Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

igorganapolsky/thumbgate-rules

Name: thumbgate-rules
Author: igorganapolsky

skills/thumbgate-rules/SKILL.md

npx skillsauth add igorganapolsky/rlhf-feedback-loop thumbgate-rules

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

ThumbGate Rules

Show the guardrails currently in force for this project: the auto-promoted prevention rules, the reliability rules, and the lessons they came from — so the user sees not just what is blocked but why.

This skill wraps existing ThumbGate capability and adds no new logic — it reads the live rule and lesson stores.

Workflow

List active rules with the prevention_rules MCP tool (CLI fallback: npx thumbgate rules).
Pull reliability rules with get_reliability_rules to show which tool-call shapes are gated.
Surface the lesson behind each rule with search_lessons, so the user sees the origin, not just the block.
Present a compact table (see the example below).
If there are zero active rules, point the user to the thumbgate-guard skill to promote their first one.

Field-by-field tool output and how rules map to lessons are in references/rule-stores.md.

Example

Input: "what is ThumbGate protecting me from in this repo?"

Action: call prevention_rules + get_reliability_rules, enrich each with search_lessons, then:

| Rule / Gate | Blocks | From lesson | State | |-------------|--------|-------------|-------| | no-force-push-main | git push --force to main | overwrote a teammate's commit (2026-05) | active | | verify-before-deploy | deploy without npm test | shipped a broken build | active |

Troubleshooting

Empty list: no rules promoted yet — use the thumbgate-guard skill, or npx thumbgate rules returns nothing because the lesson store is fresh.
prevention_rules errors / MCP unreachable: fall back to npx thumbgate rules, then run the thumbgate-doctor skill to check wiring.
A rule exists but never blocks: that's an enforcement question — check the thumbgate-blocked skill for fire counts and the thumbgate-doctor skill for hook installation.

Quality checklist (self-verify before delivering)

[ ] I listed the live rules via prevention_rules (or the npx thumbgate rules fallback), not from memory.
[ ] I tied each rule to its originating lesson via search_lessons so the user sees why.
[ ] I distinguished prevention rules from reliability rules (get_reliability_rules).
[ ] On an empty store, I pointed to the thumbgate-guard skill instead of inventing rules.
[ ] I added no new logic — only read existing rule/lesson stores.

igorganapolsky/thumbgate-rules

skills/thumbgate-rules/SKILL.md

List the active ThumbGate prevention rules, reliability rules, and the promoted lessons behind them, so the user can see which guardrails are currently protecting this project and WHY each one exists. Reads the live rule and lesson stores via the prevention_rules, get_reliability_rules, and search_lessons MCP tools (CLI fallback `npx thumbgate rules`). Use when the user says "what is ThumbGate protecting me from", "show my rules", "show my gates", "what has the agent learned", "list active guardrails", or "what's blocked here". Do NOT use to CREATE a new rule (use the thumbgate-guard skill), to see runtime enforcement counts of what actually fired (use the thumbgate-blocked skill), or to diagnose whether ThumbGate is wired up at all (use the thumbgate-doctor skill).

23 stars

tools

Updated Jun 12, 2026

$ install --global

skillsauth

npx skillsauth add igorganapolsky/rlhf-feedback-loop thumbgate-rules

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Jun 12, 2026, 2:41 AM18.3s2 files scanned

SKILL.md

name:: thumbgate-rules
description:: List the active ThumbGate prevention rules, reliability rules, and the promoted lessons behind them, so the user can see which guardrails are currently protecting this project and WHY each one exists. Reads the live rule and lesson stores via the prevention_rules, get_reliability_rules, and search_lessons MCP tools (CLI fallback `npx thumbgate rules`). Use when the user says "what is ThumbGate protecting me from", "show my rules", "show my gates", "what has the agent learned", "list active guardrails", or "what's blocked here". Do NOT use to CREATE a new rule (use the thumbgate-guard skill), to see runtime enforcement counts of what actually fired (use the thumbgate-blocked skill), or to diagnose whether ThumbGate is wired up at all (use the thumbgate-doctor skill).

ThumbGate Rules

This skill wraps existing ThumbGate capability and adds no new logic — it reads the live rule and lesson stores.

Workflow

List active rules with the prevention_rules MCP tool (CLI fallback: npx thumbgate rules).
Pull reliability rules with get_reliability_rules to show which tool-call shapes are gated.
Surface the lesson behind each rule with search_lessons, so the user sees the origin, not just the block.
Present a compact table (see the example below).
If there are zero active rules, point the user to the thumbgate-guard skill to promote their first one.

Field-by-field tool output and how rules map to lessons are in references/rule-stores.md.

Example

Input: "what is ThumbGate protecting me from in this repo?"

Action: call prevention_rules + get_reliability_rules, enrich each with search_lessons, then:

Troubleshooting

Empty list: no rules promoted yet — use the thumbgate-guard skill, or npx thumbgate rules returns nothing because the lesson store is fresh.
prevention_rules errors / MCP unreachable: fall back to npx thumbgate rules, then run the thumbgate-doctor skill to check wiring.
A rule exists but never blocks: that's an enforcement question — check the thumbgate-blocked skill for fire counts and the thumbgate-doctor skill for hook installation.

Quality checklist (self-verify before delivering)

[ ] I listed the live rules via prevention_rules (or the npx thumbgate rules fallback), not from memory.
[ ] I tied each rule to its originating lesson via search_lessons so the user sees why.
[ ] I distinguished prevention rules from reliability rules (get_reliability_rules).
[ ] On an empty store, I pointed to the thumbgate-guard skill instead of inventing rules.
[ ] I added no new logic — only read existing rule/lesson stores.

Related Skills

igorganapolsky/thumbgate-protect

tools

VerifiedTrustedCommunity

Inspect this repo's branch and release governance (protected branches, release rules, protected-file globs) and, only when the user explicitly approves, grant a scoped, time-limited exception so a protected-file edit or publish can proceed under audit. Reads posture via the get_branch_governance MCP tool and records a narrow, expiring approval via the approve_protected_action MCP tool. Use when the user says "is main protected", "show branch governance", "what am I blocked from editing", "approve this protected change", or "let me edit a protected file just this once". Do NOT use to disable protection wholesale, to grant broad or standing exceptions, or to diagnose hook wiring (use the thumbgate-doctor skill) — this skill is for narrow, temporary, audited approvals only.

23SKILL.mdUpdated Jun 12, 2026

igorganapolsky/thumbgate-protect

igorganapolsky/thumbgate-guard

tools

VerifiedTrustedCommunity

Turn the agent's most recent mistake into an enforced ThumbGate prevention rule (a PreToolUse block gate) so the same bad tool call is intercepted before it runs again, in this and every future session across Claude Code, Cursor, Codex, Gemini, Amp, and Cline. Captures the failure with the capture_feedback MCP tool, then force-promotes it via `npx thumbgate force-gate` so it is enforced, not just logged. Use when the user says "guard against this", "block this from happening again", "never do that again", "make that a rule", "stop the agent from repeating that", or right after a bad action or thumbs-down that should become a hard rule. Do NOT use to merely log a thumbs-up/down without enforcement (use the thumbgate-feedback skill), to recall prior context before starting work (use the Agent Memory skill), or to list rules that already exist (use the thumbgate-rules skill).

23SKILL.mdUpdated Jun 12, 2026

igorganapolsky/thumbgate-guard

igorganapolsky/thumbgate-doctor

tools

VerifiedTrustedCommunity

Health-check whether ThumbGate is actually wired into this agent — PreToolUse/SessionStart hooks installed, MCP server reachable, lesson store present, statusline, and overall agent-readiness — then report exactly what to fix. Runs the existing `npx thumbgate doctor` audit and the check_operational_integrity MCP tool. Use when the user says "is ThumbGate wired up", "thumbgate doctor", "check my guardrails are installed", "why aren't my gates firing", "is the MCP server connected", or "agent readiness". Do NOT use to view rules (use the thumbgate-rules skill), to view what was blocked (use the thumbgate-blocked skill), or to capture a new rule (use the thumbgate-guard skill) — this skill only diagnoses setup and wiring.

23SKILL.mdUpdated Jun 12, 2026

igorganapolsky/thumbgate-doctor

igorganapolsky/thumbgate-blocked

tools

VerifiedTrustedCommunity

Show ThumbGate's enforcement record — how many risky actions were actually blocked versus warned, which gates fire most, the tokens/damage saved, and the full feedback to check to rejection pipeline. Reads live enforcement counters via the gate_stats and enforcement_matrix MCP tools (CLI fallback `npx thumbgate gate-stats`). Use when the user says "what has ThumbGate blocked", "show gate stats", "is enforcement working", "how many tokens did we save", "show the enforcement matrix", or "what got stopped". Do NOT use to list rule DEFINITIONS that exist (use the thumbgate-rules skill), to create a new rule (use the thumbgate-guard skill), or to check whether ThumbGate is installed and wired (use the thumbgate-doctor skill).

23SKILL.mdUpdated Jun 12, 2026

igorganapolsky/thumbgate-blocked

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/igorganapolsky/rlhf-feedback-loop.git

# Copy into Claude Code skills folder (global)
cp -r rlhf-feedback-loop/skills/thumbgate-rules ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

igorganapolsky/rlhf-feedback-loop

23 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT