Daily Featured Skills Count
3,909 3,920 3,927 3,966 4,007 4,057 4,069
04/07 04/08 04/09 04/10 04/11 04/12 04/13
♾️ Free & Open Source 🛡️ Secure & Worry-Free

Import Skills

Composite Most Downloads Most Likes Most Comments Newest
3yesore 3yesore
from GitHub Testing & Security
  • 📁 profiles/
  • 📁 references/
  • 📁 scripts/
  • 📄 SKILL.md
modules module ai-maintainable

harness

Apply Harness Engineering to make modules AI-maintainable. Use when creating new modules, retrofitting existing modules, validating module compliance, or keeping a module handoff-ready across sessions.

0 6 7 days ago · Uploaded Detail →
kennedym-ds kennedym-ds
from GitHub Testing & Security
  • 📁 references/
  • 📄 SKILL.md
security aria accessibility

accessibility-wcag

WCAG 2.1 Level AA compliance patterns for semantic HTML, ARIA, keyboard navigation, and screen reader compatibility. Use for accessibility audits, ARIA reviews, and POUR principle validation.

0 7 10 days ago · Uploaded Detail →
HartreeWorks HartreeWorks
from GitHub Testing & Security
  • 📁 references/
  • 📁 scripts/
  • 📄 .gitignore
  • 📄 README.md
  • 📄 SKILL.md
security backend security-focused

secure-mcp-install

This skill should be used when the user asks to install or audit an MCP server, especially from third-party sources. Security-focused: clones at pinned commits, runs security scans.

0 7 10 days ago · Uploaded Detail →
anhnguyensynctree anhnguyensynctree
from GitHub Testing & Security
  • 📄 .gitignore
  • 📄 bun.lock
  • 📄 commands.ts
web ai authenticated

browse

Persistent browser daemon for live web testing, UI verification, and authenticated flows. Use when Claude needs to interact with a running web app — staging, localhost, or production.

0 7 10 days ago · Uploaded Detail →
DragonJAR DragonJAR
from GitHub Testing & Security
  • 📁 assets/
  • 📁 references/
  • 📁 scripts/
  • 📄 .gitattributes
  • 📄 .gitignore
  • 📄 CONTRIBUTING.md
security apk android

android-apk-audit

Comprehensive Android APK security audit with static analysis, dynamic instrumentation, source-to-sink tracing, IPC/component abuse analysis, and CVSS 4.0 reporting. Covers decompilation, manifest analysis, deep links and intent injection, secrets detection, crypto analysis, Frida/Objection integration, and APK repackaging. Use when user says "audit APK", "analyze android app", "mobile pentest", "APK security", "decompile APK", "android vulnerability assessment", "reverse engineer android", "modify APK", "intent injection", "deep link abuse", "bypass SSL pinning", "bypass root detection", or provides an APK for security review, decompiled Android sources, or decoded resources.

0 7 10 days ago · Uploaded Detail →
odrobnik odrobnik
from GitHub Testing & Security
  • 📁 scripts/
  • 📄 .clawhubignore
  • 📄 .gitignore
  • 📄 README.md
tokens codex automation

codex-account-switcher

Manage multiple OpenAI Codex accounts. Capture current login tokens, switch between them, and auto-select the best account based on quota budget scoring. Syncs all tokens to OpenClaw agent auth-profiles using email-based keys. ⚠️ Reads and writes ~/.codex/auth.json, ~/.codex/accounts/*.json, and ~/.openclaw/agents/*/agent/auth-profiles.json (sensitive authentication tokens).

0 7 13 days ago · Uploaded Detail →
aidongise-cell aidongise-cell
from GitHub Testing & Security
  • 📁 .github/
  • 📁 examples/
  • 📁 Formula/
  • 📄 .dockerignore
  • 📄 .gitignore
  • 📄 2026-03-31-README.md
security scan mcp

prism-scanner

Security scanner for AI Agent skills, plugins, and MCP servers. Use when: user asks to scan a skill, check if a plugin is safe, vet an MCP server, review skill security, detect malicious code, supply chain safety, or says 'is this safe to install', 'scan this skill', 'check this MCP server', 'security scan', 'vetting', 'skill safety', 'prism scan', '安全扫描', '这个插件安全吗', '扫描一下', '检查安全性', '安装前检查', '技能审查'.

0 7 13 days ago · Uploaded Detail →
venkatas venkatas
from GitHub Testing & Security
  • 📄 SKILL.md
security bypass automation

bug-bounty

Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports.

