Daily Featured Skills Count
3,909 3,920 3,927 3,966 4,007 4,057 4,069
04/07 04/08 04/09 04/10 04/11 04/12 04/13
♾️ Free & Open Source 🛡️ Secure & Worry-Free

Import Skills

Composite Most Downloads Most Likes Most Comments Newest
chrisallenlane chrisallenlane
from GitHub Testing & Security
  • 📁 references/
  • 📄 SKILL.md
security defensive blue-teamer

audit-security

White-box security audit. Blue-teamer evaluates defensive posture, then red-teamers attack informed by defensive gaps. Iterates when exploit chains are discovered. Heavy and thorough by design.

0 12 9 days ago · Uploaded Detail →
neverinfamous neverinfamous
from GitHub Tools & Productivity
  • 📁 config/
  • 📁 workflows/
  • 📄 SKILL.md
security audit automation

github-commander

Structured workflows for triaging GitHub issues, reviewing PRs, sprinting through milestones, and running security/quality/performance audits — with configurable validation gates, auto-detected security scanning, journal audit trails, and human-in-the-loop checkpoints. Use this skill whenever you are working on a GitHub issue, reviewing or submitting a PR, running any kind of code audit, updating dependencies, or working through a milestone. Also use when the user mentions issue numbers, PR numbers, milestone names, or asks you to "fix", "triage", "audit", "review", or "update deps". --- # GitHub Commander Structured, configurable workflows that teach AI agents to triage GitHub issues, review PRs, and sprint through milestones. Every action is journaled for full audit trails, and human-in-the-loop checkpoints keep you in control. The reason every step journals its results is that it creates a searchable audit trail — future sessions can find exactly what was tried, what passed, and what failed, without the human needing to remember or repeat context. ## When to Load

0 13 12 days ago · Uploaded Detail →
HatmanStack HatmanStack
from GitHub Docs & Knowledge
  • 📄 SKILL.md
docs automation security

audit

Run one or more codebase audits (evaluation, health, documentation) with parallel agent execution, producing intake docs for a single /pipeline run.

0 12 9 days ago · Uploaded Detail →
allthingsida allthingsida
from GitHub Development & Coding
  • 📁 agents/
  • 📁 references/
  • 📄 SKILL.md
security multi-table decompiled

analysis

Triage and audit IDA binaries. Use when asked to analyze a binary, find suspicious behavior, detect crypto/network activity, review decompiled code against source, or run multi-table queries.

0 13 13 days ago · Uploaded Detail →
allsmog allsmog
from GitHub Data & AI
  • 📄 SKILL.md
security injection model

AI/ML Attack Surface

This skill should be used when the user asks about "AI security", "ML pipeline attacks", "prompt injection", "model deserialization", "unsafe model loading", "Jupyter injection", "LLM security", or needs to identify AI/ML-specific vulnerabilities in codebases that use machine learning frameworks.

0 12 12 days ago · Uploaded Detail →
Fei2-Labs Fei2-Labs
from GitHub Tools & Productivity
  • 📁 references/
  • 📄 SKILL.md
security automation code

aegis-protocol

High-confidence code security review workflow for changed code, using modern threat-informed methodologies with strict false-positive filtering and exploit-focused findings.

0 10 7 days ago · Uploaded Detail →
mrhakimov mrhakimov
from GitHub Development & Coding
  • 📄 README.md
  • 📄 skill.md
security code backend

vibe-code-security-audit

Audit web applications and codebases for the most common and dangerous security vulnerabilities — especially those introduced by AI-assisted ("vibe coded") development. Use this skill whenever the user asks to review code for security issues, harden an app, audit an API, check for vulnerabilities, or secure a project. Also trigger when the user mentions terms like "security review", "pentest checklist", "harden my app", "is my code secure", "fix security holes", "OWASP", "SQL injection", "XSS", "vibe code security", or shares backend/frontend code and asks if anything looks wrong. Even if the user just says "review my code" without mentioning security, consider triggering this skill — security is always relevant. --- # Vibe-Code Security Audit Systematic security audit for web applications, with special attention to vulnerabilities that AI code-generation tools introduce most frequently.

