opencode-skills-antigravity 1.0.39 → 1.0.40

package/bundled-skills/.antigravity-install-manifest.json

@@ -1,6 +1,6 @@
 {
   "schemaVersion": 1,
-  "updatedAt": "2026-03-29T15:34:05.670Z",
+  "updatedAt": "2026-03-29T16:37:41.285Z",
   "entries": [
     ".gitignore",
     "00-andruia-consultant",
@@ -701,6 +701,7 @@
     "javascript-typescript-typescript-scaffold",
     "jira-automation",
     "jobgpt",
+    "jq",
     "json-canvas",
     "julia-pro",
     "junta-leiloeiros",
@@ -1215,6 +1216,7 @@
     "threejs-skills",
     "threejs-textures",
     "tiktok-automation",
+    "tmux",
     "todoist-automation",
     "tool-design",
     "tool-use-guardian",
@@ -1261,6 +1263,7 @@
     "vexor-cli",
     "vibe-code-auditor",
     "vibers-code-review",
+    "viboscope",
     "videodb",
     "videodb-skills",
     "viral-generator-builder",

package/bundled-skills/docs/integrations/jetski-cortex.md

@@ -1,9 +1,9 @@
 ---
 title: Jetski/Cortex + Gemini Integration Guide
-description: "Come usare antigravity-awesome-skills con Jetski/Cortex evitando l’overflow di contesto con 1.331+ skill."
+description: "Come usare antigravity-awesome-skills con Jetski/Cortex evitando l’overflow di contesto con 1.332+ skill."
 ---
 
-# Jetski/Cortex + Gemini: integrazione sicura con 1.331+ skill
+# Jetski/Cortex + Gemini: integrazione sicura con 1.332+ skill
 
 Questa guida mostra come integrare il repository `antigravity-awesome-skills` con un agente basato su **Jetski/Cortex + Gemini** (o framework simili) **senza superare il context window** del modello.
 
@@ -23,7 +23,7 @@ Non bisogna mai:
 - concatenare il contenuto di tutte le `SKILL.md` in un singolo system prompt;
 - reiniettare l’intera libreria per **ogni** richiesta.
 
-Con oltre 1.331 skill, questo approccio riempie il context window prima ancora di aggiungere i messaggi dell’utente, causando l’errore di truncation.
+Con oltre 1.332 skill, questo approccio riempie il context window prima ancora di aggiungere i messaggi dell’utente, causando l’errore di truncation.
 
 ---
 

package/bundled-skills/docs/integrations/jetski-gemini-loader/README.md

@@ -20,7 +20,7 @@ This example shows one way to integrate **antigravity-awesome-skills** with a Je
 - How to enforce a **maximum number of skills per turn** via `maxSkillsPerTurn`.
 - How to choose whether to **truncate or error** when too many skills are requested via `overflowBehavior`.
 
-This pattern avoids context overflow when you have 1,331+ skills installed.
+This pattern avoids context overflow when you have 1,332+ skills installed.
 
 ---
 

package/bundled-skills/docs/maintainers/repo-growth-seo.md

@@ -6,7 +6,7 @@ This document keeps the repository's GitHub-facing discovery copy aligned with t
 
 Preferred positioning:
 
-> Installable GitHub library of 1,331+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.
+> Installable GitHub library of 1,332+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.
 
 Key framing:
 
@@ -20,7 +20,7 @@ Key framing:
 
 Preferred description:
 
-> Installable GitHub library of 1,331+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.
+> Installable GitHub library of 1,332+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.
 
 Preferred homepage:
 
@@ -28,7 +28,7 @@ Preferred homepage:
 
 Preferred social preview:
 
-- use a clean preview image that says `1,331+ Agentic Skills`;
+- use a clean preview image that says `1,332+ Agentic Skills`;
 - mention Claude Code, Cursor, Codex CLI, and Gemini CLI;
 - avoid dense text and tiny logos that disappear in social cards.
 

package/bundled-skills/docs/maintainers/security-findings-triage-2026-03-29-refresh.csv

