grtninja/safe-mass-index-core
skill-candidates/safe-mass-index-core/SKILL.md
Build and query bounded metadata-only repository indexes without rg process churn. Use when working in very large repos and you need deterministic file discovery by path, extension, language, scope, or freshness.
$ install --global
skillsauthnpx skillsauth add grtninja/skill-arbiter safe-mass-index-coreInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 2:41 PM53.8s5 files scanned
SKILL.md
- name:
- safe-mass-index-core
- description:
- Build and query bounded metadata-only repository indexes without rg process churn. Use when working in very large repos and you need deterministic file discovery by path, extension, language, scope, or freshness.
Safe Mass Index Core
Use this skill to index large repositories safely without rg subprocess churn.
Workflow
- Set bounded policies (time/files/read-bytes, exclusions).
- Build incremental or full metadata index.
- Query by path/ext/lang/size/freshness/scope.
- Use run artifacts to verify deterministic bounded execution.
Policy
- Do not use
rg/rg.exefor mass indexing. - Use only local filesystem metadata and bounded lightweight probing.
- Keep runs bounded with file/time/read-byte budgets.
Build Command
python3 "$CODEX_HOME/skills/safe-mass-index-core/scripts/index_build.py" \
--repo-root <path> \
--index-dir .codex-index \
--mode incremental \
--max-files-per-run 12000 \
--max-seconds 25 \
--max-read-bytes 67108864 \
--exclude-dir .git \
--exclude-dir node_modules \
--exclude-dir .venv \
--exclude-dir venv \
--exclude-dir __pycache__ \
--exclude-dir dist \
--exclude-dir build \
--exclude-dir target \
--exclude-dir .cache \
--exclude-dir .codex-index \
--json-out .codex-index/run.json
For very large repos, enable sharded storage:
python3 "$CODEX_HOME/skills/safe-mass-index-core/scripts/index_build.py" \
--repo-root <path> \
--index-dir .codex-index \
--mode incremental \
--max-files-per-run 12000 \
--max-seconds 25 \
--max-read-bytes 67108864 \
--sharded
Query Command
python3 "$CODEX_HOME/skills/safe-mass-index-core/scripts/index_query.py" \
--index-dir .codex-index \
--path-contains <text> \
--ext <extension> \
--lang <language_tag> \
--min-size <bytes> \
--max-size <bytes> \
--changed-since-epoch <seconds> \
--scope <top_level_dir_or_all> \
--limit 200 \
--format table
Outputs
.codex-index/manifest.json.codex-index/state.json.codex-index/files.jsonl(non-sharded).codex-index/shards/*.jsonl(sharded).codex-index/run.json
Scope Boundary
Use this skill only for the safe-mass-index-core lane and workflow defined in this file and its references.
Do not use this skill for unrelated lanes; route those through $skill-hub and the most specific matching skill.
Reference
references/index-schema.md
Loopback
If this lane is unresolved, blocked, or ambiguous:
- Capture current evidence and failure context.
- Route back through
$skill-hubfor chain recalculation. - Resume only after the updated chain returns a deterministic next step.
Related Skills
grtninja/white-hat
tools
VerifiedTrustedCommunity
Run a defender-first security sweep on code, configs, prompts, model/tooling surfaces, or third-party contribution lanes. Use when a request involves safe bug, leak, zero-day-class, exploit, or hack hunting for protection, when contributing to outside repositories and you want a focused security pass, or when touching auth, secrets, permissions, network exposure, prompt/tool boundaries, data flow, or update/build surfaces. This skill is defensive only and must never be used for weaponization or unauthorized access.
2SKILL.mdUpdated Apr 22, 2026
grtninja/vrm-sandbox-startup-acceptance
development
VerifiedTrustedCommunity
Validate and repair VRM Sandbox startup acceptance with shim-first local model authority, frontend/backend bring-up, and avatar-runtime launch proof. Use when launch behavior, chat handoff, voice fallback, or runtime bridge acceptance must be verified end to end.
2SKILL.mdUpdated Apr 22, 2026
grtninja/voice-catalog-runtime-alignment
documentation
VerifiedTrustedCommunity
Align documented voice-command catalogs, endpoint action allowances, and live runtime handlers so operator-visible voice surfaces match what the stack can actually execute. Use when voice command docs, parser matrices, endpoint permissions, or runtime action routing drift apart.
2SKILL.mdUpdated Apr 22, 2026
grtninja/skillhub-trend-radar
development
VerifiedTrustedCommunity
Track SkillHub trend and topic drift, maintain a bounded rewrite watchlist, and surface emerging gaps worth turning into repo-owned skills. Use when the marketplace query set shows new families or when the current shortlist has gone stale.
2SKILL.mdUpdated Apr 22, 2026