- 📄 SKILL.md
security-guide
OpenClaw 安全部署指南 / Security deployment guide — help users secure their OpenClaw installation
20 days ago · Uploaded
Detail →
Daily Featured Skills Count
04/16
04/17
04/18
04/19
04/20
04/21
04/22
♾️ Free & Open Source 🛡️ Secure & Worry-Free
Import Skills
- 📁 config/
- 📁 domains/
- 📁 orchestrator/
- 📄 SKILL.md
forensify
Cross-agent self-inspection of your AI-agent stack. Audits skills, MCP servers, hooks, plugins, commands, credentials, and memory files across Claude Code, Codex, OpenClaw, and NanoClaw. Produces a structured inventory and narrative briefing with cross-ecosystem risk analysis. Use when the user asks to audit their own setup, check what they have installed, review their agent stack security posture, or understand cross-tool interactions. Use when a user has accumulated skills/plugins/MCP servers over time and wants visibility into their attack surface. Use after installing new skills or plugins. Do NOT use for vetting external code before install (that is repo-forensics). Do NOT use for incident response during active attacks. Do NOT use for fixing or patching vulnerabilities (forensify is read-only).
21 days ago · Uploaded
Detail →
- 📄 SKILL.md
plan
Epic decomposition into trackable, right-sized tasks. Three modes — audit-aware (codebase-audit reports), workflow-audit-aware (handoff.yaml with pre-rated findings), standalone (from scratch). Light convention scanning for projects without CLAUDE.md.
21 days ago · Uploaded
Detail →
- 📄 SKILL.md
adversary
Pre-implementation red-team analysis. Challenges plans before code is written — finds edge cases, security holes, scalability bottlenecks, error propagation risks, and integration conflicts. Catches flaws at plan time (10x cheaper than post-implementation).
22 days ago · Uploaded
Detail →
- 📄 SKILL.md
hone
Audit and improve an existing Quickstop plugin's quality against Claude Code plugin spec
18 days ago · Uploaded
Detail →
- 📄 SKILL.md
aws-security
AWS cloud security testing covering S3 misconfiguration, IAM abuse, Lambda SSRF, IMDSv1/v2 exploitation, and STS token theft
11 days ago · Uploaded
Detail →
- 📄 SKILL.md
sandbox
Execute commands in isolated sandboxes for security. Use when running untrusted code, system commands, or operations that could affect the host system. Automatically detects the right runtime (Python, Node, Rust, Go, Ruby, etc.) from the command.
23 days ago · Uploaded
Detail →
- 📁 src/
- 📄 _meta.json
- 📄 cli.js
- 📄 package.json
clawguard-auditor
ClawGuard v3 Auditor - 企业级 Skill 安全审计器,支持意图偏离检测、SAST、供应链安全、ML 异常检测。当用户要求审计、检测、安装前检查一个 Skill 的安全性时触发。
23 days ago · Uploaded
Detail →
- 📄 SKILL.md
scrapingbee-cli-guard
Security monitor for scrapingbee-cli. Monitors audit log for suspicious activity. Stops unauthorized schedules. ALWAYS active when scrapingbee-cli is installed.
22 days ago · Uploaded
Detail →
- 📄 SKILL.md
code-review-analysis
Perform comprehensive code reviews with best practices, security checks, and constructive feedback. Use when reviewing pull requests, analyzing code quality, checking for security vulnerabilities, or providing code improvement suggestions. --- # Code Review Analysis ## Table of Contents - [Overview](#overview) - [When to Use](#when-to-use) - [Quick Start](#quick-start) - [Reference Guides](#reference-guides) - [Best Practices](#best-practices) ## Overview Systematic code review process covering code quality, security, performance, maintainability, and best practices following industry standards. ## When to Use - Reviewing pull requests and merge requests - Analyzing code quality before merging - Identifying security vulnerabilities - Providing constructive feedback to developers - Ensuring coding standards compliance - Mentoring through code review ## Quick Start
20 days ago · Uploaded
Detail →
- 📁 .github/
- 📁 agents/
- 📁 crates/
- 📄 .dockerignore
- 📄 .env.example
- 📄 .gitignore
symbiont
AI-native agent runtime with typestate-enforced ORGA reasoning loop, Cedar policy authorization, CommunicationPolicyGate for inter-agent governance, ToolClad declarative tool contracts, knowledge bridge, zero-trust security, multi-tier sandboxing, webhook verification, markdown memory, skill scanning, metrics, scheduling, symbi init/run/up CLI, and a declarative DSL
23 days ago · Uploaded
Detail →
- 📄 SKILL.md
api-security
API security best practices and common vulnerability prevention. Enforces security checks for authentication, input validation, SQL injection, XSS, and OWASP Top 10 vulnerabilities. Use when building or modifying APIs.
22 days ago · Uploaded
Detail →
Skill File Structure Sample (Reference)
skill-sample/ ├─ SKILL.md ⭐ Required: skill entry doc (purpose / usage / examples / deps) ├─ manifest.sample.json ⭐ Recommended: machine-readable metadata (index / validation / autofill) ├─ LICENSE.sample ⭐ Recommended: license & scope (open source / restriction / commercial) ├─ scripts/ │ └─ example-run.py ✅ Runnable example script for quick verification ├─ assets/ │ ├─ example-formatting-guide.md 🧩 Output conventions: layout / structure / style │ └─ example-template.tex 🧩 Templates: quickly generate standardized output └─ references/ 🧩 Knowledge base: methods / guides / best practices ├─ example-ref-structure.md 🧩 Structure reference ├─ example-ref-analysis.md 🧩 Analysis reference └─ example-ref-visuals.md 🧩 Visual reference
More Agent Skills specs Anthropic docs: https://agentskills.io/home
SKILL.md Requirements
├─ ⭐ Required: YAML Frontmatter (must be at top) │ ├─ ⭐ name : unique skill name, follow naming convention │ └─ ⭐ description : include trigger keywords for matching │ ├─ ✅ Optional: Frontmatter extension fields │ ├─ ✅ license : license identifier │ ├─ ✅ compatibility : runtime constraints when needed │ ├─ ✅ metadata : key-value fields (author/version/source_url...) │ └─ 🧩 allowed-tools : tool whitelist (experimental) │ └─ ✅ Recommended: Markdown body (progressive disclosure) ├─ ✅ Overview / Purpose ├─ ✅ When to use ├─ ✅ Step-by-step ├─ ✅ Inputs / Outputs ├─ ✅ Examples ├─ 🧩 Files & References ├─ 🧩 Edge cases ├─ 🧩 Troubleshooting └─ 🧩 Safety notes
Why SkillWink?
Skill files are scattered across GitHub and communities, difficult to search, and hard to evaluate. SkillWink organizes open-source skills into a searchable, filterable library you can directly download and use.
We provide keyword search, version updates, multi-metric ranking (downloads / likes / comments / updates), and open SKILL.md standards. You can also discuss usage and improvements on skill detail pages.
Quick Start:
Import/download skills (.zip/.skill), then place locally:
~/.claude/skills/ (Claude Code)
~/.codex/skills/ (Codex CLI)
One SKILL.md can be reused across tools.
FAQ
Everything you need to know: what skills are, how they work, how to find/import them, and how to contribute.
1. What are Agent Skills?
A skill is a reusable capability package, usually including SKILL.md (purpose/IO/how-to) and optional scripts/templates/examples.
Think of it as a plugin playbook + resource bundle for AI assistants/toolchains.
2. How do Skills work?
Skills use progressive disclosure: load brief metadata first, load full docs only when needed, then execute by guidance.
This keeps agents lightweight while preserving enough context for complex tasks.
3. How can I quickly find the right skill?
Use these three together:
- Semantic search: describe your goal in natural language.
- Multi-filtering: category/tag/author/language/license.
- Sort by downloads/likes/comments/updated to find higher-quality skills.
4. Which import methods are supported?
- Upload archive: .zip / .skill (recommended)
- Upload skills folder
- Import from GitHub repository
Note: file size for all methods should be within 10MB.
5. How to use in Claude / Codex?
Typical paths (may vary by local setup):
- Claude Code:~/.claude/skills/
- Codex CLI:~/.codex/skills/
One SKILL.md can usually be reused across tools.
6. Can one skill be shared across tools?
Yes. Most skills are standardized docs + assets, so they can be reused where format is supported.
Example: retrieval + writing + automation scripts as one workflow.
7. Are these skills safe to use?
Some skills come from public GitHub repositories and some are uploaded by SkillWink creators. Always review code before installing and own your security decisions.
8. Why does it not work after import?
Most common reasons:
- Wrong folder path or nested one level too deep
- Invalid/incomplete SKILL.md fields or format
- Dependencies missing (Python/Node/CLI)
- Tool has not reloaded skills yet
9. Does SkillWink include duplicates/low-quality skills?
We try to avoid that. Use ranking + comments to surface better skills:
- Duplicate skills: compare differences (speed/stability/focus)
- Low quality skills: regularly cleaned up