Calif.io Skills

A Claude Code plugin marketplace from Calif.io providing skills and slash commands for AI-assisted security research and code auditing.

Installation

Add the marketplace once:

/plugin marketplace add califio/skills

Then browse and install plugins:

/plugin menu

Codex

A Codex-native skill tree lives at .codex/skills/ (symlinked to the same content used by the Claude plugins). Install with:

git clone https://github.com/califio/skills.git ~/.codex/califio-skills
~/.codex/califio-skills/.codex/scripts/install-for-codex.sh

See .codex/INSTALL.md for details.

Local development

To test changes locally, from the parent directory of this repo:

/plugin marketplace add ./skills

Available plugins

Code auditing

Plugin	Description
php-unserialize-audit	Audit PHP engine deserialization surface for UAF, type confusion, partial-object `__destruct`, signed-length heap overflow, and parse inconsistency

Contributing

New plugins are welcome. The repo follows the standard Claude Code plugin marketplace layout:

.claude-plugin/marketplace.json          # marketplace index — add an entry here
plugins/<plugin-name>/
  .claude-plugin/plugin.json             # plugin metadata
  skills/<skill-name>/SKILL.md           # the skill (Claude auto-loads by description)
  commands/<command-name>.md             # slash command (optional)
  agents/<agent-name>.md                 # subagents (optional)

A plugin can ship any combination of skills, commands, agents, and MCP servers. To add one:

Create plugins/<your-plugin>/ with the structure above.
Add an entry to .claude-plugin/marketplace.json.
Open a PR.

Help us improve

Find plugins for your project

Help us improve

php-unserialize-audit

Popularity

What's Inside

README

Calif.io Skills

Installation

Codex

Local development

Available plugins

Code auditing

Contributing

License

Help us improve

Health & Quality

Confidence

Similar Plugins

php

security-audit

security-agent

security-auditor

skill-improver

grimoire