ra-qm-skills

marco3939/claude_skill — Portable Claude Code skills template

A personal, cloud-shareable Claude Code skills repository. Combines my own skills with a security-audited mirror of the alirezarezvani/claude-skills marketplace (313+ skills across 59 plugins).

What's in here

• My skills (root level): algorithmic-art/, claude-api/, mcp-builder/, skill-creator/, pdf/, docx/, pptx/, xlsx/, webapp-testing/, theme-factory/, frontend-design/, canvas-design/, claude-canva-design/, slack-gif-creator/, web-artifacts-builder/, brand-guidelines/, doc-coauthoring/, internal-comms/, artfact-quiz/ — 19 hand-curated skills.
• Community marketplace (categorized folders): engineering/, engineering-team/, c-level-advisor/, marketing-skill/, compliance-os/, ra-qm-team/, product-team/, business-growth/, finance/, productivity/, project-management/, research/ — 59 installable plugins via the bundled marketplace.

Setup on a new machine

Prerequisite: install Claude Code CLI

# needs Node.js 18+
npm install -g @anthropic-ai/claude-code
# or download from https://claude.com/claude-code

macOS / Linux

git clone https://github.com/marco3939/claude_skill.git
cd claude_skill
bash scripts/setup-user-memory.sh   # one-time: adds discovery protocol to ~/.claude/CLAUDE.md + SessionStart hook to ~/.claude/settings.json
claude

Windows (PowerShell)

git clone https://github.com/marco3939/claude_skill.git
cd claude_skill
.\scripts\setup-user-memory.ps1     # native PowerShell version of the setup
claude

The .ps1 script is compatible with Windows PowerShell 5.1 and PowerShell 7+. If you get an execution-policy error, run Set-ExecutionPolicy -Scope CurrentUser RemoteSigned once.

Then, inside Claude Code (once per machine)

/plugin marketplace add marco3939/claude_skill

Install plugins per use case:

/plugin install engineering-skills@claude-code-skills
/plugin install c-level-skills@claude-code-skills
# ...etc — install whichever plugins you need

After running the setup script, every future Claude Code session — even in unrelated repos — starts with a compact marketplace summary injected and the discovery protocol active. Claude will proactively suggest the right plugin for whatever you're working on; you confirm, install, proceed.

How AI uses this repo

The CLAUDE.md at root tells Claude Code to check the marketplace first before writing code. When you ask it to do something domain-specific (build a React app, audit GDPR compliance, write a CFO memo), Claude will scan .claude-plugin/marketplace.json and suggest the relevant skill — you confirm, install, and proceed.

This is lazy-loading: you don't pre-install 59 plugins; Claude proposes what's relevant when relevant.

Security audit

The vendored upstream was audited on 2026-05-19 in an isolated sandbox before merging. Findings: no backdoors, no malicious payloads, no data exfiltration. Full checklist:

• ✅ No curl ... | bash patterns in install scripts
• ✅ No base64 -d | sh or eval/exec of dynamic strings
• ✅ Hooks are defensive (local-only warnings & logs)
• ✅ No suspicious binaries, no obfuscated code
• ✅ Network access limited to user-provided URLs in SEO/sitemap utilities
• ✅ MIT-licensed with clear ownership (Alireza Rezvani)
• ✅ Project ships its own AUDIT_REPORT.md, VirusTotal CI scan, and skill-security-audit workflow

What was not vendored: upstream's .git/, .github/workflows/ (kept this repo's own CI), .mcp.json (the tessl MCP server is a tooling-time dependency, not needed for end users), and the *.zip archives (they duplicate the unpacked skill folders).

Attribution

• Vendored skills: MIT © 2025 Alireza Rezvani — see LICENSE-CLAUDE-SKILLS and NOTICE.md.
• My own skills: see LICENSE.txt inside each skill folder.

Updating from upstream

To pull newer upstream content later:

git clone --depth 1 https://github.com/alirezarezvani/claude-skills.git /tmp/upstream
# review the diff, then selectively rsync/copy folders you want

Don't blind-copy without re-auditing — upstream may add new skills or hooks that need fresh review.