phamlongh230-lgtm
UserPersonal Agent OS for Claude Code — 46 hooks, 3501 skills, 97 agents. Blocks rm -rf, prompt injection, pipe-to-shell at runtime. Apache 2.0.
Categories
Indexed Skills (28)
accessibility-audit
Audit UI code for WCAG 2.1 AA compliance — color contrast, keyboard navigation, ARIA roles, focus management, and screen reader compatibility. Use when the user asks to "check accessibility", "make this accessible", "WCAG audit", "a11y review", or before marking any public-facing UI as done. Do NOT use for quick pre-delivery checks — use output-enforcement for that. This skill goes deeper: it covers ARIA semantics, focus order, and live regions.
adr-writing
Write and maintain Architecture Decision Records (ADRs) — when to write one, the standard format, status lifecycle, how to link related decisions, and how to surface ADRs in a codebase. Use when asked to "write an ADR", "document this decision", "architecture decision record", "why did we choose X over Y", or "we need a record of this choice". Do NOT use for: general documentation writing — ADRs are specifically for significant architecture decisions.
adversarial-prompt-testing
Test LLM applications for prompt injection, jailbreak, data exfiltration, and indirect injection attacks — attack taxonomy, test harness design, automated red-team probes, defense patterns, and evaluation rubrics. Use when asked about "prompt injection", "jailbreak", "LLM red team", "adversarial prompts", "indirect injection", "exfiltration via LLM", "test AI security", "LLM attack surface", "OWASP LLM Top 10", "system prompt leak", "prompt leaking", or "AI safety testing". Do NOT use for: traditional app security — see red-team-check or security-review. Do NOT use for: model alignment — focus is on app layer.
aesthetic-anchor
Lock a specific visual aesthetic before building UI — choose one of 8 design anchors (Swiss, Industrial, Brutalist, Aurora Maximalism, Chaotic Maximalism, Retro-Futuristic, Organic, Lo-Fi) and apply its palette, typography, and texture tokens consistently throughout the build. Use when the user says "make it look like X", names a visual style, wants a specific aesthetic mood, or asks to avoid generic AI output. Do NOT use when the project already has an established design system — apply that system instead.
agent-messaging-patterns
Wire inter-agent communication — signal files, shared state via files/KV, approval queues, budget delegation, capability passing, and broadcast/ subscribe patterns for agents running in parallel terminals or processes. Use when asked about "agents communicating", "agent signals", "how agent A tells agent B", "agent approval queue", "agent budget cap", "pass context between agents", "agent broadcast", "agent subscribe", "hcom", "inter-agent protocol", "agent pipeline", or "agent tool approval chain". Do NOT use for: git-based agent coordination — see git-native-agent-protocol. Do NOT use for: subagent spawning API — see subagent-dependency.
agent-safety-patterns
Design safe AI agent systems — capability restriction, sandboxed execution, human-in-the-loop gates, anomaly detection, rollback on unexpected behavior, blast radius limiting, and output verification before acting. Use when asked about "agent safety", "safe agent design", "AI agent guardrails", "capability restriction", "agent sandbox", "human approval gate", "agent rollback", "blast radius", "agent anomaly detection", "agent going off the rails", "agent verification", "principle of least capability", or "how to make an agent safe to run autonomously". Do NOT use for: prompt injection defense — see adversarial-prompt-testing. Do NOT use for: hook-based blocking — see hook-block-commands.
ai-team-workflow
Organize AI agents as a structured team — role assignment, proposal/vote/ review/ship cycle, cross-agent code review, consensus mechanisms, and escalation to human for deadlocks. Use when asked about "AI team", "agents working as a team", "multi-agent workflow", "agent roles", "agent review", "agents vote", "Hivemoot", "AI proposes and votes", "agent consensus", "agents reviewing each other's work", "define agent roles", "AI standup", or "autonomous team of agents". Do NOT use for: git-based task coordination — see git-native-agent-protocol. Do NOT use for: safety gates — see agent-safety-patterns.
animation-principles
Apply Disney's 12 animation principles to web and app interfaces — squash-and-stretch, anticipation, staging, follow-through, slow-in/slow-out, arcs, secondary action, timing, exaggeration, solid form, straight-ahead vs pose-to-pose, and appeal. Use when asked about "animation principles", "12 principles of animation", "Disney animation", "squash and stretch", "anticipation in UI", "follow through animation", "animation feels lifeless", "make animation feel natural", "physics-based animation", or "why does my animation feel robotic". Do NOT use for: animation performance fixes — see fixing-motion-performance. Do NOT use for: easing curves and duration — see motion-design.
api-rate-limiting
Design and implement API rate limiting — algorithm selection (token bucket, sliding window, fixed window), Redis-based distributed limiting, per-user and per-IP limits, rate limit headers, retry-after, and burst handling. Use when asked to "add rate limiting", "throttle requests", "too many requests", "429", "token bucket", "sliding window counter", "per-user quota", "API abuse", "burst traffic", or "rate limit this endpoint". Do NOT use for: load shedding at the infrastructure layer — that belongs in a load balancer or API gateway config, not application code.
apply-premium-background
CSS and Tailwind background effects — animated dots, grids, radial gradients, aurora blurs, mesh gradients, noise textures. Ibelick-style premium backgrounds for hero sections, cards, and full-page layouts.
ast-injection-scanner
Statically scan agent-generated JavaScript and shell scripts for dangerous patterns using AST analysis (acorn/swc). Detect eval(), process.env access, dynamic require(), child_process usage, and path traversal before code execution.
auth-patterns
Design authentication and authorization systems — JWT lifecycle, OAuth 2.0 / OIDC flows, token storage, refresh strategy, RBAC and ABAC permission models. Use when asked about "login flow", "JWT", "OAuth", "refresh token", "access control", "permissions", "RBAC", "who can see what", or "auth is broken". Do NOT use for: session-based auth vs token trade-off analysis (that's an architecture decision) or security penetration testing (use `red-team-check`).
auto-feedback-loop
Implement self-correcting agent loops — run tests, capture failures, feed error context back to the writing agent, and repeat until pass or max-attempts reached. Inspired by Microsoft AutoGen's multi-agent reflection pattern. Use when asked about "auto-feedback loop", "self-correcting agent", "AutoGen reflection", "agent retry on failure", "tdd feedback loop", "automatic fix loop", "agent keeps fixing until tests pass", "feedback-loop script", "run-until-green", or "agent self-correction". Do NOT use for: one-shot test runs — see tdd-workflow. Do NOT use for: multi-agent task assignment — see ai-team-workflow.
autonomous-patching-loop
Closed-loop scan → isolate → repair → verify cycle. Agent detects code vulnerabilities or test failures, creates an isolated fix branch, applies auto-remediation, runs the full test gate, and merges only on pass. Inspired by darrenburns/cliche error capture + marionevra/awesome-ai-agents-security playbooks.
baseline-ui
Establish CSS/Tailwind baseline quality — font smoothing, line-height defaults, box-sizing, focus rings, color contrast, Tailwind anti-patterns, and CSS containment. Use when asked to "set up CSS baseline", "Tailwind best practices", "fix font rendering", "global CSS foundation", "typography defaults", "CSS anti-patterns", "improve CSS quality", "line-height reset", "normalize styles", or reviewing a new project's base styles for correctness. Do NOT use for: full design system token architecture — see design-system-gen. Do NOT use for: component-level animation — see motion-design.
bft-consensus-patterns
Implement Byzantine Fault Tolerant voting for critical agent decisions. 3-of-N quorum for infrastructure writes, reputation-weighted voting, dual-verification pipelines, and automatic privilege demotion.
agno
Build production AI agents with Agno (formerly Phidata) — define Agent with model/tools/instructions/memory/knowledge, compose Agent Teams with coordinator routing, add Storage for persistence, and integrate RAG via built-in KnowledgeBase with PDF/URL/text sources.
ai-code-maintainability
Write production-safe code that survives maintenance — avoid the 15 patterns AI agents commonly generate that work on day 1 but break 3 months later; enforce error handling, logging, type safety, no magic values, and testable structure before writing any code.
api-design-patterns
REST API design — versioning, pagination, error responses, idempotency, rate limiting, OpenAPI spec
autogen
Build conversational multi-agent systems with AutoGen (AG2) — define AssistantAgent and UserProxyAgent, set up GroupChat with GroupChatManager for round-robin or auto routing, enable code execution, and compose nested chats or sequential pipelines.
blue-team-fix
Defensive response to red team security findings — analyze each vulnerability, propose a targeted fix, and add a test that covers the fix. Use when the user has a security finding list (from red-team-check or a manual audit) and wants to fix the vulnerabilities. Produces: root cause analysis, code fix, and test. Does not auto-apply fixes — proposes and waits for user approval per fix.
agenthub
Multi-agent collaboration plugin that spawns N parallel subagents competing on the same task via git worktree isolation. Agents work independently, results are evaluated by metric or LLM judge, and the best branch is merged. Use when: user wants multiple approaches tried in parallel — code optimization, content variation, research exploration, or any task that benefits from parallel competition. Requires: a git repo.
agent-introspection-debugging
Structured self-debugging workflow for AI agent failures using capture, diagnosis, contained recovery, and introspection reports.
api-design
REST API design patterns including resource naming, status codes, pagination, filtering, error responses, versioning, and rate limiting for production APIs.
arxiv-research
Use when asked to search for academic papers, find related work, look up research on a topic, or retrieve papers from arXiv. Triggers on: 'search papers', 'find papers about', 'arxiv search', 'academic search', 'find related work', 'research papers on', 'literature search', 'find studies on', 'tìm bài báo', 'tìm nghiên cứu', 'tìm paper về', 'tìm tài liệu học thuật'.
backend-patterns
Backend architecture patterns, API design, database optimization, and server-side best practices for Node.js, Express, and Next.js API routes.
branch-finish
Use when a development task is complete and ready to merge or close — before running git merge, git push, or closing a branch. Triggers on: 'I'm done', 'ready to merge', 'merge this', 'finish the branch', 'close the task'.
browser-use
Use when an AI agent needs to control a browser, automate web tasks, scrape pages, fill forms, or click buttons autonomously. Triggers on: 'browser automation', 'web agent', 'browser-use', 'AI browse', 'tự động duyệt web', 'điều khiển trình duyệt', 'scrape with AI', 'click button automatically', 'fill form automatically', 'web task automation'.
Bio shown is the top-scored skill's repo description as a fallback — real GitHub bios land in a future update.