Marketplace
Find the right skill for the job.
Browse the full catalog through outcome-first channels, technical facets, rating filters, and server-side pagination built for a large public marketplace.
worktree-management
Automate Git worktree creation with isolated Docker services and browser automation for parallel Claude Code development sessions. This skill should be used when creating, managing, or removing Git worktrees for isolated development environments with automatic port allocation, environment file copying, and browser MCP isolation.
deployment-rollback
Automated rollback capabilities when deployments fail. Ensures failed deployments don't leave systems in broken states.
deployment-orchestrator
Imported from https://github.com/turbobeest/dev-system.
docker-kubernetes-orchestrator
Expert guidance for Docker containerization and Kubernetes orchestration. Use when containerizing applications, managing multi-container setups with Docker Compose, or deploying to Kubernetes clusters.
gitops-workflow
Implement GitOps workflows with ArgoCD and Flux for automated, declarative Kubernetes deployments with continuous reconciliation. Use when implementing GitOps practices, automating Kubernetes deployments, or setting up declarative infrastructure management.
agent-provisioner
MANDATORY workflow for creating new agents. Enforces -01-agent-formatting standards from inception, ensuring every new agent is properly designed, researched, and curated before deployment.
sast-configuration
Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.
github-actions-templates
Create production-ready GitHub Actions workflows for automated testing, building, and deploying applications. Use when setting up CI/CD with GitHub Actions, automating development workflows, or creating reusable workflow templates.
mcp-provider
Discovers, validates, and integrates Model Context Protocol (MCP) tools into Claude Code skills. Searches MCP catalogs, scores candidates, generates tool configurations, and optionally sets up Docker runtimes. Use when creating skills that need external MCP tool integration.
devops
Deploy and manage cloud infrastructure on Cloudflare (Workers, R2, D1, KV, Pages, Durable Objects, Browser Rendering), Docker containers, and Google Cloud Platform (Compute Engine, GKE, Cloud Run, App Engine, Cloud Storage). Use when deploying serverless functions to the edge, configuring edge computing solutions, managing Docker containers and images, setting up CI/CD pipelines, optimizing cloud infrastructure costs, implementing global caching strategies, working with cloud databases, or building cloud-native applications.
better-auth
Implement authentication and authorization with Better Auth - a framework-agnostic TypeScript authentication framework. Features include email/password authentication with verification, OAuth providers (Google, GitHub, Discord, etc.), two-factor authentication (TOTP, SMS), passkeys/WebAuthn support, session management, role-based access control (RBAC), rate limiting, and database adapters. Use when adding authentication to applications, implementing OAuth flows, setting up 2FA/MFA, managing user sessions, configuring authorization rules, or building secure authentication systems for web applications.
specialist-review
Conducts a focused review from ONE specific specialist's perspective (e.g., Security Specialist, Performance Expert). Use when the user requests "Ask [specialist role] to review [target]", "Get [specialist]'s opinion on [topic]", "Have [role] review [code/component]", or when they want deep expertise in ONE specific domain. Do NOT use for comprehensive multi-perspective reviews (use architecture-review instead) or for listing available specialists (use list-members instead).
azure-devops
Imported from https://github.com/rysweet/azlin.
better-auth
Implement authentication and authorization with Better Auth - a framework-agnostic TypeScript authentication framework. Features include email/password authentication with verification, OAuth providers (Google, GitHub, Discord, etc.), two-factor authentication (TOTP, SMS), passkeys/WebAuthn support, session management, role-based access control (RBAC), rate limiting, and database adapters. Use when adding authentication to applications, implementing OAuth flows, setting up 2FA/MFA, managing user sessions, configuring authorization rules, or building secure authentication systems for web applications.
preview-testing
Comprehensive E2E + Security Tests for Vercel Preview Deployments. Combines Playwright automation with Claude-in-Chrome MCP for interactive debugging. Activate on PR creation, before merge, or manual /preview-test.
environment
This skill should be used when the user asks "what's the config", "show me the configuration", "what variables are set", "environment config", "service config", "railway config", or wants to add/set/delete variables, change build/deploy settings, scale replicas, connect repos, or delete services.
projects
This skill should be used when the user wants to list all projects, switch projects, rename a project, enable/disable PR deploys, make a project public/private, or modify project settings.
ci-cd-pipeline-builder
Creates complete CI/CD pipelines for GitHub Actions, GitLab CI, CircleCI, or Jenkins with automated testing, code quality gates (linting, type checking), security scanning (Snyk, Trivy), Docker builds, and multi-environment deployments (dev/staging/prod). Generates workflow YAML files with caching, parallelization, and deployment strategies. Use when setting up new projects, automating deployments, implementing quality gates, adding security scans, containerizing applications, or setting up monorepo pipelines.
openclaw-security-checker
OpenClaw 安全检测工具,基于安全实践指南验证配置安全、权限隔离、网络策略、日志审计和运行时完整性
pentest-cloud-infrastructure
Cloud security posture management and container security assessment for AWS, Azure, GCP, and Kubernetes.
skill-security-auditor
OpenClaw Skills 全方位安全审计工具,检测供应链投毒、Prompt注入、恶意代码模式、权限越权和依赖风险
pentest-supply-chain
Software supply chain security — dependency confusion, CI/CD pipeline attacks, lockfile integrity, and build artifact verification.
pentest-api-deep
Deep OWASP API Security Top 10 testing for REST, GraphQL, gRPC, and WebSocket APIs — BFLA, mass assignment, rate limiting, and unsafe consumption.
pentest-config-hardening
Security header auditing, TLS configuration testing, HTTP method analysis, CSP bypass assessment, and deployment hardening verification.