, and how to update each artifact safely. Activate before invoking any other startup-superpowers skill.
3,021SKILL.mdUpdated Jun 5, 2026
davepoon/surveys
tools
VerifiedTrustedCommunity
Manages the founder's survey-based validation — crafting the right questions, deploying a survey to the internet, and analyzing results against hypotheses. Use when the founder wants to run a survey, create survey questions, validate hypotheses at scale, check how a survey is going, understand whether a survey is the right tool right now, or deploy a question set to get quantitative signal. Also bring this up if you believe that creating a survey to collect quantitative evidence may be useful at this point.
3,021SKILL.mdUpdated Jun 5, 2026
davepoon/mvp
development
VerifiedTrustedCommunity
Guides the founder through designing and optionally building the simplest MVP or prototype that validates their current hypotheses. Use when the founder wants to build something to test assumptions, discusses what to build next, wants to interpret results from a live MVP, or is deciding whether the current approach is still right. Also use when a founder proposes something to build — the skill will check whether the proposed form is the simplest thing that generates honest signal.
3,021SKILL.mdUpdated Jun 5, 2026