0 5 6 days ago · Uploaded Detail →

Skill File Structure Sample (Reference)

skill-sample/
├─ SKILL.md              ⭐ Required: skill entry doc (purpose / usage / examples / deps)
├─ manifest.sample.json  ⭐ Recommended: machine-readable metadata (index / validation / autofill)
├─ LICENSE.sample        ⭐ Recommended: license & scope (open source / restriction / commercial)
├─ scripts/
│  └─ example-run.py     ✅ Runnable example script for quick verification
├─ assets/
│  ├─ example-formatting-guide.md  🧩 Output conventions: layout / structure / style
│  └─ example-template.tex         🧩 Templates: quickly generate standardized output
└─ references/           🧩 Knowledge base: methods / guides / best practices
   ├─ example-ref-structure.md     🧩 Structure reference
   ├─ example-ref-analysis.md      🧩 Analysis reference
   └─ example-ref-visuals.md       🧩 Visual reference

More Agent Skills specs Anthropic docs: https://agentskills.io/home

SKILL.md Requirements

├─ ⭐ Required: YAML Frontmatter (must be at top)
│  ├─ ⭐ name                 : unique skill name, follow naming convention
│  └─ ⭐ description          : include trigger keywords for matching
│
├─ ✅ Optional: Frontmatter extension fields
│  ├─ ✅ license              : license identifier
│  ├─ ✅ compatibility        : runtime constraints when needed
│  ├─ ✅ metadata             : key-value fields (author/version/source_url...)
│  └─ 🧩 allowed-tools        : tool whitelist (experimental)
│
└─ ✅ Recommended: Markdown body (progressive disclosure)
   ├─ ✅ Overview / Purpose
   ├─ ✅ When to use
   ├─ ✅ Step-by-step
   ├─ ✅ Inputs / Outputs
   ├─ ✅ Examples
   ├─ 🧩 Files & References
   ├─ 🧩 Edge cases
   ├─ 🧩 Troubleshooting
   └─ 🧩 Safety notes

Why SkillWink?

Skill files are scattered across GitHub and communities, difficult to search, and hard to evaluate. SkillWink organizes open-source skills into a searchable, filterable library you can directly download and use.

We provide keyword search, version updates, multi-metric ranking (downloads / likes / comments / updates), and open SKILL.md standards. You can also discuss usage and improvements on skill detail pages.

Keyword Search Version Updates Multi-Metric Ranking Open Standard Discussion

Quick Start:

Import/download skills (.zip/.skill), then place locally:

~/.claude/skills/ (Claude Code)

~/.codex/skills/ (Codex CLI)

One SKILL.md can be reused across tools.

FAQ

Everything you need to know: what skills are, how they work, how to find/import them, and how to contribute.

1. What are Agent Skills?

A skill is a reusable capability package, usually including SKILL.md (purpose/IO/how-to) and optional scripts/templates/examples.

Think of it as a plugin playbook + resource bundle for AI assistants/toolchains.

2. How do Skills work?

Skills use progressive disclosure: load brief metadata first, load full docs only when needed, then execute by guidance.

This keeps agents lightweight while preserving enough context for complex tasks.

3. How can I quickly find the right skill?

Use these three together:

  • Semantic search: describe your goal in natural language.
  • Multi-filtering: category/tag/author/language/license.
  • Sort by downloads/likes/comments/updated to find higher-quality skills.

4. Which import methods are supported?

  • Upload archive: .zip / .skill (recommended)
  • Upload skills folder
  • Import from GitHub repository

Note: file size for all methods should be within 10MB.

5. How to use in Claude / Codex?

Typical paths (may vary by local setup):

  • Claude Code:~/.claude/skills/
  • Codex CLI:~/.codex/skills/

One SKILL.md can usually be reused across tools.

6. Can one skill be shared across tools?

Yes. Most skills are standardized docs + assets, so they can be reused where format is supported.

Example: retrieval + writing + automation scripts as one workflow.

7. Are these skills safe to use?

Some skills come from public GitHub repositories and some are uploaded by SkillWink creators. Always review code before installing and own your security decisions.

8. Why does it not work after import?

Most common reasons:

  • Wrong folder path or nested one level too deep
  • Invalid/incomplete SKILL.md fields or format
  • Dependencies missing (Python/Node/CLI)
  • Tool has not reloaded skills yet

9. Does SkillWink include duplicates/low-quality skills?

We try to avoid that. Use ranking + comments to surface better skills:

  • Duplicate skills: compare differences (speed/stability/focus)
  • Low quality skills: regularly cleaned up