Curated plugins for Claude Code - skills, hooks, and tools
npx claudepluginhub andreasasprou/agent-skillsStrategic technical advisor with two modes. REPO MODE (gpt-5.2) explores your codebase to find gaps and review code. WEB MODE (5.2 Thinking / GPT-5.2-pro) researches external info like best practices and library comparisons. Run both in parallel to compare your implementation against current standards.
Block destructive shell commands before execution. Prevents rm -rf, git push --force, docker system prune, kubectl delete, terraform destroy, cloud deletions (AWS/GCP/Azure), database drops, and 200+ dangerous patterns.
Fetch npm package source code for deep implementation analysis
Claude Code marketplace entries for the plugin-safe Antigravity Awesome Skills library and its compatible editorial bundles.
Directory of popular Claude Code extensions including development tools, productivity plugins, and MCP integrations
No description available.
Curated plugins for Claude Code - skills, hooks, and tools.
# Add the marketplace (once)
/plugin marketplace add https://github.com/andreasasprou/agent-skills
# Install plugins
/plugin install oracle@andreas-agent-skills
/plugin install safety-net@andreas-agent-skills
/plugin install opensrc@andreas-agent-skills
Claude Code plugins extend the agent with skills (new capabilities) and hooks (intercept actions).
| Type | Purpose | Example |
|---|---|---|
| Skill | Add new commands/capabilities | Oracle adds /oracle for consulting GPT-5.2 |
| Hook | Intercept and validate actions | Safety-net blocks destructive commands |
Strategic technical advisor with two complementary modes for different types of questions.
Core Question: "Is the truth external, or is it in our code?"
| Mode | Model | Best For |
|---|---|---|
| Repo | GPT-5.2 xhigh (Codex SDK) | Exploring codebase, finding gaps, code review |
| Web | 5.2 Thinking (default) | Best practices, library comparisons, current docs |
| Web | GPT-5.2-pro (escalation) | Complex multi-source research |
Repo Mode - when the answer is in your codebase:
/oracle "What's causing the race condition in the queue processor?"
/oracle "Audit the blast radius before I refactor the payment service"
/oracle "Review the uncommitted changes for security issues"
Web Mode - when you need external knowledge:
/oracle "Drizzle vs Prisma for heavy read loads - what are teams saying?"
/oracle "Current security gotchas with Google OAuth?"
/oracle "Compare Socket.io vs Ably vs Pusher for a team of 3"
Both in Parallel - when comparing your code against current standards:
/oracle "Is our auth middleware following current OWASP guidelines?"
/oracle "Does our error handling match RFC 7807?"
Features:
Second Opinion Workflow:
Best practice: review diffs and tests, not raw code.
1. Primary agent writes code
2. Package context (diff + key files + test results)
3. Oracle reviews (bugs, edge cases, missing tests)
4. Apply fixes, run tests
5. Repeat until critique converges
Response Structure:
### Essential
- **Bottom Line**: Direct answer (1-2 sentences)
- **Action Plan**: Numbered next steps
- **Effort Estimate**: Quick (<1h) | Short (1-4h) | Medium (1-2d) | Large (3d+)
### Expanded (when relevant)
- **Reasoning**, **Trade-offs**, **Dependencies**
### Edge Cases (when applicable)
- **Escalation Triggers**, **Alternatives**, **Gotchas**
A PreToolUse hook that intercepts destructive commands before execution. 200+ dangerous patterns across 14 categories.
How it works:
Bash tool calldeny) or warns (warn) based on severityCoverage:
| Category | Blocked Examples |
|---|---|
| Filesystem | rm -rf /, rm -rf ~, find -delete |
| Git | git reset --hard, git push --force, git clean -fd, git stash clear |
| Docker | docker system prune, docker volume prune, docker rm -f, docker-compose down -v |
| Kubernetes | kubectl delete namespace, kubectl delete --all, kubectl drain, helm uninstall |
| Terraform | terraform destroy, terraform apply -auto-approve, terraform state rm |
| AWS | terminate-instances, delete-db-instance, s3 rb --force, s3 rm --recursive |
| Google Cloud | gcloud projects delete, gcloud compute instances delete, gsutil rm -r |
| Azure | az group delete, az vm delete, az storage account delete |
| Databases | DROP DATABASE, DROP TABLE, DELETE without WHERE, FLUSHALL |
| Pulumi | pulumi destroy, pulumi stack rm --force |
| Stripe | stripe delete --live, stripe refunds create --live |
| GitHub CLI | gh repo delete, gh release delete, gh secret delete |
| System | kill -9 1, dd of=/dev/sda, mkfs, chmod 777, shutdown |
| APIs | Linear GraphQL mutations, Datadog DELETE requests |
Cloud Provider Coverage:
Instead of maintaining allowlists, safety-net classifies AWS commands by verb: