By khendzel
Audit, repair, clean, secure, and discover Claude Code skills to maintain a healthy skill set. Includes health reports, auto-fix, token cost analysis, security scanning, search, and interactive triage.
Find new skills on GitHub or check a specific skill before installing. Use when the user wants to search for skills, evaluate a skill URL, check overlap with existing skills before installing, or compare a local skill against alternatives. Trigger with '/janitor-discover'.
Automatically fix skill problems (safe preview first). Also use with --prune to find and remove broken symlinks, empty directories, and orphaned skills. Trigger with '/janitor-fix'.
Full health check of all your skills in one report. Use when the user wants to check for errors, find duplicates, detect broken skills, or get a complete overview of skill health. Pass --brief for inventory only. Trigger with '/janitor-report'.
Heuristic security scan of installed skills — prompt-injection phrases, hidden unicode instructions, credential-store access, network-pipe-to-shell and payload-smuggling patterns. Use when the user asks 'are my skills safe', wants to scan skills for prompt injection or malware patterns, or before trusting a newly installed skill. Trigger with '/janitor-security'.
Tinder for your Claude Code skills. Reviews a sorted deck of every installed skill and lets you swipe keep / delete / skip on each one. Use when the user wants to bulk-clean their skill collection, triage unused skills, or do interactive skill cleanup. Trigger with '/janitor-swipe'.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimnpx claudepluginhub khendzel/skills-janitorBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Tinder for your Claude Code skills. Swipe through your collection and delete what's wasting context, in seconds.
Works with Claude Code and OpenAI Codex. 6 commands, zero dependencies.

New in v1.4:
/janitor-swipe. Every installed skill becomes a card, sorted heaviest-and-least-used first. Swipe left to delete, right to keep, down to skip. Most setups clear 30–40% of their skill token cost before the deck even ends. Jump to swipe →
Scans every place a skill lives: user, project, codex, and every skill installed via /plugin install. Surfaces duplicates, broken symlinks, and unused skills cluttering your context.
| Command | What it does |
|---|---|
/janitor-report | Health check: inventory, duplicates, broken skills. --brief for inventory only. |
/janitor-fix | Auto-fix issues. --prune removes broken symlinks and empty dirs. |
/janitor-value | Honest token costs (always-loaded descriptions vs on-demand bodies) + usage, skills and subagents. |
/janitor-security | Heuristic scan for prompt injection, hidden instructions, and dangerous script patterns. (v1.6+) |
/janitor-discover | Search GitHub for skills, or check a URL before installing — now including a pre-install security scan. |
/janitor-swipe | Interactive TUI — swipe keep/delete/skip on every installed skill, sorted most-likely-waste first. (v1.4+) |
Each has its own slash command. Or use natural language: "check my skills", "which skills are wasting context?", "find an n8n skill".
/plugin marketplace add khendzel/skills-janitor
/plugin install skills-janitor
Or via skills.sh:
npx skills add khendzel/skills-janitor
Or clone directly:
git clone https://github.com/khendzel/skills-janitor ~/.claude/skills/skills-janitor
A skill is text your agent trusts. Public research found prompt injection in roughly a third of tested community skills — so the janitor now scans for the known bad shapes: instruction-override phrases, "don't tell the user" directives, instructions hidden in HTML comments or zero-width unicode, smuggled base64 payloads, and scripts that pipe the network into a shell or read credential stores.
/janitor-security # audit everything installed
/janitor-discover <url> # overlap + security check BEFORE installing
Verdicts are honest heuristics (PASS / REVIEW / RISK): a RISK means "read this before trusting it", not "malware". Calibrated for low noise — on a real 178-skill machine it flags 2, both genuinely worth reading.
Tinder-style triage for your skill collection. The deck is sorted heaviest-and-least-used first, so most users hit ← delete through the top 5–10 cards and quit before reviewing everything.
!bash ~/.claude/skills/skills-janitor/scripts/swipe.sh
(The ! prefix runs in your terminal, not the Claude Code Bash tool — the TUI needs a real interactive stdin.)
Controls: ← delete, → keep, ↓ skip, u undo, i inspect full description, q quit.
Plugin skills are flagged for review (you can't rm individual plugin skills — they belong to a plugin). User-scope skills stage for actual deletion, applied on y confirmation at the end.
The duplicate detector now flags cross-scope overlaps that were invisible before:
=== Skills Janitor - Duplicate Detection ===
--- Description Overlap (Jaccard > 30%) ---
[98%] marketing-seo-audit <-> marketing-skills:seo-audit
Scopes: user / plugin
[100%] marketing-content-strategy <-> marketing-skills:content-strategy
Scopes: user / plugin
If you installed a plugin that re-implements a skill you already had standalone, v1.3 tells you. v1.2 couldn't, because it was blind to the plugin tree entirely.
The five v1.2 aliases were removed in v1.5. Renames:
| v1.2 | v1.3 |
|---|---|
/janitor-audit | /janitor-report --brief |
/janitor-usage | /janitor-value |
/janitor-tokens | /janitor-value |
/janitor-search | /janitor-discover |
/janitor-precheck | /janitor-discover <url> |
Full release notes: CHANGELOG.md.
Bash, Python 3, curl. No pip installs, no node modules.
PRs welcome. Each command is self-contained in skills/janitor-*/SKILL.md plus a sibling script in scripts/.
MIT
Track and analyze skill usage by AI agents, and clean up redundant or overlapping skills.
Create and validate production-grade agent skills with 100-point marketplace grading
Daymade skills core suite. Bundles skill creation, quality review, governance, and marketplace development tooling under one shared namespace. Existing-skill edits use an old-vs-new capability audit and content-bound packaging attestation so prompt compression cannot silently delete runtime contracts. When the official skill-creator plugin is also installed, skill-creator detects the coexistence and offers a consent-based, reversible SessionStart routing hook so the daymade edition wins deterministically; on machines without the official plugin nothing is ever installed.
Local-only skill quality and security evaluator for Claude Code/OpenClaw. Scores six dimensions, runs local validators, and stores reports and snapshots under .skill-compass/.
Self-evolving skill engine for Claude Code. Creates, scores, repairs, and hardens skills autonomously through recursive improvement cycles.
本地 skill 清理器。扫描广告导流、隐蔽商业意图、任务劫持、可疑外部调用与敏感数据读取;默认只出报告,确认后隔离问题 skill。