0 10 8 days ago · Uploaded Detail →

Skill File Structure Sample (Reference)

skill-sample/
├─ SKILL.md              ⭐ Required: skill entry doc (purpose / usage / examples / deps)
├─ manifest.sample.json  ⭐ Recommended: machine-readable metadata (index / validation / autofill)
├─ LICENSE.sample        ⭐ Recommended: license & scope (open source / restriction / commercial)
├─ scripts/
│  └─ example-run.py     ✅ Runnable example script for quick verification
├─ assets/
│  ├─ example-formatting-guide.md  🧩 Output conventions: layout / structure / style
│  └─ example-template.tex         🧩 Templates: quickly generate standardized output
└─ references/           🧩 Knowledge base: methods / guides / best practices
   ├─ example-ref-structure.md     🧩 Structure reference
   ├─ example-ref-analysis.md      🧩 Analysis reference
   └─ example-ref-visuals.md       🧩 Visual reference

More Agent Skills specs Anthropic docs: https://agentskills.io/home

SKILL.md Requirements

├─ ⭐ Required: YAML Frontmatter (must be at top)
│  ├─ ⭐ name                 : unique skill name, follow naming convention
│  └─ ⭐ description          : include trigger keywords for matching
│
├─ ✅ Optional: Frontmatter extension fields
│  ├─ ✅ license              : license identifier
│  ├─ ✅ compatibility        : runtime constraints when needed
│  ├─ ✅ metadata             : key-value fields (author/version/source_url...)
│  └─ 🧩 allowed-tools        : tool whitelist (experimental)
│
└─ ✅ Recommended: Markdown body (progressive disclosure)
   ├─ ✅ Overview / Purpose
   ├─ ✅ When to use
   ├─ ✅ Step-by-step
   ├─ ✅ Inputs / Outputs
   ├─ ✅ Examples
   ├─ 🧩 Files & References
   ├─ 🧩 Edge cases
   ├─ 🧩 Troubleshooting
   └─ 🧩 Safety notes

Why SkillWink?

Skill files are scattered across GitHub and communities, difficult to search, and hard to evaluate. SkillWink organizes open-source skills into a searchable, filterable library you can directly download and use.

We provide keyword search, version updates, multi-metric ranking (downloads / likes / comments / updates), and open SKILL.md standards. You can also discuss usage and improvements on skill detail pages.

Keyword Search Version Updates Multi-Metric Ranking Open Standard Discussion

Quick Start:

Import/download skills (.zip/.skill), then place locally:

~/.claude/skills/ (Claude Code)

~/.codex/skills/ (Codex CLI)

One SKILL.md can be reused across tools.

FAQ

Everything you need to know: what skills are, how they work, how to find/import them, and how to contribute.

1. What are Agent Skills?

A skill is a reusable capability package, usually including SKILL.md (purpose/IO/how-to) and optional scripts/templates/examples.

Think of it as a plugin playbook + resource bundle for AI assistants/toolchains.

2. How do Skills work?

Skills use progressive disclosure: load brief metadata first, load full docs only when needed, then execute by guidance.

This keeps agents lightweight while preserving enough context for complex tasks.

3. How can I quickly find the right skill?

Use these three together:

  • Semantic search: describe your goal in natural language.
  • Multi-filtering: category/tag/author/language/license.
  • Sort by downloads/likes/comments/updated to find higher-quality skills.

4. Which import methods are supported?

  • Upload archive: .zip / .skill (recommended)
  • Upload skills folder
  • Import from GitHub repository

Note: file size for all methods should be within 10MB.

5. How to use in Claude / Codex?

Typical paths (may vary by local setup):

  • Claude Code:~/.claude/skills/
  • Codex CLI:~/.codex/skills/

One SKILL.md can usually be reused across tools.

6. Can one skill be shared across tools?

Yes. Most skills are standardized docs + assets, so they can be reused where format is supported.

Example: retrieval + writing + automation scripts as one workflow.

7. Are these skills safe to use?

Some skills come from public GitHub repositories and some are uploaded by SkillWink creators. Always review code before installing and own your security decisions.

8. Why does it not work after import?

Most common reasons:

  • Wrong folder path or nested one level too deep
  • Invalid/incomplete SKILL.md fields or format
  • Dependencies missing (Python/Node/CLI)
  • Tool has not reloaded skills yet

9. Does SkillWink include duplicates/low-quality skills?

We try to avoid that. Use ranking + comments to surface better skills:

  • Duplicate skills: compare differences (speed/stability/focus)
  • Low quality skills: regularly cleaned up