Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

luan/bootstrap-web

Name: bootstrap-web
Author: luan

skills/bootstrap-web/SKILL.md

npx skillsauth add luan/dot-claude bootstrap-web

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Bootstrap Web

Scaffold a new SvelteKit web app. Researches current ecosystem state before scaffolding — stale templates break on install.

Arguments

First word = project name (directory under $HOME/src/). Remaining = description. No name → AskUserQuestion.

Fixed Stack

Framework: SvelteKit + Svelte 5 (runes), TypeScript strict
Tooling: bun (never npm/pnpm), Vite, Vitest
Styling: Tailwind CSS via vite plugin (no tailwind.config.*), OKLCH colors, CSS custom properties
Dark mode: class-based (.dark), dark-first
Deploy: Cloudflare Pages (@sveltejs/adapter-cloudflare), D1 SQLite
Auth: WebAuthn passkeys

Dev Routing

Invoke Skill(bootstrap-caddy, "<project-name>") for port + https://<project>.localhost. Use returned port in vite.config.ts, URL in .env (WEBAUTHN_ORIGIN). Missing infrastructure → stop and tell user.

Research Phase

Research current state via WebSearch/context7 before writing any files. Present choices only when multiple strong contenders exist:

SvelteKit scaffold — sv create or manual? Non-interactive support?
DB layer — Drizzle ORM vs raw SQL vs alternatives for D1
UI components — shadcn-svelte, bits-ui, or newer Svelte 5-compatible lib
Icons — unplugin-icons, lucide-svelte, phosphor, etc.
WebAuthn — @simplewebauthn still best?
CSS utilities — clsx + tailwind-merge + tailwind-variants still right?
Animation — lightweight Tailwind animation approach
Testing — Vitest + @testing-library/svelte + jsdom still needed?

Clear winners → proceed. --auto → pick leading option for close calls. Without --auto → AskUserQuestion on close calls.

Design Interview

--auto → defaults: minimal tone, cool+muted colors, sans+formal typography.

Without --auto, AskUserQuestion:

Tone — minimal, bold, playful, editorial, brutalist, etc.
Color direction — warm/cool, muted/vibrant, monochrome/colorful
Typography — serif, sans, mono, mixed; formal vs casual

Use answers to select Google Fonts, build OKLCH palette, shape layout per /frontend-design.

Scaffold

Create project at $HOME/src/<project-name> using research results.

Constraints:

Never hardcode versions — bun add <package> resolves latest
Config from current docs, not stale templates
vite.config.ts: server: { port: Number(process.env.DEV_PORT) || undefined }
Dark-first: <html class="dark">
WebAuthn: rpID = localhost, origin from $env/dynamic/private, HMAC-signed challenges
.env.example committed, .env gitignored

Build: config files, app shell, lib (cn helper, DB schema, auth, sessions), routes (hooks, layout, home, auth flow), UI components, static assets.

Quality Gate

cd $HOME/src/<project-name> && bun run prepare && bun run check

Both must pass. Fix type errors before returning. 2 failed attempts → report specific errors.

Completion

Report: project location, dev URL, bun dev to start, research decisions. Remind user: create D1 database (wrangler d1 create) and set CHALLENGE_SECRET before deploy.

luan/bootstrap-web

skills/bootstrap-web/SKILL.md

Bootstrap a new web project with the preferred stack. Triggers: 'bootstrap web', 'new webapp', 'scaffold project', 'new web project'.

4 stars

development

Updated Apr 21, 2026

$ install --global

skillsauth

npx skillsauth add luan/dot-claude bootstrap-web

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 30, 2026, 1:09 PM5.4s1 file scanned

SKILL.md

name:: bootstrap-web
description:: Bootstrap a new web project with the preferred stack. Triggers: 'bootstrap web', 'new webapp', 'scaffold project', 'new web project'.
argument-hint:: <project-name> [description] [--auto]
user-invocable:: true
disable-model-invocation:: true

Bootstrap Web

Scaffold a new SvelteKit web app. Researches current ecosystem state before scaffolding — stale templates break on install.

Arguments

First word = project name (directory under $HOME/src/). Remaining = description. No name → AskUserQuestion.

Fixed Stack

Framework: SvelteKit + Svelte 5 (runes), TypeScript strict
Tooling: bun (never npm/pnpm), Vite, Vitest
Styling: Tailwind CSS via vite plugin (no tailwind.config.*), OKLCH colors, CSS custom properties
Dark mode: class-based (.dark), dark-first
Deploy: Cloudflare Pages (@sveltejs/adapter-cloudflare), D1 SQLite
Auth: WebAuthn passkeys

Dev Routing

Research Phase

Research current state via WebSearch/context7 before writing any files. Present choices only when multiple strong contenders exist:

SvelteKit scaffold — sv create or manual? Non-interactive support?
DB layer — Drizzle ORM vs raw SQL vs alternatives for D1
UI components — shadcn-svelte, bits-ui, or newer Svelte 5-compatible lib
Icons — unplugin-icons, lucide-svelte, phosphor, etc.
WebAuthn — @simplewebauthn still best?
CSS utilities — clsx + tailwind-merge + tailwind-variants still right?
Animation — lightweight Tailwind animation approach
Testing — Vitest + @testing-library/svelte + jsdom still needed?

Clear winners → proceed. --auto → pick leading option for close calls. Without --auto → AskUserQuestion on close calls.

Design Interview

--auto → defaults: minimal tone, cool+muted colors, sans+formal typography.

Without --auto, AskUserQuestion:

Tone — minimal, bold, playful, editorial, brutalist, etc.
Color direction — warm/cool, muted/vibrant, monochrome/colorful
Typography — serif, sans, mono, mixed; formal vs casual

Use answers to select Google Fonts, build OKLCH palette, shape layout per /frontend-design.

Scaffold

Create project at $HOME/src/<project-name> using research results.

Constraints:

Never hardcode versions — bun add <package> resolves latest
Config from current docs, not stale templates
vite.config.ts: server: { port: Number(process.env.DEV_PORT) || undefined }
Dark-first: <html class="dark">
WebAuthn: rpID = localhost, origin from $env/dynamic/private, HMAC-signed challenges
.env.example committed, .env gitignored

Build: config files, app shell, lib (cn helper, DB schema, auth, sessions), routes (hooks, layout, home, auth flow), UI components, static assets.

Quality Gate

cd $HOME/src/<project-name> && bun run prepare && bun run check

Both must pass. Fix type errors before returning. 2 failed attempts → report specific errors.

Completion

Report: project location, dev URL, bun dev to start, research decisions. Remind user: create D1 database (wrangler d1 create) and set CHALLENGE_SECRET before deploy.

Related Skills

luan/sym

tools

VerifiedTrustedCommunity

Tree-sitter indexed code navigator (ct sym CLI). Use INSTEAD OF Read/Grep/Glob/Bash when exploring existing code, understanding how something works, locating a symbol, tracing the call graph up (impact) or down (trace), finding implementations of an interface, scoping a diff to one symbol, or preparing to edit code you have not read yet. Triggers: 'how does X work', 'explain this class/file/symbol', 'walk me through X', 'what does X do', 'where is X defined', 'who calls X', 'what does X call', 'find implementations of', 'what breaks if I change X', 'outline this file', 'map imports', 'show me this symbol', exploring unfamiliar repo, tracing call graph, scoping diff to a symbol, preparing to edit code I haven't read, about to Read a file over ~500 lines to understand it. Do NOT use for: writing new code from scratch, editing prose or config, running tests, or when a stack trace already names the file and line.

4SKILL.mdUpdated Apr 22, 2026

luan/vibe

development

VerifiedTrustedCommunity

Fully autonomous development workflow from prompt to commit. Chains spec → develop → review → commit. Triggers: /vibe, 'vibe this', 'autonomous workflow', 'just do it all', 'build this end-to-end', 'full pipeline', 'handle everything'.

4SKILL.mdUpdated Apr 21, 2026

luan/vault-sweep

development

VerifiedTrustedCommunity

Comprehensive vault maintenance — cross-references blueprints against codebase state to produce a maintenance plan: archive consumed artifacts, audit docs for staleness, propose new docs for undocumented stable systems. Triggers: 'vault sweep', 'sweep the vault', 'clean up vault', 'vault maintenance', 'what can we archive', 'audit blueprints', 'vault hygiene', 'blueprint cleanup'. Use whenever the user wants a holistic view of vault health rather than archiving a single artifact (that's /archive). Also use when the user asks what's stale, what needs docs, or whether artifacts can be cleaned up.

4SKILL.mdUpdated Apr 21, 2026

luan/test-plan

development

VerifiedTrustedCommunity

Analyze current diff, classify changes by risk, and produce structured manual test plan. Triggers: 'test plan', 'what should I test', 'manual testing', 'verification steps', 'QA checklist'. Exits early for trivial changes. Do NOT use when: writing automated tests — use /develop with TDD. Do NOT use when: reviewing code quality — use /crit instead.

4SKILL.mdUpdated Apr 21, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/luan/dot-claude.git

# Copy into Claude Code skills folder (global)
cp -r dot-claude/skills/bootstrap-web ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

luan/dot-claude

4 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT