Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

laguagu/hetzner-cloud

Name: hetzner-cloud
Author: laguagu

skills/hetzner-cloud/SKILL.md

npx skillsauth add laguagu/claude-code-nextjs-skills hetzner-cloud

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Hetzner Cloud

Operate Hetzner Cloud through the hcloud CLI. When in doubt about server types, prices, locations, images, or flag syntax, run the discovery command rather than rely on this file or pretraining — the CLI is current.

Authenticate

Generate a token in Hetzner Console → project → Security → API Tokens, then either:

hcloud context create <name>      # interactive: stored in cli.toml, persists across shells
export HCLOUD_TOKEN="…"           # CI/scripts: most commands read this automatically

hcloud context create is the one common case that still prompts even with the env var set — pass --token-from-env to skip the prompt in non-interactive sessions.

Health check: hcloud datacenter list.

Mental model

hcloud manages everything inside Hetzner Cloud: servers, networks, firewalls, load balancers, volumes, DNS zones, SSH keys, primary/floating IPs, snapshots, certificates, placement groups, storage boxes.

It does not manage:

Hetzner Robot — dedicated/auction servers, separate product and API.
Project creation, billing, team membership, API token issuing — web console only.

Discovery beats memorization. Pretraining ages; the CLI is current.

| Question | Command | |---|---| | Server types and prices | hcloud server-type list | | Locations and datacenters | hcloud location list | | OS images | hcloud image list --type system (add --architecture arm for ARM) | | Command/flag details | hcloud <resource> <verb> --help | | Everything in this project at a glance | hcloud all list |

Structured output for scripts: --output json | jq …, --output columns=id,name,status, --output format='{{.PublicNet.IPv4.IP}}'.

Workflows where order matters

Single commands are well-covered by --help. The chains worth pinning down:

Server with SSH key + firewall, ready to log in — key and firewall must exist before server create references them:

hcloud ssh-key  create --name <key> --public-key-from-file ~/.ssh/id_ed25519.pub
hcloud firewall create --name <fw>  --rules-file rules.json
hcloud server   create --name <srv> --type <type> --image ubuntu-24.04 \
                       --location hel1 --ssh-key <key> --firewall <fw>
hcloud server ssh <srv>

Replace firewall rules atomically (don't drift via repeated add-rule):

hcloud firewall replace-rules --rules-file rules.json <fw>

Gotchas

Public IPs get recycled. A new server may inherit a previously-used IP and SSH refuses with REMOTE HOST IDENTIFICATION HAS CHANGED!. After deleting a server, ssh-keygen -R <ip> and let ssh-keyscan re-add the new host key.
Context vs HCLOUD_TOKEN. Context (in user-config cli.toml) persists across shells — preferred for interactive work. Env var is preferred for non-interactive use, paired with --token-from-env. A token sitting in a .env file is not automatically exported — shells must source it.
Volumes are location-pinned. A volume in fsn1 cannot attach to a server in hel1. Match --location at creation.
hcloud zone is only half of DNS. The registrar's NS records must point to Hetzner's nameservers before queries resolve. Without that, the zone is just an internal database.
Match location to where users are; pretraining defaults to fsn1. Run hcloud location list and pick the closest. Private networks can't span network zones, only locations within one: eu-central (fsn1/hel1/nbg1), us-east (ash), us-west (hil), ap-southeast (sin).
Don't quote prices or server-type specs from memory. Always verify with hcloud server-type list before committing — names, specs, and pricing shift.
Deletion is immediate and unrecoverable. No undo on server delete or volume delete. describe first; create a snapshot (hcloud server create-image --type snapshot <srv>) beforehand if you might want the server back.
Hetzner Cloud ≠ Hetzner Robot. If the user mentions dedicated servers, server auctions, or the Robot dashboard — that's the other product. Surface the distinction; don't try to manage it here.

Docs

API reference (per-resource endpoints): https://docs.hetzner.cloud/reference/cloud
Cloud product guide: https://docs.hetzner.com/cloud/
CLI source and changelog: https://github.com/hetznercloud/cli

laguagu/hetzner-cloud

skills/hetzner-cloud/SKILL.md

Manage Hetzner Cloud infrastructure with the `hcloud` CLI — servers, networks, firewalls, load balancers, volumes, DNS zones, SSH keys, primary/floating IPs, snapshots, certificates, placement groups, storage boxes. Use whenever the user mentions Hetzner, hcloud, VPS provisioning, or Hetzner location codes (fsn1, hel1, nbg1, ash, hil, sin) — even if they don't say "hcloud". CLI-only; does NOT cover Hetzner Robot (dedicated servers, separate product and API).

29 stars

tools

Updated Apr 28, 2026

$ install --global

skillsauth

npx skillsauth add laguagu/claude-code-nextjs-skills hetzner-cloud

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 28, 2026, 1:33 PM156.6s1 file scanned

SKILL.md

name:: hetzner-cloud
description:: Manage Hetzner Cloud infrastructure with the `hcloud` CLI — servers, networks, firewalls, load balancers, volumes, DNS zones, SSH keys, primary/floating IPs, snapshots, certificates, placement groups, storage boxes. Use whenever the user mentions Hetzner, hcloud, VPS provisioning, or Hetzner location codes (fsn1, hel1, nbg1, ash, hil, sin) — even if they don't say "hcloud". CLI-only; does NOT cover Hetzner Robot (dedicated servers, separate product and API).

Hetzner Cloud

Authenticate

Generate a token in Hetzner Console → project → Security → API Tokens, then either:

hcloud context create <name>      # interactive: stored in cli.toml, persists across shells
export HCLOUD_TOKEN="…"           # CI/scripts: most commands read this automatically

hcloud context create is the one common case that still prompts even with the env var set — pass --token-from-env to skip the prompt in non-interactive sessions.