@@ -0,0 +1,34 @@
+finding_id,title,current_status,current_paths,validation_reason,evidence
+1,Unsanitized frontmatter name enables path traversal in sync script,obsolete/not reproducible on current HEAD,tools/scripts/sync_microsoft_skills.py,sync_microsoft_skills.py now sanitizes flat names and constrains delete/copy targets to safe in-repo paths.,tools/scripts/tests/test_sync_microsoft_skills_security.py
+2,Stored XSS via rehype-raw rendering of skill markdown,obsolete/not reproducible on current HEAD,apps/web-app/src/pages/SkillDetail.tsx,SkillDetail still renders markdown without rehype-raw; the reported stored-XSS path does not reproduce.,apps/web-app/src/pages/SkillDetail.tsx
+3,Symlink-following copy leaks host files in setup_web,obsolete/not reproducible on current HEAD,tools/scripts/setup_web.js,setup_web.js now uses lstatSync plus resolveSafeRealPath() and skips out-of-root symlinks.,tools/scripts/tests/copy_security.test.js
+4,Insecure install guidance allows remote script execution,obsolete/not reproducible on current HEAD,skills/apify-actorization/SKILL.md,The Apify skill no longer recommends pipe-to-shell installs or token-on-command-line login.,skills/apify-actorization/SKILL.md
+5,"setup_web.js now follows symlinks, enabling file exfiltration",duplicate of another finding,tools/scripts/setup_web.js,Same root cause/fix area as finding 3.,tools/scripts/setup_web.js
+6,Symlink traversal in web asset setup copies arbitrary files,duplicate of another finding,tools/scripts/setup_web.js,Same root cause/fix area as finding 3.,tools/scripts/setup_web.js
+7,Symlink file copying in .github/skills sync leaks host files,obsolete/not reproducible on current HEAD,tools/scripts/sync_microsoft_skills.py,Microsoft sync now rejects unsafe symlink targets and only accepts safe regular files that stay within the cloned source root.,tools/scripts/tests/test_sync_microsoft_skills_security.py
+8,Symlinked file copy in Microsoft skill sync can leak host data,duplicate of another finding,tools/scripts/sync_microsoft_skills.py,Same root cause/fix area as finding 7.,tools/scripts/sync_microsoft_skills.py
+9,Committed Python bytecode can hide malicious logic,obsolete/not reproducible on current HEAD,skills/ui-ux-pro-max/scripts/__pycache__,Tracked __pycache__ artifacts are absent on current main and repo hygiene tests fail if they reappear.,tools/scripts/tests/repo_hygiene_security.test.js
+10,Symlinked SKILL.md can leak host files via index script,obsolete/not reproducible on current HEAD,tools/scripts/generate_index.py,generate_index.py now ignores symlinked SKILL.md files during index generation.,tools/scripts/tests/test_frontmatter_parsing_security.py
+11,"Example loader trusts manifest paths, enabling file read",obsolete/not reproducible on current HEAD,docs/integrations/jetski-gemini-loader/loader.mjs,The Jetski loader rejects symlinked skill directories/files and any resolved SKILL.md outside the configured skills root.,tools/scripts/tests/jetski_gemini_loader.test.cjs
+12,TLS certificate verification disabled in new scrapers,obsolete/not reproducible on current HEAD,skills/junta-leiloeiros/scripts/scraper/base_scraper.py | skills/junta-leiloeiros/scripts/web_scraper_fallback.py,TLS verification is enabled by default again; insecure behavior requires an explicit opt-out environment flag.,skills/junta-leiloeiros/scripts/scraper/base_scraper.py
+13,Complete bundle omits valid skill categories,obsolete/not reproducible on current HEAD,tools/lib/skill-filter.js | tools/scripts/build-catalog.js | data/bundles.json,The old helper-path omission still does not drive shipped bundle output; current bundles come from build-catalog.js.,tools/scripts/build-catalog.js
+14,Malformed frontmatter delimiter breaks YAML parsing for skills,obsolete/not reproducible on current HEAD,skills/alpha-vantage/SKILL.md,The malformed --- Unknown frontmatter regression is no longer present in alpha-vantage.,tools/scripts/tests/repo_hygiene_security.test.js
+15,ws_listener writes sensitive events to predictable /tmp files,obsolete/not reproducible on current HEAD,skills/videodb/scripts/ws_listener.py,ws_listener.py now defaults to a user-owned state directory and uses secure file creation.,tools/scripts/tests/local_temp_safety.test.js
+16,Symlink traversal lets /skills/ serve arbitrary local files,obsolete/not reproducible on current HEAD,apps/web-app/refresh-skills-plugin.js,refresh-skills-plugin.js resolves real paths under the skills root before serving /skills/*; the public Pages app no longer exposes the maintainer sync surface.,apps/web-app/refresh-skills-plugin.js
+17,Sync Skills endpoint follows symlinks from downloaded archive,duplicate of another finding,apps/web-app/refresh-skills-plugin.js,Same root cause/fix area as finding 16.,apps/web-app/refresh-skills-plugin.js
+18,Validation crash if YAML frontmatter is not a mapping,obsolete/not reproducible on current HEAD,tools/scripts/validate_skills.py,validate_skills.py now rejects non-mapping YAML frontmatter cleanly instead of crashing downstream validation.,tools/scripts/tests/test_frontmatter_parsing_security.py
+19,Anonymous Supabase writes allow skill star tampering,obsolete/not reproducible on current HEAD,apps/web-app/src/hooks/useSkillStars.ts | apps/web-app/src/lib/supabase.ts,useSkillStars now stores saves locally in the browser and no longer performs shared frontend writes through the public Supabase client.,apps/web-app/src/hooks/useSkillStars.ts
+20,Metadata fixer overwrites symlinked SKILL.md targets,obsolete/not reproducible on current HEAD,tools/scripts/fix_skills_metadata.py,fix_skills_metadata.py now skips symlinked SKILL.md files and non-mapping frontmatter.,tools/scripts/fix_skills_metadata.py
+21,Installer now dereferences symlinks during copy,obsolete/not reproducible on current HEAD,tools/bin/install.js,install.js now uses lstatSync plus resolveSafeRealPath() and skips symlinks that resolve outside the cloned repo root.,tools/scripts/tests/copy_security.test.js
+22,Installer merge path dereferences symlinks when copying,duplicate of another finding,tools/bin/install.js,Same root cause/fix area as finding 21.,tools/bin/install.js
+23,Cleanup sync deletes arbitrary paths via flat_name,duplicate of another finding,tools/scripts/sync_microsoft_skills.py,Same root cause/fix area as finding 1.,tools/scripts/sync_microsoft_skills.py
+24,Audio transcription example allows Python code injection,obsolete/not reproducible on current HEAD,skills/audio-transcriber/examples/basic-transcription.sh,The audio transcription example now uses a quoted heredoc and passes values via environment variables.,skills/audio-transcriber/examples/basic-transcription.sh
+25,Unbounded recursive skill traversal can crash catalog build,obsolete/not reproducible on current HEAD,tools/lib/skill-utils.js | tools/scripts/build-catalog.js,The claimed recursive symlink traversal in catalog discovery still does not reproduce on current code paths.,tools/lib/skill-utils.js
+26,Release scripts still use root skills_index.json path,obsolete/not reproducible on current HEAD,tools/scripts/update_readme.py | tools/scripts/generate_index.py | tools/scripts/release_workflow.js,"Root skills_index.json remains the canonical generated index, so the reported release-script path mismatch does not reproduce.",tools/scripts/release_workflow.js
+27,Symlink traversal in skill normalization allows file overwrite,obsolete/not reproducible on current HEAD,tools/lib/skill-utils.js | tools/scripts/normalize-frontmatter.js,"skill-utils.js now relies on lstatSync-based safe directory/file discovery, so normalization does not treat symlinked skill folders as writable local skills.",tools/lib/skill-utils.js
+28,last30days skill passes user input directly to Bash command,obsolete/not reproducible on current HEAD,skills/last30days/SKILL.md,"The last30days skill still passes user input as a quoted value through a temp file, so the reported direct shell-injection sink does not reproduce.",skills/last30days/SKILL.md
+29,Unvalidated YAML frontmatter can crash index generation,duplicate of another finding,tools/scripts/generate_index.py,Same root cause/fix area as finding 18.,tools/scripts/generate_index.py
+30,Predictable /tmp counter file enables local file clobbering,obsolete/not reproducible on current HEAD,skills/cc-skill-strategic-compact/suggest-compact.sh,The strategic compact hook now stores state under XDG_STATE_HOME instead of predictable shared /tmp paths.,tools/scripts/tests/local_temp_safety.test.js
+31,Symlink traversal risk in new sync script,obsolete/not reproducible on current HEAD,tools/scripts/sync_recommended_skills.sh,sync_recommended_skills.sh now preserves symlinks with cp -RP and avoids the destructive glob-delete pattern from the original report.,tools/scripts/tests/repo_hygiene_security.test.js
+32,skills_manager allows path traversal in enable/disable operations,obsolete/not reproducible on current HEAD,tools/scripts/skills_manager.py,skills_manager.py now resolves candidate paths relative to the intended base directory and rejects traversal attempts.,tools/scripts/tests/test_skills_manager_security.py
+33,Zip Slip risk in Office unpack scripts,obsolete/not reproducible on current HEAD,skills/docx-official/ooxml/scripts/unpack.py | skills/pptx-official/ooxml/scripts/unpack.py,The Office unpack helpers now validate archive members and reject traversal/symlink-style entries before extraction.,tools/scripts/tests/test_office_unpack_security.py

