create-vasvibe 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (170) hide show
  1. package/README.md +84 -0
  2. package/bin/cli.mjs +9 -0
  3. package/package.json +45 -0
  4. package/src/git.mjs +47 -0
  5. package/src/index.mjs +178 -0
  6. package/src/prompts.mjs +87 -0
  7. package/src/scaffold.mjs +66 -0
  8. package/src/utils.mjs +91 -0
  9. package/template/.agents/skills/developer/SKILL.md +93 -0
  10. package/template/.agents/skills/find-skills/SKILL.md +142 -0
  11. package/template/.agents/skills/penetration-testing/SKILL.md +94 -0
  12. package/template/.agents/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -0
  13. package/template/.agents/skills/penetration-testing/references/burp-suite-automation-script.md +135 -0
  14. package/template/.agents/skills/penetration-testing/scripts/security-checklist.sh +30 -0
  15. package/template/.agents/skills/pm/SKILL.md +202 -0
  16. package/template/.agents/skills/ui-ux-pro-max/SKILL.md +659 -0
  17. package/template/.agents/skills/ui-ux-pro-max/data/_sync_all.py +414 -0
  18. package/template/.agents/skills/ui-ux-pro-max/data/app-interface.csv +31 -0
  19. package/template/.agents/skills/ui-ux-pro-max/data/charts.csv +26 -0
  20. package/template/.agents/skills/ui-ux-pro-max/data/colors.csv +162 -0
  21. package/template/.agents/skills/ui-ux-pro-max/data/design.csv +1776 -0
  22. package/template/.agents/skills/ui-ux-pro-max/data/draft.csv +1779 -0
  23. package/template/.agents/skills/ui-ux-pro-max/data/google-fonts.csv +1924 -0
  24. package/template/.agents/skills/ui-ux-pro-max/data/icons.csv +106 -0
  25. package/template/.agents/skills/ui-ux-pro-max/data/landing.csv +35 -0
  26. package/template/.agents/skills/ui-ux-pro-max/data/products.csv +162 -0
  27. package/template/.agents/skills/ui-ux-pro-max/data/react-performance.csv +45 -0
  28. package/template/.agents/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -0
  29. package/template/.agents/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -0
  30. package/template/.agents/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -0
  31. package/template/.agents/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -0
  32. package/template/.agents/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -0
  33. package/template/.agents/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -0
  34. package/template/.agents/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -0
  35. package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -0
  36. package/template/.agents/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -0
  37. package/template/.agents/skills/ui-ux-pro-max/data/stacks/react-native.csv +52 -0
  38. package/template/.agents/skills/ui-ux-pro-max/data/stacks/react.csv +54 -0
  39. package/template/.agents/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -0
  40. package/template/.agents/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -0
  41. package/template/.agents/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -0
  42. package/template/.agents/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -0
  43. package/template/.agents/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -0
  44. package/template/.agents/skills/ui-ux-pro-max/data/styles.csv +85 -0
  45. package/template/.agents/skills/ui-ux-pro-max/data/typography.csv +74 -0
  46. package/template/.agents/skills/ui-ux-pro-max/data/ui-reasoning.csv +162 -0
  47. package/template/.agents/skills/ui-ux-pro-max/data/ux-guidelines.csv +100 -0
  48. package/template/.agents/skills/ui-ux-pro-max/scripts/core.py +262 -0
  49. package/template/.agents/skills/ui-ux-pro-max/scripts/design_system.py +1148 -0
  50. package/template/.agents/skills/ui-ux-pro-max/scripts/search.py +114 -0
  51. package/template/.claude/agents/analyst.md +61 -0
  52. package/template/.claude/agents/developer.md +144 -0
  53. package/template/.claude/agents/document.md +18 -0
  54. package/template/.claude/agents/fixer.md +67 -0
  55. package/template/.claude/agents/initiator.md +58 -0
  56. package/template/.claude/agents/pm.md +371 -0
  57. package/template/.claude/agents/sysarch.md +356 -0
  58. package/template/.claude/agents/tester.md +83 -0
  59. package/template/.claude/skills/find-skills/SKILL.md +142 -0
  60. package/template/.claude/skills/penetration-testing/SKILL.md +94 -0
  61. package/template/.claude/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -0
  62. package/template/.claude/skills/penetration-testing/references/burp-suite-automation-script.md +135 -0
  63. package/template/.claude/skills/penetration-testing/scripts/security-checklist.sh +30 -0
  64. package/template/.claude/skills/ui-ux-pro-max/SKILL.md +659 -0
  65. package/template/.claude/skills/ui-ux-pro-max/data/_sync_all.py +414 -0
  66. package/template/.claude/skills/ui-ux-pro-max/data/app-interface.csv +31 -0
  67. package/template/.claude/skills/ui-ux-pro-max/data/charts.csv +26 -0
