opencode-skills-antigravity 1.0.7 → 1.0.8

package/bundled-skills/bdistill-behavioral-xray/SKILL.md

@@ -0,0 +1,86 @@
+---
+name: bdistill-behavioral-xray
+description: "X-ray any AI model's behavioral patterns — refusal boundaries, hallucination tendencies, reasoning style, formatting defaults. No API key needed."
+category: ai-testing
+risk: safe
+source: community
+date_added: "2026-03-20"
+author: FrancyJGLisboa
+tags: [ai, testing, behavioral-analysis, model-evaluation, red-team, compliance, mcp]
+tools: [claude, cursor, codex, copilot]
+---
+
+# Behavioral X-Ray
+
+Systematically probe an AI model's behavioral patterns and generate a visual report. The AI agent probes *itself* — no API key or external setup needed.
+
+## Overview
+
+bdistill's Behavioral X-Ray runs 30 carefully designed probe questions across 6 dimensions, auto-tags each response with behavioral metadata, and compiles results into a styled HTML report with radar charts and actionable insights.
+
+Use it to understand your model before building with it, compare models for task selection, or track behavioral drift over time.
+
+## When to Use This Skill
+
+- Use when you want to understand how your AI model actually behaves (not how it claims to)
+- Use when choosing between models for a specific task
+- Use when debugging unexpected refusals, hallucinations, or formatting issues
+- Use for compliance auditing — documenting model behavior at deployment boundaries
+- Use for red team assessments — systematic boundary mapping across safety dimensions
+
+## How It Works
+
+### Step 1: Install
+
+```bash
+pip install bdistill
+claude mcp add bdistill -- bdistill-mcp   # Claude Code
+```
+
+For other tools, add bdistill-mcp as an MCP server in your project config.
+
+### Step 2: Run the probe
+
+In Claude Code:
+```
+/xray                          # Full behavioral probe (30 questions)
+/xray --dimensions refusal     # Probe just one dimension
+/xray-report                   # Generate report from completed probe
+```
+
+In any tool with MCP:
+```
+"X-ray your behavioral patterns"
+"Test your refusal boundaries"
+"Generate a behavioral report"
+```
+
+## Probe Dimensions
+
+| Dimension | What it measures |
+|-----------|-----------------|
+| **tool_use** | When does it call tools vs. answer from knowledge? |
+| **refusal** | Where does it draw safety boundaries? Does it over-refuse? |
+| **formatting** | Lists vs. prose? Code blocks? Length calibration? |
+| **reasoning** | Does it show chain-of-thought? Handle trick questions? |
+| **persona** | Identity, tone matching, composure under hostility |
+| **grounding** | Hallucination resistance, fabrication traps, knowledge limits |
+
+## Output
+
+A styled HTML report showing:
+- Refusal rate, hedge rate, chain-of-thought usage
+- Per-dimension breakdown with bar charts
+- Notable response examples with behavioral tags
+- Actionable insights (e.g., "you already show CoT 85% of the time, no need to prompt for it")
+
+## Best Practices
+
+- Answer probe questions honestly — the value is in authentic behavioral data
+- Run probes on the same model periodically to track behavioral drift
+- Compare reports across models to make informed selection decisions
+- Use adversarial knowledge extraction (`/distill --adversarial`) alongside behavioral probes for complete model profiling
+
+## Related Skills
+
+- `@bdistill-knowledge-extraction` - Extract structured domain knowledge from any AI model

package/bundled-skills/bdistill-knowledge-extraction/SKILL.md

@@ -0,0 +1,105 @@
+---
+name: bdistill-knowledge-extraction
+description: "Extract structured domain knowledge from AI models in-session or from local open-source models via Ollama. No API key needed."
+category: ai-research
+risk: safe
+source: community
+date_added: "2026-03-20"
+author: FrancyJGLisboa
+tags: [ai, knowledge-extraction, domain-specific, data-moat, mcp, reference-data]
+tools: [claude, cursor, codex, copilot]
+---
+
+# Knowledge Extraction
+
+Extract structured, quality-scored domain knowledge from any AI model — in-session from closed models (no API key) or locally from open-source models via Ollama.
+
+## Overview
+
+bdistill turns your AI subscription sessions into a compounding knowledge base. The agent answers targeted domain questions, bdistill structures and quality-scores the responses, and the output accumulates into a searchable, exportable reference dataset.
+
+Adversarial mode challenges the agent's claims — forcing evidence, corrections, and acknowledged limitations — producing validated knowledge entries.
+
+## When to Use This Skill
+
+- Use when you need structured reference data on any domain (medical, legal, finance, cybersecurity)
+- Use when building lookup tables, Q&A datasets, or research corpora
+- Use when generating training data for traditional ML models (regression, classification — NOT competing LLMs)
+- Use when you want cross-model comparison on domain knowledge
+
+## How It Works
+
+### Step 1: Install
+
+```bash
+pip install bdistill
+claude mcp add bdistill -- bdistill-mcp   # Claude Code
+```
+
+### Step 2: Extract knowledge in-session
+
+```
+/distill medical cardiology                    # Preset domain
+/distill --custom kubernetes docker helm       # Custom terms
+/distill --adversarial medical                 # With adversarial validation
+```
+
+### Step 3: Search, export, compound
+
+```bash
+bdistill kb list                               # Show all domains
+bdistill kb search "atrial fibrillation"       # Keyword search
+bdistill kb export -d medical -f csv           # Export as spreadsheet
+bdistill kb export -d medical -f markdown      # Readable knowledge document
+```
+
+## Output Format
+
+Structured reference JSONL — not training data:
+
+```json
+{
+  "question": "What causes myocardial infarction?",
+  "answer": "Myocardial infarction results from acute coronary artery occlusion...",
+  "domain": "medical",
+  "category": "cardiology",
+  "tags": ["mechanistic", "evidence-based"],
+  "quality_score": 0.73,
+  "confidence": 1.08,
+  "validated": true,
+  "source_model": "Claude Sonnet 4"
+}
+```
+
+## Tabular ML Data Generation
+
+Generate structured training data for traditional ML models:
+
+```
+/schema sepsis | hr:float, bp:float, temp:float, wbc:float | risk:category[low,moderate,high,critical]
+```
+
+Exports as CSV ready for pandas/sklearn. Each row tracks source_model for cross-model analysis.
+
+## Local Model Extraction (Ollama)
+
+For open-source models running locally:
+
+```bash
+# Install Ollama from https://ollama.com
+ollama serve
+ollama pull qwen3:4b
+
+bdistill extract --domain medical --model qwen3:4b
+```
+
+## Security & Safety Notes
+
+- In-session extraction uses your existing subscription — no additional API keys
+- Local extraction runs entirely on your machine via Ollama
+- No data is sent to external services
+- Output is reference data, not LLM training format
+
+## Related Skills
+
+- `@bdistill-behavioral-xray` - X-ray a model's behavioral patterns

package/bundled-skills/docs/integrations/jetski-cortex.md

@@ -1,9 +1,9 @@
 ---
 title: Jetski/Cortex + Gemini Integration Guide
-description: "Come usare antigravity-awesome-skills con Jetski/Cortex evitando l’overflow di contesto con 1.304+ skill."
+description: "Come usare antigravity-awesome-skills con Jetski/Cortex evitando l’overflow di contesto con 1.306+ skill."
 ---
 
-# Jetski/Cortex + Gemini: integrazione sicura con 1.304+ skill
+# Jetski/Cortex + Gemini: integrazione sicura con 1.306+ skill
 
 Questa guida mostra come integrare il repository `antigravity-awesome-skills` con un agente basato su **Jetski/Cortex + Gemini** (o framework simili) **senza superare il context window** del modello.
 
@@ -23,7 +23,7 @@ Non bisogna mai:
 - concatenare il contenuto di tutte le `SKILL.md` in un singolo system prompt;
 - reiniettare l’intera libreria per **ogni** richiesta.
 
-Con oltre 1.304 skill, questo approccio riempie il context window prima ancora di aggiungere i messaggi dell’utente, causando l’errore di truncation.
+Con oltre 1.306 skill, questo approccio riempie il context window prima ancora di aggiungere i messaggi dell’utente, causando l’errore di truncation.
 
 ---
 

package/bundled-skills/docs/integrations/jetski-gemini-loader/README.md

@@ -20,7 +20,7 @@ This example shows one way to integrate **antigravity-awesome-skills** with a Je
 - How to enforce a **maximum number of skills per turn** via `maxSkillsPerTurn`.
 - How to choose whether to **truncate or error** when too many skills are requested via `overflowBehavior`.
 
-This pattern avoids context overflow when you have 1,304+ skills installed.
+This pattern avoids context overflow when you have 1,306+ skills installed.
 
 ---
 

package/bundled-skills/docs/maintainers/repo-growth-seo.md

@@ -6,7 +6,7 @@ This document keeps the repository's GitHub-facing discovery copy aligned with t
 
 Preferred positioning:
 
-> Installable GitHub library of 1,304+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.
+> Installable GitHub library of 1,306+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.
 
 Key framing:
 
@@ -20,7 +20,7 @@ Key framing:
 
 Preferred description:
 
-> Installable GitHub library of 1,304+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.
+> Installable GitHub library of 1,306+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.
 
 Preferred homepage:
 
@@ -28,7 +28,7 @@ Preferred homepage:
 
 Preferred social preview:
 
-- use a clean preview image that says `1,304+ Agentic Skills`;
+- use a clean preview image that says `1,306+ Agentic Skills`;
 - mention Claude Code, Cursor, Codex CLI, and Gemini CLI;
 - avoid dense text and tiny logos that disappear in social cards.
 

package/bundled-skills/docs/maintainers/skills-update-guide.md

@@ -69,7 +69,7 @@ For manual updates, you need:
 The update process refreshes:
 - Skills index (`skills_index.json`)
 - Web app skills data (`apps\web-app\public\skills.json`)
-- All 1,304+ skills from the skills directory
+- All 1,306+ skills from the skills directory
 
 ## When to Update
 

package/bundled-skills/docs/users/bundles.md

@@ -579,4 +579,4 @@ Found a skill that should be in a bundle? Or want to create a new bundle? [Open
 
 ---
 
-_Last updated: March 2026 | Total Skills: 1,304+ | Total Bundles: 36_
+_Last updated: March 2026 | Total Skills: 1,306+ | Total Bundles: 36_

package/bundled-skills/docs/users/claude-code-skills.md

@@ -6,7 +6,7 @@ Antigravity Awesome Skills gives Claude Code users an installable library of `SK
 
 ## Why use this repo for Claude Code
 
-- It includes 1,304+ skills instead of a narrow single-domain starter pack.
+- It includes 1,306+ skills instead of a narrow single-domain starter pack.
 - It supports the standard `.claude/skills/` path and the Claude Code plugin marketplace flow.
 - It includes onboarding docs, bundles, and workflows so new users do not need to guess where to begin.
 - It covers both everyday engineering tasks and specialized work like security reviews, infrastructure, product planning, and documentation.

package/bundled-skills/docs/users/gemini-cli-skills.md

@@ -8,7 +8,7 @@ Antigravity Awesome Skills supports Gemini CLI through the `.gemini/skills/` pat
 
 - It installs directly into the expected Gemini skills path.
 - It includes both core software engineering skills and deeper agent/LLM-oriented skills.
-- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,304+ files.
+- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,306+ files.
 - It is useful whether you want a broad internal skill library or a single repo to test many workflows quickly.
 
 ## Install Gemini CLI Skills

package/bundled-skills/docs/users/getting-started.md

@@ -1,4 +1,4 @@
-# Getting Started with Antigravity Awesome Skills (V8.4.0)
+# Getting Started with Antigravity Awesome Skills (V8.5.0)
 
 **New here? This guide will help you supercharge your AI Agent in 5 minutes.**
 

package/bundled-skills/docs/users/kiro-integration.md

@@ -18,7 +18,7 @@ Kiro is AWS's agentic AI IDE that combines:
 
 Kiro's agentic capabilities are enhanced by skills that provide:
 
-- **Domain expertise** across 1,304+ specialized areas
+- **Domain expertise** across 1,306+ specialized areas
 - **Best practices** from Anthropic, OpenAI, Google, Microsoft, and AWS
 - **Workflow automation** for common development tasks
 - **AWS-specific patterns** for serverless, infrastructure, and cloud architecture

package/bundled-skills/docs/users/usage.md

@@ -12,7 +12,7 @@ Great question! Here's what just happened and what to do next:
 
 When you ran `npx antigravity-awesome-skills` or cloned the repository, you:
 
-✅ **Downloaded 1,304+ skill files** to your computer (default: `~/.gemini/antigravity/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`)  
+✅ **Downloaded 1,306+ skill files** to your computer (default: `~/.gemini/antigravity/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`)  
 ✅ **Made them available** to your AI assistant  
 ❌ **Did NOT enable them all automatically** (they're just sitting there, waiting)
 
@@ -32,7 +32,7 @@ Bundles are **recommended lists** of skills grouped by role. They help you decid
 
 **Analogy:**
 
-- You installed a toolbox with 1,304+ tools (✅ done)
+- You installed a toolbox with 1,306+ tools (✅ done)
 - Bundles are like **labeled organizer trays** saying: "If you're a carpenter, start with these 10 tools"
 - You don't install bundles—you **pick skills from them**
 
@@ -192,7 +192,7 @@ Let's actually use a skill right now. Follow these steps:
 
 ## Step 5: Picking Your First Skills (Practical Advice)
 
-Don't try to use all 1,304+ skills at once. Here's a sensible approach:
+Don't try to use all 1,306+ skills at once. Here's a sensible approach:
 
 If you want a tool-specific starting point before choosing skills, use:
 
@@ -323,7 +323,7 @@ Usually no, but if your AI doesn't recognize a skill:
 
 ### "Can I load all skills into the model at once?"
 
-No. Even though you have 1,304+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block.
+No. Even though you have 1,306+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block.
 
 The intended pattern is:
 

package/bundled-skills/docs/users/visual-guide.md

@@ -34,7 +34,7 @@ antigravity-awesome-skills/
 ├── 📄 CONTRIBUTING.md                  ← Contributor workflow
 ├── 📄 CATALOG.md                       ← Full generated catalog
 │
-├── 📁 skills/                          ← 1,304+ skills live here
+├── 📁 skills/                          ← 1,306+ skills live here
 │   │
 │   ├── 📁 brainstorming/
 │   │   └── 📄 SKILL.md                 ← Skill definition
@@ -47,7 +47,7 @@ antigravity-awesome-skills/
 │   │   └── 📁 2d-games/
 │   │       └── 📄 SKILL.md             ← Nested skills also supported
 │   │
-│   └── ... (1,304+ total)
+│   └── ... (1,306+ total)
 │
 ├── 📁 apps/
 │   └── 📁 web-app/                     ← Interactive browser
@@ -100,7 +100,7 @@ antigravity-awesome-skills/
 
 ```
                     ┌─────────────────────────┐
-                    │  1,304+ SKILLS          │
+                    │  1,306+ SKILLS          │
                     └────────────┬────────────┘
                                  │
         ┌────────────────────────┼────────────────────────┐
@@ -201,7 +201,7 @@ If you want a workspace-style manual install instead, cloning into `.agent/skill
 │   ├── 📁 brainstorming/                 │
 │   ├── 📁 stripe-integration/            │
 │   ├── 📁 react-best-practices/          │
-│   └── ... (1,304+ total)                │
+│   └── ... (1,306+ total)                │
 └─────────────────────────────────────────┘
 ```
 

package/bundled-skills/last30days/SKILL.md

@@ -93,7 +93,12 @@ echo "Edit to add your API keys for enhanced research."
 **Step 1: Run the research script**
 
 ```bash
-python3 ~/.claude/skills/last30days/scripts/last30days.py "$ARGUMENTS" --emit=compact 2>&1
+TOPIC_FILE="$(mktemp)"
+trap 'rm -f "$TOPIC_FILE"' EXIT
+cat <<'LAST30DAYS_TOPIC' > "$TOPIC_FILE"
+$ARGUMENTS
+LAST30DAYS_TOPIC
+python3 ~/.claude/skills/last30days/scripts/last30days.py "$(cat "$TOPIC_FILE")" --emit=compact 2>&1
 ```
 
 The script will automatically:

package/bundled-skills/videodb/scripts/ws_listener.py

@@ -6,7 +6,7 @@ Usage:
   python scripts/ws_listener.py [OPTIONS] [output_dir]
 
 Arguments:
-  output_dir  Directory for output files (default: /tmp or VIDEODB_EVENTS_DIR env var)
+  output_dir  Directory for output files (default: XDG_STATE_HOME/videodb-events or VIDEODB_EVENTS_DIR env var)
 
 Options:
   --clear     Clear the events file before starting (use when starting a new session)
@@ -20,14 +20,15 @@ Output (first line, for parsing):
   WS_ID=<connection_id>
 
