marco3939/claude_skill — Portable Claude Code skills template
A personal, cloud-shareable Claude Code skills repository. Combines my own skills with a security-audited mirror of the alirezarezvani/claude-skills marketplace (313+ skills across 59 plugins).
What's in here
- My skills (root level):
algorithmic-art/, claude-api/, mcp-builder/, skill-creator/, pdf/, docx/, pptx/, xlsx/, webapp-testing/, theme-factory/, frontend-design/, canvas-design/, claude-canva-design/, slack-gif-creator/, web-artifacts-builder/, brand-guidelines/, doc-coauthoring/, internal-comms/, artfact-quiz/ — 19 hand-curated skills.
- Community marketplace (categorized folders):
engineering/, engineering-team/, c-level-advisor/, marketing-skill/, compliance-os/, ra-qm-team/, product-team/, business-growth/, finance/, productivity/, project-management/, research/ — 59 installable plugins via the bundled marketplace.
Setup on a new machine
Prerequisite: install Claude Code CLI
# needs Node.js 18+
npm install -g @anthropic-ai/claude-code
# or download from https://claude.com/claude-code
macOS / Linux
git clone https://github.com/marco3939/claude_skill.git
cd claude_skill
bash scripts/setup-user-memory.sh # one-time: adds discovery protocol to ~/.claude/CLAUDE.md + SessionStart hook to ~/.claude/settings.json
claude
Windows (PowerShell)
git clone https://github.com/marco3939/claude_skill.git
cd claude_skill
.\scripts\setup-user-memory.ps1 # native PowerShell version of the setup
claude
The .ps1 script is compatible with Windows PowerShell 5.1 and PowerShell 7+. If you get an execution-policy error, run Set-ExecutionPolicy -Scope CurrentUser RemoteSigned once.
Then, inside Claude Code (once per machine)
/plugin marketplace add marco3939/claude_skill
Install plugins per use case:
/plugin install engineering-skills@claude-code-skills
/plugin install c-level-skills@claude-code-skills
# ...etc — install whichever plugins you need
After running the setup script, every future Claude Code session — even in unrelated repos — starts with a compact marketplace summary injected and the discovery protocol active. Claude will proactively suggest the right plugin for whatever you're working on; you confirm, install, proceed.
How AI uses this repo
The CLAUDE.md at root tells Claude Code to check the marketplace first before writing code. When you ask it to do something domain-specific (build a React app, audit GDPR compliance, write a CFO memo), Claude will scan .claude-plugin/marketplace.json and suggest the relevant skill — you confirm, install, and proceed.
This is lazy-loading: you don't pre-install 59 plugins; Claude proposes what's relevant when relevant.
Security audit
The vendored upstream was audited on 2026-05-19 in an isolated sandbox before merging. Findings: no backdoors, no malicious payloads, no data exfiltration. Full checklist:
- ✅ No
curl ... | bash patterns in install scripts
- ✅ No
base64 -d | sh or eval/exec of dynamic strings
- ✅ Hooks are defensive (local-only warnings & logs)
- ✅ No suspicious binaries, no obfuscated code
- ✅ Network access limited to user-provided URLs in SEO/sitemap utilities
- ✅ MIT-licensed with clear ownership (Alireza Rezvani)
- ✅ Project ships its own
AUDIT_REPORT.md, VirusTotal CI scan, and skill-security-audit workflow
What was not vendored: upstream's .git/, .github/workflows/ (kept this repo's own CI), .mcp.json (the tessl MCP server is a tooling-time dependency, not needed for end users), and the *.zip archives (they duplicate the unpacked skill folders).
Attribution
- Vendored skills: MIT © 2025 Alireza Rezvani — see
LICENSE-CLAUDE-SKILLS and NOTICE.md.
- My own skills: see
LICENSE.txt inside each skill folder.
Updating from upstream
To pull newer upstream content later:
git clone --depth 1 https://github.com/alirezarezvani/claude-skills.git /tmp/upstream
# review the diff, then selectively rsync/copy folders you want
Don't blind-copy without re-auditing — upstream may add new skills or hooks that need fresh review.