Health check: hcloud datacenter list.

Mental model

It does not manage:

Hetzner Robot — dedicated/auction servers, separate product and API.
Project creation, billing, team membership, API token issuing — web console only.

Discovery beats memorization. Pretraining ages; the CLI is current.

Structured output for scripts: --output json | jq …, --output columns=id,name,status, --output format='{{.PublicNet.IPv4.IP}}'.

Workflows where order matters

Single commands are well-covered by --help. The chains worth pinning down:

Server with SSH key + firewall, ready to log in — key and firewall must exist before server create references them:

hcloud ssh-key  create --name <key> --public-key-from-file ~/.ssh/id_ed25519.pub
hcloud firewall create --name <fw>  --rules-file rules.json
hcloud server   create --name <srv> --type <type> --image ubuntu-24.04 \
                       --location hel1 --ssh-key <key> --firewall <fw>
hcloud server ssh <srv>

Replace firewall rules atomically (don't drift via repeated add-rule):

hcloud firewall replace-rules --rules-file rules.json <fw>

Gotchas

Public IPs get recycled. A new server may inherit a previously-used IP and SSH refuses with REMOTE HOST IDENTIFICATION HAS CHANGED!. After deleting a server, ssh-keygen -R <ip> and let ssh-keyscan re-add the new host key.
Context vs HCLOUD_TOKEN. Context (in user-config cli.toml) persists across shells — preferred for interactive work. Env var is preferred for non-interactive use, paired with --token-from-env. A token sitting in a .env file is not automatically exported — shells must source it.
Volumes are location-pinned. A volume in fsn1 cannot attach to a server in hel1. Match --location at creation.
hcloud zone is only half of DNS. The registrar's NS records must point to Hetzner's nameservers before queries resolve. Without that, the zone is just an internal database.
Match location to where users are; pretraining defaults to fsn1. Run hcloud location list and pick the closest. Private networks can't span network zones, only locations within one: eu-central (fsn1/hel1/nbg1), us-east (ash), us-west (hil), ap-southeast (sin).
Don't quote prices or server-type specs from memory. Always verify with hcloud server-type list before committing — names, specs, and pricing shift.
Deletion is immediate and unrecoverable. No undo on server delete or volume delete. describe first; create a snapshot (hcloud server create-image --type snapshot <srv>) beforehand if you might want the server back.
Hetzner Cloud ≠ Hetzner Robot. If the user mentions dedicated servers, server auctions, or the Robot dashboard — that's the other product. Surface the distinction; don't try to manage it here.

Docs

API reference (per-resource endpoints): https://docs.hetzner.cloud/reference/cloud
Cloud product guide: https://docs.hetzner.com/cloud/
CLI source and changelog: https://github.com/hetznercloud/cli

Related Skills

laguagu/skill-creator

testing

VerifiedTrustedCommunity

Creates new skills, modifies and improves existing skills, and measures skill performance. Use when users want to create a skill from scratch, update or optimize an existing skill, run evals to test a skill, benchmark skill performance with variance analysis, or optimize a skill's description for better triggering accuracy.

44SKILL.mdUpdated Apr 15, 2026

laguagu/skill-creator

laguagu/postgres-semantic-search

development

VerifiedTrustedCommunity

PostgreSQL-based semantic and hybrid search with pgvector and ParadeDB. Use when implementing vector search, semantic search, hybrid search, or full-text search in PostgreSQL. Covers pgvector indexing, hybrid FTS/BM25 + RRF, ParadeDB, reranking, halfvec, multilingual search, query translation, and domain evals. Triggers: pgvector, vector search, semantic search, hybrid search, embedding search, PostgreSQL RAG, BM25, RRF, HNSW index, similarity search, ParadeDB, pg_search, reranking, Cohere rerank, Voyage rerank, graceful fallback, iterative_scan, filtered HNSW, websearch_to_tsquery, unaccent, multilingual FTS, pg_trgm, trigram, fuzzy search, LIKE, ILIKE, autocomplete, typo tolerance, fuzzystrmatch, evaluation, benchmarking, Hit@K, MRR, halfvec cast, cross-lingual retrieval, non-English corpus, per-language indexing, query translation, RRF fusion across languages

44SKILL.mdUpdated Apr 15, 2026

laguagu/postgres-semantic-search

laguagu/openai-agents-sdk

tools

VerifiedTrustedCommunity

OpenAI Agents SDK (Python) development. Use when building AI agents, multi-agent handoffs, function tools, guardrails, sessions, streaming, or tracing with the `openai-agents` / `agents` Python package — including Azure OpenAI via LiteLLM. Triggers on imports from `agents`, uses of `Runner.run_sync`/`Runner.run_streamed`, `@function_tool`, `AgentOutputSchema`, `SQLiteSession`, or questions about the openai-agents-python SDK.

44SKILL.mdUpdated Apr 15, 2026

laguagu/openai-agents-sdk

laguagu/nextjs-shadcn

development

VerifiedTrustedCommunity

Creates Next.js frontends with shadcn/ui. Use when building React UIs, components, pages, or applications with shadcn, Tailwind, or modern frontend patterns. Also use when the user asks to create a new Next.js project, add UI components, style pages, or build any web interface — even if they don't mention shadcn explicitly.

44SKILL.mdUpdated Apr 15, 2026

laguagu/nextjs-shadcn

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/laguagu/claude-code-nextjs-skills.git

# Copy into Claude Code skills folder (global)
cp -r claude-code-nextjs-skills/skills/hetzner-cloud ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

laguagu/claude-code-nextjs-skills

29 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT