opencode-skills-collection 3.0.0-beta.1 → 3.0.1

package/bundled-skills/.antigravity-install-manifest.json

@@ -1,6 +1,6 @@
 {
   "schemaVersion": 1,
-  "updatedAt": "2026-04-28T16:54:22.141Z",
+  "updatedAt": "2026-05-01T01:51:53.950Z",
   "entries": [
     "00-andruia-consultant",
     "007",
@@ -284,6 +284,7 @@
     "brand-perception-psychologist",
     "brevo-automation",
     "broken-authentication",
+    "brooks-lint",
     "browser-automation",
     "browser-extension-builder",
     "bug-hunter",
@@ -296,6 +297,7 @@
     "burpsuite-project-parser",
     "business-analyst",
     "busybox-on-windows",
+    "buywhere-product-catalog",
     "c-pro",
     "c4-architecture-c4-architecture",
     "c4-code",
@@ -760,6 +762,7 @@
     "kpi-dashboard-design",
     "kubernetes-architect",
     "kubernetes-deployment",
+    "kubestellar-console",
     "lambda-lang",
     "lambdatest-agent-skills",
     "landing-page-generator",
@@ -809,6 +812,7 @@
     "llm-structured-output",
     "local-legal-seo-audit",
     "local-llm-expert",
+    "logic-lens",
     "logistics-exception-management",
     "loki-mode",
     "loss-aversion-designer",
@@ -1227,6 +1231,7 @@
     "sql-pro",
     "sqlmap-database-pentesting",
     "square-automation",
+    "squirrel",
     "sred-project-organizer",
     "sred-work-summary",
     "ssh-penetration-testing",

package/bundled-skills/brooks-lint/SKILL.md

@@ -0,0 +1,137 @@
+---
+name: brooks-lint
+description: "AI code reviewer grounded in classic software engineering books for catching design smells, coupling issues, and architectural risks."
+category: development
+risk: safe
+source: community
+source_repo: hyhmrright/brooks-lint
+source_type: community
+license: "MIT"
+license_source: "https://github.com/hyhmrright/brooks-lint/blob/main/LICENSE"
+date_added: "2026-04-29"
+author: hyhmrright
+tags: [code-review, architecture, software-design, refactoring, claude-code]
+tools: [claude, codex, cursor, gemini]
+---
+
+# Brooks Lint
+
+## Overview
+
+Brooks Lint is a Claude Code skill that reviews your code through the lens of 12 classic software engineering books. Instead of checking style rules, it asks: "What would the authors of *The Pragmatic Programmer*, *Clean Code*, and *Designing Data-Intensive Applications* say about this code?"
+
+It synthesizes the principles from landmark engineering books into actionable, structured feedback — catching design smells, tight coupling, missing abstractions, and architectural risks that linters and AI tools typically miss.
+
+Named after Fred Brooks, author of *The Mythical Man-Month* — because the hardest bugs are conceptual, not syntactic.
+
+## The 12 Books
+
+| Book | Key Principles Applied |
+|------|----------------------|
+| *The Pragmatic Programmer* | DRY, orthogonality, tracer bullets |
+| *Clean Code* | Naming, function size, comment clarity |
+| *The Mythical Man-Month* | Conceptual integrity, second-system effect |
+| *Designing Data-Intensive Applications* | Data consistency, fault tolerance, scalability |
+| *A Philosophy of Software Design* | Deep modules, information hiding, complexity |
+| *Refactoring* | Code smells, extract method, encapsulation |
+| *Working Effectively with Legacy Code* | Seams, characterization tests, dependency breaking |
+| *Domain-Driven Design* | Ubiquitous language, bounded contexts, aggregates |
+| *Release It!* | Stability patterns, timeouts, bulkheads, circuit breakers |
+| *Structure and Interpretation of Computer Programs* | Abstraction, recursion, metalinguistic abstraction |
+| *The Art of UNIX Programming* | Modularity, composability, rule of least surprise |
+| *Extreme Programming Explained* | YAGNI, simple design, collective ownership |
+
+## When to Use This Skill
+
+- Use when you want architectural feedback beyond what linters provide
+- Use before major refactors to identify structural debt
+- Use when reviewing code that "works but feels wrong"
+- Use when onboarding to a codebase to quickly map risk areas
+- Use for design reviews before starting a new module or service
+
+## How It Works
+
+Brooks Lint applies each book's core principles as a review lens:
+
+1. **Smell detection**: Flags violations of DRY, SRP, Law of Demeter, etc.
+2. **Coupling analysis**: Identifies tight dependencies and missing abstraction layers
+3. **Naming critique**: Applies Clean Code naming rules to variables, methods, classes
+4. **Architecture review**: Checks for DDIA-style data consistency and fault tolerance gaps
+5. **Stability patterns**: Flags missing timeouts, retries, and circuit breakers (Release It!)
+6. **Complexity scoring**: Applies APOSD complexity metrics to identify over-engineered sections
+
+## Installation
+
+```bash
+# Install via Claude Code plugin marketplace
+# Search: "brooks-lint" in Claude Code > Extensions
+
+# Or install via NPX (Antigravity)
+npx antigravity-awesome-skills --claude
+# Then invoke: @brooks-lint
+```
+
+## Examples
+
+### Example 1: Review a Service Class
+
+```
+@brooks-lint review src/services/PaymentService.ts
+```
+
+**Brooks Lint output:**
+```
+[Pragmatic Programmer] DRY violation: payment validation logic duplicated in 3 places
+[Clean Code] Method processPayment() does 4 things — violates Single Responsibility
+[Release It!] No timeout on external payment gateway call — risk of cascade failure
+[DDIA] No idempotency key — retry on network error will double-charge
+[APOSD] PaymentService knows too much about UserRepository — high coupling
+```
+
+### Example 2: Full Codebase Architecture Review
+
+```
+@brooks-lint analyze the overall architecture of this codebase
+```
+
+### Example 3: Pre-Refactor Review
+
+```
+@brooks-lint what are the biggest design smells in this module before I refactor it?
+```
+
+## Review Categories
+
+| Category | Books Applied | What It Catches |
+|----------|--------------|-----------------|
+| **DRY / Duplication** | PP, Refactoring | Copy-paste code, shared logic not extracted |
+| **Naming** | Clean Code, DDD | Unclear names, domain language violations |
+| **Coupling** | APOSD, PP | Tight dependencies, missing interfaces |
+| **Stability** | Release It! | Missing timeouts, no retry logic, no circuit breakers |
+| **Data Integrity** | DDIA | Race conditions, non-idempotent operations |
+| **Complexity** | APOSD, SICP | Over-engineering, unnecessary abstraction |
+| **Legacy Debt** | WELC | Hard-to-test code, missing seams |
+| **Domain Clarity** | DDD, XP | Anemic models, missing bounded contexts |
+
+## Best Practices
+
+- Run `@brooks-lint` after writing new service layers or data pipelines
+- Combine with `@logic-lens` for full coverage: logic bugs + design smells
+- Use `@brooks-lint analyze architecture` weekly on growing codebases
+- Focus on CRITICAL and HIGH findings first — LOW findings are style suggestions
+
+## Related Skills
+
+- `@logic-lens` — Complementary: catches logic bugs; brooks-lint catches design issues
+- `@security-auditor` — Specialized security-only deep scan
+- `@lint-and-validate` — Style/syntax linting to run alongside design review
+
+## Additional Resources
+
+- [GitHub Repository](https://github.com/hyhmrright/brooks-lint)
+- [Dev.to Article: I Synthesized 12 Classic Engineering Books into an AI Code Reviewer](https://dev.to/hyhmrright/i-synthesized-12-classic-engineering-books-into-an-ai-code-reviewer-heres-what-it-caught-3ed1)
+- [Related skill: logic-lens](https://github.com/hyhmrright/logic-lens)
+
+## Limitations
+
+Use this skill only when the task clearly matches the scope described above (design review and architectural analysis). Brooks Lint applies AI-powered analysis grounded in established engineering principles. It should complement — not replace — human design review for production-critical decisions. Results reflect the principles of the 12 source books and may not apply to all architectural styles or domains.

package/bundled-skills/buywhere-product-catalog/SKILL.md

@@ -0,0 +1,113 @@
+---
+name: buywhere-product-catalog
+description: "Use BuyWhere's MCP and API surfaces to add product search, price comparison, and deal discovery to AI shopping agents."
+category: ecommerce
+risk: safe
+source: official
+source_repo: BuyWhere/buywhere-cursor-plugin
+source_type: official
+license: "Not declared"
+license_source: "https://github.com/BuyWhere/buywhere-cursor-plugin"
+date_added: "2026-04-29"
+author: BuyWhere
+tags: [buywhere, ecommerce, shopping, mcp, api, product-catalog]
+tools: [claude, cursor, codex, gemini]
+---
+
+# BuyWhere Product Catalog
+
+## Overview
+
+BuyWhere gives AI agents a product-catalog surface for shopping flows, price comparison, and deal discovery. Use this skill when you want an agent to connect product search or merchant-aware commerce actions through BuyWhere's MCP setup path or API onboarding flow.
+
+The safest public starting points are the live developer portal, API key signup flow, MCP guide, and the official Cursor plugin repository.
+
+## When to Use This Skill
+
+- Use when you want to add structured product search to an AI shopping or recommendation agent.
+- Use when the user asks for BuyWhere MCP setup in Cursor, Claude Desktop, or a custom agent runtime.
+- Use when you need a concrete onboarding path for BuyWhere API keys, MCP configuration, or plugin discovery.
+
+## How It Works
+
+### Step 1: Choose the integration surface
+
+Start from the public BuyWhere entry point that matches the user's setup:
+
+- Developer portal: `https://buywhere.ai/developers/`
+- API key signup: `https://buywhere.ai/api-keys/`
+- MCP integration guide: `https://api.buywhere.ai/docs/guides/mcp`
+- Cursor plugin repo: `https://github.com/BuyWhere/buywhere-cursor-plugin`
+
+### Step 2: Confirm the user's runtime
+
+Ask which host the user is integrating with before giving setup instructions:
+
+- Cursor or another MCP-capable coding assistant
+- Claude Desktop
+- A custom MCP client
+- A direct REST API integration
+
+Do not assume the same config file or launch command works across all hosts.
+
+### Step 3: Guide the first successful connection
+
+Prefer a minimal first-run path:
+
+1. Get a BuyWhere API key.
+2. Follow the MCP or plugin setup path for the host runtime.
+3. Run one simple product-search request before expanding to comparison or deal workflows.
+
+### Step 4: Expand into commerce workflows
+
+Once the first query works, help the user branch into the next layer:
+
+- product search and discovery
+- price comparison across merchants
+- deal discovery flows
+- shopping-agent orchestration that routes users to merchant destinations
+
+## Examples
+
+### Example 1: Cursor plugin discovery
+
+```text
+Use BuyWhere Product Catalog to help me connect BuyWhere inside Cursor and verify one product-search query.
+```
+
+### Example 2: MCP onboarding
+
+```text
+Use BuyWhere Product Catalog to set up BuyWhere MCP for my shopping agent and keep the first test minimal.
+```
+
+## Best Practices
+
+- ✅ Start from the live developer portal or API key flow before giving configuration details.
+- ✅ Keep the first proof of integration to one successful query.
+- ✅ Ask which MCP host or API runtime the user is using.
+- ❌ Do not claim a specific product-count or retailer-count unless you have current runtime evidence.
+- ❌ Do not send users to deprecated or broken documentation surfaces when a working public page exists.
+
+## Limitations
+
+- This skill does not replace environment-specific validation inside the target MCP host or API client.
+- Public BuyWhere surfaces can change, so re-check live URLs when precise setup details matter.
+
+## Security & Safety Notes
+
+- Treat API keys as secrets. Use placeholders in examples and never paste live credentials into chat, docs, or screenshots.
+- Confirm the user's target host before suggesting filesystem paths, launch commands, or local config edits.
+
+## Common Pitfalls
+
+- **Problem:** The user wants BuyWhere setup help but has not created an API key yet.
+  **Solution:** Start at `https://buywhere.ai/api-keys/` and only move to config after that step is complete.
+
+- **Problem:** A documentation hostname is unavailable.
+  **Solution:** Prefer the live developer portal, API key flow, MCP guide on `api.buywhere.ai`, and the official GitHub plugin repo.
+
+## Related Skills
+
+- `@api-design-principles` - Use when the user needs API-shape guidance around a commerce integration.
+- `@mcp-builder` - Use when the user is building or extending an MCP server rather than consuming one.

package/bundled-skills/docs/integrations/jetski-cortex.md

@@ -1,9 +1,9 @@
 ---
 title: Jetski/Cortex + Gemini Integration Guide
-description: "Use antigravity-awesome-skills with Jetski/Cortex without hitting context-window overflow with 1,436+ skills."
+description: "Use antigravity-awesome-skills with Jetski/Cortex without hitting context-window overflow with 1,441+ skills."
 ---
 
-# Jetski/Cortex + Gemini: safe integration with 1,436+ skills
+# Jetski/Cortex + Gemini: safe integration with 1,441+ skills
 
 This guide shows how to integrate the `antigravity-awesome-skills` repository with an agent based on **Jetski/Cortex + Gemini** (or similar frameworks) **without exceeding the model context window**.
 
@@ -23,7 +23,7 @@ Never do:
 - concatenate all `SKILL.md` content into a single system prompt;
 - re-inject the entire library for **every** request.
 
-With 1,436+ skills, this approach fills the context window before user messages are even added, causing truncation.
+With 1,441+ skills, this approach fills the context window before user messages are even added, causing truncation.
 
 ---
 

package/bundled-skills/docs/integrations/jetski-gemini-loader/README.md

@@ -20,7 +20,7 @@ This example shows one way to integrate **antigravity-awesome-skills** with a Je
 - How to enforce a **maximum number of skills per turn** via `maxSkillsPerTurn`.
 - How to choose whether to **truncate or error** when too many skills are requested via `overflowBehavior`.
 
-This pattern avoids context overflow when you have 1,436+ skills installed.
+This pattern avoids context overflow when you have 1,441+ skills installed.
 
 ---
 

package/bundled-skills/docs/maintainers/repo-growth-seo.md

@@ -6,7 +6,7 @@ This document keeps the repository's GitHub-facing discovery copy aligned with t
 
 Preferred positioning:
 
-> Installable GitHub library of 1,436+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.
+> Installable GitHub library of 1,441+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and other AI coding assistants.
 
 Key framing:
 
@@ -20,7 +20,7 @@ Key framing:
 
 Preferred description:
 
-> Installable GitHub library of 1,436+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.
+> Installable GitHub library of 1,441+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.
 
 Preferred homepage:
 
@@ -28,7 +28,7 @@ Preferred homepage:
 
 Preferred social preview:
 
-- use a clean preview image that says `1,436+ Agentic Skills`;
+- use a clean preview image that says `1,441+ Agentic Skills`;
 - mention Claude Code, Cursor, Codex CLI, and Gemini CLI;
 - avoid dense text and tiny logos that disappear in social cards.
 

package/bundled-skills/docs/maintainers/skills-update-guide.md

@@ -69,7 +69,7 @@ For manual updates, you need:
 The update process refreshes:
 - Skills index (`skills_index.json`)
 - Web app skills data (`apps\web-app\public\skills.json`)
-- All 1,436+ skills from the skills directory
+- All 1,441+ skills from the skills directory
 
 ## When to Update
 

package/bundled-skills/docs/users/bundles.md

@@ -673,4 +673,4 @@ Found a skill that should be in a bundle? Or want to create a new bundle? [Open
 
 ---
 
-_Last updated: March 2026 | Total Skills: 1,436+ | Total Bundles: 37_
+_Last updated: March 2026 | Total Skills: 1,441+ | Total Bundles: 37_

package/bundled-skills/docs/users/claude-code-skills.md

@@ -12,7 +12,7 @@ Install the library into Claude Code, then invoke focused skills directly in the
 
 ## Why use this repo for Claude Code
 
-- It includes 1,436+ skills instead of a narrow single-domain starter pack.
+- It includes 1,441+ skills instead of a narrow single-domain starter pack.
 - It supports the standard `.claude/skills/` path and the Claude Code plugin marketplace flow.
 - It also ships generated bundle plugins so teams can install focused packs like `Essentials` or `Security Developer` from the marketplace metadata.
 - It includes onboarding docs, bundles, and workflows so new users do not need to guess where to begin.

package/bundled-skills/docs/users/gemini-cli-skills.md

@@ -12,7 +12,7 @@ Install into the Gemini skills path, then ask Gemini to apply one skill at a tim
 
 - It installs directly into the expected Gemini skills path.
 - It includes both core software engineering skills and deeper agent/LLM-oriented skills.
-- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,436+ files.
+- It helps new users get started with bundles and workflows rather than forcing a cold start from 1,441+ files.
 - It is useful whether you want a broad internal skill library or a single repo to test many workflows quickly.
 
 ## Install Gemini CLI Skills

package/bundled-skills/docs/users/getting-started.md

@@ -1,4 +1,4 @@
-# Getting Started with Antigravity Awesome Skills (V10.7.0)
+# Getting Started with Antigravity Awesome Skills (V10.8.0)
 
 **New here? This guide will help you supercharge your AI Agent in 5 minutes.**
 

package/bundled-skills/docs/users/kiro-integration.md

@@ -18,7 +18,7 @@ Kiro is AWS's agentic AI IDE that combines:
 
 Kiro's agentic capabilities are enhanced by skills that provide:
 
-- **Domain expertise** across 1,436+ specialized areas
+- **Domain expertise** across 1,441+ specialized areas
 - **Best practices** from Anthropic, OpenAI, Google, Microsoft, and AWS
 - **Workflow automation** for common development tasks
 - **AWS-specific patterns** for serverless, infrastructure, and cloud architecture

package/bundled-skills/docs/users/usage.md

@@ -14,7 +14,7 @@ If you came in through a **Claude Code** or **Codex** plugin instead of a full l
 
 When you ran `npx antigravity-awesome-skills` or cloned the repository, you:
 
-✅ **Downloaded 1,436+ skill files** to your computer (default: `~/.gemini/antigravity/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`)
+✅ **Downloaded 1,441+ skill files** to your computer (default: `~/.gemini/antigravity/skills/`; or a custom path like `~/.agent/skills/` if you used `--path`)
 ✅ **Made them available** to your AI assistant  
 ❌ **Did NOT enable them all automatically** (they're just sitting there, waiting)
 
@@ -34,7 +34,7 @@ Bundles are **curated groups** of skills organized by role. They help you decide
 
 **Analogy:**
 
-- You installed a toolbox with 1,436+ tools (✅ done)
+- You installed a toolbox with 1,441+ tools (✅ done)
 - Bundles are like **labeled organizer trays** saying: "If you're a carpenter, start with these 10 tools"
 - You can either **pick skills from the tray** or install that tray as a focused marketplace bundle plugin
 
@@ -212,7 +212,7 @@ Let's actually use a skill right now. Follow these steps:
 
 ## Step 5: Picking Your First Skills (Practical Advice)
 
-Don't try to use all 1,436+ skills at once. Here's a sensible approach:
+Don't try to use all 1,441+ skills at once. Here's a sensible approach:
 
 If you want a tool-specific starting point before choosing skills, use:
 
@@ -343,7 +343,7 @@ Usually no, but if your AI doesn't recognize a skill:
 
 ### "Can I load all skills into the model at once?"
 
-No. Even though you have 1,436+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block.
+No. Even though you have 1,441+ skills installed locally, you should **not** concatenate every `SKILL.md` into a single system prompt or context block.
 
 The intended pattern is:
 

package/bundled-skills/docs/users/visual-guide.md

@@ -34,7 +34,7 @@ antigravity-awesome-skills/
 ├── 📄 CONTRIBUTING.md                  ← Contributor workflow
 ├── 📄 CATALOG.md                       ← Full generated catalog
 │
-├── 📁 skills/                          ← 1,436+ skills live here
+├── 📁 skills/                          ← 1,441+ skills live here
 │   │
 │   ├── 📁 brainstorming/
 │   │   └── 📄 SKILL.md                 ← Skill definition
@@ -47,7 +47,7 @@ antigravity-awesome-skills/
 │   │   └── 📁 2d-games/
 │   │       └── 📄 SKILL.md             ← Nested skills also supported
 │   │
-│   └── ... (1,436+ total)
+│   └── ... (1,441+ total)
 │
 ├── 📁 apps/
 │   └── 📁 web-app/                     ← Interactive browser
@@ -100,7 +100,7 @@ antigravity-awesome-skills/
 
 ```
                     ┌─────────────────────────┐
-                    │  1,436+ SKILLS          │
+                    │  1,441+ SKILLS          │
                     └────────────┬────────────┘
                                  │
         ┌────────────────────────┼────────────────────────┐
@@ -201,7 +201,7 @@ If you want a workspace-style manual install instead, cloning into `.agent/skill
 │   ├── 📁 brainstorming/                 │
 │   ├── 📁 stripe-integration/            │
 │   ├── 📁 react-best-practices/          │
-│   └── ... (1,436+ total)                │
+│   └── ... (1,441+ total)                │
 └─────────────────────────────────────────┘
 ```
 

package/bundled-skills/kubestellar-console/SKILL.md

@@ -0,0 +1,96 @@
+---
+name: kubestellar-console
+description: "Multi-cluster Kubernetes dashboard with AI-powered operations via MCP server and 10+ built-in agent skills"
+category: devops
+risk: critical
+source: community
+source_repo: kubestellar/console
+source_type: community
+date_added: "2026-04-27"
+author: kubestellar
+tags: [kubernetes, multi-cluster, mcp, dashboard, cncf, devops, observability]
+tools: [claude, cursor, gemini, codex]
+license: "Apache-2.0"
+license_source: "https://github.com/kubestellar/console/blob/main/LICENSE"
+plugin:
+  setup:
+    type: manual
+    summary: "Requires kc-agent binary (brew tap kubestellar/tap && brew install kc-agent)"
+    docs: "https://github.com/kubestellar/console#quick-start"
+---
+
+# KubeStellar Console
+
+## Overview
+
+KubeStellar Console is an open-source multi-cluster Kubernetes dashboard (CNCF project) with AI-powered operations. It ships with `kc-agent`, an MCP server that bridges coding agents to kubeconfig and Kubernetes APIs, plus 10+ built-in agent skills for development, testing, and operations.
+
+## When to Use This Skill
+
+- Use when managing multiple Kubernetes clusters across edge and cloud
+- Use when you need AI-assisted Kubernetes troubleshooting and debugging
+- Use when running performance tests, cache compliance checks, or CI debugging on a Kubernetes dashboard
+- Use when integrating with CNCF projects (Argo, Kyverno, Istio, and 20+ others)
+
+## How It Works
+
+### Step 1: Install kc-agent
+
+```bash
+brew tap kubestellar/tap && brew install kc-agent
+```
+
+### Step 2: Start the MCP server
+
+```bash
+kc-agent
+```
+
+This bridges your kubeconfig to any MCP-compatible coding agent.
+
+### Step 3: Use built-in agent skills
+
+The project ships with agent skills accessible via `CLAUDE.md` and `AGENTS.md`:
+
+- **@perf-test** — Dashboard performance testing and TTFI analysis
+- **@cache-test** — Card cache compliance testing (IndexedDB warm return)
+- **@nav-test** — Navigation performance testing
+- **@ui-compliance-test** — Card loading compliance (8 criteria, 150+ cards)
+- **@ci-status** — CI pipeline monitoring and status checks
+- **@rca** — Root cause analysis for CI/test failures
+- **@tdd** — Test-driven development workflow
+- **@k8s-debug** — Kubernetes debugging and troubleshooting
+
+## Key Features
+
+- Multi-cluster management across edge and cloud
+- Real-time streaming observability
+- 20+ CNCF project integrations (Argo, Kyverno, Istio, etc.)
+- GitHub OAuth authentication
+- Supply chain security (SBOM, SLSA)
+- SQLite WASM caching with stale-while-revalidate pattern
+- 15+ themes with dark/light mode
+
+## Security & Safety Notes
+
+- **Critical risk:** `kc-agent` bridges your kubeconfig to MCP-compatible agents. If your kubeconfig carries cluster-admin or write permissions, agents will inherit those capabilities. Always use a least-privilege RBAC context.
+- **Recommended:** Bind `kc-agent` to least-privilege read-only RBAC before using it with an agent:
+  ```bash
+  kubectl create clusterrole kc-agent-readonly --verb=get,list,watch --resource='*'
+  kubectl create clusterrolebinding kc-agent-readonly --clusterrole=kc-agent-readonly --serviceaccount=default:kc-agent
+  ```
+- Do not expose `kc-agent` on a public network without authentication.
+- Review [SECURITY-AI.md](https://github.com/kubestellar/console/blob/main/docs/security/SECURITY-AI.md) for prompt injection and agent drift mitigations.
+
+## Limitations
+
+- This skill requires an external binary (`kc-agent`) installed separately via Homebrew.
+- Do not treat agent output as a substitute for environment-specific validation or expert review.
+- Stop and ask for clarification if required permissions or safety boundaries are unclear.
+
+## Links
+
+- [GitHub](https://github.com/kubestellar/console)
+- [Website](https://console.kubestellar.io)
+- [CLAUDE.md](https://github.com/kubestellar/console/blob/main/CLAUDE.md)
+- [AGENTS.md](https://github.com/kubestellar/console/blob/main/AGENTS.md)

package/bundled-skills/logic-lens/SKILL.md

@@ -0,0 +1,125 @@
+---
+name: logic-lens
+description: "AI-powered Claude Code skill that performs deep code review using formal logic and reasoning frameworks to detect bugs, anti-patterns, and security risks beyond what linters catch."
+category: development
+risk: safe
+source: community
+source_repo: hyhmrright/logic-lens
+source_type: community
+license: "MIT"
+license_source: "https://github.com/hyhmrright/logic-lens/blob/main/LICENSE"
+date_added: "2026-04-29"
+author: hyhmrright
+tags: [code-review, logic-analysis, debugging, security-review, claude-code]
+tools: [claude, codex, cursor, gemini]
+---
+
+# Logic Lens
+
+## Overview
+
+Logic Lens is a Claude Code skill that performs deep, logic-driven code review using formal reasoning frameworks. Unlike traditional linters that check syntax and style, Logic Lens analyzes your code for logical errors, race conditions, security vulnerabilities, type mismatches, and algorithmic flaws that only appear when you reason through the code's behavior.
+
+Powered by structured AI analysis, Logic Lens applies systematic logical inspection across 9 risk categories: null/undefined handling, type safety, concurrency, resource management, security injection, boundary conditions, algorithm correctness, state management, and API contract violations.
+
+## When to Use This Skill
+
+- Use when you want a thorough logic review before merging a PR
+- Use when a bug seems hard to find and standard linters aren't helping
+- Use when reviewing security-sensitive code paths (auth, payments, file access)
+- Use when refactoring complex business logic
+- Use when onboarding to a new codebase and need to understand risk areas
+
+## How It Works
+
+Logic Lens uses Claude Code's reasoning capabilities to:
+
+1. Parse code structure and build a mental model of data flow
+2. Apply formal logic checks across 9 risk categories
+3. Trace execution paths for edge cases and boundary conditions
+4. Identify security anti-patterns (injection, privilege escalation, data leakage)
+5. Report findings with severity levels and actionable fix suggestions
+
+## Installation
+
+```bash
+# Install via Claude Code plugin marketplace
+# Search: "logic-lens" in Claude Code > Extensions
+
+# Or install via NPX (Antigravity)
+npx antigravity-awesome-skills --claude
+# Then invoke: @logic-lens
+```
+
+## Examples
+
+### Example 1: Review a Single File
+
+```
+@logic-lens review src/auth/login.ts for security issues
+```
+
+**Logic Lens output:**
+```
+[CRITICAL] SQL Injection risk at line 42: user input concatenated into query string
+[HIGH] Missing rate limiting on login attempts
+[MEDIUM] Password comparison uses == instead of timing-safe comparison
+[LOW] Error messages may leak valid usernames (user enumeration)
+```
+
+### Example 2: Full Repository Scan
+
+```
+@logic-lens scan the entire codebase and prioritize by severity
+```
+
+### Example 3: Pre-PR Review
+
+```
+@logic-lens review all files changed in this branch before I open a PR
+```
+
+## The 9 Risk Categories
+
+| Category | What It Checks |
+|----------|----------------|
+| **Null/Undefined** | Missing null checks, optional chaining gaps |
+| **Type Safety** | Implicit coercions, any-typed boundaries |
+| **Concurrency** | Race conditions, shared mutable state |
+| **Resource Management** | Unclosed handles, memory leaks |
+| **Security Injection** | SQL/XSS/Command injection, path traversal |
+| **Boundary Conditions** | Off-by-one errors, integer overflow |
+| **Algorithm Correctness** | Wrong complexity, incorrect assumptions |
+| **State Management** | Inconsistent state, missing rollbacks |
+| **API Contracts** | Undocumented side effects, broken interfaces |
+
+## Best Practices
+
+- Run `@logic-lens` on authentication and payment code before every release
+- Combine with `@lint-and-validate` for full coverage: style + logic
+- Review the CRITICAL and HIGH findings first; LOW findings can be deferred
+- Use `@logic-lens` on legacy code you are about to modify to understand risk surface
+
+## Benchmark Results
+
+Logic Lens was tested against real-world codebases and caught issues missed by ESLint, TypeScript strict mode, and Snyk:
+
+- **47% of critical bugs** found were invisible to linters
+- **Race conditions** detected in async code that static analysis missed
+- **Security vulnerabilities** identified before deployment in CI pipeline
+
+## Related Skills
+
+- `@lint-and-validate` — Complementary: run after logic-lens for style/syntax
+- `@security-auditor` — Specialized security-only deep scan
+- `@debugging-strategies` — Use when logic-lens findings need tracing
+
+## Additional Resources
+
+- [GitHub Repository](https://github.com/hyhmrright/logic-lens)
+- [Dev.to Article: Why AI Code Review Misses the Most Dangerous Bugs](https://dev.to/hyhmrright/why-ai-code-review-misses-the-most-dangerous-bugs-logic-lens-fixes-that-4a8l)
+- [Claude Code Skills Documentation](https://docs.anthropic.com/claude-code)
+
+## Limitations
+
+Use this skill only when the task clearly matches the scope described above (code review and logic analysis). Logic Lens provides AI-powered analysis and should be combined with human review for production-critical decisions. Do not treat the output as a substitute for environment-specific testing or security audits.

package/bundled-skills/squirrel/SKILL.md

@@ -0,0 +1,118 @@
+---
+name: squirrel
+description: "Full-cycle AI coding skill: plans, builds, tests, lints, fixes bugs, and writes production-grade docs. Auto-detects project state and adapts its 8-phase pipeline."
+category: development
+risk: safe
+source: community
+source_repo: flyingsquirrel0419/squirrel-skill
+source_type: community
+license: "Apache-2.0"
+license_source: "https://github.com/flyingsquirrel0419/squirrel-skill/blob/main/LICENSE"
+date_added: "2026-04-29"
+author: flying_squirrel__
+tags: [development, testing, planning, code-review, documentation, ci-cd]
+tools: [claude, cursor, codex, antigravity, gemini, windsurf, opencode, copilot]
+---
+
+# Squirrel — Full-Cycle Software Development Skill
+
+## Overview
+
+Squirrel is a full-cycle AI coding skill that works across 9 AI coding agents. It auto-detects project state (greenfield, in-progress, or mature) and adapts its 8-phase engineering pipeline accordingly. Instead of a one-size-fits-all workflow, it figures out where the project actually is and jumps in at exactly the right point.
+
+## When to Use This Skill
+
+- Use when starting a new project from scratch (greenfield)
+- Use when improving an existing codebase (in-progress or mature)
+- Use when fixing bugs, adding features, or refactoring
+- Use when adding tests, linting, or CI/CD to a project
+- Use when writing production-grade documentation
+- Use when the user says "build me", "fix this", "squirrel this project", or any multi-step development task
+
+## How It Works
+
+### Step 0: Detect Mode
+
+Squirrel classifies the project directory:
+
+| Signal | Mode | Entry Point |
+|--------|------|-------------|
+| Empty directory | Greenfield | All 8 phases from scratch |
+| Source files, no tests/docs | In-Progress | Audit first, then improve |
+| Source + tests + CI + README | Mature | Targeted improvements |
+| "fix this bug / add feature" | Targeted | Scoped work only |
+
+### The 8-Phase Pipeline
+
+1. **Discover** — Understand the project (audit existing code or gather requirements)
+2. **Plan** — Concrete task list with dependencies and done-criteria
+3. **Build** — Write or modify code (parallel sub-agents when supported)
+4. **Test** — Run existing tests, write new ones, 70%+ coverage target
+5. **Bug Hunt** — Static analysis + manual review
+6. **Polish** — Lint, format, type check, remove dead code
+7. **Document** — README + inline docs (update existing, don't overwrite)
+8. **Ship** — Final checklist: tests green, no secrets, CI configured
+
+### Failure Recovery (3-Strike Rule)
+
+1. **Strike 1:** Fix the specific error. Run tests. Move on.
+2. **Strike 2:** Re-read the code. Try a different approach.
+3. **Strike 3:** STOP. Revert. Document what failed. Ask the user.
+
+## Examples
+
+### Example 1: Build a REST API
+
+```text
+> build me a REST API for a todo app with TypeScript and Express
+```
+
+Squirrel auto-detects greenfield mode and runs all 8 phases.
+
+### Example 2: Fix a bug
+
+```text
+> fix this bug in src/auth/login.py
+```
+
+Squirrel enters targeted mode — abbreviated audit, scoped fix, verify.
+
+### Example 3: Improve existing project
+
+```text
+> squirrel this project — add tests, fix lint errors, write README
+```
+
+Squirrel audits the existing codebase, then applies phases 4-8.
+
+## Best Practices
+
+- Respects existing code — matches naming conventions, test framework, import style, and architecture
+- Reads 2-3 similar files before writing a new one
+- Never suppresses type errors with `as any` or `@ts-ignore`
+- Never deletes failing tests to "pass"
+- Never leaves code in a broken state
+
+## Platform Compatibility
+
+Squirrel works on: Claude Code, Codex, Cursor, Antigravity, Gemini CLI, GitHub Copilot, Windsurf, OpenCode, Aider (9 total).
+
+Install with:
+
+```bash
+# Universal installer
+npx skills add flyingsquirrel0419/squirrel-skill
+
+```
+
+## Limitations
+
+- Does not replace environment-specific validation or expert review
+- CI/CD templates are starting points, not drop-in guarantees
+- Parallel sub-agent execution depends on platform support
+
+## Related Skills
+
+- `@brainstorming` - For planning before implementation
+- `@test-driven-development` - For TDD-oriented workflows
+- `@systematic-debugging` - For methodical problem-solving

package/dist/skill-pointer/config-loader.d.ts

@@ -3,6 +3,7 @@ export interface SkillRiskFilterConfig {
     excludedRiskLevels?: RiskLevel[];
     excludedSkills?: string[];
 }
+export declare const DEFAULT_FILTER_CONFIG_PATH: string;
 /**
  * Loads filter config from skill-filter.jsonc. Missing file or section returns defaults.
  * @param configPath Optional override (for testing).

package/dist/skill-pointer/config-loader.js

@@ -6,29 +6,24 @@ const DEFAULT_CONFIG = {
     excludedRiskLevels: [],
     excludedSkills: [],
 };
-/**
- * Strips JSONC comments so content can be parsed as plain JSON.
- * Uses strip-json-comments library to properly handle strings.
- */
-function stripJsoncComments(content) {
-    return stripJsonComments(content);
-}
+export const DEFAULT_FILTER_CONFIG_PATH = path.join(os.homedir(), ".config", "opencode", "skill-filter.jsonc");
+const VALID_RISK_LEVELS = ["none", "safe", "critical", "offensive", "unknown"];
 /**
  * Loads filter config from skill-filter.jsonc. Missing file or section returns defaults.
  * @param configPath Optional override (for testing).
  */
 export function loadFilterConfig(configPath) {
-    const resolvedPath = configPath ?? path.join(os.homedir(), ".config", "opencode", "skill-filter.jsonc");
+    const resolvedPath = configPath ?? DEFAULT_FILTER_CONFIG_PATH;
     if (!fs.existsSync(resolvedPath)) {
         return { ...DEFAULT_CONFIG };
     }
     try {
         const raw = fs.readFileSync(resolvedPath, "utf-8");
-        const stripped = stripJsoncComments(raw);
+        const stripped = stripJsonComments(raw);
         const parsed = JSON.parse(stripped);
         return {
             excludedRiskLevels: Array.isArray(parsed.excludedRiskLevels)
-                ? parsed.excludedRiskLevels
+                ? parsed.excludedRiskLevels.filter((v) => VALID_RISK_LEVELS.includes(v))
                 : DEFAULT_CONFIG.excludedRiskLevels,
             excludedSkills: Array.isArray(parsed.excludedSkills)
                 ? parsed.excludedSkills

package/dist/skill-pointer/index.js

@@ -5,7 +5,7 @@ import { ensureDir } from "../utils/fs.utils.js";
 import { generatePointers } from "./pointer-generator.js";
 import { installSkillsToVault, loadSkillsIndex } from "./vault-installer.js";
 import { filterIndex } from "./skill-risk-filter.js";
-import { loadFilterConfig } from "./config-loader.js";
+import { loadFilterConfig, DEFAULT_FILTER_CONFIG_PATH } from "./config-loader.js";
 function resolveDefaultVaultDir() {
     return path.join(os.homedir(), ".config", "opencode", VAULT_DIR_NAME);
 }
@@ -25,7 +25,7 @@ export function runSkillPointer(options) {
     ensureDir(options.activeSkillsDir);
     ensureDir(vaultDir);
     const index = loadSkillsIndex(options.bundledSkillsPath);
-    const configPath = options.configPath || path.join(os.homedir(), ".config", "opencode", "skill-filter.jsonc");
+    const configPath = options.configPath ?? DEFAULT_FILTER_CONFIG_PATH;
     const config = loadFilterConfig(configPath);
     const filteredIndex = filterIndex(index, config);
     installSkillsToVault(options.bundledSkillsPath, vaultDir, filteredIndex);

package/dist/skill-pointer/pointer-generator.js

@@ -14,7 +14,7 @@ function buildPointerContent(category, skills, libraryPath) {
     return `---
 name: ${category}${POINTER_SUFFIX}
 description: "Pointer to a library of ${skillCount} specialized ${title} skills. Use when working on ${category}-related tasks."
-risk: safe
+risk: none
 ---
 
 # ${title} Capability Library 🎯
@@ -53,6 +53,16 @@ export function generatePointers(activeSkillsDir, vaultDir, index = []) {
             byCategory.set(cat, []);
         byCategory.get(cat).push(entry);
     }
+    const expectedPointers = new Set([...byCategory.keys()].map((c) => `${c}${POINTER_SUFFIX}`));
+    if (fs.existsSync(activeSkillsDir)) {
+        for (const dirent of fs.readdirSync(activeSkillsDir, { withFileTypes: true })) {
+            if (!dirent.isDirectory() || !dirent.name.endsWith(POINTER_SUFFIX))
+                continue;
+            if (!expectedPointers.has(dirent.name)) {
+                fs.rmSync(path.join(activeSkillsDir, dirent.name), { recursive: true, force: true });
+            }
+        }
+    }
     for (const [categoryName, skills] of byCategory.entries()) {
         const categoryVaultPath = path.join(vaultDir, categoryName);
         const pointerDir = path.join(activeSkillsDir, `${categoryName}${POINTER_SUFFIX}`);

package/dist/skill-pointer/vault-installer.js

@@ -14,8 +14,11 @@ function parseFrontmatterField(content, field) {
  * Normalizes a parsed risk value to a valid RiskLevel, or "unknown" if invalid.
  */
 function normalizeRisk(parsed) {
+    if (!parsed)
+        return "unknown";
+    const lowered = parsed.trim().toLowerCase();
     const valid = ["none", "safe", "critical", "offensive", "unknown"];
-    return valid.includes(parsed) ? parsed : "unknown";
+    return valid.includes(lowered) ? lowered : "unknown";
 }
 /**
  * Derives a category slug from a skill folder name by taking the
@@ -53,6 +56,9 @@ function buildIndexFromBundledSkills(bundledSkillsPath) {
     }
     return index;
 }
+function isSafePathComponent(segment) {
+    return !segment.includes("..") && !segment.includes(path.sep) && !segment.includes("/");
+}
 /**
  * Loads the pre-built skills_index.json from the project root.
  * Falls back to a dynamically generated index from SKILL.md frontmatter
@@ -63,7 +69,10 @@ export function loadSkillsIndex(bundledSkillsPath) {
     if (fs.existsSync(indexPath)) {
         try {
             const raw = fs.readFileSync(indexPath, "utf-8");
-            return JSON.parse(raw);
+            return JSON.parse(raw).map((entry) => ({
+                ...entry,
+                risk: normalizeRisk(entry.risk),
+            }));
         }
         catch {
             // fall through to dynamic generation
@@ -78,7 +87,35 @@ export function loadSkillsIndex(bundledSkillsPath) {
 export function installSkillsToVault(bundledSkillsPath, vaultDir, index) {
     if (!fs.existsSync(bundledSkillsPath))
         return;
+    const expected = new Map();
+    for (const entry of index) {
+        if (!isSafePathComponent(entry.id) || !isSafePathComponent(entry.category ?? UNCATEGORIZED_CATEGORY))
+            continue;
+        const category = entry.category ?? UNCATEGORIZED_CATEGORY;
+        if (!expected.has(category))
+            expected.set(category, new Set());
+        expected.get(category).add(entry.id);
+    }
+    if (fs.existsSync(vaultDir)) {
+        for (const category of fs.readdirSync(vaultDir)) {
+            const categoryPath = path.join(vaultDir, category);
+            if (!fs.statSync(categoryPath).isDirectory())
+                continue;
+            const allowedSkills = expected.get(category) ?? new Set();
+            for (const skillId of fs.readdirSync(categoryPath)) {
+                const skillPath = path.join(categoryPath, skillId);
+                if (!allowedSkills.has(skillId)) {
+                    fs.rmSync(skillPath, { recursive: true, force: true });
+                }
+            }
+            if (fs.readdirSync(categoryPath).length === 0) {
+                fs.rmSync(categoryPath, { recursive: true, force: true });
+            }
+        }
+    }
     for (const entry of index) {
+        if (!isSafePathComponent(entry.id) || !isSafePathComponent(entry.category ?? UNCATEGORIZED_CATEGORY))
+            continue;
         const srcPath = path.join(bundledSkillsPath, entry.id);
         if (!fs.existsSync(srcPath) || !fs.statSync(srcPath).isDirectory())
             continue;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-skills-collection",
-  "version": "3.0.0-beta.1",
+  "version": "3.0.1",
   "description": "OpenCode CLI plugin that automatically downloads and keeps skills up to date.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -41,7 +41,7 @@
     "@opencode-ai/sdk": "^1.4.0",
     "@types/bun": "latest",
     "@types/node": "^25.5.2",
-    "@types/strip-json-comments": "^0.0.30",
+    "@types/strip-json-comments": "^3.0.0",
     "typescript": "^6.0.2"
   }
 }

package/skills_index.json

@@ -6355,6 +6355,28 @@
       "reasons": []
     }
   },
+  {
+    "id": "brooks-lint",
+    "path": "skills/brooks-lint",
+    "category": "development",
+    "name": "brooks-lint",
+    "description": "AI code reviewer grounded in classic software engineering books for catching design smells, coupling issues, and architectural risks.",
+    "risk": "safe",
+    "source": "community",
+    "date_added": "2026-04-29",
+    "plugin": {
+      "targets": {
+        "codex": "supported",
+        "claude": "supported"
+      },
+      "setup": {
+        "type": "none",
+        "summary": "",
+        "docs": null
+      },
+      "reasons": []
+    }
+  },
   {
     "id": "browser-automation",
     "path": "skills/browser-automation",
@@ -6619,6 +6641,28 @@
       "reasons": []
     }
   },
+  {
+    "id": "buywhere-product-catalog",
+    "path": "skills/buywhere-product-catalog",
+    "category": "ecommerce",
+    "name": "buywhere-product-catalog",
+    "description": "Use BuyWhere's MCP and API surfaces to add product search, price comparison, and deal discovery to AI shopping agents.",
+    "risk": "safe",
+    "source": "official",
+    "date_added": "2026-04-29",
+    "plugin": {
+      "targets": {
+        "codex": "supported",
+        "claude": "supported"
+      },
+      "setup": {
+        "type": "none",
+        "summary": "",
+        "docs": null
+      },
+      "reasons": []
+    }
+  },
   {
     "id": "c-pro",
     "path": "skills/c-pro",
@@ -16729,6 +16773,28 @@
       "reasons": []
     }
   },
+  {
+    "id": "kubestellar-console",
+    "path": "skills/kubestellar-console",
+    "category": "devops",
+    "name": "kubestellar-console",
+    "description": "Multi-cluster Kubernetes dashboard with AI-powered operations via MCP server and 10+ built-in agent skills",
+    "risk": "critical",
+    "source": "community",
+    "date_added": "2026-04-27",
+    "plugin": {
+      "targets": {
+        "codex": "supported",
+        "claude": "supported"
+      },
+      "setup": {
+        "type": "manual",
+        "summary": "Requires kc-agent binary (brew tap kubestellar/tap && brew install kc-agent)",
+        "docs": "https://github.com/kubestellar/console#quick-start"
+      },
+      "reasons": []
+    }
+  },
   {
     "id": "lambda-lang",
     "path": "skills/lambda-lang",
@@ -17701,6 +17767,28 @@
       "reasons": []
     }
   },
+  {
+    "id": "logic-lens",
+    "path": "skills/logic-lens",
+    "category": "development",
+    "name": "logic-lens",
+    "description": "AI-powered Claude Code skill that performs deep code review using formal logic and reasoning frameworks to detect bugs, anti-patterns, and security risks beyond what linters catch.",
+    "risk": "safe",
+    "source": "community",
+    "date_added": "2026-04-29",
+    "plugin": {
+      "targets": {
+        "codex": "supported",
+        "claude": "supported"
+      },
+      "setup": {
+        "type": "none",
+        "summary": "",
+        "docs": null
+      },
+      "reasons": []
+    }
+  },
   {
     "id": "logistics-exception-management",
     "path": "skills/logistics-exception-management",
@@ -26902,6 +26990,28 @@
       "reasons": []
     }
   },
+  {
+    "id": "squirrel",
+    "path": "skills/squirrel",
+    "category": "development",
+    "name": "squirrel",
+    "description": "Full-cycle AI coding skill: plans, builds, tests, lints, fixes bugs, and writes production-grade docs. Auto-detects project state and adapts its 8-phase pipeline.",
+    "risk": "safe",
+    "source": "community",
+    "date_added": "2026-04-29",
+    "plugin": {
+      "targets": {
+        "codex": "supported",
+        "claude": "supported"
+      },
+      "setup": {
+        "type": "none",
+        "summary": "",
+        "docs": null
+      },
+      "reasons": []
+    }
+  },
   {
     "id": "sred-project-organizer",
     "path": "skills/sred-project-organizer",