Configuration

shellcheck-configuration helps you install ShellCheck, tune .shellcheckrc, and apply lint policy for CI and Code Review across bash, sh, dash, and ksh projects.

The sast-configuration skill helps configure Semgrep, SonarQube, and CodeQL for real SAST workflows. Use it to plan install steps, CI/CD integration, custom rules, quality gates, and false-positive tuning for Security Audit and repo-specific scanning.

bash-defensive-patterns helps agents write safer Bash for production automation, CI/CD, and system scripts with strict mode, traps, cleanup, quoting, and input validation.

python-configuration helps design Python app config with environment variables, typed settings, and fail-fast startup validation. Use it to structure backend settings, adopt pydantic-settings, manage secrets safely, and handle environment-specific behavior.

python-project-structure helps you plan Python package layout, module boundaries, tests, and public APIs with __all__. Use it for new projects or refactors that need clearer structure and maintainable imports.

pro is a PUA extension skill for Workflow Automation that adds persistent state, compaction recovery, KPI reporting, weekly summaries, and leaderboard-style commands through the parent pua system.

setup-pre-commit helps add Husky pre-commit hooks with lint-staged and Prettier, detects the package manager, creates .husky/pre-commit and .lintstagedrc, and only adds typecheck or test commands when those scripts already exist.

git-guardrails-claude-code adds a Claude Code PreToolUse hook that blocks dangerous Git commands like push, reset --hard, clean -f, branch -D, checkout ., and restore . before execution. It supports project or global install, manual hook setup, executable script permissions, and behavior testing with the bundled shell script.

The configuring-hsm-for-key-storage skill explains HSM-backed key storage with PKCS#11, SoftHSM2, and production HSM options. Use this guide for install, usage, key attributes, token setup, signing, encryption, and Security Audit evidence.

The configuring-aws-verified-access-for-ztna skill helps you design and configure AWS Verified Access for VPN-less zero trust network access with identity and device posture checks in Cedar. Use this configuring-aws-verified-access-for-ztna guide for access control planning, trust providers, group policies, and endpoint setup.

The sharp-edges skill helps you find APIs, configs, and interfaces where the easy path leads to insecure use. Use it to review authentication flows, cryptographic wrappers, dangerous defaults, null or zero semantics, and misuse-prone design choices. It is a strong fit for sharp-edges for Security Audit work when you need concrete footguns, not generic security guesses.

The insecure-defaults skill helps spot fail-open configuration patterns that let software run with unsafe settings instead of stopping. Use it for a Security Audit of production code, deployment configs, and secret-handling logic to catch weak auth, hardcoded secrets, and permissive defaults.

azure-appconfiguration-ts skill for Azure App Configuration in TypeScript and JavaScript. Use it to install and use the SDK for backend development, including configuration settings, feature flags, Key Vault references, dynamic refresh, and centralized configuration management.

The azure-appconfiguration-py skill covers Azure App Configuration for Python apps, including centralized settings, feature flags, and runtime configuration changes. It is a strong fit for backend development when you need a clear install path, auth guidance, and practical usage patterns for Entra ID or connection string access.

azure-appconfiguration-java is an Azure App Configuration SDK for Java skill for backend development. It covers install, client creation, auth setup, configuration settings, feature flags, labels, snapshots, secret references, and error handling so you can move from setup to working usage faster.

The upgrading-expo skill helps you upgrade Expo SDK versions, run the right install and doctor commands, clear caches, and handle breaking changes like React 19, New Architecture, Native Tabs, and expo-av migrations.

expo-deployment helps ship Expo apps with EAS across iOS App Store, Google Play, web hosting, TestFlight, metadata, and CI/CD workflows.

expo-dev-client helps you decide if an Expo app needs a development client, then configure EAS and build locally or via TestFlight for native testing.

expo-tailwind-setup is a practical guide for installing and configuring Tailwind CSS v4 in Expo with react-native-css and NativeWind v5 for iOS, Android, and web.

obsidian-bases helps create and edit valid Obsidian .base files with YAML views, filters, formulas, properties, and summaries. Best for Knowledge Bases workflows where you need table, cards, list, or map views with less schema guesswork.

The credentials skill helps locate, identify, and normalize API keys and environment variables from centralized access files like Access.txt. Use it for credentials install, credentials usage, and workflow setup when secrets are stored in one place and need clear env var mapping.

varlock is a secure environment variable management skill for Claude Code workflows. It helps you work with secrets, API keys, credentials, and .env files without exposing values in terminals, logs, diffs, or model context. Use varlock when you need safe validation, masking, and guarded access control workflows.

netlify-config skill reference for writing and adjusting netlify.toml. Use it to configure builds, redirects, rewrites, headers, deploy contexts, environment variables, functions, and edge functions with less guesswork, especially for deployment changes where rule order and syntax matter.

running-claude-code-via-litellm-copilot shows how to route Claude Code through a local LiteLLM proxy to GitHub Copilot, align ANTHROPIC_BASE_URL and model names, verify localhost traffic, and troubleshoot 401/403, model-not-found, and proxy compatibility issues.