  68. package/template/.claude/skills/ui-ux-pro-max/data/colors.csv +162 -0
  69. package/template/.claude/skills/ui-ux-pro-max/data/design.csv +1776 -0
  70. package/template/.claude/skills/ui-ux-pro-max/data/draft.csv +1779 -0
  71. package/template/.claude/skills/ui-ux-pro-max/data/google-fonts.csv +1924 -0
  72. package/template/.claude/skills/ui-ux-pro-max/data/icons.csv +106 -0
  73. package/template/.claude/skills/ui-ux-pro-max/data/landing.csv +35 -0
  74. package/template/.claude/skills/ui-ux-pro-max/data/products.csv +162 -0
  75. package/template/.claude/skills/ui-ux-pro-max/data/react-performance.csv +45 -0
  76. package/template/.claude/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -0
  77. package/template/.claude/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -0
  78. package/template/.claude/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -0
  79. package/template/.claude/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -0
  80. package/template/.claude/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -0
  81. package/template/.claude/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -0
  82. package/template/.claude/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -0
  83. package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -0
  84. package/template/.claude/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -0
  85. package/template/.claude/skills/ui-ux-pro-max/data/stacks/react-native.csv +52 -0
  86. package/template/.claude/skills/ui-ux-pro-max/data/stacks/react.csv +54 -0
  87. package/template/.claude/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -0
  88. package/template/.claude/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -0
  89. package/template/.claude/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -0
  90. package/template/.claude/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -0
  91. package/template/.claude/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -0
  92. package/template/.claude/skills/ui-ux-pro-max/data/styles.csv +85 -0
  93. package/template/.claude/skills/ui-ux-pro-max/data/typography.csv +74 -0
  94. package/template/.claude/skills/ui-ux-pro-max/data/ui-reasoning.csv +162 -0
  95. package/template/.claude/skills/ui-ux-pro-max/data/ux-guidelines.csv +100 -0
  96. package/template/.claude/skills/ui-ux-pro-max/scripts/core.py +262 -0
  97. package/template/.claude/skills/ui-ux-pro-max/scripts/design_system.py +1148 -0
  98. package/template/.claude/skills/ui-ux-pro-max/scripts/search.py +114 -0
  99. package/template/.github/prompts/analyst.prompt.md +58 -0
  100. package/template/.github/prompts/developer.prompt.md +100 -0
  101. package/template/.github/prompts/document.prompt.md +15 -0
  102. package/template/.github/prompts/fixer.prompt.md +64 -0
  103. package/template/.github/prompts/initiator.prompt.md +55 -0
  104. package/template/.github/prompts/pm.prompt.md +177 -0
  105. package/template/.github/prompts/sysarch.prompt.md +352 -0
  106. package/template/.github/prompts/tester.prompt.md +80 -0
  107. package/template/.opencode/commands/analyst.md +61 -0
  108. package/template/.opencode/commands/developer.md +174 -0
  109. package/template/.opencode/commands/document.md +18 -0
  110. package/template/.opencode/commands/fixer.md +67 -0
  111. package/template/.opencode/commands/initiator.md +58 -0
  112. package/template/.opencode/commands/pm.md +348 -0
  113. package/template/.opencode/commands/sysarch.md +356 -0
  114. package/template/.opencode/commands/tester.md +83 -0
  115. package/template/.opencode/skills/penetration-testing/SKILL.md +94 -0
  116. package/template/.opencode/skills/penetration-testing/references/automated-penetration-testing-framework.md +328 -0
  117. package/template/.opencode/skills/penetration-testing/references/burp-suite-automation-script.md +135 -0
  118. package/template/.opencode/skills/penetration-testing/scripts/security-checklist.sh +30 -0
  119. package/template/.opencode/skills/ui-ux-pro-max/SKILL.md +659 -0
  120. package/template/.opencode/skills/ui-ux-pro-max/data/_sync_all.py +414 -0
  121. package/template/.opencode/skills/ui-ux-pro-max/data/app-interface.csv +31 -0
  122. package/template/.opencode/skills/ui-ux-pro-max/data/charts.csv +26 -0
  123. package/template/.opencode/skills/ui-ux-pro-max/data/colors.csv +162 -0
  124. package/template/.opencode/skills/ui-ux-pro-max/data/design.csv +1776 -0
  125. package/template/.opencode/skills/ui-ux-pro-max/data/draft.csv +1779 -0
  126. package/template/.opencode/skills/ui-ux-pro-max/data/google-fonts.csv +1924 -0
  127. package/template/.opencode/skills/ui-ux-pro-max/data/icons.csv +106 -0
  128. package/template/.opencode/skills/ui-ux-pro-max/data/landing.csv +35 -0
  129. package/template/.opencode/skills/ui-ux-pro-max/data/products.csv +162 -0
  130. package/template/.opencode/skills/ui-ux-pro-max/data/react-performance.csv +45 -0
  131. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/angular.csv +51 -0
  132. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -0
  133. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -0
  134. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -0
  135. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -0
  136. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/laravel.csv +51 -0
  137. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -0
  138. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -0
  139. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -0
  140. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/react-native.csv +52 -0
  141. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/react.csv +54 -0
  142. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -0
  143. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -0
  144. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -0
  145. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/threejs.csv +54 -0
  146. package/template/.opencode/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -0
  147. package/template/.opencode/skills/ui-ux-pro-max/data/styles.csv +85 -0
  148. package/template/.opencode/skills/ui-ux-pro-max/data/typography.csv +74 -0
  149. package/template/.opencode/skills/ui-ux-pro-max/data/ui-reasoning.csv +162 -0
  150. package/template/.opencode/skills/ui-ux-pro-max/data/ux-guidelines.csv +100 -0
  151. package/template/.opencode/skills/ui-ux-pro-max/scripts/core.py +262 -0
  152. package/template/.opencode/skills/ui-ux-pro-max/scripts/design_system.py +1148 -0
  153. package/template/.opencode/skills/ui-ux-pro-max/scripts/search.py +114 -0
  154. package/template/GIT_STRUCTURE_GUIDE.md +270 -0
  155. package/template/PROJECT_README.example.md +81 -0
  156. package/template/README.md +52 -0
  157. package/template/_gitignore +148 -0
  158. package/template/agent/workflows/analyst.md +58 -0
  159. package/template/agent/workflows/developer.md +66 -0
  160. package/template/agent/workflows/document.md +15 -0
  161. package/template/agent/workflows/fixer.md +64 -0
  162. package/template/agent/workflows/initiator.md +55 -0
  163. package/template/agent/workflows/pm.md +177 -0
  164. package/template/agent/workflows/sysacrh.md +352 -0
  165. package/template/agent/workflows/tester.md +80 -0
  166. package/template/codes/.gitkeep +1 -0
  167. package/template/project_overview_example.md +41 -0
  168. package/template/skills-lock.json +11 -0
  169. package/template/specifications/.gitkeep +1 -0
  170. package/template/tests/.gitkeep +1 -0
@@ -0,0 +1,93 @@
1
+ ---
2
+ name: developer
3
+ description: "use to coding"
4
+ model: sonnet
5
+ color: blue
6
+ memory: project
7
+ ---
8
+
9
+ **ACT AS:** Senior Fullstack Developer.
10
+ **CONTEXT:** Mengimplementasikan fitur berdasarkan spesifikasi.
11
+
12
+ **INSTRUCTION STEPS:**
13
+
14
+ 1. **Load Context:**
15
+ - Baca file spesifikasi target (misal: `specification/001_...md`).
16
+ - Baca file `development_log.md` (jika ada) untuk memahami progress terakhir.
17
+ - **BACA file `task/task_list.md`** untuk menemukan task yang akan dikerjakan.
18
+ 2. **Repo Management (CRITICAL - lakukan sebelum mulai coding):**
19
+
20
+
21
+ - **PENTING — Struktur Repo:** Workspace ini terdiri dari DUA repo git terpisah:
22
+ - **Agent repo** (root): `{project-name}/` — berisi semua file agent, spec, task, logs. Jangan commit kode produk di sini.
23
+ - **Product repo** (subfolder): `codes/` — repo git terpisah yang di-push ke `{repo-url}`. Semua operasi git untuk kode produk dilakukan DI DALAM folder `codes/`.
24
+ - **Semua perintah git untuk kode produk harus dijalankan dari dalam folder `codes/`.**
25
+ - **Cek branch saat ini** dengan `git -C codes/ branch --show-current` (atau masuk ke folder codes terlebih dahulu).
26
+ - **Apakah branch sudah sesuai** dengan fitur yang akan dikembangkan?
27
+ - **Jika YA:** Lanjut ke step 3.
28
+ - **Jika TIDAK:**
29
+ - Cek apakah ada perubahan yang belum di-commit dengan `git -C codes/ status`.
30
+ - **Jika ada perubahan belum ter-commit:** HENTIKAN pekerjaan. Informasikan kepada user bahwa branch saat ini masih memiliki perubahan yang belum di-commit. Minta user untuk commit, push, dan merge fitur tersebut ke branch `development` terlebih dahulu sebelum melanjutkan.
31
+ - **Jika semua sudah ter-commit (working tree clean):**
32
+ 1. Pindah ke branch `development`: `git -C codes/ checkout development`.
33
+ 2. Pull perubahan terbaru: `git -C codes/ pull origin development`.
34
+ 3. Buat atau pindah ke branch yang sesuai dengan fitur:
35
+ - Jika branch sudah ada: `git -C codes/ checkout nama-branch-fitur`.
36
+ - Jika branch belum ada: `git -C codes/ checkout -b nama-branch-fitur`.
37
+ - **Jika dari awal sudah di branch `development`:**
38
+ 1. Pull perubahan terbaru: `git -C codes/ pull origin development`.
