Marketplace
Find the right skill for the job.
Browse the full catalog through outcome-first channels, technical facets, rating filters, and server-side pagination built for a large public marketplace.
branch-naming
Defines branch naming conventions that link Git branches to GitHub issues. Includes patterns for standard and Claude-created branches, commit message keywords, and integration with issue status detection. Helps teams maintain consistent naming and track work progress.
api-security-hardening
Imported from https://github.com/secondsky/claude-skills.
find-bugs
Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.
docker
Docker expert for containers, Compose, Dockerfiles, and debugging
aws-security-group-auditor
Audit AWS Security Groups and VPC configurations for dangerous internet exposure
afrexai-api-architect
Design, build, test, document, and secure production-grade APIs. Covers the full lifecycle from schema design through deployment, monitoring, and versioning. Use when designing new APIs, reviewing existing ones, generating OpenAPI specs, building test suites, or debugging production issues.
node-red-manager
Manage Node-RED instances via Admin API or CLI. Automate flow deployment, install nodes, and troubleshoot issues. Use when user wants to "build automation", "connect devices", or "fix node-red".
skill-scanner
Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.
docker-essentials
Essential Docker commands and workflows for container management, image operations, and debugging.
env-setup
Scan codebase for environment variables, generate .env.example, validate .env, and ensure .gitignore safety
ralph-security
Comprehensive security audit with 100 iterations (~30-60 min). Use when user says 'security audit', 'ralph security', 'weekly security check', 'audit this project', 'new project security review', or 'check for vulnerabilities'. Covers OWASP Top 10, auth, secrets, infrastructure, and code quality.
workspace-organization
Automated workspace health checks and entropy prevention for OpenClaw. Detects broken symlinks, empty dirs, large files, malformed names. Maintenance audit script with cron support. Keeps deployments clean and structured.
code-review-expert
Expert code review of current git changes with a senior engineer lens. Detects SOLID violations, security risks, and proposes actionable improvements.
1k-code-review-pr
Comprehensive PR code review for OneKey monorepo. Use when reviewing PRs, code changes, or diffs — covers security (secrets/PII leakage, supply-chain, AuthN/AuthZ), code quality (hooks, race conditions, null safety, concurrent requests), and OneKey-specific patterns (Fabric crashes, MIUI, BigNumber). Triggers on "review PR", "review this PR", "code review", "check this diff", "审查 PR", "代码审查", "review
dev-workflow
This skill orchestrates a complete development workflow from issue creation to PR merge. It provides concrete commands for Git operations, worktree management, and integrates with multiple code review tools. The documentation includes specific error handling references and supports both Gitea and GitHub.
orchestrator
Automatically splits complex development tasks into parallel sub-tasks handled by specialized agents. Analyzes task complexity using file count, domain count, and keyword triggers to decide when to orchestrate. Spawns agents like security-auditor or performance-analyst concurrently, then aggregates their JSON outputs into a unified report.
GitHub
This GitHub skill provides expert guidance for managing repositories, pull requests, and CI/CD workflows using the gh CLI and custom automation tools, helping users efficiently check PR status, review changes, create PRs, manage issues, and restart failed checks.
backend-development
Provides guidance for building backend systems with technology selection matrices, implementation checklists, and reference documentation covering APIs, databases, security, and deployment. Includes concrete metrics like 98% SQL injection reduction with parameterized queries.
github-actions
This skill helps create and maintain GitHub Actions workflows for CI/CD pipelines, automating tasks like testing, building, deployment, and scheduled jobs to streamline development and operations.
security-audit
This skill audits code for security vulnerabilities like SQL injection, XSS, and OWASP Top 10 issues, helping developers identify and fix security flaws during development, code reviews, and before production deployments.
package-audit
This skill scans for and fixes security vulnerabilities in npm dependencies using pnpm audit and Snyk, helping ensure secure deployments and resolve CVE alerts through automated tools and detailed reporting.
health-check-endpoints
This skill provides health check endpoints for monitoring service availability, including liveness, readiness, and dependency checks, enabling proper container orchestration, load balancing, and failure recovery in environments like Kubernetes.
worktree-lifecycle-skill
Manages Git worktree lifecycle for parallel development with automatic port allocation. Creates isolated environments for different branches, handles service startup/cleanup, and prevents port conflicts through calculated offsets. Focuses on standardized commands rather than manual git operations.
minikube-setup
Provides step-by-step instructions for setting up Minikube for local Kubernetes development, including installation, configuration, image loading, and troubleshooting. Covers multiple platforms and integrates with a sample todo application workflow.