A ready-made library of 64 "skills" that teach Claude how to do real work for your team — code review, security audits, sales research, weekly status updates, and more. Includes a workflow orchestrator per department that chains the underlying skills into end-to-end flows, plus paired remediation skills in Security so findings get closed, not just reported.
You don't need to be an AI expert to use this. If you can copy and paste a command, you can install it. If you can send a message in a chat app, you can use the skills.
- What is this?
- At a glance
- What is a "skill"?
- Who is this for?
- What you need before you start
- See it in action — examples
- Install in 2 minutes
- What the installer actually does
- How to use a skill
- The 8 departments and 64 skills
- Customising skills for your team
- Works with Cursor, Gemini CLI, Codex CLI too
- FAQ
- Contributing
- License
This is a folder of text files that teach Claude (Anthropic's AI assistant) how to do specific tasks the way your team would want them done.
For example, you can install the code-review skill, then say to Claude "review this pull request" — and instead of giving you a generic AI answer, Claude will follow a structured checklist (security issues, performance problems, style issues, test gaps) and give you a review that looks like one a senior engineer would write.
We've written 64 of these skills across 8 departments (55 task skills, 9 workflow orchestrators; the Security department ships both scan/report skills and paired remediation skills plus a second orchestrator):
- 👩💻 Developers — review code, write tests, refactor safely, generate commit messages, debug, design APIs, write docs, bootstrap new projects
- 🔒 Security — run audits, scan for leaked secrets, check dependencies for known vulnerabilities, write pentest reports, scan containers, check SOC2 compliance
- 🚀 DevOps — deploy with canaries, generate CI/CD pipelines, write Terraform, build Helm charts, respond to incidents, find cloud cost waste
- 🛠 Infrastructure — set up Prometheus/Grafana, aggregate logs, manage SSL certs, diagnose network issues, design backups, check cluster health
- ✅ QA — generate Playwright/Cypress tests, audit API specs, measure Core Web Vitals, check WCAG accessibility, create test data, file bug reports
- 💼 Sales — research leads, analyse competitors, write proposals, draft outreach sequences, respond to RFPs, prep for meetings
- 📣 Marketing — write blog posts, draft social media, optimise for SEO, build email campaigns, monitor competitors, produce weekly analytics
- 📨 Internal comms — write weekly status updates, incident postmortems, meeting notes, changelogs, onboarding guides, announcements
Every skill is a plain Markdown file you can read, edit, and share.
A one-table summary of what this repo is and isn't, for readers who want the essence before reading further.
| Dimension | Details |
|---|---|
| Target user | A whole company adopting AI agents across multiple departments — not just engineering. |
| Scope | Engineering + Security + DevOps + Infrastructure + QA + Sales + Marketing + Internal Comms. |
| Org axis | Organised by department, not by role inside a single team. Each department has its own README, skills, and recommended workflow. |
| Skill count | 64 skills across 8 departments — 55 task skills plus 9 workflow orchestrators. Security ships scan/report and paired remediation halves (secrets, dependencies, code, containers, compliance) with two orchestrators for the scan pass and the close-out pass. |
| Skill format | SKILL.md files with YAML frontmatter (name, description). Claude auto-triggers the right skill by matching the description against your natural-language request — you don't have to memorise commands. |
| Workflow | Loose library plus one workflow orchestrator skill per department (e.g. full-security-audit, release-to-prod). Orchestrators chain the underlying skills and pass artifacts between them via produces: / consumes: frontmatter fields. Individual skills still work standalone. |
| Install | One command via the skillskit CLI — brew install skillskit on macOS/Linux, scoop install skillskit on Windows, or curl ... | sh. Then skillskit install all copies skills into ~/.claude/skills/. skillskit update re-syncs later; --host cursor|codex|gemini targets other AI tools. No daemons, no runtime, no background processes. Legacy git clone + ./install.sh path still works. |
| Tooling | Pure Markdown + a few helper shell scripts (security scans). No Node/Bun/Python runtime required. No custom browser. No server. No telemetry. |
| Model & tool support | Format-agnostic. First-class fit for Claude Code (auto-discovery from ~/.claude/skills/). Also usable in Cursor, Gemini CLI, Codex CLI, ChatGPT, or any LLM interface that can read a Markdown file. |
| Safety model | Every skill declares a safety: level in its frontmatter — safe, writes-local, writes-shared, or destructive — so tools reading the file can prompt before risky actions. Also relies on Claude Code's permission system (allow / ask / deny in .claude/settings.json). Skills encode boundaries in their Constraints section. |
| Stack handling | Stack-specific skills declare supported-stacks: in frontmatter (e.g. prometheus+grafana+k8s, github-actions, terraform). Their Procedure opens with a detection step using read-only commands, and a Constraints line forbids producing output for a stack outside the declared list. Opinionated once the stack is detected; fails loud if it isn't. |
| Philosophy | Codified expertise — hand the LLM your team's recipe card and let it auto-trigger. Every skill documents when to use it, the procedure a senior practitioner would follow, concrete examples, and what not to do. |
| Who it's for | Teams that want consistent output across many job functions — not solo builders shipping their own code, and not general-purpose prompt collections. |
| Distribution | MIT licensed. Clone, fork, customise, share. Skills are meant to be edited — the kit is a starting point for your team's own library. |
Think of a skill as a recipe card for Claude.
Without a skill, if you ask Claude "review this code," you'll get a generic answer that depends on its mood. With a skill, you've handed Claude a recipe card that says:
"When someone asks you to review code, do these 7 specific things, in this order, check for these 12 issues, write the output in this format, and don't do these 4 things."
The result is consistent output that matches how your team actually works.
A skill is just one file called SKILL.md with these sections:
- When to use — what triggers the skill
- Procedure — numbered steps Claude should follow
- Examples — what good output looks like
- Constraints — things Claude should not do
- Quality checks — how to verify the output is good
That's it. No code, no installation, no magic. Claude reads the file when you ask something that matches.
- Engineering teams who want consistent code reviews, test patterns, and deploy checklists.
- Security teams who want audit reports in the same format every time.
- Sales & marketing teams who want AI to research, draft, and report using their brand voice.
- Operations teams who want Claude to write their status updates, meeting notes, and postmortems.
- Startup founders who need one person to do the work of five — with AI doing the heavy drafting.
- Curious individuals who've heard about "AI agents" and want a concrete example they can try today.
If you've never written code before, you can still use the non-technical skills (sales, marketing, internal-comms) easily. The technical skills require a terminal and some familiarity with your codebase.
Just one thing: Claude Code.
Claude Code is Anthropic's free command-line tool that connects you to Claude. It's how skills get loaded and used.
Go to claude.com/code or run:
# macOS / Linux
curl -fsSL https://claude.ai/install.sh | bash
# Windows (PowerShell)
iwr https://claude.ai/install.ps1 -useb | iexThen sign in:
claudeThat's it. You now have Claude in your terminal. Try typing a question like "what's in this folder?" — Claude will answer.
Don't have a terminal? On macOS open "Terminal" (Cmd+Space, type "terminal"). On Windows open "PowerShell" (Start menu, type "powershell"). On Linux you already know.
The fastest way to understand what this kit actually does is to read a worked example. Every example is an end-to-end walkthrough showing the exact user prompt, which skill auto-triggered, what Claude did, and what files changed.
| Example | What it shows | Level | Read time | Run time |
|---|---|---|---|---|
| examples/simple-101 | Setup for Claude Code, the VS Code extension, GitHub Copilot, and Codex CLI. Then one skill ships a working /hello endpoint. Start here if you're new. |
Beginner | 5 min | 15 min |
| examples/developers | Full end-to-end flow on a real public repo (node-express-boilerplate): 9 skills, one shipped feature, one merged PR. | Intermediate | 15 min | 45 min |
See the examples/ README for the format, conventions, and how to contribute new examples.