39
+ 2. Buat branch baru yang sesuai dengan fitur yang akan dikembangkan: `git -C codes/ checkout -b nama-branch-fitur`.
40
+ - **Konvensi nama branch:** gunakan format `feature/nama-fitur` (misal: `feature/login`, `feature/payment-gateway`).
41
+ - **JANGAN lakukan commit dan push otomatis** setelah pekerjaan selesai. Hasil pekerjaan perlu diverifikasi oleh user terlebih dahulu.
42
+
43
+ 3. **Update Task Status - START (CRITICAL):**
44
+ - Cari task yang sesuai dengan spesifikasi yang akan dikerjakan di `task/task_list.md`.
45
+ - **UPDATE status task** dari `not_started` menjadi `dev`.
46
+ - Update field **"Last Updated"** dengan timestamp saat ini [YYYY-MM-DD HH:MM].
47
+ - Update field **"Assigned To"** dengan "Developer Agent".
48
+ 4. **Directory Check:** Cek apakah folder `codes/` ada. Jika tidak, **BUAT FOLDERNYA**.
49
+ 5. **Action (Coding):**
50
+ - Sebelum memulai coding, pastikan Anda memahami seluruh spesifikasi dengan baik.
51
+ - Pastikan spesifikasi yang akan diimplementasikan sudah disetujui oleh human Analyst. Jika belum, hentikan pekerjaanmu dan minta klarifikasi.
52
+ - Tulis source code yang sesuai dengan Tech Stack di `project_overview.md`.
53
+ - Simpan file source code di dalam folder `codes/`.
54
+ - Perhatikan detail UI/UX jika ada instruksi visual.
55
+ - Perhatikan apakah setiap spesifikasi terdiri dari frontend dan backend atau salah satu saja.
56
+ - Lakukan _Self-Reflection_: "Apakah kode ini aman? Apakah efisien?"
57
+ - Buat unit test yang bisa dieksekusi secara otomatis menggunakan framework dan tool yang tersedia seperti jest.
58
+ 6. **Logging (CRITICAL):**
59
+ Setelah kode selesai ditulis, lakukan pencatatan:
60
+ - **Cek Folder:** Pastikan folder `logs/development/{nama_file_spec_asli}/` tersedia. Jika belum, BUAT folder tersebut.
61
+ - **Nama File Log:** Gunakan format `dev_[nama_file_spec_asli].md`.
62
+ - _Contoh:_ Jika spec adalah `001_spec_login.md`, maka log bernama `logs/development/dev_001_spec_login.md`.
63
+ - **Isi Log (Template):**
64
+
65
+ ```markdown
66
+ # DEVELOPMENT LOG
67
+
68
+ **Target Spec:** [Nama File Spec]
69
+ **Date:** [YYYY-MM-DD HH:MM]
70
+ **Status:** [Completed / Partial]
71
+
72
+ ## 1. Implementation Summary
73
+
74
+ (Jelaskan secara naratif logika apa saja yang baru saja Anda bangun. Bagaimana data mengalir?)
75
+
76
+ ## 2. Files Created/Modified
77
+
78
+ - `codes/src/...` (Sebutkan fungsi utama file ini)
79
+ - `codes/components/...`
80
+
81
+ ## 3. Technical Notes
82
+
83
+ (Catatan untuk Developer lain atau QA. Misal: "Perlu set environment variable API_KEY dulu")
84
+ ```
85
+
86
+ 7. **Update Task Status - COMPLETE (CRITICAL):**
87
+ - Setelah development selesai dan log sudah dibuat, kembali ke `task/task_list.md`.
88
+ - **UPDATE status task** dari `dev` menjadi `ready_to_test`.
89
+ - Update field **"Last Updated"** dengan timestamp saat ini [YYYY-MM-DD HH:MM].
90
+ - Tambahkan notes di field **"Notes"** jika ada informasi penting (misal: "Butuh environment variable X").
91
+
92
+ **INPUT SAYA:**
93
+ "Tolong implementasikan spesifikasi berikut: [NAMA FILE SPEC]"
@@ -0,0 +1,142 @@
1
+ ---
2
+ name: find-skills
3
+ description: Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
4
+ ---
5
+
6
+ # Find Skills
7
+
8
+ This skill helps you discover and install skills from the open agent skills ecosystem.
9
+
10
+ ## When to Use This Skill
11
+
12
+ Use this skill when the user:
13
+
14
+ - Asks "how do I do X" where X might be a common task with an existing skill
15
+ - Says "find a skill for X" or "is there a skill for X"
16
+ - Asks "can you do X" where X is a specialized capability
17
+ - Expresses interest in extending agent capabilities
18
+ - Wants to search for tools, templates, or workflows
19
+ - Mentions they wish they had help with a specific domain (design, testing, deployment, etc.)
20
+
21
+ ## What is the Skills CLI?
22
+
23
+ The Skills CLI (`npx skills`) is the package manager for the open agent skills ecosystem. Skills are modular packages that extend agent capabilities with specialized knowledge, workflows, and tools.
24
+
25
+ **Key commands:**
26
+
27
+ - `npx skills find [query]` - Search for skills interactively or by keyword
28
+ - `npx skills add <package>` - Install a skill from GitHub or other sources
29
+ - `npx skills check` - Check for skill updates
30
+ - `npx skills update` - Update all installed skills
31
+
32
+ **Browse skills at:** https://skills.sh/
33
+
34
+ ## How to Help Users Find Skills
35
+
36
+ ### Step 1: Understand What They Need
37
+
38
+ When a user asks for help with something, identify:
39
+
40
+ 1. The domain (e.g., React, testing, design, deployment)
41
+ 2. The specific task (e.g., writing tests, creating animations, reviewing PRs)
42
+ 3. Whether this is a common enough task that a skill likely exists
43
+
44
+ ### Step 2: Check the Leaderboard First
45
+
46
+ Before running a CLI search, check the [skills.sh leaderboard](https://skills.sh/) to see if a well-known skill already exists for the domain. The leaderboard ranks skills by total installs, surfacing the most popular and battle-tested options.
47
+
48
+ For example, top skills for web development include:
49
+ - `vercel-labs/agent-skills` — React, Next.js, web design (100K+ installs each)
50
+ - `anthropics/skills` — Frontend design, document processing (100K+ installs)
51
+
52
+ ### Step 3: Search for Skills
53
+
54
+ If the leaderboard doesn't cover the user's need, run the find command:
55
+
56
+ ```bash
57
+ npx skills find [query]
58
+ ```
59
+
60
+ For example:
61
+
62
+ - User asks "how do I make my React app faster?" → `npx skills find react performance`
63
+ - User asks "can you help me with PR reviews?" → `npx skills find pr review`
64
+ - User asks "I need to create a changelog" → `npx skills find changelog`
65
+
66
+ ### Step 4: Verify Quality Before Recommending
67
+
68
+ **Do not recommend a skill based solely on search results.** Always verify:
69
+
70
+ 1. **Install count** — Prefer skills with 1K+ installs. Be cautious with anything under 100.
71
+ 2. **Source reputation** — Official sources (`vercel-labs`, `anthropics`, `microsoft`) are more trustworthy than unknown authors.
72
+ 3. **GitHub stars** — Check the source repository. A skill from a repo with <100 stars should be treated with skepticism.
73
+
74
+ ### Step 5: Present Options to the User
75
+
76
+ When you find relevant skills, present them to the user with:
77
+
78
+ 1. The skill name and what it does
79
+ 2. The install count and source
80
+ 3. The install command they can run
81
+ 4. A link to learn more at skills.sh
82
+
83
+ Example response:
84
+
85
+ ```
86
+ I found a skill that might help! The "react-best-practices" skill provides
87
+ React and Next.js performance optimization guidelines from Vercel Engineering.
88
+ (185K installs)
89
+
90
+ To install it:
91
+ npx skills add vercel-labs/agent-skills@react-best-practices
92
+
93
+ Learn more: https://skills.sh/vercel-labs/agent-skills/react-best-practices
94
+ ```
95
+
96
+ ### Step 6: Offer to Install
97
+
98
+ If the user wants to proceed, you can install the skill for them:
99
+
100
+ ```bash
101
+ npx skills add <owner/repo@skill> -g -y
102
+ ```
103
+
104
+ The `-g` flag installs globally (user-level) and `-y` skips confirmation prompts.
105
+
106
+ ## Common Skill Categories
107
+
108
+ When searching, consider these common categories:
109
+
110
+ | Category | Example Queries |
111
+ | --------------- | ---------------------------------------- |
112
+ | Web Development | react, nextjs, typescript, css, tailwind |
113
+ | Testing | testing, jest, playwright, e2e |
114
+ | DevOps | deploy, docker, kubernetes, ci-cd |
115
+ | Documentation | docs, readme, changelog, api-docs |
116
+ | Code Quality | review, lint, refactor, best-practices |
117
+ | Design | ui, ux, design-system, accessibility |
118
+ | Productivity | workflow, automation, git |
119
+
120
+ ## Tips for Effective Searches
121
+
122
+ 1. **Use specific keywords**: "react testing" is better than just "testing"
123
+ 2. **Try alternative terms**: If "deploy" doesn't work, try "deployment" or "ci-cd"
124
+ 3. **Check popular sources**: Many skills come from `vercel-labs/agent-skills` or `ComposioHQ/awesome-claude-skills`
125
+
126
+ ## When No Skills Are Found
127
+
128
+ If no relevant skills exist:
129
+
130
+ 1. Acknowledge that no existing skill was found
131
+ 2. Offer to help with the task directly using your general capabilities
132
+ 3. Suggest the user could create their own skill with `npx skills init`
133
+
134
+ Example:
135
+
136
+ ```
137
+ I searched for skills related to "xyz" but didn't find any matches.
138
+ I can still help you with this task directly! Would you like me to proceed?
139
+
140
+ If this is something you do often, you could create your own skill:
141
+ npx skills init my-xyz-skill
142
+ ```
@@ -0,0 +1,94 @@
1
+ ---
2
+ name: penetration-testing
3
+ description: >
4
+ Ethical hacking and security testing methodologies using penetration testing
5
+ tools, exploit frameworks, and manual security validation. Use when assessing
6
+ application security posture and identifying exploitable vulnerabilities.
7
+ ---
8
+
9
+ # Penetration Testing
10
+
11
+ ## Table of Contents
12
+
13
+ - [Overview](#overview)
14
+ - [When to Use](#when-to-use)
15
+ - [Quick Start](#quick-start)
16
+ - [Reference Guides](#reference-guides)
17
+ - [Best Practices](#best-practices)
18
+
19
+ ## Overview
20
+
21
+ Systematic security testing to identify, exploit, and document vulnerabilities in applications, networks, and infrastructure through simulated attacks.
22
+
23
+ ## When to Use
24
+
25
+ - Pre-production security validation
26
+ - Annual security assessments
27
+ - Compliance requirements (PCI-DSS, ISO 27001)
28
+ - Post-incident security review
29
+ - Third-party security audits
30
+ - Red team exercises
31
+
32
+ ## Quick Start
33
+
34
+ Minimal working example:
35
+
36
+ ```python
37
+ # pentest_framework.py
38
+ import requests
39
+ import socket
40
+ import subprocess
41
+ import json
42
+ from typing import List, Dict
43
+ from dataclasses import dataclass, asdict
44
+ from datetime import datetime
45
+
46
+ @dataclass
47
+ class Finding:
48
+ severity: str
49
+ category: str
50
+ target: str
51
+ vulnerability: str
52
+ evidence: str
53
+ remediation: str
54
+ cvss_score: float
55
+
56
+ class PenetrationTester:
57
+ def __init__(self, target: str):
58
+ self.target = target
59
+ self.findings: List[Finding] = []
60
+
61
+ def test_sql_injection(self, url: str) -> None:
62
+ // ... (see reference guides for full implementation)
63
+ ```
64
+
65
+ ## Reference Guides
66
+
67
+ Detailed implementations in the `references/` directory:
68
+
69
+ | Guide | Contents |
70
+ |---|---|
71
+ | [Automated Penetration Testing Framework](references/automated-penetration-testing-framework.md) | Automated Penetration Testing Framework |
72
+ | [Burp Suite Automation Script](references/burp-suite-automation-script.md) | Burp Suite Automation Script |
73
+
74
+ ## Best Practices
75
+
76
+ ### ✅ DO
77
+
78
+ - Get written authorization
79
+ - Define clear scope
80
+ - Use controlled environments
81
+ - Document all findings
82
+ - Follow responsible disclosure
83
+ - Provide remediation guidance
84
+ - Verify fixes after patching
85
+ - Maintain chain of custody
86
+
87
+ ### ❌ DON'T
88
+
89
+ - Test production without approval
90
+ - Cause service disruption
91
+ - Exfiltrate sensitive data
92
+ - Share findings publicly
93
+ - Exceed authorized scope
94
+ - Use destructive payloads
@@ -0,0 +1,328 @@
1
+ # Automated Penetration Testing Framework
2
+
3
+ ## Automated Penetration Testing Framework
4
+
5
+ ```python
6
+ # pentest_framework.py
7
+ import requests
8
+ import socket
9
+ import subprocess
10
+ import json
11
+ from typing import List, Dict
12
+ from dataclasses import dataclass, asdict
13
+ from datetime import datetime
14
+
15
+ @dataclass
16
+ class Finding:
17
+ severity: str
18
+ category: str
19
+ target: str
20
+ vulnerability: str
21
+ evidence: str
22
+ remediation: str
23
+ cvss_score: float
24
+
25
+ class PenetrationTester:
26
+ def __init__(self, target: str):
27
+ self.target = target
28
+ self.findings: List[Finding] = []
29
+
30
+ def test_sql_injection(self, url: str) -> None:
31
+ """Test for SQL injection vulnerabilities"""
32
+ print(f"Testing SQL injection on {url}")
33
+
34
+ payloads = [
35
+ "' OR '1'='1",
36
+ "'; DROP TABLE users--",
37
+ "' UNION SELECT NULL, NULL, NULL--",
38
+ "1' AND 1=1--",
39
+ "admin'--"
40
+ ]
41
+
42
+ for payload in payloads:
43
+ try:
44
+ response = requests.get(
45
+ url,
46
+ params={'id': payload},
47
+ timeout=5
48
+ )
49
+
50
+ # Check for SQL errors
51
+ sql_errors = [
52
+ 'mysql_fetch_array',
53
+ 'SQLServer JDBC Driver',
54
+ 'ORA-01756',
55
+ 'PostgreSQL',
56
+ 'sqlite3.OperationalError'
57
+ ]
58
+
59
+ for error in sql_errors:
60
+ if error in response.text:
61
+ self.findings.append(Finding(
62
+ severity='critical',
63
+ category='SQL Injection',
64
+ target=url,
65
+ vulnerability=f'SQL Injection detected with payload: {payload}',
66
+ evidence=f'Error message: {error}',
67
+ remediation='Use parameterized queries or prepared statements',
68
+ cvss_score=9.8
69
+ ))
70
+ break
71
+
72
+ except Exception as e:
73
+ print(f"Error testing {url}: {e}")
74
+
75
+ def test_xss(self, url: str) -> None:
76
+ """Test for Cross-Site Scripting vulnerabilities"""
77
+ print(f"Testing XSS on {url}")
78
+
79
+ payloads = [
80
+ "<script>alert('XSS')</script>",
81
+ "<img src=x onerror=alert('XSS')>",
82
+ "javascript:alert('XSS')",
83
+ "<svg onload=alert('XSS')>",
84
+ "'-alert('XSS')-'"
85
+ ]
86
+
87
+ for payload in payloads:
88
+ try:
89
+ response = requests.get(
90
+ url,
91
+ params={'q': payload},
92
+ timeout=5
93
+ )
94
+
95
+ if payload in response.text:
96
+ self.findings.append(Finding(
97
+ severity='high',
98
+ category='Cross-Site Scripting',
99
+ target=url,
100
+ vulnerability=f'Reflected XSS detected with payload: {payload}',
101
+ evidence='Payload reflected in response without sanitization',
102
+ remediation='Implement output encoding and Content Security Policy',
103
+ cvss_score=7.3
104
+ ))
105
+ break
106
+
107
+ except Exception as e:
108
+ print(f"Error testing {url}: {e}")
109
+
110
+ def test_authentication(self, login_url: str) -> None:
111
+ """Test authentication mechanisms"""
112
+ print(f"Testing authentication on {login_url}")
113
+
114
+ # Test default credentials
115
+ default_creds = [
116
+ ('admin', 'admin'),
117
+ ('admin', 'password'),
118
+ ('root', 'root'),
119
+ ('administrator', 'administrator')
120
+ ]
121
+
122
+ for username, password in default_creds:
123
+ try:
124
+ response = requests.post(
125
+ login_url,
126
+ data={'username': username, 'password': password},
127
+ timeout=5
128
+ )
129
+
130
+ if response.status_code == 200 and 'dashboard' in response.text.lower():
131
+ self.findings.append(Finding(
132
+ severity='critical',
133
+ category='Weak Authentication',
134
+ target=login_url,
135
+ vulnerability=f'Default credentials accepted: {username}/{password}',
136
+ evidence='Successful authentication with default credentials',
137
+ remediation='Enforce strong password policy and remove default accounts',
138
+ cvss_score=9.1
139
+ ))
140
+
141
+ except Exception as e:
142
+ print(f"Error testing credentials: {e}")
143
+
144
+ def test_security_headers(self, url: str) -> None:
145
+ """Test for missing security headers"""
146
+ print(f"Testing security headers on {url}")
147
+
148
+ try:
149
+ response = requests.get(url, timeout=5)
150
+
151
+ critical_headers = {
152
+ 'Strict-Transport-Security': 'HSTS not implemented',
153
+ 'X-Frame-Options': 'Clickjacking protection missing',
154
+ 'X-Content-Type-Options': 'MIME sniffing prevention missing',
155
+ 'Content-Security-Policy': 'CSP not implemented',
156
+ 'X-XSS-Protection': 'XSS protection header missing'
157
+ }
158
+
159
+ for header, description in critical_headers.items():
160
+ if header not in response.headers:
161
+ self.findings.append(Finding(
162
+ severity='medium',
163
+ category='Missing Security Header',
164
+ target=url,
165
+ vulnerability=f'Missing header: {header}',
166
+ evidence=description,
167
+ remediation=f'Add {header} header to all responses',
168
+ cvss_score=5.3
169
+ ))
170
+
171
+ except Exception as e:
172
+ print(f"Error testing headers: {e}")
173
+
174
+ def test_directory_traversal(self, url: str) -> None:
175
+ """Test for directory traversal vulnerabilities"""
176
+ print(f"Testing directory traversal on {url}")
177
+
178
+ payloads = [
179
+ '../../../etc/passwd',
180
+ '..\\..\\..\\windows\\system32\\drivers\\etc\\hosts',
181
+ '....//....//....//etc/passwd',
182
+ '%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd'
183
+ ]
184
+
185
+ for payload in payloads:
186
+ try:
187
+ response = requests.get(
188
+ url,
189
+ params={'file': payload},
190
+ timeout=5
191
+ )
192
+
193
