nwiizo/memory-optimizer
.claude/skills/memory-optimizer/SKILL.md
Refactors CLAUDE.md into minimal startup context by extracting path-specific rules, skills, commands, and agents. Use when CLAUDE.md exceeds 50 lines, startup feels slow, memory needs restructuring, or splitting monolithic project instructions.
$ install --global
skillsauthnpx skillsauth add nwiizo/workspace_2026 memory-optimizerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 7, 2026, 8:19 PM8.2s1 file scanned
SKILL.md
- name:
- memory-optimizer
- description:
- Refactors CLAUDE.md into minimal startup context by extracting path-specific rules, skills, commands, and agents. Use when CLAUDE.md exceeds 50 lines, startup feels slow, memory needs restructuring, or splitting monolithic project instructions.
Memory Optimizer
Restructures .claude/CLAUDE.md using progressive disclosure to minimize startup tokens.
Decision Table
| Signal in CLAUDE.md | Extract To | Frontmatter |
| ---------------------------------------------------------- | -------------------------------- | --------------------------------- |
| File extensions (.ts, .py) or directories (src/api/) | .claude/rules/{topic}.md | paths: {glob} |
| Multi-step workflow (3+ steps) | .claude/skills/{name}/SKILL.md | name:, description: |
| User-triggered template | .claude/commands/{name}.md | description: |
| Specialized task needing limited tools | .claude/agents/{name}.md | name:, description:, tools: |
| Essential for ALL interactions | Keep in CLAUDE.md | — |
Workflow
- Analyze: Read CLAUDE.md, count lines
- Categorize: Apply decision table to each section
- Plan: Present extraction table for approval
- Extract: Create files with proper frontmatter
- Refactor: Reduce CLAUDE.md to <50 lines
- Report: Show before/after line counts
Extraction Plan Format
Present before creating files:
| Content | Extract To | Type | Trigger/Path |
| -------------- | ------------------------------ | ------- | ------------------- |
| TS conventions | .claude/rules/typescript.md | Rule | `**/*.ts` |
| Deploy process | .claude/skills/deploy/SKILL.md | Skill | "deploy", "release" |
| PR template | .claude/commands/review.md | Command | `/review` |
| Security check | .claude/agents/security.md | Agent | security tasks |
File Templates
Rule
---
paths: src/**/*.ts
---
# {Topic}
{ Instructions }
Skill
---
name: {kebab-case}
description: {What it does}. Use when {triggers}.
---
# {Name}
{Instructions}
Command
---
description: { Brief description }
---
{ Prompt template with $ARGUMENTS }
Agent
---
name: {name}
description: {When to delegate}. Use proactively for {triggers}.
tools: Read, Grep, Glob
---
# {Name}
{Instructions}
Refactored CLAUDE.md Target
# {Project}
{1-2 sentence overview}
## Commands
- Build: `{cmd}`
- Test: `{cmd}`
## References
- @README.md
- @docs/architecture.md
Goal: <50 lines, ideally 20-30
Validation
After extraction, verify:
- CLAUDE.md line count reduced
- Each file has valid YAML frontmatter
- Rules have
paths:, skills havedescription:with "Use when"
Description Formula
{Verb} {what}. Use when {trigger1}, {trigger2}, or {trigger3}.
Bad: Helps with code review
Good: Reviews code for security and performance issues. Use when reviewing PRs, checking code quality, or after major changes.
Related Skills
nwiizo/echo-skill
tools
VerifiedTrustedCommunity
Use when the user provides an arbitrary line of text and you must echo it back verbatim, prefixed with "ECHO:".
43SKILL.mdUpdated May 15, 2026
nwiizo/zap-triage
development
VerifiedTrustedCommunity
Turn OWASP ZAP JSON reports into code-level remediation work for any authorized web application without launching unscoped scans.
43SKILL.mdUpdated Apr 24, 2026
nwiizo/tools/vigil/skills/owasp-assessment
tools
VerifiedTrustedCommunity
# OWASP Assessment — 詳細仕様 2つの OWASP 標準に基づく網羅的セキュリティ検査。 - **OWASP Top 10:2021** — Web アプリケーション向け(A01〜A10) - **OWASP API Security Top 10:2023** — API 向け(API1〜API10) 各カテゴリに対して: 検査項目、CWE マッピング、grep パターン、判定基準、Opus 4.6 による深掘りポイントを定義する。 --- # Part 1: OWASP Top 10:2021(Web アプリケーション) 公式: https://owasp.org/Top10/ ## A01:2021 — Broken Access Control **概要:** アクセス制御の不備。ユーザーが許可された範囲を超えて操作できる。2021年版で1位に上昇。テスト対象の94%で検出。 **主要 CWE:** - CWE-200: 機密情報の未認可アクターへの露出 - CWE-201: 送信データへの機密情報の挿入 - CWE-352: CSRF -
43SKILL.mdUpdated Apr 7, 2026
nwiizo/contests/juice_shop/.claude/skills/playwright-attack
tools
VerifiedTrustedCommunity
# Playwright Attack Patterns Juice Shop を Playwright MCP で攻撃するパターン集。 ## SQLi ログイン ``` 1. browser_navigate → http://localhost:3000/#/login 2. browser_snapshot → ref確認 3. browser_type → email: "' OR 1=1--" 4. browser_type → password: "a" 5. browser_click → Loginボタン ``` ## XSS 攻撃 ``` browser_navigate → http://localhost:3000/#/search?q=<iframe src="javascript:alert('xss')"> ``` ## API 操作 (fetch) ```javascript browser_evaluate → function: () => fetch('/api/Users', { method: 'POST', headers
43SKILL.mdUpdated Apr 7, 2026