package/bundled-skills/docs/maintainers/security-findings-triage-2026-03-29-refresh.md

@@ -8,6 +8,8 @@ baseline.
 - Current verification target: `main@d63d99381b8f613f99c8cb7b758e7879b401f8a0`
 - The 2026-03-15 markdown file and CSV remain useful as historical input, not
   as the current source of truth.
+- A machine-readable companion export for this refresh lives at
+  [`security-findings-triage-2026-03-29-refresh.csv`](security-findings-triage-2026-03-29-refresh.csv).
 - Status meanings are unchanged:
   `still present and exploitable`, `still present but low practical risk`,
   `obsolete/not reproducible on current HEAD`, `duplicate of another finding`.

package/bundled-skills/docs/maintainers/skills-update-guide.md

@@ -69,7 +69,7 @@ For manual updates, you need:
 The update process refreshes:
 - Skills index (`skills_index.json`)
 - Web app skills data (`apps\web-app\public\skills.json`)
-- All 1,331+ skills from the skills directory
+- All 1,332+ skills from the skills directory
 
 ## When to Update
 

package/bundled-skills/docs/users/bundles.md

@@ -673,4 +673,4 @@ Found a skill that should be in a bundle? Or want to create a new bundle? [Open
 
 ---
 
-_Last updated: March 2026 | Total Skills: 1,331+ | Total Bundles: 37_
+_Last updated: March 2026 | Total Skills: 1,332+ | Total Bundles: 37_

package/bundled-skills/docs/users/claude-code-skills.md

@@ -12,7 +12,7 @@ Install the library into Claude Code, then invoke focused skills directly in the
 
 ## Why use this repo for Claude Code
 
-- It includes 1,331+ skills instead of a narrow single-domain starter pack.
+- It includes 1,332+ skills instead of a narrow single-domain starter pack.
 - It supports the standard `.claude/skills/` path and the Claude Code plugin marketplace flow.
 - It also ships generated bundle plugins so teams can install focused packs like `Essentials` or `Security Developer` from the marketplace metadata.
 - It includes onboarding docs, bundles, and workflows so new users do not need to guess where to begin.

package/bundled-skills/docs/users/gemini-cli-skills.md

@@ -12,7 +12,7 @@ Install into the Gemini skills path, then ask Gemini to apply one skill at a tim
 
 - It installs directly into the expected Gemini skills path.
 - It includes both core software engineering skills and deeper agent/LLM-oriented skills.
-- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,331+ files.
+- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,332+ files.
 - It is useful whether you want a broad internal skill library or a single repo to test many workflows quickly.
 
 ## Install Gemini CLI Skills

package/bundled-skills/docs/users/kiro-integration.md

@@ -18,7 +18,7 @@ Kiro is AWS's agentic AI IDE that combines:
 
 Kiro's agentic capabilities are enhanced by skills that provide:
 
-- **Domain expertise** across 1,331+ specialized areas
+- **Domain expertise** across 1,332+ specialized areas
 - **Best practices** from Anthropic, OpenAI, Google, Microsoft, and AWS
 - **Workflow automation** for common development tasks
 - **AWS-specific patterns** for serverless, infrastructure, and cloud architecture

package/bundled-skills/docs/users/usage.md

@@ -14,7 +14,7 @@ If you came in through a **Claude Code** or **Codex** plugin instead of a full l
 
 When you ran `npx antigravity-awesome-skills` or cloned the repository, you:
 
-✅ **Downloaded 1,331+ skill files** to your computer (default: `~/.gemini/antigravity/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`)  
+✅ **Downloaded 1,332+ skill files** to your computer (default: `~/.gemini/antigravity/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`)  
 ✅ **Made them available** to your AI assistant  
 ❌ **Did NOT enable them all automatically** (they're just sitting there, waiting)
 
@@ -34,7 +34,7 @@ Bundles are **curated groups** of skills organized by role. They help you decide
 
 **Analogy:**
 
-- You installed a toolbox with 1,331+ tools (✅ done)
+- You installed a toolbox with 1,332+ tools (✅ done)
 - Bundles are like **labeled organizer trays** saying: "If you're a carpenter, start with these 10 tools"
 - You can either **pick skills from the tray** or install that tray as a focused marketplace bundle plugin
 
@@ -212,7 +212,7 @@ Let's actually use a skill right now. Follow these steps:
 
 ## Step 5: Picking Your First Skills (Practical Advice)
 
-Don't try to use all 1,331+ skills at once. Here's a sensible approach:
+Don't try to use all 1,332+ skills at once. Here's a sensible approach:
 
 If you want a tool-specific starting point before choosing skills, use:
 
@@ -343,7 +343,7 @@ Usually no, but if your AI doesn't recognize a skill:
 
 ### "Can I load all skills into the model at once?"
 
-No. Even though you have 1,331+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block.
+No. Even though you have 1,332+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block.
 
 The intended pattern is:
 

package/bundled-skills/docs/users/visual-guide.md

@@ -34,7 +34,7 @@ antigravity-awesome-skills/
 ├── 📄 CONTRIBUTING.md                  ← Contributor workflow
 ├── 📄 CATALOG.md                       ← Full generated catalog
 │
-├── 📁 skills/                          ← 1,331+ skills live here
+├── 📁 skills/                          ← 1,332+ skills live here
 │   │
 │   ├── 📁 brainstorming/
 │   │   └── 📄 SKILL.md                 ← Skill definition
@@ -47,7 +47,7 @@ antigravity-awesome-skills/
 │   │   └── 📁 2d-games/
 │   │       └── 📄 SKILL.md             ← Nested skills also supported
 │   │
-│   └── ... (1,331+ total)
+│   └── ... (1,332+ total)
 │
 ├── 📁 apps/
 │   └── 📁 web-app/                     ← Interactive browser
@@ -100,7 +100,7 @@ antigravity-awesome-skills/
 
 ```
                     ┌─────────────────────────┐
-                    │  1,331+ SKILLS          │
+                    │  1,332+ SKILLS          │
                     └────────────┬────────────┘
                                  │
         ┌────────────────────────┼────────────────────────┐
@@ -201,7 +201,7 @@ If you want a workspace-style manual install instead, cloning into `.agent/skill
 │   ├── 📁 brainstorming/                 │
 │   ├── 📁 stripe-integration/            │
 │   ├── 📁 react-best-practices/          │
-│   └── ... (1,331+ total)                │
+│   └── ... (1,332+ total)                │
 └─────────────────────────────────────────┘
 ```
 

