@elizaos/skills 2.0.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (371) hide show
  1. package/README.md +126 -0
  2. package/package.json +53 -0
  3. package/skills/1password/SKILL.md +70 -0
  4. package/skills/1password/references/cli-examples.md +29 -0
  5. package/skills/1password/references/get-started.md +17 -0
  6. package/skills/apple-notes/SKILL.md +77 -0
  7. package/skills/apple-reminders/SKILL.md +96 -0
  8. package/skills/bear-notes/SKILL.md +107 -0
  9. package/skills/bird/SKILL.md +224 -0
  10. package/skills/blogwatcher/SKILL.md +69 -0
  11. package/skills/blucli/SKILL.md +47 -0
  12. package/skills/bluebubbles/SKILL.md +131 -0
  13. package/skills/camsnap/SKILL.md +45 -0
  14. package/skills/canvas/SKILL.md +203 -0
  15. package/skills/clawhub/SKILL.md +77 -0
  16. package/skills/coding-agent/SKILL.md +284 -0
  17. package/skills/discord/SKILL.md +578 -0
  18. package/skills/eightctl/SKILL.md +50 -0
  19. package/skills/food-order/SKILL.md +48 -0
  20. package/skills/gemini/SKILL.md +43 -0
  21. package/skills/gifgrep/SKILL.md +79 -0
  22. package/skills/github/SKILL.md +77 -0
  23. package/skills/gog/SKILL.md +116 -0
  24. package/skills/goplaces/SKILL.md +52 -0
  25. package/skills/healthcheck/SKILL.md +245 -0
  26. package/skills/himalaya/SKILL.md +257 -0
  27. package/skills/himalaya/references/configuration.md +184 -0
  28. package/skills/himalaya/references/message-composition.md +199 -0
  29. package/skills/imsg/SKILL.md +74 -0
  30. package/skills/local-places/SERVER_README.md +101 -0
  31. package/skills/local-places/SKILL.md +102 -0
  32. package/skills/local-places/pyproject.toml +21 -0
  33. package/skills/local-places/src/local_places/__init__.py +2 -0
  34. package/skills/local-places/src/local_places/google_places.py +314 -0
  35. package/skills/local-places/src/local_places/main.py +65 -0
  36. package/skills/local-places/src/local_places/schemas.py +107 -0
  37. package/skills/mcporter/SKILL.md +61 -0
  38. package/skills/model-usage/SKILL.md +69 -0
  39. package/skills/model-usage/references/codexbar-cli.md +33 -0
  40. package/skills/model-usage/scripts/model_usage.py +310 -0
  41. package/skills/nano-banana-pro/SKILL.md +58 -0
  42. package/skills/nano-banana-pro/scripts/generate_image.py +184 -0
  43. package/skills/nano-pdf/SKILL.md +38 -0
  44. package/skills/notion/SKILL.md +172 -0
  45. package/skills/obsidian/SKILL.md +81 -0
  46. package/skills/openai-image-gen/SKILL.md +89 -0
  47. package/skills/openai-image-gen/scripts/gen.py +240 -0
  48. package/skills/openai-whisper/SKILL.md +38 -0
  49. package/skills/openai-whisper-api/SKILL.md +52 -0
  50. package/skills/openai-whisper-api/scripts/transcribe.sh +85 -0
  51. package/skills/openhue/SKILL.md +51 -0
  52. package/skills/oracle/SKILL.md +125 -0
  53. package/skills/ordercli/SKILL.md +78 -0
  54. package/skills/peekaboo/SKILL.md +190 -0
  55. package/skills/sag/SKILL.md +87 -0
  56. package/skills/security-ask-questions-if-underspecified/.claude-plugin/plugin.json +10 -0
  57. package/skills/security-ask-questions-if-underspecified/README.md +24 -0
  58. package/skills/security-ask-questions-if-underspecified/skills/ask-questions-if-underspecified/SKILL.md +85 -0
  59. package/skills/security-audit-context-building/.claude-plugin/plugin.json +10 -0
  60. package/skills/security-audit-context-building/README.md +58 -0
  61. package/skills/security-audit-context-building/commands/audit-context.md +21 -0
  62. package/skills/security-audit-context-building/skills/audit-context-building/SKILL.md +297 -0
  63. package/skills/security-audit-context-building/skills/audit-context-building/resources/COMPLETENESS_CHECKLIST.md +47 -0
  64. package/skills/security-audit-context-building/skills/audit-context-building/resources/FUNCTION_MICRO_ANALYSIS_EXAMPLE.md +355 -0
  65. package/skills/security-audit-context-building/skills/audit-context-building/resources/OUTPUT_REQUIREMENTS.md +71 -0
  66. package/skills/security-building-secure-contracts/.claude-plugin/plugin.json +10 -0
  67. package/skills/security-building-secure-contracts/README.md +241 -0
  68. package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/SKILL.md +284 -0
  69. package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +405 -0
  70. package/skills/security-building-secure-contracts/skills/audit-prep-assistant/SKILL.md +409 -0
  71. package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/SKILL.md +329 -0
  72. package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +722 -0
  73. package/skills/security-building-secure-contracts/skills/code-maturity-assessor/SKILL.md +218 -0
  74. package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/ASSESSMENT_CRITERIA.md +355 -0
  75. package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/EXAMPLE_REPORT.md +248 -0
  76. package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/REPORT_FORMAT.md +33 -0
  77. package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/SKILL.md +334 -0
  78. package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +740 -0
  79. package/skills/security-building-secure-contracts/skills/guidelines-advisor/SKILL.md +252 -0
  80. package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/ASSESSMENT_AREAS.md +329 -0
  81. package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/DELIVERABLES.md +118 -0
  82. package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/EXAMPLE_REPORT.md +298 -0
  83. package/skills/security-building-secure-contracts/skills/secure-workflow-guide/SKILL.md +161 -0
  84. package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/EXAMPLE_REPORT.md +279 -0
  85. package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/WORKFLOW_STEPS.md +132 -0
  86. package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/SKILL.md +389 -0
  87. package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +669 -0
  88. package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/SKILL.md +298 -0
  89. package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +791 -0
  90. package/skills/security-building-secure-contracts/skills/token-integration-analyzer/SKILL.md +362 -0
  91. package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/ASSESSMENT_CATEGORIES.md +571 -0
  92. package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/REPORT_TEMPLATES.md +141 -0
  93. package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/SKILL.md +388 -0
  94. package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +595 -0
  95. package/skills/security-burpsuite-project-parser/.claude-plugin/plugin.json +10 -0
  96. package/skills/security-burpsuite-project-parser/README.md +103 -0
  97. package/skills/security-burpsuite-project-parser/commands/burp-search.md +18 -0
  98. package/skills/security-burpsuite-project-parser/skills/SKILL.md +358 -0
  99. package/skills/security-burpsuite-project-parser/skills/scripts/burp-search.sh +99 -0
  100. package/skills/security-claude-in-chrome-troubleshooting/.claude-plugin/plugin.json +8 -0
  101. package/skills/security-claude-in-chrome-troubleshooting/README.md +31 -0
  102. package/skills/security-claude-in-chrome-troubleshooting/skills/claude-in-chrome-troubleshooting/SKILL.md +251 -0
  103. package/skills/security-constant-time-analysis/.claude-plugin/plugin.json +9 -0
  104. package/skills/security-constant-time-analysis/README.md +381 -0
  105. package/skills/security-constant-time-analysis/commands/ct-check.md +20 -0
  106. package/skills/security-constant-time-analysis/ct_analyzer/__init__.py +49 -0
  107. package/skills/security-constant-time-analysis/ct_analyzer/analyzer.py +1284 -0
  108. package/skills/security-constant-time-analysis/ct_analyzer/script_analyzers.py +3081 -0
  109. package/skills/security-constant-time-analysis/ct_analyzer/tests/__init__.py +1 -0
  110. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_analyzer.py +1397 -0
  111. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/bn_excerpt.js +205 -0
  112. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_constant_time.c +181 -0
  113. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.c +74 -0
  114. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.go +78 -0
  115. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.rs +92 -0
  116. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.cs +174 -0
  117. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.java +161 -0
  118. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.kt +181 -0
  119. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.php +140 -0
  120. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.py +252 -0
  121. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.rb +188 -0
  122. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.swift +199 -0
  123. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.ts +154 -0
  124. package/skills/security-constant-time-analysis/pyproject.toml +52 -0
  125. package/skills/security-constant-time-analysis/skills/constant-time-analysis/README.md +90 -0
  126. package/skills/security-constant-time-analysis/skills/constant-time-analysis/SKILL.md +219 -0
  127. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/compiled.md +129 -0
  128. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/javascript.md +136 -0
  129. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/kotlin.md +252 -0
  130. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/php.md +172 -0
  131. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/python.md +179 -0
  132. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/ruby.md +198 -0
  133. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/swift.md +288 -0
  134. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/vm-compiled.md +354 -0
  135. package/skills/security-constant-time-analysis/uv.lock +8 -0
  136. package/skills/security-culture-index/.claude-plugin/plugin.json +8 -0
  137. package/skills/security-culture-index/README.md +79 -0
  138. package/skills/security-culture-index/skills/interpreting-culture-index/SKILL.md +293 -0
  139. package/skills/security-culture-index/skills/interpreting-culture-index/references/anti-patterns.md +255 -0
  140. package/skills/security-culture-index/skills/interpreting-culture-index/references/conversation-starters.md +408 -0
  141. package/skills/security-culture-index/skills/interpreting-culture-index/references/interview-trait-signals.md +253 -0
  142. package/skills/security-culture-index/skills/interpreting-culture-index/references/motivators.md +158 -0
  143. package/skills/security-culture-index/skills/interpreting-culture-index/references/patterns-archetypes.md +147 -0
  144. package/skills/security-culture-index/skills/interpreting-culture-index/references/primary-traits.md +307 -0
  145. package/skills/security-culture-index/skills/interpreting-culture-index/references/secondary-traits.md +228 -0
  146. package/skills/security-culture-index/skills/interpreting-culture-index/references/team-composition.md +148 -0
  147. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/check_deps.py +108 -0
  148. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/__init__.py +20 -0
  149. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/constants.py +122 -0
  150. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/extract.py +187 -0
  151. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/models.py +16 -0
  152. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/opencv_extractor.py +520 -0
  153. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/extract_pdf.py +237 -0
  154. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/pyproject.toml +18 -0
  155. package/skills/security-culture-index/skills/interpreting-culture-index/templates/burnout-report.md +113 -0
  156. package/skills/security-culture-index/skills/interpreting-culture-index/templates/comparison-report.md +103 -0
  157. package/skills/security-culture-index/skills/interpreting-culture-index/templates/hiring-profile.md +127 -0
  158. package/skills/security-culture-index/skills/interpreting-culture-index/templates/individual-report.md +85 -0
  159. package/skills/security-culture-index/skills/interpreting-culture-index/templates/predicted-profile.md +165 -0
  160. package/skills/security-culture-index/skills/interpreting-culture-index/templates/team-report.md +109 -0
  161. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/analyze-team.md +188 -0
  162. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/coach-manager.md +267 -0
  163. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/compare-profiles.md +188 -0
  164. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/define-hiring-profile.md +220 -0
  165. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/detect-burnout.md +206 -0
  166. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/extract-from-pdf.md +121 -0
  167. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interpret-individual.md +183 -0
  168. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interview-debrief.md +234 -0
  169. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/mediate-conflict.md +306 -0
  170. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/plan-onboarding.md +322 -0
  171. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/predict-from-interview.md +250 -0
  172. package/skills/security-differential-review/.claude-plugin/plugin.json +10 -0
  173. package/skills/security-differential-review/README.md +109 -0
  174. package/skills/security-differential-review/commands/diff-review.md +21 -0
  175. package/skills/security-differential-review/skills/differential-review/SKILL.md +220 -0
  176. package/skills/security-differential-review/skills/differential-review/adversarial.md +203 -0
  177. package/skills/security-differential-review/skills/differential-review/methodology.md +234 -0
  178. package/skills/security-differential-review/skills/differential-review/patterns.md +300 -0
  179. package/skills/security-differential-review/skills/differential-review/reporting.md +369 -0
  180. package/skills/security-dwarf-expert/.claude-plugin/plugin.json +10 -0
  181. package/skills/security-dwarf-expert/README.md +38 -0
  182. package/skills/security-dwarf-expert/skills/dwarf-expert/SKILL.md +93 -0
  183. package/skills/security-dwarf-expert/skills/dwarf-expert/reference/coding.md +31 -0
  184. package/skills/security-dwarf-expert/skills/dwarf-expert/reference/dwarfdump.md +50 -0
  185. package/skills/security-dwarf-expert/skills/dwarf-expert/reference/readelf.md +8 -0
  186. package/skills/security-entry-point-analyzer/.claude-plugin/plugin.json +10 -0
  187. package/skills/security-entry-point-analyzer/README.md +74 -0
  188. package/skills/security-entry-point-analyzer/commands/entry-points.md +18 -0
  189. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/SKILL.md +251 -0
  190. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/cosmwasm.md +182 -0
  191. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-aptos.md +107 -0
  192. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-sui.md +87 -0
  193. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solana.md +155 -0
  194. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solidity.md +135 -0
  195. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/ton.md +185 -0
  196. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/vyper.md +141 -0
  197. package/skills/security-firebase-apk-scanner/.claude-plugin/plugin.json +10 -0
  198. package/skills/security-firebase-apk-scanner/README.md +85 -0
  199. package/skills/security-firebase-apk-scanner/commands/scan-apk.md +18 -0
  200. package/skills/security-firebase-apk-scanner/scanner.sh +1408 -0
  201. package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/SKILL.md +197 -0
  202. package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/references/vulnerabilities.md +803 -0
  203. package/skills/security-fix-review/.claude-plugin/plugin.json +13 -0
  204. package/skills/security-fix-review/README.md +118 -0
  205. package/skills/security-fix-review/commands/fix-review.md +24 -0
  206. package/skills/security-fix-review/skills/fix-review/SKILL.md +264 -0
  207. package/skills/security-fix-review/skills/fix-review/references/bug-detection.md +408 -0
  208. package/skills/security-fix-review/skills/fix-review/references/finding-matching.md +298 -0
  209. package/skills/security-fix-review/skills/fix-review/references/report-parsing.md +398 -0
  210. package/skills/security-insecure-defaults/.claude-plugin/plugin.json +10 -0
  211. package/skills/security-insecure-defaults/README.md +45 -0
  212. package/skills/security-insecure-defaults/skills/insecure-defaults/SKILL.md +117 -0
  213. package/skills/security-insecure-defaults/skills/insecure-defaults/references/examples.md +409 -0
  214. package/skills/security-modern-python/.claude-plugin/plugin.json +10 -0
  215. package/skills/security-modern-python/README.md +58 -0
  216. package/skills/security-modern-python/hooks/hooks.json +16 -0
  217. package/skills/security-modern-python/hooks/intercept-legacy-python.bats +388 -0
  218. package/skills/security-modern-python/hooks/intercept-legacy-python.sh +109 -0
  219. package/skills/security-modern-python/hooks/test_helper.bash +75 -0
  220. package/skills/security-modern-python/skills/modern-python/SKILL.md +333 -0
  221. package/skills/security-modern-python/skills/modern-python/references/dependabot.md +43 -0
  222. package/skills/security-modern-python/skills/modern-python/references/migration-checklist.md +141 -0
  223. package/skills/security-modern-python/skills/modern-python/references/pep723-scripts.md +259 -0
  224. package/skills/security-modern-python/skills/modern-python/references/prek.md +211 -0
  225. package/skills/security-modern-python/skills/modern-python/references/pyproject.md +254 -0
  226. package/skills/security-modern-python/skills/modern-python/references/ruff-config.md +240 -0
  227. package/skills/security-modern-python/skills/modern-python/references/security-setup.md +255 -0
  228. package/skills/security-modern-python/skills/modern-python/references/testing.md +284 -0
  229. package/skills/security-modern-python/skills/modern-python/references/uv-commands.md +200 -0
  230. package/skills/security-modern-python/skills/modern-python/templates/dependabot.yml +36 -0
  231. package/skills/security-modern-python/skills/modern-python/templates/pre-commit-config.yaml +66 -0
  232. package/skills/security-property-based-testing/.claude-plugin/plugin.json +9 -0
  233. package/skills/security-property-based-testing/README.md +47 -0
  234. package/skills/security-property-based-testing/skills/property-based-testing/README.md +88 -0
  235. package/skills/security-property-based-testing/skills/property-based-testing/SKILL.md +109 -0
  236. package/skills/security-property-based-testing/skills/property-based-testing/references/design.md +191 -0
  237. package/skills/security-property-based-testing/skills/property-based-testing/references/generating.md +200 -0
  238. package/skills/security-property-based-testing/skills/property-based-testing/references/libraries.md +130 -0
  239. package/skills/security-property-based-testing/skills/property-based-testing/references/refactoring.md +181 -0
  240. package/skills/security-property-based-testing/skills/property-based-testing/references/reviewing.md +209 -0
  241. package/skills/security-property-based-testing/skills/property-based-testing/references/strategies.md +124 -0
  242. package/skills/semgrep-rule-creator/.claude-plugin/plugin.json +8 -0
  243. package/skills/semgrep-rule-creator/README.md +43 -0
  244. package/skills/semgrep-rule-creator/commands/semgrep-rule.md +26 -0
  245. package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/SKILL.md +168 -0
  246. package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/quick-reference.md +203 -0
  247. package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/workflow.md +240 -0
  248. package/skills/semgrep-rule-variant-creator/.claude-plugin/plugin.json +9 -0
  249. package/skills/semgrep-rule-variant-creator/README.md +86 -0
  250. package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/SKILL.md +205 -0
  251. package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/applicability-analysis.md +250 -0
  252. package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md +324 -0
  253. package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/workflow.md +518 -0
  254. package/skills/session-logs/SKILL.md +115 -0
  255. package/skills/sharp-edges/.claude-plugin/plugin.json +10 -0
  256. package/skills/sharp-edges/README.md +48 -0
  257. package/skills/sharp-edges/skills/sharp-edges/SKILL.md +292 -0
  258. package/skills/sharp-edges/skills/sharp-edges/references/auth-patterns.md +252 -0
  259. package/skills/sharp-edges/skills/sharp-edges/references/case-studies.md +274 -0
  260. package/skills/sharp-edges/skills/sharp-edges/references/config-patterns.md +333 -0
  261. package/skills/sharp-edges/skills/sharp-edges/references/crypto-apis.md +190 -0
  262. package/skills/sharp-edges/skills/sharp-edges/references/lang-c.md +205 -0
  263. package/skills/sharp-edges/skills/sharp-edges/references/lang-csharp.md +285 -0
  264. package/skills/sharp-edges/skills/sharp-edges/references/lang-go.md +270 -0
  265. package/skills/sharp-edges/skills/sharp-edges/references/lang-java.md +263 -0
  266. package/skills/sharp-edges/skills/sharp-edges/references/lang-javascript.md +269 -0
  267. package/skills/sharp-edges/skills/sharp-edges/references/lang-kotlin.md +265 -0
  268. package/skills/sharp-edges/skills/sharp-edges/references/lang-php.md +245 -0
  269. package/skills/sharp-edges/skills/sharp-edges/references/lang-python.md +274 -0
  270. package/skills/sharp-edges/skills/sharp-edges/references/lang-ruby.md +273 -0
  271. package/skills/sharp-edges/skills/sharp-edges/references/lang-rust.md +272 -0
  272. package/skills/sharp-edges/skills/sharp-edges/references/lang-swift.md +287 -0
  273. package/skills/sharp-edges/skills/sharp-edges/references/language-specific.md +588 -0
  274. package/skills/sherpa-onnx-tts/SKILL.md +103 -0
  275. package/skills/sherpa-onnx-tts/bin/sherpa-onnx-tts +178 -0
  276. package/skills/skill-creator/SKILL.md +370 -0
  277. package/skills/skill-creator/license.txt +202 -0
  278. package/skills/skill-creator/scripts/init_skill.py +378 -0
  279. package/skills/skill-creator/scripts/package_skill.py +111 -0
  280. package/skills/skill-creator/scripts/quick_validate.py +101 -0
  281. package/skills/slack/SKILL.md +144 -0
  282. package/skills/songsee/SKILL.md +49 -0
  283. package/skills/sonoscli/SKILL.md +46 -0
  284. package/skills/spec-to-code-compliance/.claude-plugin/plugin.json +10 -0
  285. package/skills/spec-to-code-compliance/README.md +67 -0
  286. package/skills/spec-to-code-compliance/commands/spec-compliance.md +22 -0
  287. package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/SKILL.md +349 -0
  288. package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/COMPLETENESS_CHECKLIST.md +69 -0
  289. package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/IR_EXAMPLES.md +417 -0
  290. package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/OUTPUT_REQUIREMENTS.md +105 -0
  291. package/skills/spotify-player/SKILL.md +64 -0
  292. package/skills/static-analysis/.claude-plugin/plugin.json +8 -0
  293. package/skills/static-analysis/README.md +59 -0
  294. package/skills/static-analysis/skills/codeql/SKILL.md +315 -0
  295. package/skills/static-analysis/skills/sarif-parsing/SKILL.md +479 -0
  296. package/skills/static-analysis/skills/sarif-parsing/resources/jq-queries.md +162 -0
  297. package/skills/static-analysis/skills/sarif-parsing/resources/sarif_helpers.py +331 -0
  298. package/skills/static-analysis/skills/semgrep/SKILL.md +337 -0
  299. package/skills/summarize/SKILL.md +87 -0
  300. package/skills/testing-handbook-skills/.claude-plugin/plugin.json +8 -0
  301. package/skills/testing-handbook-skills/README.md +241 -0
  302. package/skills/testing-handbook-skills/scripts/pyproject.toml +8 -0
  303. package/skills/testing-handbook-skills/scripts/validate-skills.py +657 -0
  304. package/skills/testing-handbook-skills/skills/address-sanitizer/SKILL.md +341 -0
  305. package/skills/testing-handbook-skills/skills/aflpp/SKILL.md +640 -0
  306. package/skills/testing-handbook-skills/skills/atheris/SKILL.md +515 -0
  307. package/skills/testing-handbook-skills/skills/cargo-fuzz/SKILL.md +454 -0
  308. package/skills/testing-handbook-skills/skills/codeql/SKILL.md +549 -0
  309. package/skills/testing-handbook-skills/skills/constant-time-testing/SKILL.md +507 -0
  310. package/skills/testing-handbook-skills/skills/coverage-analysis/SKILL.md +607 -0
  311. package/skills/testing-handbook-skills/skills/fuzzing-dictionary/SKILL.md +297 -0
  312. package/skills/testing-handbook-skills/skills/fuzzing-obstacles/SKILL.md +426 -0
  313. package/skills/testing-handbook-skills/skills/harness-writing/SKILL.md +614 -0
  314. package/skills/testing-handbook-skills/skills/libafl/SKILL.md +625 -0
  315. package/skills/testing-handbook-skills/skills/libfuzzer/SKILL.md +795 -0
  316. package/skills/testing-handbook-skills/skills/ossfuzz/SKILL.md +426 -0
  317. package/skills/testing-handbook-skills/skills/ruzzy/SKILL.md +443 -0
  318. package/skills/testing-handbook-skills/skills/semgrep/SKILL.md +601 -0
  319. package/skills/testing-handbook-skills/skills/testing-handbook-generator/SKILL.md +372 -0
  320. package/skills/testing-handbook-skills/skills/testing-handbook-generator/agent-prompt.md +280 -0
  321. package/skills/testing-handbook-skills/skills/testing-handbook-generator/discovery.md +452 -0
  322. package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/domain-skill.md +504 -0
  323. package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md +454 -0
  324. package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/technique-skill.md +527 -0
  325. package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/tool-skill.md +366 -0
  326. package/skills/testing-handbook-skills/skills/testing-handbook-generator/testing.md +482 -0
  327. package/skills/testing-handbook-skills/skills/wycheproof/SKILL.md +533 -0
  328. package/skills/things-mac/SKILL.md +86 -0
  329. package/skills/tmux/SKILL.md +135 -0
  330. package/skills/tmux/scripts/find-sessions.sh +112 -0
  331. package/skills/tmux/scripts/wait-for-text.sh +83 -0
  332. package/skills/trello/SKILL.md +95 -0
  333. package/skills/variant-analysis/.claude-plugin/plugin.json +8 -0
  334. package/skills/variant-analysis/README.md +41 -0
  335. package/skills/variant-analysis/commands/variants.md +23 -0
  336. package/skills/variant-analysis/skills/variant-analysis/METHODOLOGY.md +327 -0
  337. package/skills/variant-analysis/skills/variant-analysis/SKILL.md +142 -0
  338. package/skills/variant-analysis/skills/variant-analysis/resources/codeql/cpp.ql +119 -0
  339. package/skills/variant-analysis/skills/variant-analysis/resources/codeql/go.ql +69 -0
  340. package/skills/variant-analysis/skills/variant-analysis/resources/codeql/java.ql +71 -0
  341. package/skills/variant-analysis/skills/variant-analysis/resources/codeql/javascript.ql +63 -0
  342. package/skills/variant-analysis/skills/variant-analysis/resources/codeql/python.ql +80 -0
  343. package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/cpp.yaml +98 -0
  344. package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/go.yaml +63 -0
  345. package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/java.yaml +61 -0
  346. package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/javascript.yaml +60 -0
  347. package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/python.yaml +72 -0
  348. package/skills/variant-analysis/skills/variant-analysis/resources/variant-report-template.md +75 -0
  349. package/skills/video-frames/SKILL.md +46 -0
  350. package/skills/video-frames/scripts/frame.sh +81 -0
  351. package/skills/voice-call/SKILL.md +45 -0
  352. package/skills/wacli/SKILL.md +72 -0
  353. package/skills/weather/SKILL.md +54 -0
  354. package/skills/yara-authoring/.claude-plugin/plugin.json +9 -0
  355. package/skills/yara-authoring/README.md +131 -0
  356. package/skills/yara-authoring/skills/yara-rule-authoring/SKILL.md +645 -0
  357. package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Mac_ProtonRAT_Jan25.yar +99 -0
  358. package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_NPM_SupplyChain_Jan25.yar +170 -0
  359. package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Win_Remcos_Jan25.yar +103 -0
  360. package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_CRX_SuspiciousPermissions.yar +134 -0
  361. package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_JS_Obfuscation_Jan25.yar +185 -0
  362. package/skills/yara-authoring/skills/yara-rule-authoring/references/crx-module.md +214 -0
  363. package/skills/yara-authoring/skills/yara-rule-authoring/references/dex-module.md +383 -0
  364. package/skills/yara-authoring/skills/yara-rule-authoring/references/performance.md +333 -0
  365. package/skills/yara-authoring/skills/yara-rule-authoring/references/strings.md +433 -0
  366. package/skills/yara-authoring/skills/yara-rule-authoring/references/style-guide.md +257 -0
  367. package/skills/yara-authoring/skills/yara-rule-authoring/references/testing.md +399 -0
  368. package/skills/yara-authoring/skills/yara-rule-authoring/scripts/atom_analyzer.py +526 -0
  369. package/skills/yara-authoring/skills/yara-rule-authoring/scripts/pyproject.toml +25 -0
  370. package/skills/yara-authoring/skills/yara-rule-authoring/scripts/yara_lint.py +631 -0
  371. package/skills/yara-authoring/skills/yara-rule-authoring/workflows/rule-development.md +493 -0
package/skills/security-modern-python/skills/modern-python/SKILL.md ADDED
@@ -0,0 +1,333 @@
1
+ ---
2
+ name: modern-python
3
+ description: Configures Python projects with modern tooling (uv, ruff, ty). Use when creating projects, writing standalone scripts, or migrating from pip/Poetry/mypy/black.
4
+ ---
5
+
6
+ # Modern Python
7
+
8
+ Guide for modern Python tooling and best practices, based on [trailofbits/cookiecutter-python](https://github.com/trailofbits/cookiecutter-python).
9
+
10
+ ## When to Use This Skill
11
+
12
+ - Creating a new Python project or package
13
+ - Setting up `pyproject.toml` configuration
14
+ - Configuring development tools (linting, formatting, testing)
15
+ - Writing Python scripts with external dependencies
16
+ - Migrating from legacy tools (when user requests it)
17
+
18
+ ## When NOT to Use This Skill
19
+
20
+ - **User wants to keep legacy tooling**: Respect existing workflows if explicitly requested
21
+ - **Python < 3.11 required**: These tools target modern Python
22
+ - **Non-Python projects**: Mixed codebases where Python isn't primary
23
+
24
+ ## Anti-Patterns to Avoid
25
+
26
+ | Avoid | Use Instead |
27
+ |-------|-------------|
28
+ | `[tool.ty]` python-version | `[tool.ty.environment]` python-version |
29
+ | `uv pip install` | `uv add` and `uv sync` |
30
+ | Editing pyproject.toml manually to add deps | `uv add <pkg>` / `uv remove <pkg>` |
31
+ | `hatchling` build backend | `uv_build` (simpler, sufficient for most cases) |
32
+ | Poetry | uv (faster, simpler, better ecosystem integration) |
33
+ | requirements.txt | PEP 723 for scripts, pyproject.toml for projects |
34
+ | mypy / pyright | ty (faster, from Astral team) |
35
+ | `[project.optional-dependencies]` for dev tools | `[dependency-groups]` (PEP 735) |
36
+ | Manual virtualenv activation (`source .venv/bin/activate`) | `uv run <cmd>` |
37
+ | pre-commit | prek (faster, no Python runtime needed) |
38
+
39
+ **Key principles:**
40
+ - Always use `uv add` and `uv remove` to manage dependencies
41
+ - Never manually activate or manage virtual environments—use `uv run` for all commands
42
+ - Use `[dependency-groups]` for dev/test/docs dependencies, not `[project.optional-dependencies]`
43
+
44
+ ## Decision Tree
45
+
46
+ ```
47
+ What are you doing?
48
+
49
+ ├─ Single-file script with dependencies?
50
+ │ └─ Use PEP 723 inline metadata (./references/pep723-scripts.md)
51
+
52
+ ├─ New multi-file project (not distributed)?
53
+ │ └─ Minimal uv setup (see Quick Start below)
54
+
55
+ ├─ New reusable package/library?
56
+ │ └─ Full project setup (see Full Setup below)
57
+
58
+ └─ Migrating existing project?
59
+ └─ See Migration Guide below
60
+ ```
61
+
62
+ ## Tool Overview
63
+
64
+ | Tool | Purpose | Replaces |
65
+ |------|---------|----------|
66
+ | **uv** | Package/dependency management | pip, virtualenv, pip-tools, pipx, pyenv |
67
+ | **ruff** | Linting AND formatting | flake8, black, isort, pyupgrade, pydocstyle |
68
+ | **ty** | Type checking | mypy, pyright (faster alternative) |
69
+ | **pytest** | Testing with coverage | unittest |
70
+ | **prek** | Pre-commit hooks ([setup](./references/prek.md)) | pre-commit (faster, Rust-native) |
71
+
72
+ ### Security Tools
73
+
74
+ | Tool | Purpose | When It Runs |
75
+ |------|---------|--------------|
76
+ | **shellcheck** | Shell script linting | pre-commit |
77
+ | **detect-secrets** | Secret detection | pre-commit |
78
+ | **actionlint** | Workflow syntax validation | pre-commit, CI |
79
+ | **zizmor** | Workflow security audit | pre-commit, CI |
80
+ | **pip-audit** | Dependency vulnerability scanning | CI, manual |
81
+ | **Dependabot** | Automated dependency updates | scheduled |
82
+
83
+ See [security-setup.md](./references/security-setup.md) for configuration and usage.
84
+
85
+ ## Quick Start: Minimal Project
86
+
87
+ For simple multi-file projects not intended for distribution:
88
+
89
+ ```bash
90
+ # Create project with uv
91
+ uv init myproject
92
+ cd myproject
93
+
94
+ # Add dependencies
95
+ uv add requests rich
96
+
97
+ # Add dev dependencies
98
+ uv add --group dev pytest ruff ty
99
+
100
+ # Run code
101
+ uv run python src/myproject/main.py
102
+
103
+ # Run tools
104
+ uv run pytest
105
+ uv run ruff check .
106
+ ```
107
+
108
+ ## Full Project Setup
109
+ If starting from scratch, ask the user if they prefer to use the Trail of Bits cookiecutter template to bootstrap a complete project with already preconfigured tooling.
110
+
111
+ ```bash
112
+ uvx cookiecutter gh:trailofbits/cookiecutter-python
113
+ ```
114
+
115
+ ### 1. Create Project Structure
116
+
117
+ ```bash
118
+ uv init --package myproject
119
+ cd myproject
120
+ ```
121
+
122
+ This creates:
123
+ ```
124
+ myproject/
125
+ ├── pyproject.toml
126
+ ├── README.md
127
+ ├── src/
128
+ │ └── myproject/
129
+ │ └── __init__.py
130
+ └── .python-version
131
+ ```
132
+
133
+ ### 2. Configure pyproject.toml
134
+
135
+ See [pyproject.md](./references/pyproject.md) for complete configuration reference.
136
+
137
+ Key sections:
138
+ ```toml
139
+ [project]
140
+ name = "myproject"
141
+ version = "0.1.0"
142
+ requires-python = ">=3.11"
143
+ dependencies = []
144
+
145
+ [dependency-groups]
146
+ dev = [{include-group = "lint"}, {include-group = "test"}, {include-group = "audit"}]
147
+ lint = ["ruff", "ty"]
148
+ test = ["pytest", "pytest-cov"]
149
+ audit = ["pip-audit"]
150
+
151
+ [tool.ruff]
152
+ line-length = 100
153
+ target-version = "py311"
154
+
155
+ [tool.ruff.lint]
156
+ select = ["ALL"]
157
+ ignore = ["D", "COM812", "ISC001"]
158
+
159
+ [tool.pytest]
160
+ addopts = ["--cov=myproject", "--cov-fail-under=80"]
161
+
162
+ [tool.ty.terminal]
163
+ error-on-warning = true
164
+
165
+ [tool.ty.environment]
166
+ python-version = "3.11"
167
+
168
+ [tool.ty.rules]
169
+ # Strict from day 1 for new projects
170
+ possibly-unresolved-reference = "error"
171
+ unused-ignore-comment = "warn"
172
+ ```
173
+
174
+ ### 3. Install Dependencies
175
+
176
+ ```bash
177
+ # Install all dependency groups
178
+ uv sync --all-groups
179
+
180
+ # Or install specific groups
181
+ uv sync --group dev
182
+ ```
183
+
184
+ ### 4. Add Makefile
185
+
186
+ ```makefile
187
+ .PHONY: dev lint format test build
188
+
189
+ dev:
190
+ uv sync --all-groups
191
+
192
+ lint:
193
+ uv run ruff format --check && uv run ruff check && uv run ty check src/
194
+
195
+ format:
196
+ uv run ruff format .
197
+
198
+ test:
199
+ uv run pytest
200
+
201
+ build:
202
+ uv build
203
+ ```
204
+
205
+ ## Migration Guide
206
+
207
+ When a user requests migration from legacy tooling:
208
+
209
+ ### From requirements.txt + pip
210
+
211
+ First, determine the nature of the code:
212
+
213
+ **For standalone scripts**: Convert to PEP 723 inline metadata (see [pep723-scripts.md](./references/pep723-scripts.md))
214
+
215
+ **For projects**:
216
+ ```bash
217
+ # Initialize uv in existing project
218
+ uv init --bare
219
+
220
+ # Add dependencies using uv (not by editing pyproject.toml)
221
+ uv add requests rich # add each package
222
+
223
+ # Or import from requirements.txt (review each package before adding)
224
+ # Note: Complex version specifiers may need manual handling
225
+ grep -v '^#' requirements.txt | grep -v '^-' | grep -v '^\s*$' | while read -r pkg; do
226
+ uv add "$pkg" || echo "Failed to add: $pkg"
227
+ done
228
+
229
+ uv sync
230
+ ```
231
+
232
+ Then:
233
+ 1. Delete `requirements.txt`, `requirements-dev.txt`
234
+ 2. Delete virtual environment (`venv/`, `.venv/`)
235
+ 3. Add `uv.lock` to version control
236
+
237
+ ### From setup.py / setup.cfg
238
+
239
+ 1. Run `uv init --bare` to create pyproject.toml
240
+ 2. Use `uv add` to add each dependency from `install_requires`
241
+ 3. Use `uv add --group dev` for dev dependencies
242
+ 4. Copy non-dependency metadata (name, version, description, etc.) to `[project]`
243
+ 5. Delete `setup.py`, `setup.cfg`, `MANIFEST.in`
244
+
245
+ ### From flake8 + black + isort
246
+
247
+ 1. Remove flake8, black, isort via `uv remove`
248
+ 2. Delete `.flake8`, `pyproject.toml [tool.black]`, `[tool.isort]` configs
249
+ 3. Add ruff: `uv add --group dev ruff`
250
+ 4. Add ruff configuration (see [ruff-config.md](./references/ruff-config.md))
251
+ 5. Run `uv run ruff check --fix .` to apply fixes
252
+ 6. Run `uv run ruff format .` to format
253
+
254
+ ### From mypy / pyright
255
+
256
+ 1. Remove mypy/pyright via `uv remove`
257
+ 2. Delete `mypy.ini`, `pyrightconfig.json`, or `[tool.mypy]`/`[tool.pyright]` sections
258
+ 3. Add ty: `uv add --group dev ty`
259
+ 4. Run `uv run ty check src/`
260
+
261
+ ## Quick Reference: uv Commands
262
+
263
+ | Command | Description |
264
+ |---------|-------------|
265
+ | `uv init` | Create new project |
266
+ | `uv init --package` | Create distributable package |
267
+ | `uv add <pkg>` | Add dependency |
268
+ | `uv add --group dev <pkg>` | Add to dependency group |
269
+ | `uv remove <pkg>` | Remove dependency |
270
+ | `uv sync` | Install dependencies |
271
+ | `uv sync --all-groups` | Install all dependency groups |
272
+ | `uv run <cmd>` | Run command in venv |
273
+ | `uv run --with <pkg> <cmd>` | Run with temporary dependency |
274
+ | `uv build` | Build package |
275
+ | `uv publish` | Publish to PyPI |
276
+
277
+ ### Ad-hoc Dependencies with `--with`
278
+
279
+ Use `uv run --with` for one-off commands that need packages not in your project:
280
+
281
+ ```bash
282
+ # Run Python with a temporary package
283
+ uv run --with requests python -c "import requests; print(requests.get('https://httpbin.org/ip').json())"
284
+
285
+ # Run a module with temporary deps
286
+ uv run --with rich python -m rich.progress
287
+
288
+ # Multiple packages
289
+ uv run --with requests --with rich python script.py
290
+
291
+ # Combine with project deps (adds to existing venv)
292
+ uv run --with httpx pytest # project deps + httpx
293
+ ```
294
+
295
+ **When to use `--with` vs `uv add`:**
296
+ - `uv add`: Package is a project dependency (goes in pyproject.toml/uv.lock)
297
+ - `--with`: One-off usage, testing, or scripts outside a project context
298
+
299
+ See [uv-commands.md](./references/uv-commands.md) for complete reference.
300
+
301
+ ## Quick Reference: Dependency Groups
302
+
303
+ ```toml
304
+ [dependency-groups]
305
+ dev = ["ruff", "ty"]
306
+ test = ["pytest", "pytest-cov", "hypothesis"]
307
+ docs = ["sphinx", "myst-parser"]
308
+ ```
309
+
310
+ Install with: `uv sync --group dev --group test`
311
+
312
+ ## Best Practices Checklist
313
+
314
+ - [ ] Use `src/` layout for packages
315
+ - [ ] Set `requires-python = ">=3.11"`
316
+ - [ ] Configure ruff with `select = ["ALL"]` and explicit ignores
317
+ - [ ] Use ty for type checking
318
+ - [ ] Enforce test coverage minimum (80%+)
319
+ - [ ] Use dependency groups instead of extras for dev tools
320
+ - [ ] Add `uv.lock` to version control
321
+ - [ ] Use PEP 723 for standalone scripts
322
+
323
+ ## Read Next
324
+
325
+ - [migration-checklist.md](./references/migration-checklist.md) - Step-by-step migration cleanup
326
+ - [pyproject.md](./references/pyproject.md) - Complete pyproject.toml reference
327
+ - [uv-commands.md](./references/uv-commands.md) - uv command reference
328
+ - [ruff-config.md](./references/ruff-config.md) - Ruff linting/formatting configuration
329
+ - [testing.md](./references/testing.md) - pytest and coverage setup
330
+ - [pep723-scripts.md](./references/pep723-scripts.md) - PEP 723 inline script metadata
331
+ - [prek.md](./references/prek.md) - Fast pre-commit hooks with prek
332
+ - [security-setup.md](./references/security-setup.md) - Security hooks and dependency scanning
333
+ - [dependabot.md](./references/dependabot.md) - Automated dependency updates
package/skills/security-modern-python/skills/modern-python/references/dependabot.md ADDED
@@ -0,0 +1,43 @@
1
+ # Dependabot: Automated Dependency Updates
2
+
3
+ [Dependabot](https://docs.github.com/en/code-security/dependabot) automatically creates pull requests to keep your dependencies up to date. GitHub hosts it natively—no external service required.
4
+
5
+ ## Why Use Dependabot?
6
+
7
+ - **Security**: Automatically patches known vulnerabilities
8
+ - **Freshness**: Keeps dependencies current without manual tracking
9
+ - **Visibility**: PRs show changelogs and compatibility notes
10
+
11
+ ## Configuration
12
+
13
+ Copy [templates/dependabot.yml](../templates/dependabot.yml) to `.github/dependabot.yml`.
14
+
15
+ The template includes:
16
+ - Weekly update schedule for pip and GitHub Actions
17
+ - 7-day cooldown for supply chain protection
18
+ - Grouping to reduce PR noise
19
+
20
+ ## Supply Chain Protection
21
+
22
+ The `cooldown.default-days: 7` setting delays updates for newly published versions. This provides time for the community to detect compromised packages before they reach your project.
23
+
24
+ **Why this matters:**
25
+ - Attackers sometimes publish malicious versions of legitimate packages
26
+ - A 7-day delay allows time for detection and removal
27
+ - Combined with weekly schedules, this balances security with freshness
28
+
29
+ ## Common Options
30
+
31
+ | Option | Description |
32
+ |--------|-------------|
33
+ | `interval` | `daily`, `weekly`, or `monthly` |
34
+ | `cooldown.default-days` | Days to wait before updating new releases |
35
+ | `ignore` | Skip specific dependencies or versions |
36
+ | `groups` | Group related updates into single PRs |
37
+ | `reviewers` | Auto-assign reviewers to PRs |
38
+
39
+ ## See Also
40
+
41
+ - [GitHub Dependabot docs](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file)
42
+ - [security-setup.md](./security-setup.md) - Security tooling overview
43
+ - [prek.md](./prek.md) - Pre-commit hooks (complementary tool)
package/skills/security-modern-python/skills/modern-python/references/migration-checklist.md ADDED
@@ -0,0 +1,141 @@
1
+ # Migration Checklist
2
+
3
+ Comprehensive checklist for migrating Python projects to modern tooling.
4
+
5
+ ## Before Migration
6
+
7
+ - [ ] **Determine layout**: `src/` or flat? Configure `[tool.uv.build-backend]` if flat
8
+ - [ ] **Decide uv.lock strategy**: app (commit) vs library (.gitignore)
9
+ - [ ] **Backup current state**: Create a branch or tag before starting
10
+
11
+ ## Cleanup Old Artifacts
12
+
13
+ Find and remove legacy linter comments:
14
+
15
+ ```bash
16
+ # Find files with old linter pragmas
17
+ rg "# pylint:|# noqa:|# type: ignore" --files-with-matches
18
+
19
+ # Find missing __init__.py files
20
+ uv run ruff check --select=INP001 .
21
+ ```
22
+
23
+ Remove these files after migration:
24
+ - [ ] `requirements.txt`, `requirements-dev.txt`
25
+ - [ ] `setup.py`, `setup.cfg`, `MANIFEST.in`
26
+ - [ ] `.flake8`, `mypy.ini`, `pyrightconfig.json`
27
+ - [ ] `tox.ini` (if not needed)
28
+ - [ ] `Pipfile`, `Pipfile.lock`
29
+ - [ ] Old virtual environments (`venv/`, `.venv/`)
30
+
31
+ ## .gitignore Updates
32
+
33
+ Add these entries:
34
+
35
+ ```gitignore
36
+ # Python
37
+ __pycache__/
38
+ *.py[cod]
39
+ .venv/
40
+
41
+ # Tools
42
+ .ruff_cache/
43
+ .ty/
44
+
45
+ # uv (for libraries only - apps should commit uv.lock)
46
+ # uv.lock
47
+ ```
48
+
49
+ ## pyproject.toml Sections to Remove
50
+
51
+ - [ ] `[tool.black]`
52
+ - [ ] `[tool.isort]`
53
+ - [ ] `[tool.mypy]`
54
+ - [ ] `[tool.pyright]`
55
+ - [ ] `[tool.pylint]`
56
+ - [ ] `[tool.flake8]` (if present)
57
+
58
+ ## Post-Migration Easy Wins
59
+
60
+ Run these to modernize code automatically:
61
+
62
+ ```bash
63
+ # Pyupgrade modernization (typing, syntax)
64
+ uv run ruff check --select=UP --fix .
65
+
66
+ # Unnecessary variable assignments before return
67
+ uv run ruff check --select=RET504 --fix .
68
+
69
+ # Simplifications (conditionals, comprehensions)
70
+ uv run ruff check --select=SIM --fix .
71
+
72
+ # Remove commented-out code
73
+ uv run ruff check --select=ERA --fix .
74
+ ```
75
+
76
+ ## CI Cleanup
77
+
78
+ - [ ] Remove scheduled CI triggers (activity without progress is theater)
79
+ - [ ] Update CI to use `uv sync` and `uv run`
80
+ - [ ] Pin GitHub Actions to SHA hashes
81
+ - [ ] Set up security tooling (see [security-setup.md](./security-setup.md))
82
+
83
+ ## Gradual ty Adoption
84
+
85
+ For legacy codebases with many type errors, start lenient:
86
+
87
+ ```toml
88
+ [tool.ty.terminal]
89
+ error-on-warning = true
90
+
91
+ [tool.ty.environment]
92
+ python-version = "3.11"
93
+
94
+ [tool.ty.rules]
95
+ # Start with these ignored for legacy codebases
96
+ possibly-missing-attribute = "ignore"
97
+ unresolved-import = "ignore"
98
+ invalid-argument-type = "ignore"
99
+ not-subscriptable = "ignore"
100
+ unresolved-attribute = "ignore"
101
+ ```
102
+
103
+ Remove rules as you fix errors. Track progress:
104
+
105
+ ```bash
106
+ # Count remaining issues
107
+ uv run ty check src/ 2>&1 | grep -c "error"
108
+ ```
109
+
110
+ ## Supply Chain Security
111
+
112
+ - [ ] Add pip-audit to dependency groups
113
+ - [ ] Configure Dependabot with 7-day cooldown
114
+ - [ ] Pin exact versions in production (`==` not `>=`)
115
+
116
+ See [security-setup.md](./security-setup.md) for pip-audit and Dependabot configuration.
117
+
118
+ ## Verification
119
+
120
+ After migration, verify everything works:
121
+
122
+ ```bash
123
+ # Install all dependencies
124
+ uv sync --all-groups
125
+
126
+ # Run linting
127
+ uv run ruff check .
128
+ uv run ruff format --check .
129
+
130
+ # Run type checking
131
+ uv run ty check src/
132
+
133
+ # Run tests
134
+ uv run pytest
135
+
136
+ # Security audit
137
+ uv run pip-audit
138
+
139
+ # Build package (if distributable)
140
+ uv build
141
+ ```