Agent Skills
Curated plugins for Claude Code - skills, hooks, and tools.
Quick Start
# Add the marketplace (once)
/plugin marketplace add https://github.com/andreasasprou/agent-skills
# Install plugins
/plugin install oracle@andreas-agent-skills
/plugin install safety-net@andreas-agent-skills
/plugin install opensrc@andreas-agent-skills
How It Works
Claude Code plugins extend the agent with skills (new capabilities) and hooks (intercept actions).
| Type | Purpose | Example |
|---|
| Skill | Add new commands/capabilities | Oracle adds /oracle for consulting GPT-5.2 |
| Hook | Intercept and validate actions | Safety-net blocks destructive commands |
Plugins
Oracle
Strategic technical advisor with two complementary modes for different types of questions.
Core Question: "Is the truth external, or is it in our code?"
| Mode | Model | Best For |
|---|
| Repo | GPT-5.2 xhigh (Codex SDK) | Exploring codebase, finding gaps, code review |
| Web | 5.2 Thinking (default) | Best practices, library comparisons, current docs |
| Web | GPT-5.2-pro (escalation) | Complex multi-source research |
Repo Mode - when the answer is in your codebase:
/oracle "What's causing the race condition in the queue processor?"
/oracle "Audit the blast radius before I refactor the payment service"
/oracle "Review the uncommitted changes for security issues"
Web Mode - when you need external knowledge:
/oracle "Drizzle vs Prisma for heavy read loads - what are teams saying?"
/oracle "Current security gotchas with Google OAuth?"
/oracle "Compare Socket.io vs Ably vs Pusher for a team of 3"
Both in Parallel - when comparing your code against current standards:
/oracle "Is our auth middleware following current OWASP guidelines?"
/oracle "Does our error handling match RFC 7807?"
Features:
- Repo mode: Codex SDK with read-only sandbox, explores files autonomously
- Web mode: @steipete/oracle with browser automation for Deep Research
- Intelligent routing based on question type
- Parallel execution for comprehensive analysis
- Asks clarifying questions when routing is unclear
Second Opinion Workflow:
Best practice: review diffs and tests, not raw code.
1. Primary agent writes code
2. Package context (diff + key files + test results)
3. Oracle reviews (bugs, edge cases, missing tests)
4. Apply fixes, run tests
5. Repeat until critique converges
Response Structure:
### Essential
- **Bottom Line**: Direct answer (1-2 sentences)
- **Action Plan**: Numbered next steps
- **Effort Estimate**: Quick (<1h) | Short (1-4h) | Medium (1-2d) | Large (3d+)
### Expanded (when relevant)
- **Reasoning**, **Trade-offs**, **Dependencies**
### Edge Cases (when applicable)
- **Escalation Triggers**, **Alternatives**, **Gotchas**
Safety Net
A PreToolUse hook that intercepts destructive commands before execution. 200+ dangerous patterns across 14 categories.
How it works:
- Intercepts every
Bash tool call
- Analyzes the command for destructive patterns
- Blocks (
deny) or warns (warn) based on severity
- Safe commands pass through silently
Coverage:
| Category | Blocked Examples |
|---|
| Filesystem | rm -rf /, rm -rf ~, find -delete |
| Git | git reset --hard, git push --force, git clean -fd, git stash clear |
| Docker | docker system prune, docker volume prune, docker rm -f, docker-compose down -v |
| Kubernetes | kubectl delete namespace, kubectl delete --all, kubectl drain, helm uninstall |
| Terraform | terraform destroy, terraform apply -auto-approve, terraform state rm |
| AWS | terminate-instances, delete-db-instance, s3 rb --force, s3 rm --recursive |
| Google Cloud | gcloud projects delete, gcloud compute instances delete, gsutil rm -r |
| Azure | az group delete, az vm delete, az storage account delete |
| Databases | DROP DATABASE, DROP TABLE, DELETE without WHERE, FLUSHALL |
| Pulumi | pulumi destroy, pulumi stack rm --force |
| Stripe | stripe delete --live, stripe refunds create --live |
| GitHub CLI | gh repo delete, gh release delete, gh secret delete |
| System | kill -9 1, dd of=/dev/sda, mkfs, chmod 777, shutdown |
| APIs | Linear GraphQL mutations, Datadog DELETE requests |
Cloud Provider Coverage:
AWS (verb-based classification)
Instead of maintaining allowlists, safety-net classifies AWS commands by verb:
