npx claudepluginhub ai-builder-team/ai-builder-plugin-marketplace --plugin mThis skill uses the workspace's default tool permissions.
Assess and fix a Claude Code skill so it works across repositories, machines, and users.
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
Assess and fix a Claude Code skill so it works across repositories, machines, and users.
$ARGUMENTS
Never edit files under ~/.claude/plugins/cache/ — that's a read-only installed copy.
To find the editable source, first figure out what kind of repo you're in. If the CWD path or directory name contains "plugin", "skills", or "marketplace", or there's a skills/ directory with skill folders in it, you're likely in a plugin or skills repo — search plugins/*/skills/*/SKILL.md and skills/*/SKILL.md relative to the repo root. If not found, check these fallbacks:
~/.claude/skills/<skill-name>/SKILL.md<project-root>/.claude/skills/<skill-name>/SKILL.mdOnce found, read the SKILL.md and every file in the skill directory (scripts/, reference/, docs/, assets/ etc.). Especially important are any paths referenced in the SKILL.md
Evaluate the skill against the 10 patterns below. For each, report:
Only detail WARN and FAIL items. Summarize PASS as a count.
Everything the skill needs lives inside its directory tree. No references to external scripts, configs, or assets that won't travel with it. No copying scripts to ~/bin or ~/.local/bin. No dependence on shell aliases, .bashrc, or profile modifications — scripts run non-interactively.
Check:
/usr/bin, /tmp, $HOME)cp, install, ln -s, mkdir -p ~/bin patternssource ~/.bashrc, source ~/.zshrc, or alias referencesAll paths derived from the environment — never hardcoded to a specific user's filesystem. SKILL.md references bundled scripts using relative paths from the skill directory root (e.g. scripts/foo.sh) — the agent resolves these automatically, no absolute paths needed. Reserve ${CLAUDE_PLUGIN_ROOT} for non-SKILL.md contexts (hooks, MCP configs, executed scripts). Shell scripts use $(dirname "$0") to find siblings, not bare ./ references. Temp files use mktemp with cleanup traps, not hardcoded /tmp/skillname-*.
Check:
/Users/<username>/, /home/<username>/, or any absolute path with a username~/.claude/skills/... or ${CLAUDE_PLUGIN_ROOT} paths that could be simple relative paths)source ./, cat ./ without a SCRIPT_DIR patternNames describe function, not the project. No product names, company names, or repo names in the skill name, script filenames, or user-facing strings — unless the skill genuinely exists to manage that specific tool.
Check: Scan skill name, filenames, SKILL.md content, and script content for project-specific names.
Anything that varies between projects (subdirectory names, start commands, env var names) must be configurable via arguments, env vars, or git config — with sensible defaults. Use existing config infrastructure (git config, env vars, project config files), don't invent new formats (.skillrc, .skill.conf). Precedence: CLI args > env vars > git config > skill defaults.
Check:
src/, backend/), start commands (npm run dev), or project-specific env vars that aren't parameterizedCheck for capabilities (command existence, lockfiles, file presence) rather than hardcoding specific tools or platform names. Detect the package manager from lockfiles instead of assuming npm. Check command -v instead of branching on uname.
Check:
npm, pnpm, bun, yarn without detection logicuname checks or OS-specific branches where capability checks would workDocument the contract: what tools, structure, or configuration must the host project have? Pin minimum versions for external tools (git, gh, jq, etc.). Don't pretend portability exists where it doesn't.
Check:
Running the skill twice must not break anything. Check before writing files. Check if servers are already running before starting them.
Check: Look for file writes without existence checks, server starts without port checks, or operations that would fail or corrupt on re-run.
No API keys, tokens, or passwords in skill files. Read from env vars or credential stores.
Check: Grep for strings that look like secrets. Check for .env files being created with hardcoded values.
SKILL.md orchestrates; scripts/ executes. Don't embed large code blocks (>20 lines) in SKILL.md when they should be extracted to scripts.
Check: Are there large inline code blocks that should be scripts?
If allowed-tools is set in the frontmatter, use wildcards that survive version bumps and path changes.
Check: Are tool patterns broad enough? Exact paths will break on updates.
Present findings as a table:
| # | Pattern | Status | Detail |
|---|---------|--------|--------|
| P01 | Self-contained bundling | PASS | — |
| P02 | Dynamic paths | FAIL | Hardcoded /Users/john/ on line 42 of scripts/setup.sh |
...
Then list the FAIL and WARN items with:
Ask the user: "Should I apply the fixes?" If yes, make all FAIL and WARN fixes using the Edit tool. After fixing, re-run the audit mentally to confirm all issues are resolved.
If the skill is inside a plugin marketplace repo, remind the user to bump the version and push (but do NOT do it automatically — the user may want to batch changes).