Security-First + Efficiency-Optimized Agent Skills
Zero-dependency markdown skills for Claude Code, Cursor, OpenClaw, and any AI agent.
Don't install blind. Guard before you trust. Think in code, not in context.
| Layer | Tool | Protects Against |
|---|---|---|
| Package install | Install Guard | Typosquat + supply chain |
| Skill install | Skill Audit | Malicious skills (7.5% are bad) |
| MCP connect | MCP Security Audit | Malicious MCP servers |
| Runtime | Prompt Guard β | Prompt injection |
| Billing | Hermes Billing Guard | Hidden charges |
| Problem | Solution | Savings |
|---|---|---|
| Agents waste 30-50% context understanding codebase | Project Knowledge π | Instant onboarding |
| Context bloat from file reads | Think in Code π | 50-700x |
| Repeating past mistakes | Decision Archaeology π | History informed |
| Blind retries burn tokens | Error Doctor | Systematic recovery |
| Wrong model for the task | Model Router | 70% cost reduction |
Security:
- 7.5% of 14,706 skills are malicious (RankClaw audit)
- 59 critical-risk droppers found by Vett.sh
- PyTorch Lightning compromised via dependency (Apr 2026)
Efficiency:
- mattpocock/skills: 52,639 stars β shared language is #1 productivity booster
- jcode: 2,380 stars β semantic memory is killer feature (+403/day)
- context-mode: 11,693 stars β sandbox tool output, 98% reduction
- GenericAgent: 6x less tokens β efficiency wins
Project Knowledge π
Auto-generate a structured CONTEXT.md from codebase analysis.
- 30-50% fewer "what does this file do?" questions
- Inspired by mattpocock's shared language + jcode's semantic memory
- Includes analyze-project.sh script for automation
The LLM writes the script. The script processes the data. You read only the result.
- 700x context savings on data processing tasks
- Script patterns catalog for common operations
- Inspired by context-mode (11K stars)
Every technical decision has ancestors. Find them before you repeat their mistakes.
- 5-phase protocol: ADR search β Git history β Code patterns β Issues β External
- Prevents repeating rejected decisions
- ADR templates included
| Project | Stars | Growth | Lesson |
|---|---|---|---|
| mattpocock/skills | 52K | +3,645/day | Shared language = productivity |
| jcode | 2.4K | +403/day | Semantic memory is killer feature |
| browserbase/skills | 1.2K | +334/day | Browser automation hot |
| TradingAgents | 59K | +6K/week | Multi-agent frameworks hot |
Takeaway: Project memory + context optimization = biggest efficiency gains. Security + Efficiency = winning combo.
61 skills β’ Zero dependencies β’ Pure markdown β’ MIT licensed
π Skill Audit β’ π‘οΈ Install Guard β’ π§ Project Knowledge β’ β‘ Think in Code