Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

pyramidheadshark/.claude/skills/github-actions

Name: .claude/skills/github-actions
Author: pyramidheadshark

.claude/skills/github-actions/SKILL.md

npx skillsauth add pyramidheadshark/ml-claude-infra .claude/skills/github-actions

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

GitHub Actions Patterns

When to Load This Skill

Load when working with: .github/workflows/*.yml, CI pipelines, lint/test/build/deploy jobs, matrix strategies, GitHub secrets, environment protection rules.

Keywords: github actions, ci, workflow, lint job, test job, deploy, matrix, pipeline

Canonical Job Templates

Lint (ruff + mypy)

lint:
  runs-on: ubuntu-latest
  steps:
    - uses: actions/checkout@v4
    - uses: astral-sh/setup-uv@v4
      with:
        version: "latest"
    - run: uv sync --frozen
    - run: uv run ruff check .
    - run: uv run mypy src/

Test (pytest + coverage)

test:
  runs-on: ubuntu-latest
  needs: lint
  steps:
    - uses: actions/checkout@v4
    - uses: astral-sh/setup-uv@v4
      with:
        version: "latest"
    - run: uv sync --frozen
    - run: uv run pytest --cov=src --cov-report=xml --cov-fail-under=80
    - uses: codecov/codecov-action@v4
      with:
        token: ${{ secrets.CODECOV_TOKEN }}

Docker Build & Push

docker-build:
  runs-on: ubuntu-latest
  needs: test
  steps:
    - uses: actions/checkout@v4
    - uses: docker/setup-buildx-action@v3
    - uses: docker/login-action@v3
      with:
        registry: cr.yandex
        username: json_key
        password: ${{ secrets.YC_SA_JSON_CREDENTIALS }}
    - uses: docker/build-push-action@v5
      with:
        context: .
        push: ${{ github.ref == 'refs/heads/main' }}
        tags: cr.yandex/${{ secrets.YC_REGISTRY_ID }}/app:${{ github.sha }}
        cache-from: type=gha
        cache-to: type=gha,mode=max

Deploy to Yandex Cloud

deploy:
  runs-on: ubuntu-latest
  needs: docker-build
  environment: production
  if: github.ref == 'refs/heads/main'
  steps:
    - uses: yc-actions/yc-cr-login@v2
      with:
        yc-sa-json-credentials: ${{ secrets.YC_SA_JSON_CREDENTIALS }}
    - name: Deploy to YC Serverless Container
      run: |
        yc serverless container revision deploy \
          --container-name ${{ vars.CONTAINER_NAME }} \
          --image cr.yandex/${{ secrets.YC_REGISTRY_ID }}/app:${{ github.sha }} \
          --service-account-id ${{ secrets.YC_SA_ID }}

Full Workflow Structure

name: CI/CD

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  lint:
    ...
  test:
    needs: lint
    ...
  docker-build:
    needs: test
    ...
  deploy:
    needs: docker-build
    environment: production
    if: github.ref == 'refs/heads/main'
    ...

Key Patterns

uv caching

- uses: astral-sh/setup-uv@v4
  with:
    version: "latest"
    enable-cache: true
    cache-dependency-glob: "uv.lock"

Matrix strategy (multi-Python)

strategy:
  matrix:
    python-version: ["3.11", "3.12"]
steps:
  - uses: astral-sh/setup-uv@v4
    with:
      python-version: ${{ matrix.python-version }}

Environment protection

Use environment: production on deploy jobs — requires manual approval in GitHub UI (Settings → Environments).

Secrets vs Variables

secrets.* — sensitive values (tokens, keys, passwords) — encrypted
vars.* — non-sensitive config (container names, region) — plain text

pyramidheadshark/.claude/skills/github-actions

.claude/skills/github-actions/SKILL.md

# GitHub Actions Patterns ## When to Load This Skill Load when working with: `.github/workflows/*.yml`, CI pipelines, lint/test/build/deploy jobs, matrix strategies, GitHub secrets, environment protection rules. Keywords: `github actions`, `ci`, `workflow`, `lint job`, `test job`, `deploy`, `matrix`, `pipeline` ## Canonical Job Templates ### Lint (ruff + mypy) ```yaml lint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: astral-sh/setup-uv@v4 with:

4 stars

development

Updated Apr 15, 2026

$ install --global

skillsauth

npx skillsauth add pyramidheadshark/ml-claude-infra .claude/skills/github-actions

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 15, 2026, 8:08 AM149.9s2 files scanned

SKILL.md

GitHub Actions Patterns

When to Load This Skill

Load when working with: .github/workflows/*.yml, CI pipelines, lint/test/build/deploy jobs, matrix strategies, GitHub secrets, environment protection rules.

