bash-safety

Enforce safe bash scripting practices when writing, reviewing, or fixing shell scripts. Covers quoting, arrays, conditionals, arithmetic, redirections, strict mode, and static analysis. Use when editing .sh/.bash files, reviewing shell scripts, fixing shellcheck warnings, or writing new bash code.

daem0nmcp-protocol

Use when Daem0nMCP tools are available - enforces the sacred covenant (commune at session start, seek counsel before changes, inscribe decisions, seal outcomes)

Accessibility review agents for Claude Code, GitHub Copilot, and Claude Desktop. Eleven specialists that enforce WCAG 2.2 AA compliance so AI coding tools stop generating inaccessible code.

/ai-llm-safety — AI/LLM Safety Design Enforcement

Every system that involves LLM agents, tool use, or prompt construction MUST treat AI safety as a first-class constraint. Prompt injection is the SQL injection of the AI era — and it's harder to fix after deployment.

api-security

API security best practices and common vulnerability prevention. Enforces security checks for authentication, input validation, SQL injection, XSS, and OWASP Top 10 vulnerabilities. Use when building or modifying APIs.

think

Deliberate reasoning skill: enforce multi-step analysis, hypothesis testing, and option evaluation before answering complex questions

Cycles Mcp Server

Runtime budget authority for autonomous agents — reserve, enforce, and reconcile spend

design-taste-frontend

Senior UI/UX Engineer. Architect digital interfaces overriding default LLM biases. Enforces metric-based rules, strict component architecture, CSS hardware acceleration, and balanced design engineering.

data-validation

Validates data against common and custom rules (required fields, formats, ranges). Use when checking data quality, input validation, or enforcing schemas and constraints.

branch-pr

PR creation workflow for Agent Teams Lite following the issue-first enforcement system. Trigger: When creating a pull request, opening a PR, or preparing changes for review.

uncodixfy

Prevents generic AI/Codex UI patterns when generating frontend code. Use this skill whenever generating HTML, CSS, React, Vue, Svelte, or any frontend UI code to enforce clean, human-designed aesthetics inspired by Linear, Raycast, Stripe, and GitHub instead of typical AI-generated UI.

Governance layer for Claude Code Agent Teams — durable auditability, operational controls, and evidence trails for AI-assisted development.

Governance framework for AI agent team coordination, audit trails, and boundary enforcement.

Tork Governance

AI agent governance for MCP: PII detection, policy enforcement, compliance, and kill switch.

Tribunal

Tribunal — Enterprise Claude Code plugin. TDD enforcement, quality gates, vault of rules and agents.

react-render-types-composition

Composition patterns for building React components with @renders type annotations from eslint-plugin-react-render-types. Use when: (1) writing React components that need @renders JSDoc annotations, (2) building a design system with enforced component composition (e.g., Menu only accepts MenuItem), (3) deciding which @renders modifier to use (required, optional, many, unchecked), (4) creating wrapper or transparent components, (5) annotating slot props like children/header/footer, (6) using render chains, union types, or type aliases with @renders, or (7) building app layouts that consume a @renders-annotated design system.

anti-slop

Comprehensive toolkit for detecting and eliminating "AI slop" - generic, low-quality AI-generated patterns in natural language, code, and design. Use when reviewing or improving content quality, preventing generic AI patterns, cleaning up existing content, or enforcing quality standards in writing, code, or design work.

Aifp

Database-driven FP enforcement and project management for AI-maintained codebases

gh-first-workflow

Enforce gh-first GitHub investigation and Conventional Commit output rules. Use when investigating GitHub issues or pull requests, summarizing investigation results, or preparing commit messages.

enforcing-typescript-standards

Enforces the project's core TypeScript standards including explicit typing, import organization, class member ordering, and code safety rules. ALWAYS apply when creating, modifying, or reviewing any TypeScript (.ts/.tsx) file.

agent-teams

Claude Code Agent Teams - default team-based development with strict TDD pipeline enforcement

python-release-workflow

Use when releasing a uv+poe+GitHub Actions+Read the Docs Python project; supports patch/minor/major and enforces CI+RTD gates before GitHub release.

build-agent

Builds new Claude Code agents with consistent structure, enforced standards, and project-aware configuration. Use when creating a new agent, when the user describes a specialised role they want delegated to, or when discussing team composition.

symbiont

AI-native agent runtime with typestate-enforced ORGA reasoning loop, Cedar policy authorization, CommunicationPolicyGate for inter-agent governance, ToolClad declarative tool contracts, knowledge bridge, zero-trust security, multi-tier sandboxing, webhook verification, markdown memory, skill scanning, metrics, scheduling, symbi init/run/up CLI, and a declarative DSL

Automated TDD enforcement for Claude Code

Set up TDD Guard for the current project. Detects the test framework, installs the appropriate reporter, and configures it.

Io.Github.Dewars30/Fulcrum

AI governance MCP server for policy enforcement, cost control, and observability.

