Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

lollipopkit/trailbase

Name: trailbase
Author: lollipopkit

trailbase/SKILL.md

npx skillsauth add lollipopkit/cc-skills trailbase

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

TrailBase

Use this skill to work with TrailBase as an application platform: install it, start it, configure traildepot, expose data through Record APIs, call HTTP APIs directly, or integrate a first-party SDK.

Prefer current repo files over memory. If the user asks about the public/latest release, package version, Docker tag, or external docs, verify online or from the package registry before giving version-specific advice.

Workflow

Identify the task surface:
- Install/run/deploy: read references/install-run.md.
- config.textproto, migrations, Record API setup, ACLs: read references/config-and-migrations.md.
- Direct HTTP/Auth/Record API calls: read references/http-api.md.
- OAuth, OIDC, PKCE, or "TrailBase as SSO" questions: read references/oauth-sso.md.
- SDK integration: read references/sdk.md, then inspect the language-specific client source if precision matters.
- WASM custom endpoints: read references/custom-wasm-apis.md.
- Repo navigation or implementation changes: read references/source-map.md.
Verify against source for nontrivial answers. TrailBase has generated docs and multiple clients; source can drift from docs.
For code examples, use localhost http://localhost:4000 unless the user gives another base URL.
For auth-sensitive examples, never invent tokens. Show placeholders such as ${AUTH_TOKEN} or obtain tokens from a real login command if credentials are provided.

Core Facts

TrailBase is a single executable named trail; trail run starts a local server on localhost:4000 and bootstraps ./traildepot.
Admin UI is at /_/admin/; optional auth UI is added with trail components add trailbase/auth_ui and then lives under /_/auth/login.
Record APIs expose STRICT SQLite TABLEs or VIEWs with an INTEGER, UUIDv4, or UUIDv7 primary key.
Main public Record API path is /api/records/v1/<api-name>.
Main auth path is /api/auth/v1.
Auth tokens are sent with Authorization: Bearer <auth_token>; refresh and CSRF tokens may also be represented as Refresh-Token and CSRF-Token headers by SDKs.
TrailBase can broker sign-in through configured external OAuth/OIDC providers and supports an auth-code + PKCE handoff to native or different-origin apps. Do not describe it as a full OAuth/OIDC identity provider unless the current source has added standard IdP endpoints such as authorization, discovery, JWKS, and userinfo.
Realtime subscriptions are exposed under /api/records/v1/<api-name>/subscribe/<id-or-*>.

Validation

When changing a TrailBase repo checkout, prefer focused validation:

cargo test -p trailbase-client
pnpm --filter trailbase test
trail help
trail run

Pick commands that match the files touched. If commands require missing dependencies, report the exact blocker and still provide source-backed reasoning.

lollipopkit/trailbase

trailbase/SKILL.md

TrailBase project guide for installing and running the single-executable backend, configuring traildepot/config.textproto and migrations, exposing Record APIs, using auth and token flows, integrating first-party SDKs for TypeScript/JavaScript, Dart/Flutter, Rust, C#/.NET, Swift, Kotlin, Go, and Python, calling HTTP APIs directly, implementing WASM custom endpoints, and locating relevant source/docs in the trailbase repository. Use when Codex needs to answer or implement TrailBase setup, SDK, REST/HTTP API, auth, realtime, configuration, migration, deployment, or custom endpoint work.

1 stars

development

Updated Jun 3, 2026

$ install --global

skillsauth

npx skillsauth add lollipopkit/cc-skills trailbase

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Jun 3, 2026, 4:00 AM13.3s10 files scanned

SKILL.md

name:: trailbase
description:: TrailBase project guide for installing and running the single-executable backend, configuring traildepot/config.textproto and migrations, exposing Record APIs, using auth and token flows, integrating first-party SDKs for TypeScript/JavaScript, Dart/Flutter, Rust, C#/.NET, Swift, Kotlin, Go, and Python, calling HTTP APIs directly, implementing WASM custom endpoints, and locating relevant source/docs in the trailbase repository. Use when Codex needs to answer or implement TrailBase setup, SDK, REST/HTTP API, auth, realtime, configuration, migration, deployment, or custom endpoint work.

TrailBase

Workflow

Identify the task surface:
- Install/run/deploy: read references/install-run.md.
- config.textproto, migrations, Record API setup, ACLs: read references/config-and-migrations.md.
- Direct HTTP/Auth/Record API calls: read references/http-api.md.
- OAuth, OIDC, PKCE, or "TrailBase as SSO" questions: read references/oauth-sso.md.
- SDK integration: read references/sdk.md, then inspect the language-specific client source if precision matters.
- WASM custom endpoints: read references/custom-wasm-apis.md.
- Repo navigation or implementation changes: read references/source-map.md.
Verify against source for nontrivial answers. TrailBase has generated docs and multiple clients; source can drift from docs.
For code examples, use localhost http://localhost:4000 unless the user gives another base URL.
For auth-sensitive examples, never invent tokens. Show placeholders such as ${AUTH_TOKEN} or obtain tokens from a real login command if credentials are provided.

Core Facts

TrailBase is a single executable named trail; trail run starts a local server on localhost:4000 and bootstraps ./traildepot.
Admin UI is at /_/admin/; optional auth UI is added with trail components add trailbase/auth_ui and then lives under /_/auth/login.
Record APIs expose STRICT SQLite TABLEs or VIEWs with an INTEGER, UUIDv4, or UUIDv7 primary key.
Main public Record API path is /api/records/v1/<api-name>.
Main auth path is /api/auth/v1.
Auth tokens are sent with Authorization: Bearer <auth_token>; refresh and CSRF tokens may also be represented as Refresh-Token and CSRF-Token headers by SDKs.
TrailBase can broker sign-in through configured external OAuth/OIDC providers and supports an auth-code + PKCE handoff to native or different-origin apps. Do not describe it as a full OAuth/OIDC identity provider unless the current source has added standard IdP endpoints such as authorization, discovery, JWKS, and userinfo.
Realtime subscriptions are exposed under /api/records/v1/<api-name>/subscribe/<id-or-*>.

Validation

When changing a TrailBase repo checkout, prefer focused validation:

cargo test -p trailbase-client
pnpm --filter trailbase test
trail help
trail run

Pick commands that match the files touched. If commands require missing dependencies, report the exact blocker and still provide source-backed reasoning.

Related Skills

lollipopkit/codex-clean-history

development

VerifiedTrustedCommunity

Clean Codex local history artifacts that can contain logs, prompts, user input text, command traces, and session transcripts while preserving memories and configuration. Use when the user asks to delete, purge, wipe, prune, reset, or preview Codex history/log/session/input records, especially `~/.codex/history.jsonl`, `~/.codex/sessions/`, `~/.codex/log/`, `~/.codex/logs_*.sqlite`, or shell snapshots, and explicitly not memories.

1SKILL.mdUpdated Jun 5, 2026

lollipopkit/codex-clean-history

lollipopkit/use-fllib

tools

VerifiedTrustedCommunity

Use fl_lib stores, widgets, utils, and extensions in Flutter apps. Use when requests mention fl_lib APIs or integration.

1SKILL.mdUpdated Jun 3, 2026

lollipopkit/use-fllib

lollipopkit/linked-doc

development

VerifiedTrustedCommunity

Maintain an evolving linked documentation library for project wikis, ADRs, design notes, research notes, release notes, and decision logs. Use when asked to create, grow, repair, reorganize, or verify a wiki/ADR knowledge base with Markdown pages, YAML frontmatter, Obsidian-style [[wikilinks]], source-backed citations, llmwiki/llm-wiki-compiler projects, or a durable project memory that should compound over time instead of being rewritten from scratch.

1SKILL.mdUpdated Jun 3, 2026

lollipopkit/linked-doc

lollipopkit/handoff

testing

VerifiedTrustedCommunity

Create concise, evidence-based handoff notes for another AI coding agent. Use when the user asks for a handoff, continuity note, next-agent summary, progress transfer, "告诉别的 agent", "handoff skill", "交接", or wants the current state, completed work, remaining plan items, risks, and next steps captured for another agent without writing a verbose work log.

1SKILL.mdUpdated Jun 3, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/lollipopkit/cc-skills.git

# Copy into Claude Code skills folder (global)
cp -r cc-skills/trailbase ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

lollipopkit/cc-skills

1 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT