The secure, validated skill registry for professional AI coding agents. Extend Antigravity, Claude Code, Cursor, Copilot and more with absolute confidence.
# Add to your Claude Code skills
git clone https://github.com/tech-leads-club/agent-skillsLast scanned: 4/24/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@hono/node-server: @hono/node-server: Middleware bypass via repeated slashes in serveStatic",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@module-federation/cli: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@module-federation/dts-plugin: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@module-federation/enhanced: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@module-federation/manifest: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@module-federation/node: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@module-federation/rspack: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/esbuild: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/eslint: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/eslint-plugin: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/jest: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/js: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/module-federation: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/next: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/node: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/plugin: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/react: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/rollup: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/vite: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/vitest: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/web: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/webpack: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@nx/workspace: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "axios: Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "follow-redirects: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "hono: Hono missing validation of cookie name on write path in setCookie()",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "next: Next.js has a Denial of Service with Server Components",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "sockjs: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
"severity": "high"
},
{
"type": "npm-audit",
"message": "webpack-dev-server: Vulnerability found",
"severity": "medium"
}
],
"status": "WARNING",
"scannedAt": "2026-04-24T06:09:34.417Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}No comments yet. Be the first to share your thoughts!
Skills are packaged instructions and resources that extend AI agent capabilities. Think of them as plugins for your AI assistant — they teach your agent new workflows, patterns, and specialized knowledge.
packages/skills-catalog/skills/
(category-name)/
skill/
SKILL.md ← Main instructions
templates/ ← File templates
references/ ← On-demand documentation
Your environment's safety is our top priority. Unlike open marketplaces where 13.4% of skills contain critical issues, agent-skills is a managed, hardened library: 100% open source (no binaries), static analysis in CI/CD, immutable integrity via lockfiles and content hashing, and human-curated prompts. The CLI uses defense-in-depth (sanitization, path isolation, symlink guards, atomic lockfile, audit trail); every skill is scanned with Snyk Agent Scan (formerly mcp-scan) before publishing.
→ Full threat model, implementation details, and vulnerability reporting: SECURITY.md
Install skills to any of these AI coding agents:
| Tier 1 (Popular) | Tier 2 (Rising) | Tier 3 (Enterprise) | | :-------------------------------------------------------: | :--------------------------------------------------------------------: | :-----------------------------------------------------: | | Claude Code | Aider | Amazon Q | | Cline | Antigravity | Augment | | Cursor | Gemini CLI | Droid (Factory.ai) | | GitHub Copilot | Kilo Code | OpenCode | | Windsurf | Kiro | Sourcegraph Cody | | | OpenAI Codex | Tabnine | | | Roo Code | | | | TRAE | |
A glimpse of what's available in our growing catalog:
| Skill | Category | Description | | -------------------------------------------------------------------------------------------------- | ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | tlc-spec-driven | Development | Project and feature planning with 4 phases: Specify → Design → Tasks → Implement. Creates atomic tasks with verification criteria and maintains persistent memory across sessions. | | aws-advisor | Cloud | Expert AWS Cloud Advisor for architecture design, security review, and implementation guidance. Leverages AWS MCP tools for documentation-backed answers. | | playwright-skill | Automation | Complete browser automation with Playwright. Test pages, fill forms, take screenshots, validate UX, and automate any browser task. | | figma | Design | Fetch design context from Figma and translate nodes into production code. Design-to-code implementation with MCP integration. | | security-best-practices | Security | Language and framework-specific security reviews. Detect vulnerabilities, generate reports, and suggest secure-by-default fixes. |
npx @tech-leads-club/agent-skills
This launches an interactive wizard:
Each step shows a ← Back option to return and revise your choices.
Note: You can use either
npx @tech-leads-club/agent-skillsor install globally and useagent-skillsdirectly.
# Interactive mode (default)
npx @tech-leads-club/agent-skills
# or: agent-skills (if installed globally)
# List available skills
agent-skills list
agent-skills ls # Alias
# Install one skill
agent-skills install -s tlc-spec-driven
# Install multiple skills at once
agent-skills install -s aws-advisor coding-guidelines docs-writer
# Install to specific agents
agent-skills install -s my-skill -a cursor claude-code
# Install multiple skills to multiple agents
agent-skills install -s aws-advisor nx-workspace -a cursor windsurf cline
# Install globally (to ~/.gemini, ~/.claude, etc.)
agent-skills install -s my-skill -g
# Use symlink instead of copy
agent-skills install -s my-skill --symlink
# Force re-d