Skills
Powertools for coding agents: git workflows, GitHub automation, code quality, and project tooling. Each skill ships with modular, independently editable rules for deep, opinionated guidance.
Why These Skills
- Modular rules architecture — Each skill ships with standalone rule files in
rules/directories. Rules can be added, removed, or edited independently without touching the main skill logic. - Opinionated audit workflows — Skills like
security,github-actions,tailwind, andrefactorproduce structured severity-graded reports, then auto-fix issues. - GitLeaks built in — The
commit,security, andsetupskills all enforce GitLeaks secret detection as a first-class concern. - Convention-aware — Skills detect your project's existing conventions (language variant, commit format, package manager, project structure) and adapt automatically.
Skills
Install the plugin for your agent, then invoke skills through that agent's native skill or command interface.
Git
| Skill | Description |
|---|---|
| commit | Clean git commits with conventional commit detection and GitLeaks secret scanning |
| create-branch | Create and checkout a branch with naming validation and GitHub issue linking |
GitHub
| Skill | Description |
|---|---|
| create-pr | Push branch and create a pull request with structured description and auto-assignment |
| github-issues | Create, update, query, and comment on GitHub issues with MCP |
| github-actions | Create and audit GitHub Actions workflows with SHA pinning, permissions, and caching checks |
Code Quality
| Skill | Description |
|---|---|
| deps | Harden npm supply chain with .npmrc flags, version pinning, Renovate config, and CI audit workflows |
| refactor | Audit and refactor TypeScript/JavaScript code for dead code, deep nesting, type assertions, and design patterns |
| security | OWASP Top 10 security audit with GitLeaks secret detection and dependency vulnerability scanning |
| tailwind | Audit and fix Tailwind CSS v4 anti-patterns for spacing, 8px grid, mobile-first, and GPU animations |
| testing | Write and run tests with Vitest and React Testing Library for JS/TS projects |
Project
| Skill | Description |
|---|---|
| setup | Add Biome, Husky, commitlint, lint-staged, GitLeaks, and TypeScript to JS/TS projects |
| project-structure | Audit project directory structure for colocation, grouping, and anti-pattern detection |
| naming-format | Audit and fix filename and export naming conventions for consistency |
| update-project | Update and maintain CLAUDE.md, README.md, agents, skills, and rules to match current project state |
Agents
Agents invoke skills autonomously with an isolated worktree. Invoke with claude agent run <name>.
| Agent | Description |
|---|---|
| deps | Autonomous supply chain hardening — runs the deps skill in an isolated worktree and outputs a structured summary |
Installation
Claude Code Plugin
claude plugin install tartinerlabs/skills
Codex Plugin
This repository includes repo-scoped Codex plugin metadata in .codex-plugin/plugin.json and .agents/plugins/marketplace.json.
To use it in Codex:
- Open this repository in Codex
- Restart Codex if needed so it reloads the repo marketplace
- Open the plugin directory and install
tartinerlabsfrom the repo marketplace
Cursor Plugin
This repository includes Cursor plugin metadata in .cursor-plugin/plugin.json and .cursor-plugin/marketplace.json.
For local development, install the plugin with Cursor's plugin flow or copy the repository into Cursor's local plugin directory:
mkdir -p ~/.cursor/plugins/local
ln -s "$(pwd)" ~/.cursor/plugins/local/tartinerlabs