Cloaked Agent

Trustless spending accounts for AI agents on Solana with on-chain enforced limits.

bead-workflow

The mandatory process for every unit of work. Use this skill whenever starting work on a bead, bug, feature, or task. Enforces claim → hypothesize → implement → test → validate → close → pause. Every transition is gated by PreToolUse hooks that block (exit 1) on violations. Ulysses REFLECT escalation activates automatically on 2 consecutive surprises. If you're about to write code, check a bead, close an issue, or start new work — this skill applies.

powershell-safe

Enforce safe PowerShell string patterns before writing or editing any .ps1 file, or before passing PowerShell via the Bash tool. Triggers on "write a powershell script", "edit the .ps1", "run powershell", "powershell command", or any task that produces PowerShell content.

gopherbot-multi-protocol-migration

Use when implementing or reviewing Gopherbot's simultaneous multi-protocol migration work across identity, routing, startup/configuration, connector behavior, and compatibility. Enforces strict pre-change impact analysis plus per-change invariants/testing/documentation checks.

adr

Architecture Decision Record (ADR) management skill. Creates, maintains, and enforces architectural decisions. Ensures code changes align with documented decisions. Documents alternatives considered and rejected. Facilitates architectural planning and human decision documentation.

cb-security-hardening

Enforces Circuit Breaker security hardening conventions across backend, frontend, Docker, and nginx. Use when modifying authentication logic, security headers, Docker configuration, credential handling, session management, URL validation, WebSocket auth, or any code in core/security.py, core/rbac.py, middleware/security_headers.py, url_validation.py, docker-compose.yml, nginx.mono.conf, entrypoint-mono.sh, or supervisord.mono.conf.

Io.Github.Imran Siddique/Agentos

Build and manage policy-compliant AI agents with safety enforcement and compliance checking

MCPower Security Proxy

Security proxy that wraps MCP servers with real-time monitoring and policy enforcement

clack-cli-patterns

Use when creating or modifying terminal CLI commands, prompts, or output formatting in OpenChamber. Enforces Clack UX standards with strict parity and safety across TTY/non-TTY, --quiet, and --json modes.

advanced-code-quality

Use when going beyond basic linting to enforce advanced Python code quality gates. Triggers on: cognitive complexity, code duplication detection, architectural enforcement, import boundaries, dependency hygiene, test quality beyond coverage, mutation testing, docstring coverage, type coverage, AI-generated code detection, AI slop detection, complexipy, jscpd, import-linter, deptry, diff-cover, mutmut, interrogate, sloppylint, refurb, pylint design checks, wily, radon maintainability, pytestarch, griffe, "bulletproof Python", "tighten quality gates", "advanced quality checks", "beyond ruff and mypy", "catch AI-generated code issues", "code duplication", "architectural boundaries", "dependency drift", "test effectiveness". Complements the code-quality skill (ruff, mypy, xenon, vulture, pre-commit) with 20+ additional tools.

Aaa Mcp

Constitutional AI Governance with 13 enforced floors (F1-F13) and tri-witness consensus for LLMs.

naming-format

Use when reviewing file names, renaming files, fixing naming conventions, or auditing exports. Enforces consistent casing and suffix patterns.

Nervous System - Multi-Agent AI Governance

Governance layer for multi-agent AI systems with behavioral enforcement and drift detection.

cost-mode

Cost-conscious Claude Code mode. Reduces token usage 40-70% by enforcing concise responses, smart model routing, and efficient workflow patterns. Keeps full technical accuracy. Activate with /cost-mode or "enable cost mode". Auto-triggers on mentions of budget, cost, tokens, or spending.

Aegis Mcp

Runtime governance enforcement for AI agents. Zero token overhead.

conventional-commits

Conventional Commits specification for consistent, machine-readable git commit messages. Use when crafting commit messages, enforcing commitlint rules, or generating changelogs/releases.

agenfk

Agile, measurable, and reliable workflow enforcement for AI-assisted engineering.

qwik

Workflow and pitfall checklist for Qwik core development (packages/qwik). Use when the user mentions Qwik, packages/qwik, Signal/AsyncSignalImpl, reactive-primitives, serialization/hydration (serialize/inflate), or cursor queue; it enforces running unit tests immediately after any implementation change, following signal/async-signal patterns, and running build/E2E/API validations before finishing.

Io.Github.Corbat Tech/Coding Standards

AI coding standards that enforce production-grade code with DDD, SOLID, TDD guardrails.

A comprehensive, vendor-agnostic framework for consistent AI-assisted development workflows - standardized instructions and commands that work seamlessly across Claude, Gemini, Copilot, and local AI models. See also: https://github.com/JacobPEvans/claude-code-plugins

Reduce GitHub issue backlog through deduplication, linking, and closure. Use before creating new issues, when enforcement_mode is CONSOLIDATION, when issue:PR ratio exceeds 3:1, when AI-created issues reach 25, or when total issues approach 50.

Dev Workflow MCP Server

MCP server to enforce development workflow discipline