A secure skill registry for professional AI coding agents, delivering auditable, reusable skill packs via CLI to Claude Code, Cursor, Cline, and 16+ mainstream AI coding assistants across 12 categories including architecture, cloud, development, and security.
Agent Skills is a skill management platform for AI coding agents by Tech Leads Club, addressing security risks and fragmentation in public plugin marketplaces.
Core Values#
Security First: Comprehensive protection against threats identified in Snyk 2026 Agent Threat Report:
- 100% open-source and auditable, no obfuscated code or binaries
- Static analysis detects and blocks suspicious network calls, preventing credential theft
- Lockfile + content hash ensures immutability, protecting against supply chain attacks
- Manual review of every SKILL.md, preventing prompt injection
- Integrated mcp-scan for continuous security scanning
Cross-Agent Compatibility: Supports 16+ AI coding tools across three tiers:
- Tier 1 (Popular): Claude Code, Cline, Cursor, GitHub Copilot, Windsurf
- Tier 2 (Emerging): Aider, Antigravity, Gemini CLI, Kilo Code, Kiro, OpenAI Codex, Roo Code, TRAE
- Tier 3 (Enterprise): Amazon Q, Augment, Droid, OpenCode, Sourcegraph Cody, Tabnine
Rich Skill Library: 12 categories, 51+ verified skills covering architecture analysis, AWS advisory, Playwright automation, Figma integration, security audits, and more.
Skill Structure#
Each skill contains:
SKILL.md(required): Main instruction documenttemplates/(optional): File templatesreferences/(optional): On-demand reference docsscripts/(optional): Executable scripts
Quick Start#
# One-command interactive wizard
npx @tech-leads-club/agent-skills
Interactive wizard flow: Select operation → Browse skills → Select target agent → Choose installation method (Copy/Symlink) → Choose scope (Global/Local).
Notable Skills#
| Skill | Category | Function |
|---|---|---|
| tlc-spec-driven | Development | 4-phase spec-driven development: Specify → Design → Tasks → Implement |
| aws-advisor | Cloud | AWS architecture design, security review, and implementation guidance |
| playwright-skill | Automation | Browser automation, form filling, screenshots |
| figma | Design | Extract design context from Figma and convert to production code |
| security-best-practices | Security | Language/framework-specific security review |
Common CLI Commands#
agent-skills list # List available skills
agent-skills install -s <skill> -a <agent> # Install skill to specific agent
agent-skills install -s <skill> -g # Global installation
agent-skills update # Update all skills
agent-skills remove -s <skill> # Remove skill
agent-skills cache --clear # Clear cache
agent-skills audit # View audit logs
Security Mechanisms#
- Filesystem isolation: Recursive path traversal protection
- Input sanitization: Strict skill name and path validation
- Symlink protection: Safe handling strategies
- Integrity verification: Lockfile-based hash validation
- Automated auditing: Integrated mcp-scan continuous scanning
Project Info#
- npm Package: @tech-leads-club/agent-skills
- License: MIT License
- Node.js Requirement: ≥ 22
- Cache Location: ~/.cache/agent-skills/
- Build System: Nx monorepo
- Core Contributors: Felipe Rodrigues, Edmar Paulino, Waldemar Neto, William Calderipe, et al.