package/bundled-skills/jq/SKILL.md

@@ -0,0 +1,273 @@
+---
+name: jq
+description: "Expert jq usage for JSON querying, filtering, transformation, and pipeline integration. Practical patterns for real shell workflows."
+category: development
+risk: safe
+source: community
+date_added: "2026-03-28"
+author: kostakost2
+tags: [jq, json, shell, cli, data-transformation, bash]
+tools: [claude, cursor, gemini]
+---
+
+# jq — JSON Querying and Transformation
+
+## Overview
+
+`jq` is the standard CLI tool for querying and reshaping JSON. This skill covers practical, expert-level usage: filtering deeply nested data, transforming structures, aggregating values, and composing `jq` into shell pipelines. Every example is copy-paste ready for real workflows.
+
+## When to Use This Skill
+
+- Use when parsing JSON output from APIs, CLI tools (AWS, GitHub, kubectl, docker), or log files
+- Use when transforming JSON structure (rename keys, flatten arrays, group records)
+- Use when the user needs `jq` inside a bash script or one-liner
+- Use when explaining what a complex `jq` expression does
+
+## How It Works
+
+`jq` takes a filter expression and applies it to JSON input. Filters compose with pipes (`|`), and `jq` handles arrays, objects, strings, numbers, booleans, and `null` natively.
+
+### Basic Selection
+
+```bash
+# Extract a field
+echo '{"name":"alice","age":30}' | jq '.name'
+# "alice"
+
+# Nested access
+echo '{"user":{"email":"a@b.com"}}' | jq '.user.email'
+
+# Array index
+echo '[10, 20, 30]' | jq '.[1]'
+# 20
+
+# Array slice
+echo '[1,2,3,4,5]' | jq '.[2:4]'
+# [3, 4]
+
+# All array elements
+echo '[{"id":1},{"id":2}]' | jq '.[]'
+```
+
+### Filtering with `select`
+
+```bash
+# Keep only matching elements
+echo '[{"role":"admin"},{"role":"user"},{"role":"admin"}]' \
+  | jq '[.[] | select(.role == "admin")]'
+
+# Numeric comparison
+curl -s https://api.github.com/repos/owner/repo/issues \
+  | jq '[.[] | select(.comments > 5)]'
+
+# Test a field exists and is non-null
+jq '[.[] | select(.email != null)]'
+
+# Combine conditions
+jq '[.[] | select(.active == true and .score >= 80)]'
+```
+
+### Mapping and Transformation
+
+```bash
+# Extract a field from every array element
+echo '[{"name":"alice","age":30},{"name":"bob","age":25}]' \
+  | jq '[.[] | .name]'
+# ["alice", "bob"]
+
+# Shorthand: map()
+jq 'map(.name)'
+
+# Build a new object per element
+jq '[.[] | {user: .name, years: .age}]'
+
+# Add a computed field
+jq '[.[] | . + {senior: (.age > 28)}]'
+
+# Rename keys
+jq '[.[] | {username: .name, email_address: .email}]'
+```
+
+### Aggregation and Reduce
+
+```bash
+# Sum all values
+echo '[1, 2, 3, 4, 5]' | jq 'add'
+# 15
+
+# Sum a field across objects
+jq '[.[].price] | add'
+
+# Count elements
+jq 'length'
+
+# Max / min
+jq 'max_by(.score)'
+jq 'min_by(.created_at)'
+
+# reduce: custom accumulator
+echo '[1,2,3,4,5]' | jq 'reduce .[] as $x (0; . + $x)'
+# 15
+
+# Group by field
+jq 'group_by(.department)'
+
+# Count per group
+jq 'group_by(.status) | map({status: .[0].status, count: length})'
+```
+
+### String Interpolation and Formatting
+
+```bash
+# String interpolation
+jq -r '.[] | "\(.name) is \(.age) years old"'
+
+# Format as CSV (no header)
+jq -r '.[] | [.name, .age, .email] | @csv'
+
+# Format as TSV
+jq -r '.[] | [.name, .score] | @tsv'
+
+# URL-encode a value
+jq -r '.query | @uri'
+
+# Base64 encode
+jq -r '.data | @base64'
+```
+
+### Working with Keys and Paths
+
+```bash
+# List all top-level keys
+jq 'keys'
+
+# Check if key exists
+jq 'has("email")'
+
+# Delete a key
+jq 'del(.password)'
+
+# Delete nested keys from every element
+jq '[.[] | del(.internal_id, .raw_payload)]'
+
+# Recursive descent: find all values for a key anywhere in tree
+jq '.. | .id? // empty'
+
+# Get all leaf paths
+jq '[paths(scalars)]'
+```
+
+### Conditionals and Error Handling
+
+```bash
+# if-then-else
+jq 'if .score >= 90 then "A" elif .score >= 80 then "B" else "C" end'
+
+# Alternative operator: use fallback if null or false
+jq '.nickname // .name'
+
+# try-catch: skip errors instead of halting
+jq '[.[] | try .nested.value catch null]'
+
+# Suppress null output with // empty
+jq '.[] | .optional_field // empty'
+```
+
+### Practical Shell Integration
+
+```bash
+# Read from file
+jq '.users' data.json
+
+# Compact output (no whitespace) for further piping
+jq -c '.[]' records.json | while IFS= read -r record; do
+  echo "Processing: $record"
+done
+
+# Pass a shell variable into jq
+STATUS="active"
+jq --arg s "$STATUS" '[.[] | select(.status == $s)]'
+
+# Pass a number
+jq --argjson threshold 42 '[.[] | select(.value > $threshold)]'
+
+# Slurp multiple JSON lines into an array
+jq -s '.' records.ndjson
+
+# Multiple files: slurp all into one array
+jq -s 'add' file1.json file2.json
+
+# Null-safe pipeline from a command
+kubectl get pods -o json | jq '.items[] | {name: .metadata.name, status: .status.phase}'
+
+# GitHub CLI: extract PR numbers
+gh pr list --json number,title | jq -r '.[] | "\(.number)\t\(.title)"'
+
+# AWS CLI: list running instance IDs
+aws ec2 describe-instances \
+  | jq -r '.Reservations[].Instances[] | select(.State.Name=="running") | .InstanceId'
+
+# Docker: show container names and images
+docker inspect $(docker ps -q) | jq -r '.[] | "\(.Name)\t\(.Config.Image)"'
+```
+
+### Advanced Patterns
+
+```bash
+# Transpose an object of arrays to an array of objects
+# Input: {"names":["a","b"],"scores":[10,20]}
+jq '[.names, .scores] | transpose | map({name: .[0], score: .[1]})'
+
+# Flatten one level
+jq 'flatten(1)'
+
+# Unique by field
+jq 'unique_by(.email)'
+
+# Sort, deduplicate and re-index
+jq '[.[] | .name] | unique | sort'
+
+# Walk: apply transformation to every node recursively
+jq 'walk(if type == "string" then ascii_downcase else . end)'
+
+# env: read environment variables inside jq
+export API_KEY=secret
+jq -n 'env.API_KEY'
+```
+
+## Best Practices
+
+- Always use `-r` (raw output) when passing `jq` results to shell variables or other commands to strip JSON string quotes
+- Use `--arg` / `--argjson` to inject shell variables safely — never interpolate shell variables directly into filter strings
+- Prefer `map(f)` over `[.[] | f]` for readability
+- Use `-c` (compact) for newline-delimited JSON pipelines; omit it for human-readable debugging
+- Test filters interactively with `jq -n` and literal input before embedding in scripts
+- Use `empty` to drop unwanted elements rather than filtering to `null`
+
+## Security & Safety Notes
+
+- `jq` is read-only by design — it cannot write files or execute commands
+- Avoid embedding untrusted JSON field values directly into shell commands; always quote or use `--arg`
+
+## Common Pitfalls
+
+- **Problem:** `jq` outputs `null` instead of the expected value
+  **Solution:** Check for typos in key names; use `keys` to inspect actual field names. Remember JSON is case-sensitive.
+
+- **Problem:** Numbers are quoted as strings in the output
+  **Solution:** Use `--argjson` instead of `--arg` when injecting numeric values.
+
+- **Problem:** Filter works in the terminal but fails in a script
+  **Solution:** Ensure the filter string uses single quotes in the shell to prevent variable expansion. Example: `jq '.field'` not `jq ".field"`.
+
+- **Problem:** `add` returns `null` on an empty array
+  **Solution:** Use `add // 0` or `add // ""` to provide a fallback default.
+
+- **Problem:** Streaming large files is slow
+  **Solution:** Use `jq --stream` or switch to `jstream`/`gron` for very large files.
+
+## Related Skills
+
+- `@bash-pro` — Wrapping jq calls in robust shell scripts
+- `@bash-linux` — General shell pipeline patterns
+- `@github-automation` — Using jq with GitHub CLI JSON output

