Security auditor, personas, orchestration, docs catalog & roadmap (#35)

Closes the remaining gaps vs alirezarezvani/claude-skills across trust, content
types, discoverability, and community.

Security (trust signal + useful):
- scripts/skill-audit.mjs scans skills/*/SKILL.md + each skill's scripts/ for
  prompt injection, exfiltration, dynamic code exec, destructive shell, secrets,
  and hidden text. HIGH fails CI (.github/workflows/skill-audit.yml) + a badge.
- New skill-security-auditor skill teaches the same review (production tier).

Content types:
- output-styles/ — 4 personas (Startup CTO, Growth Marketer, Solo Founder,
  Product Leader) as Claude Code output styles; --agent claude installs them too.
- ORCHESTRATION.md — Skill Chain / Multi-Agent Handoff / Domain Deep-Dive /
  Solo Sprint patterns.

Discoverability:
- scripts/build-docs.mjs generates a server-rendered, SEO-indexable
  web/catalog.html of all skills (built in the Pages deploy; gitignored).
  Linked from README + playground.

Community:
- ROADMAP.md (now/next/later + good-first-issues).

README badges/sections, TIERS (47 production), CHANGELOG, package.json files,
and exports/web index all updated. SkillCheck + security audit + exports verified.


Claude-Session: https://claude.ai/code/session_016JWn5jRD5tcEFKrubjQ6Px

Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
mohitagw15856
2026-06-18 08:09:14 +01:00
committed by GitHub
parent 32ff3a96ee
commit e9bc1d0626
33 changed files with 1050 additions and 32 deletions
+3
View File
@@ -38,6 +38,9 @@ jobs:
- name: Rebuild skills.json from SKILL.md files
run: node web/build-skills.mjs
- name: Build the static skill catalog (web/catalog.html)
run: node scripts/build-docs.mjs
- name: Configure Pages
uses: actions/configure-pages@v5
+31
View File
@@ -0,0 +1,31 @@
name: Skill Security Audit
# Scans installable skill content (skills/*/SKILL.md and each skill's scripts/)
# for prompt injection, data exfiltration, dynamic code execution, destructive
# shell, hardcoded secrets, and hidden text. Fails on HIGH-severity findings.
on:
push:
branches: [main]
paths:
- 'skills/**'
- 'scripts/skill-audit.mjs'
- '.github/workflows/skill-audit.yml'
pull_request:
paths:
- 'skills/**'
- 'scripts/skill-audit.mjs'
- '.github/workflows/skill-audit.yml'
jobs:
audit:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Node
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Run the skill security auditor
run: node scripts/skill-audit.mjs