Use when preparing for automated authorization testing with Hadrian from an API specification (OpenAPI/Swagger, GraphQL SDL schema, or gRPC proto file) without Burp traffic or source code. Generates Hadrian-compatible auth.yaml and roles.yaml files.
ARM64 trace 密文还原方法论。当用户给出一段 ARM64 执行 trace 文件并要求从某段密文/header/token/加密结果反向还原加密、签名或编码算法时使用。提供候选算法穷举、key schedule 提取、轮函数提取、魔改检测、表查找证据、闭环验证的完整方法论。激活此 skill 前应已通过 algokiller MCP 的 bind_trace 工具绑定 trace 文件并选择 mode=ciphertext。
Agent Teams 智能编排决策引擎。自动分析任务复杂度,判断使用 Subagent 还是 Agent Teams。 触发场景: (1) 任务涉及多角度并行分析(如代码审查、竞争假说调试) (2) 需要成员之间互相通信、质疑、协作 (3) 跨层开发(前端/后端/测试各自负责) (4) 用户明确要求"创建团队"、"用 agent teams" (5) 任务描述包含"并行"、"同时"、"多人"、"协作"等关键词 (6) 使用 /team 命令 --- # Agent Teams 智能编排决策引擎 ## 核心决策逻辑 ### 第一步:任务特征分析 在收到用户任务后,**自动进行以下 5 维度评估**(无需用户明确要求): #### 1. 并行性维度 - ✅ **适合 Teams**: 多个子任务可以完全独立并行执行,不需要等待彼此结果 - ❌ **适合 Subagent**: 任务有明确的先后顺序,后续步骤依赖前面结果 #### 2. 通信需求维度 - ✅ **适合 Teams**: 成员需要互相分享发现、质疑对方结论、协商决策 - ❌ **适合 Subagent**: 只需要将结果报告给主 Agent,成员之间无需交流 #### 3. 上下文隔离维度 - ✅ **适合 Teams**: 每个成员需要聚焦不同领域,避免上下文污染 - ❌ **适合 Subagent**: 所有工作共享相同的知识背景和上下文 #### 4. 文件冲突维度 - ✅ **适合 Teams**: 每个成员操作不同的文件集,没有并发编辑冲突 - ❌ **适合 Subagent**: 多人需要修改同一文件(会导致覆盖冲突) #### 5. 成本收益维度 - ✅ **适合 Teams**: 并行探索的价值 > Token 成本(如研究、审查、新功能开发) - ❌ **适合 Subagent**: 简单任务,协调开销大于收益 --- ### 第二步:决策矩阵 根据以上维度得分,应用以下规则: | 场景类型 | 并行性 | 通信需求 | 上下文隔离 | 文件冲突 | 推荐方案 | 置信度 | |---------|-------|---------|----------|---------|---------|-------| | 多角度代码审查 | ✓ | ✓ | ✓ | ✓ | **Agent Teams** | 95% | | 竞争假说调试 | ✓ | ✓ | ✓ | ✓ | **Agent Teams** | 95% | | 跨层协调开发 | ✓ | ✓ | ✓ | ✓ | **Agent Teams** | 90% | | 独立目录搜索 | ✓ | ✗ | ✓ | ✓ | **Subagent** | 85% | | 顺序数据处理 | ✗ | ✗ | ✗ | ✓ | **Subagent** | 90% | | 单文件多人编辑 | ✓ | ✗ | ✗ | ✗ | **Subagent** | 95% | **决策规则:** - 4-5 个 ✓ → 强烈推荐 Agent Teams - 2-3 个 ✓ → 视任务复杂度决定 - 0-1 个 ✓ → 推荐 Subagent --- ## 团队设计指南 ### 团队规模建议 ``` 简单任务(代码审查、小型调试): 2-3 人 中等复杂度(新功能开发): 3-5 人 高复杂度(大型重构、架构设计): 5-7 人 ⚠️ 警告:超过 7 人协调成本急剧上升 ``` ### 角色分配原则 **1. 职责清晰化** - ✅ 好:`security-reviewer` 只关注安全漏洞 - ❌ 坏:`general-reviewer` 什么都审查(会导致重复劳动) **2. 技能互补性** - ✅ 好:`frontend-dev` + `backend-dev` + `test-engineer` - ❌ 坏:3 个都是 `fullstack-dev`(缺乏专业化) **3. 文件所有权明确** - ✅ 好:每个成员负责不同的目录/模块 - ❌ 坏:多人修改同一文件(导致覆盖冲突) ### 任务粒度设计 **理想任务粒度:** - 单个任务耗时:15-30 分钟 - 每人任务数量:5-6 个 - 任务产出:明确的交付物(一个函数、一个测试文件、一份报告) **太小的任务:** ``` ❌ "检查第 42 行是否有 bug" ❌ "读取 config.json 文件" ``` **太大的任务:** ``` ❌ "重构整个认证系统" ❌ "实现完整的订单模块" ``` **合适的任务:** ``` ✅ "审查 auth 模块的安全漏洞,输出 security-report.md" ✅ "实现用户登录 API 端点,包含参数验证
Tests and scores any Agent Skill against the official anthropics/skills specification. Use this skill when you need to check if a skill repository or SKILL.md file is compliant with the Agent Skills standard, audit skill quality, get a compliance score, or receive specific improvement suggestions. Trigger when users say things like "check my skill", "test this skill", "does my skill follow the spec", "score my skill", "review my SKILL.md", "is my skill correct", "检查我的skill", "测试这个skill", "这个skill符合规范吗", "给我的skill打分", or when they provide a path to a skill directory or SKILL.md file and want it reviewed.
Advanced GitHub automation skill untuk OpenClaw — auto-sync, PR review, issue triage, release management, dan backup.
Write missing unit tests for a makeup-js module based on coverage gaps
Test for authentication and authorization flaws including credential attacks, session issues, and access control bypasses
You are an expert at tuning LLM inference deployments for agentic swarm workloads (Claude Code, Cursor, Copilot).
Use this skill when the user wants to add, refactor, or generalize a `agentpay <plugin>` integration like Bitrefill. Follow the shared plugin registration path under `src/plugins`, keep plugin-specific API or scraping code under `src/lib/<plugin>` or `src/lib/<plugin>/`, reuse the existing Rust daemon signing and policy path through the shared CLI plugin context instead of reimplementing signing, and add focused CLI tests for the new plugin.
Process multiple features or tasks in parallel. Batch execution of PDCA commands across features.
Syncs agent daily memory and MEMORY.md to an Obsidian vault so notes are human-browsable. Use nightly or on demand.
**STOP AND VERIFY**: Before running any command or tool that results in irreversible data loss, you MUST obtain explicit user consent. When in doubt, ask. It is better to wait for confirmation than to accidentally delete production data or critical project assets.
skill-sample/ ├─ SKILL.md ⭐ Required: skill entry doc (purpose / usage / examples / deps) ├─ manifest.sample.json ⭐ Recommended: machine-readable metadata (index / validation / autofill) ├─ LICENSE.sample ⭐ Recommended: license & scope (open source / restriction / commercial) ├─ scripts/ │ └─ example-run.py ✅ Runnable example script for quick verification ├─ assets/ │ ├─ example-formatting-guide.md 🧩 Output conventions: layout / structure / style │ └─ example-template.tex 🧩 Templates: quickly generate standardized output └─ references/ 🧩 Knowledge base: methods / guides / best practices ├─ example-ref-structure.md 🧩 Structure reference ├─ example-ref-analysis.md 🧩 Analysis reference └─ example-ref-visuals.md 🧩 Visual reference
More Agent Skills specs Anthropic docs: https://agentskills.io/home
├─ ⭐ Required: YAML Frontmatter (must be at top) │ ├─ ⭐ name : unique skill name, follow naming convention │ └─ ⭐ description : include trigger keywords for matching │ ├─ ✅ Optional: Frontmatter extension fields │ ├─ ✅ license : license identifier │ ├─ ✅ compatibility : runtime constraints when needed │ ├─ ✅ metadata : key-value fields (author/version/source_url...) │ └─ 🧩 allowed-tools : tool whitelist (experimental) │ └─ ✅ Recommended: Markdown body (progressive disclosure) ├─ ✅ Overview / Purpose ├─ ✅ When to use ├─ ✅ Step-by-step ├─ ✅ Inputs / Outputs ├─ ✅ Examples ├─ 🧩 Files & References ├─ 🧩 Edge cases ├─ 🧩 Troubleshooting └─ 🧩 Safety notes
Skill files are scattered across GitHub and communities, difficult to search, and hard to evaluate. SkillWink organizes open-source skills into a searchable, filterable library you can directly download and use.
We provide keyword search, version updates, multi-metric ranking (downloads / likes / comments / updates), and open SKILL.md standards. You can also discuss usage and improvements on skill detail pages.
Quick Start:
Import/download skills (.zip/.skill), then place locally:
~/.claude/skills/ (Claude Code)
~/.codex/skills/ (Codex CLI)
One SKILL.md can be reused across tools.
Everything you need to know: what skills are, how they work, how to find/import them, and how to contribute.
A skill is a reusable capability package, usually including SKILL.md (purpose/IO/how-to) and optional scripts/templates/examples.
Think of it as a plugin playbook + resource bundle for AI assistants/toolchains.
Skills use progressive disclosure: load brief metadata first, load full docs only when needed, then execute by guidance.
This keeps agents lightweight while preserving enough context for complex tasks.
Use these three together:
Note: file size for all methods should be within 10MB.
Typical paths (may vary by local setup):
One SKILL.md can usually be reused across tools.
Yes. Most skills are standardized docs + assets, so they can be reused where format is supported.
Example: retrieval + writing + automation scripts as one workflow.
Some skills come from public GitHub repositories and some are uploaded by SkillWink creators. Always review code before installing and own your security decisions.
Most common reasons:
We try to avoid that. Use ranking + comments to surface better skills:
