Skills Discovery
Find community skills and plugins, evaluate quality and safety before use.
<when_to_use>
- Searching for existing skills before building from scratch
- Evaluating community plugins for safety and quality
- Finding inspiration for skill design patterns
- Auditing plugins before installation
NOT for: creating new skills (use skills-dev), validating your own skills (use skills-dev)
</when_to_use>
Discovery Workflow
- Search — Find candidates via GitHub topics or code search
- Filter — Apply quality heuristics to shortlist
- Audit — Security review before installation
- Adapt — Customize or extract patterns for your use
GitHub Discovery
Topic Pages
High-signal discovery starting points:
| Topic | Content | URL |
|-------|---------|-----|
| claude-code-plugin | Plugins | https://github.com/topics/claude-code-plugin |
| claude-code-plugin-marketplace | Marketplaces | https://github.com/topics/claude-code-plugin-marketplace |
| claude-code-skills | Skill packs | https://github.com/topics/claude-code-skills |
| claude-code-skill | Individual skills | https://github.com/topics/claude-code-skill |
Code Search Patterns
Precise searches for specific artifacts:
# Find SKILL.md files in .claude/skills paths
filename:SKILL.md path:.claude/skills
# Find marketplace configurations
".claude-plugin/marketplace.json"
# Find plugin manifests
".claude-plugin/plugin.json"
# Find hook configurations
"PreToolUse" AND hooks
# Find skills with specific features
filename:SKILL.md "context: fork"
filename:SKILL.md "allowed-tools"
filename:SKILL.md "disable-model-invocation"
Recency Filters
Focus on actively maintained projects (adjust dates as needed):
# Updated in last 90 days (calculate: date -v-90d +%Y-%m-%d)
pushed:>YYYY-MM-DD
# Updated since plugins era (Oct 2025+)
pushed:>2025-10-01
Official Sources
| Source | Trust Level | Notes | |--------|-------------|-------| | anthropics/claude-plugins-official | High | Curated, reviewed | | agentskills/agentskills | High | Spec + reference skills | | platform.claude.com docs | High | Official patterns | | Community topics | Medium | Popularity ≠ quality | | "Awesome" lists | Low-Medium | Curated but not audited |
Quality Heuristics
Real Usage Signals
| Signal | Good | Suspicious | |--------|------|------------| | Updates | Recent commits, active issues | Stale for 6+ months | | Stars | Steady growth | Sudden spike (star farming) | | Issues/PRs | Open and being addressed | Many open, no responses | | Install docs | Uses official commands | "curl | bash" installs | | Dependencies | Minimal, explained | Many unexplained deps |
Content Quality
| Check | Good | Bad |
|-------|------|-----|
| Description | Clear WHAT + WHEN + TRIGGERS | Vague "helps with files" |
| allowed-tools | Minimal, justified | Full tool access |
| disable-model-invocation | Used for side effects | Missing for deploy/commit |
| Scripts | Documented, minimal | Obfuscated, complex |
| Hooks | Obvious purpose | Hidden network calls |
Marketplaces
| Good Sign | Red Flag | |-----------|----------| | Version pinning | Floating branches | | Listed sources visible | Opaque references | | Clear update policy | Silent auto-updates | | Curated with criteria | "Everything goes" |
Security Audit
Threat Model
Installing skills/plugins = running code. Treat with same care as npm packages.
| Surface | Risk | Mitigation |
|---------|------|------------|
| Skills with Bash | Command execution | Review allowed-tools |
| Hooks | Lifecycle interception | Review hook scripts |
| MCP servers | External connections | Review endpoints |
| Preprocessing ! | Shell before thinking | Review commands |
Audit Checklist
Before installing, review:
For Skills:
- [ ] Read SKILL.md frontmatter (
allowed-tools,disable-model-invocation) - [ ] Check for scripts/ directory — review any scripts
- [ ] Search for
!`preprocessing commands - [ ] Verify no secrets/credentials in files
For Plugins:
- [ ] Read .claude-plugin/plugin.json
- [ ] Check for hooks/ — review hook scripts
- [ ] Check for .mcp.json — review MCP endpoints
- [ ] Review all referenced skill SKILL.md files
For Hooks:
- [ ] Understand exit code semantics (0=allow, 2=block)
- [ ] Check for network calls in hook scripts
- [ ] Verify no data exfiltration patterns
Sandboxing
When running untrusted skills:
- Restrict tools — Start with minimal
allowed-tools, expand as needed - Isolate context — Use
context: forkto limit blast radius - Block side effects — Add
disable-model-invocation: trueinitially - Monitor first run — Watch tool calls on first execution
Safe First Run
# Test skill in restricted mode:
---
name: untrusted-skill-test
allowed-tools: Read, Grep, Glob # read-only first
context: fork # isolated
disable-model-invocation: true # explicit only
---
Expand permissions only after reviewing behavior.
Use Case Catalog
Common skill categories with examples (for inspiration, not endorsement):
Workflow Automation
| Pattern | What It Does | Key Features |
|---------|--------------|--------------|
| PR workflows | Summarize, review, update PRs | Preprocessing with gh |
| Issue pipelines | Triage → implement → ship | Artifact-based state |
| Release automation | Preflight → deploy → verify | Side-effect gates |
Code Quality
| Pattern | What It Does | Key Features | |---------|--------------|--------------| | Spec gates | Verify scope before coding | Fork for clean analysis | | Adversarial review | Security-focused code review | Threat model in artifacts | | Refactor loops | Safe read-only explore first | Tool restrictions |
Domain Skills
| Pattern | What It Does | Key Features | |---------|--------------|--------------| | Framework-specific | Rails, React, etc conventions | Nested skill discovery | | DB-aware | Schema injection for queries | Preprocessing with psql | | Platform integrations | Jira, Linear, GitHub | MCP or API wrappers |
Safety & Guardrails
| Pattern | What It Does | Key Features | |---------|--------------|--------------| | Safety nets | Block irreversible operations | PreToolUse hooks | | Hardstops | Require human acknowledgment | Exit code blocking | | Test gates | Enforce tests before commit | Hook enforcement |
Context Management
| Pattern | What It Does | Key Features | |---------|--------------|--------------| | Memory plugins | Persist across sessions | MCP-backed storage | | Context ledgers | Rolling state in files | Hook-driven updates | | Constraint files | Minimal "always load" context | Shared conventions |
Extraction Patterns
When you find a useful skill, extract patterns rather than copying wholesale:
- Identify the pattern — What makes it work?
- Adapt to your context — Match your conventions
- Minimize scope — Take only what you need
- Document provenance — Note where the pattern came from
ALWAYS:
- Verify recency (prefer active projects)
- Review security surfaces before install
- Start with restricted permissions
- Document what you installed and why
NEVER:
- Blindly install from unknown sources
- Trust stars as quality signal
- Run obfuscated scripts
- Skip hook script review
- discovery-patterns.md — Detailed GitHub search patterns
- security-checklist.md — Full audit checklist
- use-cases.md — Extended use case catalog