 Examples:
-  python scripts/ws_listener.py &                    # Run in background
-  python scripts/ws_listener.py --clear              # Clear events and start fresh
-  python scripts/ws_listener.py --clear /tmp/mydir   # Custom dir with clear
-  kill $(cat /tmp/videodb_ws_pid)                    # Stop the listener
+  python scripts/ws_listener.py &                             # Run in background
+  python scripts/ws_listener.py --clear                       # Clear events and start fresh
+  python scripts/ws_listener.py --clear /path/mydir          # Custom dir with clear
+  kill $(cat ~/.local/state/videodb-events/videodb_ws_pid)   # Stop the listener
 """
 import os
 import sys
 import json
+import stat
 import signal
 import asyncio
 from datetime import datetime, timezone
@@ -42,6 +43,8 @@ import videodb
 MAX_RETRIES = 10
 INITIAL_BACKOFF = 1  # seconds
 MAX_BACKOFF = 60     # seconds
+FILE_MODE = 0o600
+DIR_MODE = 0o700
 
 # Parse arguments
 def parse_args():
@@ -78,18 +81,62 @@ def log(msg: str):
     print(f"[{ts}] {msg}", flush=True)
 
 
+def ensure_output_dir():
+    """Create the output directory if needed and reject symlinked paths."""
+    if OUTPUT_DIR.exists():
+        if OUTPUT_DIR.is_symlink():
+            raise OSError(f"Refusing to use symlinked output directory: {OUTPUT_DIR}")
+        if not OUTPUT_DIR.is_dir():
+            raise OSError(f"Output path is not a directory: {OUTPUT_DIR}")
+        return
+
+    OUTPUT_DIR.mkdir(parents=True, mode=DIR_MODE, exist_ok=True)
+
+
+def secure_open(path: Path, *, append: bool):
+    """Open a regular file without following symlinks."""
+    ensure_output_dir()
+    flags = os.O_WRONLY | os.O_CREAT
+    flags |= os.O_APPEND if append else os.O_TRUNC
+    flags |= getattr(os, "O_NOFOLLOW", 0)
+
+    fd = os.open(path, flags, FILE_MODE)
+    try:
+        file_stat = os.fstat(fd)
+        if not stat.S_ISREG(file_stat.st_mode):
+            raise OSError(f"Refusing to write non-regular file: {path}")
+        if file_stat.st_nlink != 1:
+            raise OSError(f"Refusing to write multiply linked file: {path}")
+        return fd
+    except Exception:
+        os.close(fd)
+        raise
+
+
+def secure_write_text(path: Path, content: str):
+    """Write text to a regular file with private permissions."""
+    fd = secure_open(path, append=False)
+    with os.fdopen(fd, "w", encoding="utf-8") as handle:
+        handle.write(content)
+
+
+def secure_append_text(path: Path, content: str):
+    """Append text to a regular file with private permissions."""
+    fd = secure_open(path, append=True)
+    with os.fdopen(fd, "a", encoding="utf-8") as handle:
+        handle.write(content)
+
+
 def append_event(event: dict):
     """Append event to JSONL file with timestamps."""
     event["ts"] = datetime.now(timezone.utc).isoformat()
     event["unix_ts"] = datetime.now(timezone.utc).timestamp()
-    with open(EVENTS_FILE, "a") as f:
-        f.write(json.dumps(event) + "\n")
+    secure_append_text(EVENTS_FILE, json.dumps(event) + "\n")
 
 
 def write_pid():
     """Write PID file for easy process management."""
-    OUTPUT_DIR.mkdir(parents=True, exist_ok=True)
-    PID_FILE.write_text(str(os.getpid()))
+    secure_write_text(PID_FILE, str(os.getpid()))
 
 
 def cleanup_pid():
@@ -115,7 +162,7 @@ async def listen_with_retry():
             ws_id = ws.connection_id
             
             # Ensure output directory exists
-            OUTPUT_DIR.mkdir(parents=True, exist_ok=True)
+            ensure_output_dir()
             
             # Clear events file only on first connection if --clear flag is set
             if _first_connection and CLEAR_EVENTS:
@@ -124,7 +171,7 @@ async def listen_with_retry():
             _first_connection = False
             
             # Write ws_id to file for easy retrieval
-            WS_ID_FILE.write_text(ws_id)
+            secure_write_text(WS_ID_FILE, ws_id)
             
             # Print ws_id (parseable format for LLM)
             if retry_count == 0:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-skills-antigravity",
-  "version": "1.0.7",
+  "version": "1.0.8",
   "description": "OpenCode CLI plugin that automatically downloads and keeps Antigravity Awesome Skills up to date.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",