sampx/skills-research
skills/backup/skills-research/SKILL.md
Search and download AI agent skills from the skills.sh ecosystem. Use when user wants to find skills, download skills to INBOX for evaluation, or explore available skills from GitHub repositories.
$ install --global
skillsauthnpx skillsauth add sampx/agent-tools skills-researchInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:46 PM1.9s1 file scanned
SKILL.md
- name:
- skills-research
- description:
- Search and download AI agent skills from the skills.sh ecosystem. Use when user wants to find skills, download skills to INBOX for evaluation, or explore available skills from GitHub repositories.
Skills Research
Search and download AI agent skills from the skills.sh ecosystem.
When to Use This Skill
Use this skill when the user:
- Asks "how do I do X" where X might be a common task with an existing skill
- Says "find a skill for X" or "is there a skill for X"
- Wants to download skills for evaluation before deployment
- Wants to search for tools, templates, or workflows
- Mentions they wish they had help with a specific domain (design, testing, deployment, etc.)
Scripts
search-skills.py
Search for skills from the skills.sh ecosystem.
# Basic search
./scripts/search-skills.py "react testing"
# JSON output (for programmatic use)
./scripts/search-skills.py "install skill" --json
Options:
query- Search keywords (required)--json, -j- Output as JSON format
download-skill.py
Download skills from GitHub to local INBOX directory.
# Download by skill identifier
./scripts/download-skill.py vercel-labs/agent-skills@vercel-react-best-practices
# Download from GitHub URL
./scripts/download-skill.py https://github.com/vercel-labs/agent-skills/tree/main/skills/vercel-react-best-practices
# Specify destination
./scripts/download-skill.py owner/repo@skill --dest ~/my-skills
# Overwrite existing
./scripts/download-skill.py owner/repo@skill --force
Options:
source- Skill identifier (owner/repo@skill) or GitHub URL (required)--dest, -d- Destination directory (default: projects/ontology/skills/download/INBOX)--force, -f- Overwrite existing skill--verbose, -v- Show detailed output
Workflow
Recommended Flow
1. Search for skills
./scripts/search-skills.py "react performance"
↓
2. Download to INBOX
./scripts/download-skill.py owner/repo@skill
↓
3. Security scan (use skill-security-scanner)
../skill-security-scanner/scripts/scan.sh INBOX/skill-name
↓
4. Evaluate and test the skill
↓
5. Deploy using skill-deployer
../skill-deployer/scripts/deploy-skill.py -s INBOX/skill -d .agents/skills/
Security Scanning
After downloading, use skill-security-scanner to scan for security risks:
../skill-security-scanner/scripts/scan.sh INBOX/skill-name
The scanner checks for:
- C2 infrastructure patterns
- Reverse shell attempts
- Data exfiltration code
- Malware characteristics
- Dynamic code execution risks
Common Skill Categories
| Category | Example Queries | | --------------- | ---------------------------------------- | | Web Development | react, nextjs, typescript, css, tailwind | | Testing | testing, jest, playwright, e2e | | DevOps | deploy, docker, kubernetes, ci-cd | | Documentation | docs, readme, changelog, api-docs | | Code Quality | review, lint, refactor, best-practices | | Design | ui, ux, design-system, accessibility | | Productivity | workflow, automation, git |
Direct CLI Usage
You can also use npx skills directly:
# Search
npx skills find react performance
# Install directly to agent directory
npx skills add vercel-labs/agent-skills@vercel-react-best-practices -g -y
# List installed skills
npx skills list
Browse skills at: https://skills.sh/
Tips for Effective Searches
- Use specific keywords: "react testing" is better than just "testing"
- Try alternative terms: If "deploy" doesn't work, try "deployment" or "ci-cd"
- Check popular sources: Many skills come from
vercel-labs/agent-skillsorComposioHQ/awesome-claude-skills
When No Skills Are Found
If no relevant skills exist:
- Acknowledge that no existing skill was found
- Offer to help with the task directly using your general capabilities
- Suggest the user could create their own skill with
npx skills init
Related Skills
sampx/ellamaka-config
tools
VerifiedTrustedCommunity
Configure ellamaka, a fork of OpenCode with wopal-space mode. MUST use for any task about ellamaka config, agent frontmatter, permission rules, model/provider selection, formatter settings, config loading order, or why config changes are ignored. Trigger on requests about ellamaka or opencode config files, agent permission overrides, restricting subagents, custom/plugin tool permissions (e.g. wopal_task_*), disabling tools, configuring providers or models, formatter setup, config precedence or layering, or debugging settings that do not take effect. Use this skill even when the user says "opencode" if the actual runtime, config path, or behavior is ellamaka. Prefer this skill whenever the answer depends on the difference between ellamaka and upstream opencode, including wopal-space config loading, plugin tool permissions, or agent frontmatter precedence.
1SKILL.mdUpdated May 31, 2026
sampx/df-plan-review
development
VerifiedTrustedCommunity
Plan quality verification for dev-flow. Goal-backward analysis ensures plans WILL achieve their stated goal before execution burns context. ⚠️ MUST use when: (1) Reviewing Plan quality before approve (2) Wopal completes Plan writing and needs quality gate (3) User asks to "check plan", "verify plan", "review plan" (4) Plan enters planning status and needs pre-execution validation 🔴 Trigger automatically when Plan is ready for review, even if user doesn't explicitly say "review". Agent: rook (read-only verification subagent) Mode: verification, not execution
1SKILL.mdUpdated May 31, 2026
sampx/df-implement-review
development
VerifiedTrustedCommunity
Review implementation results for goal achievement and code quality. Supports both Plan-backed review and planless diff review. ⚠️ MUST use when: (1) Wopal delegates rook to review fae implementation output, (2) Prompt contains "review_type: implementation", (3) Prompt contains changed code file list or Plan path + implementation scope, (4) Any code review request from Wopal. 🔴 Trigger even when user does not explicitly mention "review" if the task involves verifying implementation results. This skill is rook-exclusive (only rook agent can load it).
1SKILL.mdUpdated May 31, 2026
sampx/agents-collab
tools
VerifiedTrustedCommunity
Foundation rules for how Wopal collaborates with sub-agents such as fae and rook. ⚠️ MUST load before ANY delegation — covers delegation tool APIs, task lifecycle, notifications, status handling, and recovery. 🔴 Trigger: "delegate", "let fae implement", "fae task", "rook review", "check task status", "cancel task", "abort task", "agent collaboration", "委派", "让 fae 执行", "fae 任务", "rook 审查", "检查状态", or any intent to hand work to a sub-agent. 🔴 Never delegate without loading this skill first. Skipping it is serious negligence. Note: this skill does not include workflow-specific prompt templates such as dev-flow templates. Those belong to the corresponding workflow skills.
1SKILL.mdUpdated May 31, 2026