Keywords: github actions, ci, workflow, lint job, test job, deploy, matrix, pipeline

Canonical Job Templates

Lint (ruff + mypy)

lint:
  runs-on: ubuntu-latest
  steps:
    - uses: actions/checkout@v4
    - uses: astral-sh/setup-uv@v4
      with:
        version: "latest"
    - run: uv sync --frozen
    - run: uv run ruff check .
    - run: uv run mypy src/

Test (pytest + coverage)

test:
  runs-on: ubuntu-latest
  needs: lint
  steps:
    - uses: actions/checkout@v4
    - uses: astral-sh/setup-uv@v4
      with:
        version: "latest"
    - run: uv sync --frozen
    - run: uv run pytest --cov=src --cov-report=xml --cov-fail-under=80
    - uses: codecov/codecov-action@v4
      with:
        token: ${{ secrets.CODECOV_TOKEN }}

Docker Build & Push

docker-build:
  runs-on: ubuntu-latest
  needs: test
  steps:
    - uses: actions/checkout@v4
    - uses: docker/setup-buildx-action@v3
    - uses: docker/login-action@v3
      with:
        registry: cr.yandex
        username: json_key
        password: ${{ secrets.YC_SA_JSON_CREDENTIALS }}
    - uses: docker/build-push-action@v5
      with:
        context: .
        push: ${{ github.ref == 'refs/heads/main' }}
        tags: cr.yandex/${{ secrets.YC_REGISTRY_ID }}/app:${{ github.sha }}
        cache-from: type=gha
        cache-to: type=gha,mode=max

Deploy to Yandex Cloud

deploy:
  runs-on: ubuntu-latest
  needs: docker-build
  environment: production
  if: github.ref == 'refs/heads/main'
  steps:
    - uses: yc-actions/yc-cr-login@v2
      with:
        yc-sa-json-credentials: ${{ secrets.YC_SA_JSON_CREDENTIALS }}
    - name: Deploy to YC Serverless Container
      run: |
        yc serverless container revision deploy \
          --container-name ${{ vars.CONTAINER_NAME }} \
          --image cr.yandex/${{ secrets.YC_REGISTRY_ID }}/app:${{ github.sha }} \
          --service-account-id ${{ secrets.YC_SA_ID }}

Full Workflow Structure

name: CI/CD

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  lint:
    ...
  test:
    needs: lint
    ...
  docker-build:
    needs: test
    ...
  deploy:
    needs: docker-build
    environment: production
    if: github.ref == 'refs/heads/main'
    ...

Key Patterns

uv caching

- uses: astral-sh/setup-uv@v4
  with:
    version: "latest"
    enable-cache: true
    cache-dependency-glob: "uv.lock"

Matrix strategy (multi-Python)

strategy:
  matrix:
    python-version: ["3.11", "3.12"]
steps:
  - uses: astral-sh/setup-uv@v4
    with:
      python-version: ${{ matrix.python-version }}

Environment protection

Use environment: production on deploy jobs — requires manual approval in GitHub UI (Settings → Environments).

Secrets vs Variables

secrets.* — sensitive values (tokens, keys, passwords) — encrypted
vars.* — non-sensitive config (container names, region) — plain text

Related Skills

pyramidheadshark/tests/fixtures/project-with-status/.claude/skills/design-doc-creator

testing

VerifiedTrustedCommunity

# Design Doc Creator ## When to Load This Skill Load when: design documents, requirements, new project start. Short fixture skill for testing (optional/meta skill).

4SKILL.mdUpdated Apr 17, 2026

pyramidheadshark/tests/fixtures/project-with-status/.claude/skills/design-doc-creator

pyramidheadshark/.claude/skills/windows-developer

development

VerifiedTrustedCommunity

# Windows Developer Guide ## When to Load Automatically loaded on Windows (`platform_trigger: "win32"`). Applies to: `.py`, `.ps1`, `.bat`, `.cmd` files and any Windows-specific workflow. ## Python on Windows ### Encoding (CRITICAL) Windows defaults to `cp1251` / `cp1252` for file I/O. Always specify UTF-8 explicitly: ```python with open("file.txt", "r", encoding="utf-8") as f: content = f.read() Path("file.txt").read_text(encoding="utf-8") Path("file.txt").write_text(content, encodin

4SKILL.mdUpdated Apr 15, 2026

pyramidheadshark/.claude/skills/windows-developer

pyramidheadshark/.claude/skills/test-first-patterns

development

VerifiedTrustedCommunity

# Test-First Patterns ## When to Load This Skill Load when writing tests, creating `.feature` files, setting up conftest, discussing test strategy, or reviewing coverage. ## Philosophy Tests are written BEFORE code. Always. No exceptions. The order is: Design Doc → BDD Scenarios → Unit Tests → Implementation. BDD scenarios come from the design document's use cases section — they are a direct translation of business requirements into executable specifications. This makes tests the living do

4SKILL.mdUpdated Apr 15, 2026

pyramidheadshark/.claude/skills/test-first-patterns

pyramidheadshark/.claude/skills/supply-chain-auditor

testing

VerifiedTrustedCommunity

# Skill: Supply Chain Auditor ## When to Load Auto-load when: adding dependencies, reviewing packages, updating versions, or discussing `requirements.txt`, `pyproject.toml`, `package.json`. Triggers on `dependency`, `install`, `package`, `CVE`, `audit`, `vulnerable` (≥2 keywords). ## Core Rules Every new dependency addition must pass this checklist before merging: 1. **Pinned** — exact version in production (`==1.2.3` for pip, `"1.2.3"` for npm, not `^` or `~`). 2. **Maintained** — last com

4SKILL.mdUpdated Apr 15, 2026

pyramidheadshark/.claude/skills/supply-chain-auditor

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/pyramidheadshark/ml-claude-infra.git

# Copy into Claude Code skills folder (global)
cp -r ml-claude-infra/.claude/skills/github-actions ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

pyramidheadshark/ml-claude-infra

4 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT