timwukp
User35 portable agent skills (Agent Skills spec) for Kiro & Claude Code: Scrum DevSecOps roles, PCI-DSS/MAS TRM compliance, AWS Well-Architected reviews — each with evals and a 4-layer tested methodology
Categories
Indexed Skills (35)
algorithmic-art
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.
api-design
Generates RESTful and GraphQL API designs with OpenAPI specs, proper resource naming, HTTP method usage, status codes, pagination, filtering, error responses, versioning strategies, and GraphQL schema patterns. Triggers on: "design API", "create API spec", "OpenAPI", "REST endpoint design", "GraphQL schema".
aws-well-architected-review
Reviews AWS architectures, IaC, and design docs against the AWS Well-Architected Framework's six pillars, producing a findings report with pillar-mapped risks (High/Medium) and concrete remediation. Loads only the pillars relevant to the change. Use for AWS architecture reviews, not generic code review. Triggers on: "well-architected review", "review this AWS architecture", "WAR review", "check this design against AWS best practices", "review my Terraform/CDK for AWS pitfalls", "is this architecture production-ready".
canvas-design
Create beautiful visual art in .png and .pdf documents using design philosophy. You should use this skill when the user asks to create a poster, piece of art, design, or other static piece. Create original visual designs, never copying existing artists' work to avoid copyright violations.
cicd-pipeline
Generates CI/CD pipeline configurations for GitHub Actions, GitLab CI, and AWS CodePipeline. Covers build, test, lint, security scanning, and deployment stages with caching and parallelism. Triggers on: "create CI/CD pipeline", "GitHub Actions workflow", "deployment pipeline", "automate build".
claude-api
Build apps with the Claude API or Anthropic SDK. TRIGGER when: code imports `anthropic`/`@anthropic-ai/sdk`/`claude_agent_sdk`, or user asks to use Claude API, Anthropic SDKs, or Agent SDK. DO NOT TRIGGER when: code imports `openai`/other AI SDK, general programming, or ML/data-science tasks.
code-review-assistant
Analyzes code changes for security vulnerabilities, performance issues, and maintainability concerns. Provides structured feedback with SOLID principle checks and anti-pattern detection. Triggers on: "review this code", "code review", "check my PR", "review my changes".
code-standards-adopter
Infers a codebase's implicit coding conventions (naming, structure, imports, comments, error handling) by analyzing the existing code, then makes them explicit: generates linter/formatter configs that match current reality, a conventions document, and agent steering rules so AI-written code blends in. Use when adopting AI coding tools on an existing codebase or onboarding to an unfamiliar team style. Triggers on: "match our coding style", "infer our conventions", "generate lint config from this codebase", "make the AI write code like our team", "extract our code standards", "set up steering rules from existing code".
database-schema-design
Designs normalized database schemas with migration scripts, indexing strategies, and relationship handling. Supports SQL, Flyway, Liquibase, and Prisma. Triggers on: "design database", "create schema", "database migration", "design tables".
docker-compose-generator
Generates multi-stage Dockerfiles and docker-compose configurations optimized for size, security, and development workflow. Covers common stacks including Node.js, Python, Java, and Go. Triggers on: "create Dockerfile", "docker-compose", "containerize", "docker setup".
frontend-design
Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, artifacts, posters, or applications (examples include websites, landing pages, dashboards, React components, HTML/CSS layouts, or when styling/beautifying any web UI). Generates creative, polished code and UI design that avoids generic AI aesthetics.
fsi-compliance-checker
Maps code, architecture, and infrastructure changes to specific control IDs in financial services compliance frameworks - PCI-DSS v4.0 for payment card data and MAS TRM for Singapore-regulated institutions - producing an audit-traceable findings report with per-control remediation. Use this instead of a general security review whenever a compliance framework (PCI-DSS, MAS TRM), regulator, audit, or cardholder-data scope is mentioned, even if the request is phrased as a code review or a yes/no compliance question. Triggers on: "PCI-DSS check", "MAS TRM", "is this compliant", "compliance review", "audit this change for banking regulations", "does logging this violate PCI", "cardholder data handling review".
git-workflow
Helps with git workflows including conventional commit messages, branching strategies, merge conflict resolution, and changelog generation. Triggers on: "git commit message", "branching strategy", "resolve conflict", "generate changelog".
java-unit-test-generator
Generates JUnit unit tests for Java classes with loop prevention and incremental generation. Triggers on: "generate unit tests", "create JUnit tests", "test Java class", "add test coverage".
kiro-project-setup
Helps users set up a complete Kiro project structure with steering files, skills directory, and proper configuration. Use when user says "set up kiro project", "initialize kiro", "create kiro structure", or "add kiro configuration".
legacy-code-testing
Adds tests to legacy code that has none, safely: characterization tests that pin current behavior (including bugs) before any refactoring, seam identification for breaking untestable dependencies, and a risk-ranked coverage strategy. Use for untested or inherited codebases. Triggers on: "add tests to legacy code", "this code has no tests", "characterization tests", "make this testable", "safe to refactor?", "pin down current behavior", "test this old module before we change it".
mcp-builder
Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).
python-project-setup
Sets up Python projects with modern tooling including pyproject.toml, linting with ruff, formatting, type checking with mypy or pyright, testing with pytest, and pre-commit hooks. Triggers on: "setup Python project", "create Python package", "python project structure", "pyproject.toml".
rest-api-test-generator
Generates REST API tests using RestAssured or MockMvc with loop prevention and incremental validation. Triggers on: "test API endpoints", "generate API tests", "test REST API", "create integration tests".
security-story-writing
Writes security user stories and security-aware acceptance criteria that fit a Scrum backlog, converting threats, scan findings, and compliance requirements into INVEST-compliant stories with Given/When/Then criteria and regression tests. Use this (not general story writing) whenever the story or criteria concern a security control, vulnerability, or compliance requirement. Triggers on: "write a security story", "security acceptance criteria", "acceptance criteria for rate limiting/auth/validation", "Given/When/Then for this security control", "turn this vulnerability into a backlog item", "convert these scan findings to stories".
selenium-ui-test-generator
Generates Selenium WebDriver tests for React/Angular front-ends with STRICT loop prevention. Triggers on: "test UI", "generate Selenium tests", "test React app", "create E2E tests", "test front-end". WARNING: UI tests cost 3x more than unit tests -- generate selectively.
slack-gif-creator
Knowledge and utilities for creating animated GIFs optimized for Slack. Provides constraints, validation tools, and animation concepts. Use when users request animated GIFs for Slack like "make me a GIF of X doing Y for Slack."
sprint-planning
Facilitates sprint planning with security debt baked in: capacity planning from rolling velocity, risk-weighted prioritization balancing feature value against security debt, commitment sizing, and a DevSecOps definition of done. For writing or refining the stories themselves, use user-story-writing instead. Triggers on: "plan the sprint", "sprint planning", "prioritize these stories", "how much can we commit", "balance security debt against features", "sprint capacity".
sprint-security-review
Prepares sprint review and retrospective materials that demonstrate security alongside features: green build reports aggregating SAST/DAST/dependency scan results, completed security story summaries, and security metrics trends. Triggers on: "prepare sprint review", "green build report", "security metrics for this sprint", "demo our security work", "sprint security summary", "retro on our pipeline".
terraform-module
Creates Terraform modules following AWS Well-Architected Framework best practices. Generates variable definitions, outputs, documentation, and module composition patterns for common AWS services including VPC, ECS, Lambda, RDS, and S3. Triggers on: "create Terraform module", "infrastructure as code", "IaC", "provision AWS resources".
theme-factory
Toolkit for styling artifacts with a theme. These artifacts can be slides, docs, reportings, HTML landing pages, etc. There are 10 pre-set themes with colors/fonts that you can apply to any artifact that has been creating, or can generate a new theme on-the-fly.
threat-modeling
Performs STRIDE threat modeling for features, APIs, and architecture changes, producing a threat model document with risk-rated threats, mitigations, and security stories ready for the backlog. Use during sprint planning or design review. Triggers on: "threat model", "STRIDE", "security risks of this feature", "what could go wrong with this design", "security review of architecture".
user-story-writing
Writes and refines user stories for product backlogs: splits epics into INVEST-compliant stories, drafts Given/When/Then and EARS-format acceptance criteria, and runs definition-of-ready checks. Triggers on: "write user stories", "split this epic", "acceptance criteria for", "refine this story", "is this story ready", "turn these requirements into stories".
web-artifacts-builder
Suite of tools for creating elaborate, multi-component claude.ai HTML artifacts using modern frontend web technologies (React, Tailwind CSS, shadcn/ui). Use for complex artifacts requiring state management, routing, or shadcn/ui components - not for simple single-file HTML/JSX artifacts.
webapp-testing
Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.
brand-guidelines
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
internal-comms
A set of resources to help me write all kinds of internal communications, using the formats that my company likes to use. Claude should use this skill whenever asked to write some sort of internal communications (status reports, leadership updates, 3P updates, company newsletters, FAQs, incident reports, project updates, etc.).
doc-coauthoring
Guide users through a structured workflow for co-authoring documentation. Use when user wants to write documentation, proposals, technical specs, decision docs, or similar structured content. This workflow helps users efficiently transfer context, refine content through iteration, and verify the doc works for readers. Trigger when user mentions writing docs, creating proposals, drafting specs, or similar documentation tasks.
skill-creator
Create new skills, modify and improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, update or optimize an existing skill, run evals to test a skill, benchmark skill performance with variance analysis, or optimize a skill's description for better triggering accuracy.
template-skill
Replace with a clear description of what this skill does and when the AI assistant should use it. Include trigger phrases like "when user says X" to help with activation.
Bio shown is the top-scored skill's repo description as a fallback — real GitHub bios land in a future update.