package/bundled-skills/odoo-edi-connector/SKILL.md

@@ -41,28 +41,49 @@ Electronic Data Interchange (EDI) is the standard for automated B2B document exc
 
 ```python
 from pyx12 import x12file  # pip install pyx12
+from datetime import datetime
 
 import xmlrpc.client
+import os
+
+odoo_url = os.getenv("ODOO_URL")
+db = os.getenv("ODOO_DB")
+pwd = os.getenv("ODOO_API_KEY") 
+uid = int(os.getenv("ODOO_UID", "2"))
 
-odoo_url = "https://myodoo.example.com"
-db, uid, pwd = "my_db", 2, "api_key"
 models = xmlrpc.client.ServerProxy(f"{odoo_url}/xmlrpc/2/object")
 
 def process_850(edi_file_path):
     """Parse X12 850 Purchase Order and create Odoo Sale Order"""
     with x12file.X12File(edi_file_path) as f:
         for transaction in f.get_transaction_sets():
-            # Extract header info (BEG segment)
-            po_number = transaction['BEG'][3]    # Purchase Order Number
-            po_date   = transaction['BEG'][5]    # Purchase Order Date
+            # Extract header info (BEG segment)                     
+            po_number = transaction['BEG'][3]    # Purchase Order Number                                                    
+            po_date   = transaction['BEG'][5]    # Purchase Order Date 
+
+            # IDEMPOTENCY CHECK: Verify PO doesn't already exist in Odoo
+            existing = models.execute_kw(db, uid, pwd, 'sale.order', 'search', [
+                [['client_order_ref', '=', po_number]]
+            ])
+            if existing:
+                print(f"Skipping: PO {po_number} already exists.")
+                continue 
 
             # Extract partner (N1 segment — Buyer)
-            partner_name = transaction['N1'][2]
 
-            # Find partner in Odoo
-            partner = models.execute_kw(db, uid, pwd, 'res.partner', 'search',
-                [[['name', 'ilike', partner_name]]])
-            partner_id = partner[0] if partner else False
+
+                        # Extract partner (N1 segment — Buyer)                  
+            partner_name = transaction.get_segment('N1')[2] if transaction.get_segment('N1') else "Unknown"                                                                             
+            
+            # Find partner in Odoo                                  
+            partner = models.execute_kw(db, uid, pwd, 'res.partner', 'search',                                                  
+                                [[['name', 'ilike', partner_name]]])                
+            
+            if not partner:
+                print(f"Error: Partner '{partner_name}' not found. Skipping transaction.")
+                continue
+                
+            partner_id = partner[0]
 
             # Extract line items (PO1 segments)
             order_lines = []
@@ -94,6 +115,7 @@ def process_850(edi_file_path):
 ```python
 def generate_997(isa_control, gs_control, transaction_control):
     """Generate a functional acknowledgment for received EDI"""
+    today = datetime.now().strftime('%y%m%d')
     return f"""ISA*00*          *00*          *ZZ*YOURISAID      *ZZ*PARTNERISAID   *{today}*1200*^*00501*{isa_control}*0*P*>~
 GS*FA*YOURGID*PARTNERGID*{today}*1200*{gs_control}*X*005010X231A1~
 ST*997*0001~

