by davepoon
A single hub to find Claude Skills, Agents, Commands, Hooks, Plugins, and Marketplace collections to extend Claude Code, Claude Desktop, Agent SDK and OpenClaw
# Add to your Claude Code skills
git clone https://github.com/davepoon/buildwithclaudeGuides for using ai agents skills like buildwithclaude.
Last scanned: 4/22/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@esbuild-kit/core-utils: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@esbuild-kit/esm-loader: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@isaacs/brace-expansion: @isaacs/brace-expansion has Uncontrolled Resource Consumption",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@trigger.dev/core: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@trigger.dev/sdk: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "cookie: cookie accepts cookie name, path, and domain with out of bounds characters",
"severity": "low"
},
{
"type": "npm-audit",
"message": "drizzle-kit: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "drizzle-orm: Drizzle ORM has SQL injection via improperly escaped SQL identifiers",
"severity": "high"
},
{
"type": "npm-audit",
"message": "engine.io: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "esbuild: esbuild enables any website to send any requests to the development server and read the response",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "glob: glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"severity": "high"
},
{
"type": "npm-audit",
"message": "js-yaml: js-yaml has prototype pollution in merge (<<)",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "next: Next.js: HTTP request smuggling in rewrites",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "protobufjs: Arbitrary code execution in protobufjs",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "socket.io: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "socket.io-parser: socket.io allows an unbounded number of binary attachments",
"severity": "high"
}
],
"status": "FAILED",
"scannedAt": "2026-04-22T06:02:04.959Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}buildwithclaude is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by davepoon. A single hub to find Claude Skills, Agents, Commands, Hooks, Plugins, and Marketplace collections to extend Claude Code, Claude Desktop, Agent SDK and OpenClaw. It has 3,161 GitHub stars.
buildwithclaude failed SkillsLLM's automated security scan, which flagged one or more high-severity issues. Review the Security Report section carefully before using it.
Clone the repository with "git clone https://github.com/davepoon/buildwithclaude" and add it to your Claude Code skills directory (see the Installation section above).
buildwithclaude is primarily written in TypeScript. It is open-source under davepoon on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh buildwithclaude against similar tools.
No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
A plugin marketplace and discovery platform for Claude Code. Browse curated plugins, discover community contributions, and extend your Claude Code workflows.
# Add the Build with Claude marketplace
/plugin marketplace add davepoon/buildwithclaude
# Browse available plugins
/plugin search @buildwithclaude
# Install plugins
/plugin install <plugin-name>@buildwithclaude
Curated collections maintained in this repository:
| Type | Count | Description |
|---|---|---|
| Agents | 117 | Specialized AI experts (Python, Go, DevOps, Security, etc.) |
| Commands | 175 | Slash commands for automation (/commit, /docs, /tdd) |
| Hooks | 28 | Event-driven automation (notifications, git, formatting) |
| Skills | 26 | Reusable capabilities from plugins |
| Plugins | 51 | Bundled plugin packages by category |
The platform indexes plugins from the broader Claude Code ecosystem:
Browse, search, and explore everything at buildwithclaude.com





# Add marketplace
/plugin marketplace add davepoon/buildwithclaude
# Install specific plugins
/plugin install agents-python-expert@buildwithclaude
/plugin install commands-version-control-git@buildwithclaude
/plugin install hooks-notifications@buildwithclaude
# Or install everything
/plugin install all-agents@buildwithclaude
/plugin install all-commands@buildwithclaude
/plugin install all-hooks@buildwithclaude
# Clone repository
git clone https://github.com/davepoon/buildwithclaude.git
cd buildwithclaude
# Install agents
find plugins/agents-*/agents -name "*.md" -exec cp {} ~/.claude/agents/ \;
# Install commands
find plugins/commands-*/commands -name "*.md" -exec cp {} ~/.claude/commands/ \;
# Restart Claude Code



Agents are automatically invoked based on context, or explicitly called:
"Use the python-pro to optimize this function"
"@agent-security-auditor review this authentication code"
"Have the devops-troubleshooter help debug this deployment"
Commands use the / prefix:
/commit # Create conventional commit
/create-pr # Create pull request
/docs # Generate documentation
/tdd # Start test-driven development
/code_analysis # Analyze code quality
Hooks run automatically on events like tool calls or session start.
We welcome contributions!
plugins/ following the naming conventionnpm test to validateAgent (plugins/agents-*/agents/*.md):
---
name: agent-name
description: When to invoke this agent
category: category-name
tools: Read, Write, Bash
---
You are a [role description]...
Command (plugins/commands-*/commands/*.md):
---
description: What this command does
category: category-name
argument-hint: <args>
---
Command implementation...
Hook (plugins/hooks-*/hooks/*.md):
---
hooks: PreToolUse, PostToolUse
description: What this hook does
---
Hook implementation...
See CONTRIBUTING.md for detailed guidelines.
MIT License - see LICENSE for details.
Made with ❤️ by Dave Poon