+ # Check for Unix passwd file
194
+ if 'root:' in response.text or 'daemon:' in response.text:
195
+ self.findings.append(Finding(
196
+ severity='critical',
197
+ category='Directory Traversal',
198
+ target=url,
199
+ vulnerability=f'Path traversal detected with payload: {payload}',
200
+ evidence='System file contents exposed',
201
+ remediation='Validate and sanitize file paths, use whitelist approach',
202
+ cvss_score=8.6
203
+ ))
204
+ break
205
+
206
+ except Exception as e:
207
+ print(f"Error testing traversal: {e}")
208
+
209
+ def test_ssl_tls(self) -> None:
210
+ """Test SSL/TLS configuration"""
211
+ print(f"Testing SSL/TLS on {self.target}")
212
+
213
+ try:
214
+ result = subprocess.run(
215
+ ['testssl.sh', '--jsonfile', 'ssl-results.json', self.target],
216
+ capture_output=True,
217
+ text=True,
218
+ timeout=60
219
+ )
220
+
221
+ # Parse SSL test results
222
+ # This is a simplified check
223
+ weak_protocols = ['SSLv2', 'SSLv3', 'TLSv1.0']
224
+ for protocol in weak_protocols:
225
+ self.findings.append(Finding(
226
+ severity='high',
227
+ category='Weak SSL/TLS',
228
+ target=self.target,
229
+ vulnerability=f'Weak protocol enabled: {protocol}',
230
+ evidence='Outdated SSL/TLS protocol support',
231
+ remediation='Disable weak protocols, enforce TLS 1.2+',
232
+ cvss_score=7.5
233
+ ))
234
+
235
+ except Exception as e:
236
+ print(f"SSL test error: {e}")
237
+
238
+ def run_full_pentest(self, target_urls: List[str]) -> Dict:
239
+ """Execute comprehensive penetration test"""
240
+ for url in target_urls:
241
+ self.test_sql_injection(url)
242
+ self.test_xss(url)
243
+ self.test_security_headers(url)
244
+ self.test_directory_traversal(url)
245
+
246
+ self.test_ssl_tls()
247
+
248
+ return self.generate_report()
249
+
250
+ def generate_report(self) -> Dict:
251
+ """Generate comprehensive pentest report"""
252
+ summary = {
253
+ 'critical': 0,
254
+ 'high': 0,
255
+ 'medium': 0,
256
+ 'low': 0
257
+ }
258
+
259
+ for finding in self.findings:
260
+ if finding.severity in summary:
261
+ summary[finding.severity] += 1
262
+
263
+ report = {
264
+ 'timestamp': datetime.now().isoformat(),
265
+ 'target': self.target,
266
+ 'total_findings': len(self.findings),
267
+ 'summary': summary,
268
+ 'findings': [asdict(f) for f in self.findings],
269
+ 'risk_score': self._calculate_risk_score(),
270
+ 'recommendations': self._generate_recommendations()
271
+ }
272
+
273
+ with open('pentest-report.json', 'w') as f:
274
+ json.dump(report, f, indent=2)
275
+
276
+ return report
277
+
278
+ def _calculate_risk_score(self) -> float:
279
+ """Calculate overall risk score"""
280
+ if not self.findings:
281
+ return 0.0
282
+
283
+ total_cvss = sum(f.cvss_score for f in self.findings)
284
+ return round(total_cvss / len(self.findings), 2)
285
+
286
+ def _generate_recommendations(self) -> List[str]:
287
+ """Generate prioritized recommendations"""
288
+ recommendations = []
289
+
290
+ categories = {}
291
+ for finding in self.findings:
292
+ if finding.category not in categories:
293
+ categories[finding.category] = []
294
+ categories[finding.category].append(finding)
295
+
296
+ for category, findings in sorted(
297
+ categories.items(),
298
+ key=lambda x: len(x[1]),
299
+ reverse=True
300
+ ):
301
+ recommendations.append(
302
+ f"Address {len(findings)} {category} vulnerabilities"
303
+ )
304
+
305
+ return recommendations[:5]
306
+
307
+ # Usage
308
+ if __name__ == '__main__':
309
+ tester = PenetrationTester('https://example.com')
310
+
311
+ target_urls = [
312
+ 'https://example.com/api/users',
313
+ 'https://example.com/search',
314
+ 'https://example.com/download'
315
+ ]
316
+
317
+ report = tester.run_full_pentest(target_urls)
318
+
319
+ print("\n=== Penetration Test Report ===")
320
+ print(f"Target: {report['target']}")
321
+ print(f"Total Findings: {report['total_findings']}")
322
+ print(f"Risk Score: {report['risk_score']}")
323
+ print(f"\nFindings by Severity:")
324
+ print(f" Critical: {report['summary']['critical']}")
325
+ print(f" High: {report['summary']['high']}")
326
+ print(f" Medium: {report['summary']['medium']}")
327
+ print(f" Low: {report['summary']['low']}")
328
+ ```