package/bundled-skills/odoo-woocommerce-bridge/SKILL.md

@@ -43,20 +43,24 @@ This skill guides you through building a reliable sync bridge between Odoo (the
 ```python
 from woocommerce import API
 import xmlrpc.client
+import os
 
 # WooCommerce client
 wcapi = API(
-    url="https://mystore.com",
-    consumer_key="ck_xxxxxxxxxxxxx",
-    consumer_secret="cs_xxxxxxxxxxxxx",
+    url=os.getenv("WC_URL", "https://mystore.com"),
+    consumer_key=os.getenv("WC_KEY"),
+    consumer_secret=os.getenv("WC_SECRET"),
     version="wc/v3"
 )
 
 # Odoo client
-odoo_url = "https://myodoo.example.com"
-db, uid, pwd = "my_db", 2, "api_key"
+odoo_url = os.getenv("ODOO_URL", "https://myodoo.example.com")
+db = os.getenv("ODOO_DB", "my_db")
+uid = int(os.getenv("ODOO_UID", "2"))
+pwd = os.getenv("ODOO_PASSWORD")
 models = xmlrpc.client.ServerProxy(f"{odoo_url}/xmlrpc/2/object")
 
+
 def sync_orders():
     # Get unprocessed WooCommerce orders
     orders = wcapi.get("orders", params={"status": "processing", "per_page": 50}).json()

package/bundled-skills/tmux/SKILL.md

@@ -0,0 +1,370 @@
+---
+name: tmux
+description: "Expert tmux session, window, and pane management for terminal multiplexing, persistent remote workflows, and shell scripting automation."
+category: development
+risk: safe
+source: community
+date_added: "2026-03-28"
+author: kostakost2
+tags: [tmux, terminal, multiplexer, sessions, shell, remote, automation]
+tools: [claude, cursor, gemini]
+---
+
+# tmux — Terminal Multiplexer
+
+## Overview
+
+`tmux` keeps terminal sessions alive across SSH disconnects, splits work across multiple panes, and enables fully scriptable terminal automation. This skill covers session management, window/pane layout, keybinding patterns, and using `tmux` non-interactively from shell scripts — essential for remote servers, long-running jobs, and automated workflows.
+
+## When to Use This Skill
+
+- Use when setting up or managing persistent terminal sessions on remote servers
+- Use when the user needs to run long-running processes that survive SSH disconnects
+- Use when scripting multi-pane terminal layouts (e.g., logs + shell + editor)
+- Use when automating `tmux` commands from bash scripts without user interaction
+
+## How It Works
+
+`tmux` has three hierarchy levels: **sessions** (top level, survives disconnects), **windows** (tabs within a session), and **panes** (splits within a window). Everything is controllable from outside via `tmux <command>` or from inside via the prefix key (`Ctrl-b` by default).
+
+### Session Management
+
+```bash
+# Create a new named session
+tmux new-session -s work
+
+# Create detached (background) session
+tmux new-session -d -s work
+
+# Create detached session and start a command
+tmux new-session -d -s build -x 220 -y 50 "make all"
+
+# Attach to a session
+tmux attach -t work
+tmux attach          # attaches to most recent session
+
+# List all sessions
+tmux list-sessions
+tmux ls
+
+# Detach from inside tmux
+# Prefix + d   (Ctrl-b d)
+
+# Kill a session
+tmux kill-session -t work
+
+# Kill all sessions except the current one
+tmux kill-session -a
+
+# Rename a session from outside
+tmux rename-session -t old-name new-name
+
+# Switch to another session from outside
+tmux switch-client -t other-session
+
+# Check if a session exists (useful in scripts)
+tmux has-session -t work 2>/dev/null && echo "exists"
+```
+
+### Window Management
+
+```bash
+# Create a new window in the current session
+tmux new-window -t work -n "logs"
+
+# Create a window running a specific command
+tmux new-window -t work:3 -n "server" "python -m http.server 8080"
+
+# List windows
+tmux list-windows -t work
+
+# Select (switch to) a window
+tmux select-window -t work:logs
+tmux select-window -t work:2       # by index
+
+# Rename a window
+tmux rename-window -t work:2 "editor"
+
+# Kill a window
+tmux kill-window -t work:logs
+
+# Move window to a new index
+tmux move-window -s work:3 -t work:1
+
+# From inside tmux:
+# Prefix + c     — new window
+# Prefix + ,     — rename window
+# Prefix + &     — kill window
+# Prefix + n/p   — next/previous window
+# Prefix + 0-9   — switch to window by number
+```
+
+### Pane Management
+
+```bash
+# Split pane vertically (left/right)
+tmux split-window -h -t work:1
+
+# Split pane horizontally (top/bottom)
+tmux split-window -v -t work:1
+
+# Split and run a command
+tmux split-window -h -t work:1 "tail -f /var/log/syslog"
+
+# Select a pane by index
+tmux select-pane -t work:1.0
+
+# Resize panes
+tmux resize-pane -t work:1.0 -R 20   # expand right by 20 cols
+tmux resize-pane -t work:1.0 -D 10   # shrink down by 10 rows
+tmux resize-pane -Z                   # toggle zoom (fullscreen)
+
+# Swap panes
+tmux swap-pane -s work:1.0 -t work:1.1
+
+# Kill a pane
+tmux kill-pane -t work:1.1
+
+# From inside tmux:
+# Prefix + %     — split vertical
+# Prefix + "     — split horizontal
+# Prefix + arrow — navigate panes
+# Prefix + z     — zoom/unzoom current pane
+# Prefix + x     — kill pane
+# Prefix + {/}   — swap pane with previous/next
+```
+
+### Sending Commands to Panes Without Being Attached
+
+```bash
+# Send a command to a specific pane and press Enter
+tmux send-keys -t work:1.0 "ls -la" Enter
+
+# Run a command in a background pane without attaching
+tmux send-keys -t work:editor "vim src/main.py" Enter
+
+# Send Ctrl+C to stop a running process
+tmux send-keys -t work:1.0 C-c
+
+# Send text without pressing Enter (useful for pre-filling prompts)
+tmux send-keys -t work:1.0 "git commit -m '"
+
+# Clear a pane
+tmux send-keys -t work:1.0 "clear" Enter
+
+# Check what's in a pane (capture its output)
+tmux capture-pane -t work:1.0 -p
+tmux capture-pane -t work:1.0 -p | grep "ERROR"
+```
+
+### Scripting a Full Workspace Layout
+
+This is the most powerful pattern: create a fully configured multi-pane workspace from a single script.
+
+```bash
+#!/usr/bin/env bash
+set -euo pipefail
+
+SESSION="dev"
+
+# Bail if session already exists
+tmux has-session -t "$SESSION" 2>/dev/null && {
+  echo "Session $SESSION already exists. Attaching..."
+  tmux attach -t "$SESSION"
+  exit 0
+}
+
+# Create session with first window
+tmux new-session -d -s "$SESSION" -n "editor" -x 220 -y 50
+
+# Window 1: editor + test runner side by side
+tmux send-keys -t "$SESSION:editor" "vim ." Enter
+tmux split-window -h -t "$SESSION:editor"
+tmux send-keys -t "$SESSION:editor.1" "npm test -- --watch" Enter
+tmux select-pane -t "$SESSION:editor.0"
+
+# Window 2: server logs
+tmux new-window -t "$SESSION" -n "server"
+tmux send-keys -t "$SESSION:server" "docker compose up" Enter
+tmux split-window -v -t "$SESSION:server"
+tmux send-keys -t "$SESSION:server.1" "tail -f logs/app.log" Enter
+
+# Window 3: general shell
+tmux new-window -t "$SESSION" -n "shell"
+
+# Focus first window
+tmux select-window -t "$SESSION:editor"
+
+# Attach
+tmux attach -t "$SESSION"
+```
+
+### Configuration (`~/.tmux.conf`)
+
+```bash
+# Change prefix to Ctrl-a (screen-style)
+unbind C-b
+set -g prefix C-a
+bind C-a send-prefix
+
+# Enable mouse support
+set -g mouse on
+
+# Start window/pane numbering at 1
+set -g base-index 1
+setw -g pane-base-index 1
+
+# Renumber windows when one is closed
+set -g renumber-windows on
+
+# Increase scrollback buffer
+set -g history-limit 50000
+
+# Use vi keys in copy mode
+setw -g mode-keys vi
+
+# Faster key repetition
+set -s escape-time 0
+
+# Reload config without restarting
+bind r source-file ~/.tmux.conf \; display "Config reloaded"
+
+# Intuitive splits: | and -
+bind | split-window -h -c "#{pane_current_path}"
+bind - split-window -v -c "#{pane_current_path}"
+
+# New windows open in current directory
+bind c new-window -c "#{pane_current_path}"
+
+# Status bar
+set -g status-right "#{session_name} | %H:%M %d-%b"
+set -g status-interval 5
+```
+
+### Copy Mode and Scrollback
+
+```bash
+# Enter copy mode (scroll up through output)
+# Prefix + [
+
+# In vi mode:
+# / to search forward, ? to search backward
+# Space to start selection, Enter to copy
+# q to exit copy mode
+
+# Paste the most recent buffer
+# Prefix + ]
+
+# List paste buffers
+tmux list-buffers
+
+# Show the most recent buffer
+tmux show-buffer
+
+# Save buffer to a file
+tmux save-buffer /tmp/tmux-output.txt
+
+# Load a file into a buffer
+tmux load-buffer /tmp/data.txt
+
+# Pipe pane output to a command
+tmux pipe-pane -t work:1.0 "cat >> ~/session.log"
+```
+
+### Practical Automation Patterns
+
+```bash
+# Idempotent session: create or attach
+ensure_session() {
+  local name="$1"
+  tmux has-session -t "$name" 2>/dev/null \
+    || tmux new-session -d -s "$name"
+  tmux attach -t "$name"
+}
+
+# Run a command in a new background window and tail its output
+run_bg() {
+  local session="${1:-main}" cmd="${*:2}"
+  tmux new-window -t "$session" -n "bg-$$"
+  tmux send-keys -t "$session:bg-$$" "$cmd" Enter
+}
+
+# Wait for a pane to produce specific output (polling)
+wait_for_output() {
+  local target="$1" pattern="$2" timeout="${3:-30}"
+  local elapsed=0
+  while (( elapsed < timeout )); do
+    tmux capture-pane -t "$target" -p | grep -q "$pattern" && return 0
+    sleep 1
+    (( elapsed++ ))
+  done
+  return 1
+}
+
+# Kill all background windows matching a name prefix
+kill_bg_windows() {
+  local session="$1" prefix="${2:-bg-}"
+  tmux list-windows -t "$session" -F "#W" \
+    | grep "^${prefix}" \
+    | while read -r win; do
+        tmux kill-window -t "${session}:${win}"
+      done
+}
+```
+
+### Remote and SSH Workflows
+
+```bash
+# SSH and immediately attach to an existing session
+ssh user@host -t "tmux attach -t work || tmux new-session -s work"
+
+# Run a command on remote host inside a tmux session (fire and forget)
+ssh user@host "tmux new-session -d -s deploy 'bash /opt/deploy.sh'"
+
+# Watch the remote session output from another terminal
+ssh user@host -t "tmux attach -t deploy -r"  # read-only attach
+
+# Pair programming: share a session (both users attach to the same session)
+# User 1:
+tmux new-session -s shared
+# User 2 (same server):
+tmux attach -t shared
+```
+
+## Best Practices
+
+- Always name sessions (`-s name`) in scripts — unnamed sessions are hard to target reliably
+- Use `tmux has-session -t name 2>/dev/null` before creating to make scripts idempotent
+- Set `-x` and `-y` when creating detached sessions to give panes a proper size for commands that check terminal dimensions
+- Use `send-keys ... Enter` for automation rather than piping stdin — it works even when the target pane is running an interactive program
+- Keep `~/.tmux.conf` in version control for reproducibility across machines
+- Prefer `bind -n` for bindings that don't need the prefix, but only for keys that don't conflict with application shortcuts
+
+## Security & Safety Notes
+
+- `send-keys` executes commands in a pane without confirmation — verify the target (`-t session:window.pane`) before use in scripts to avoid sending keystrokes to the wrong pane
+- Read-only attach (`-r`) is appropriate when sharing sessions with others to prevent accidental input
+- Avoid storing secrets in tmux window/pane titles or environment variables exported into sessions on shared machines
+
+## Common Pitfalls
+
+- **Problem:** `tmux` commands from a script fail with "no server running"
+  **Solution:** Start the server first with `tmux start-server`, or create a detached session before running other commands.
+
+- **Problem:** Pane size is 0x0 when creating a detached session
+  **Solution:** Pass explicit dimensions: `tmux new-session -d -s name -x 200 -y 50`.
+
+- **Problem:** `send-keys` types the text but doesn't run the command
+  **Solution:** Ensure you pass `Enter` (capital E) as a second argument: `tmux send-keys -t target "cmd" Enter`.
+
+- **Problem:** Script creates a duplicate session each run
+  **Solution:** Guard with `tmux has-session -t name 2>/dev/null || tmux new-session -d -s name`.
+
+- **Problem:** Copy-mode selection doesn't work as expected
+  **Solution:** Confirm `mode-keys vi` or `mode-keys emacs` is set to match your preference in `~/.tmux.conf`.
+
+## Related Skills
+
+- `@bash-pro` — Writing the shell scripts that orchestrate tmux sessions
+- `@bash-linux` — General Linux terminal patterns used inside tmux panes
+- `@ssh` — Combining tmux with SSH for persistent remote workflows

package/bundled-skills/viboscope/SKILL.md

@@ -0,0 +1,64 @@
+---
+name: viboscope
+description: "Psychological compatibility matching — find cofounders, collaborators, and friends through validated psychometrics"
+category: collaboration
+risk: safe
+source: community
+date_added: "2026-03-29"
+author: ivanschmidt
+tags: [matching, psychology, compatibility, networking, collaboration]
+tools: [claude, cursor, codex, gemini, windsurf]
+---
+
+# Viboscope
+
+## Overview
+
+Viboscope helps find compatible people — cofounders, project partners, friends, romantic partners — through deep psychological compatibility matching. It builds a profile across 10 validated dimensions and calculates mathematical compatibility with other users.
+
+## When to Use This Skill
+
+- Use when looking for a cofounder or project collaborator
+- Use when wanting to find people with compatible work style and values
+- Use when checking compatibility with a specific person via invite link
+
+## How It Works
+
+### Step 1: Install
+
+```bash
+curl -fsS https://viboscope.com/api/v1/skill -o viboscope.md
+```
+
+Save to your platform's skills directory.
+
+### Step 2: Build Profile
+
+The skill guides a 5-minute onboarding that builds a psychological profile using:
+- AI assistant portrait (fastest — 2 min for 90%+ profile)
+- 5 validated questionnaires (Big Five, Values, Attachment, Conflict, Work Style)
+- Context scan from workspace files
+
+### Step 3: Search
+
+Search across 7 contexts: business, romantic, friendship, professional, intellectual, hobby, general. Results include percentage scores and human-readable explanations of why you match.
+
+## Examples
+
+### Example 1: Find a Cofounder
+
+Tell your AI agent: "Install Viboscope and find me a cofounder"
+
+The agent will guide you through profiling, then search for business-compatible matches with aligned values and complementary work styles.
+
+### Example 2: Check Compatibility
+
+Share your invite link: `viboscope.com/match/@your_nick`
+
+When someone opens it with their AI agent, both see a compatibility breakdown.
+
+## Links
+
+- Website: https://viboscope.com
+- GitHub: https://github.com/ivankoriako/viboscope
+- API: https://viboscope.com/api/v1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-skills-antigravity",
-  "version": "1.0.39",
+  "version": "1.0.40",
   "description": "OpenCode CLI plugin that automatically downloads and keeps Antigravity Awesome Skills up to date.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",