You don't need to clone this repo. The skillskit CLI ships as a single cross-platform binary with every skill bundled in. Pick the install method that matches your setup:
brew tap tahirraufkeeyu/tap
brew install skillskitSame as above — Homebrew works on Linux too.
scoop bucket add skillskit https://github.com/tahirraufkeeyu/scoop-bucket
scoop install skillskitcurl -fsSL https://skillskit.dev/install | shIf skillskit.dev is unreachable (DNS, corporate firewall, or first-launch lag), the same script lives in the repo and can be run directly from raw GitHub:
curl -fsSL https://raw.githubusercontent.com/tahirraufkeeyu/software-development-agent-stack--sdas/main/scripts/install-remote.sh | shEither path resolves the latest GitHub Release, downloads the matching archive for your OS/arch, verifies its SHA256 against checksums.txt, and drops the binary on PATH.
iwr https://skillskit.dev/install.ps1 -useb | iexFallback (raw GitHub):
iwr https://raw.githubusercontent.com/tahirraufkeeyu/software-development-agent-stack--sdas/main/scripts/install-remote.ps1 -useb | iexEvery method above gives you a skillskit binary on your PATH. Install the skills themselves with:
skillskit install all # install every skill
skillskit install developers # install one department
skillskit install --host cursor all # target Cursor's rules dir instead
skillskit list # show what's installed
skillskit search "code review" # find skills by keyword
skillskit update # re-sync installed skills from the latest binaryThat's it. The next time you run claude, all 64 skills are available. Run skillskit --help for the full command list.
Skills are embedded in the binary, so upgrading the CLI upgrades the skills.
brew upgrade skillskit # Homebrew
scoop update skillskit # Scoop
skillskit update # then re-sync any already-installed skillsRe-run the one-line installer on systems without a package manager.
The legacy shell-script installer still works if you'd rather clone the repo:
git clone https://github.com/tahirraufkeeyu/software-development-agent-stack--sdas.git ~/sdas
cd ~/sdas
./install.sh allThis is unchanged from earlier versions of the kit — useful if you want to edit the skills locally in the clone and install from there, or if your environment can't download a prebuilt binary. For everyone else, brew install skillskit (or the curl one-liner) is faster and ships shell completions.
The CLI targets other AI tools too. Use --host to pick one:
skillskit install all # default: ~/.claude/skills/ (Claude Code)
skillskit install --host cursor all # writes to ./.cursor/rules/ (project-local)
skillskit install --host codex all # writes to ./.codex/skills/ (project-local)
skillskit install --host gemini all # writes to ~/.gemini/skills/All other flags compose with --host:
skillskit install --host cursor sales # just sales skills, into Cursor
skillskit install --host cursor --dry-run all # preview the Cursor install
skillskit update --host cursor # keep the Cursor install in syncOverride the default target directory per host with an env var: CLAUDE_SKILLS_DIR, CURSOR_RULES_DIR, CODEX_SKILLS_DIR, or GEMINI_SKILLS_DIR. Useful for monorepos where the .cursor/rules/ folder lives somewhere other than the current directory.
If you're wondering what skillskit install is doing to your computer, here's the plain-English version.
It copies files. That's all.
The skillskit binary has every skill bundled inside it (via Go embed). skillskit install all unpacks those embedded files into ~/.claude/skills/ — a folder Claude Code watches. When you start Claude, it reads every skill in that folder so they're ready to use.
- ❌ Does not run any of the scripts inside the skills (e.g. the security audit scripts stay inert until you run them manually).
- ❌ Does not install software, libraries, or dependencies.
- ❌ Does not access the internet (except
skillskit updatewhen you explicitly ask it to check for a new CLI version). - ❌ Does not require admin / root / sudo privileges.
- ❌ Does not modify your system configuration.
- ❌ Does not collect data or telemetry.
- For each skill folder bundled in the CLI binary, checks if a skill with the same name already exists in
~/.claude/skills/.- If yes, asks you before overwriting (defaults to "no, skip"). Use
--forceto overwrite without prompting. - If no, writes the folder into place.
- If yes, asks you before overwriting (defaults to "no, skip"). Use
- Prints a summary of what was installed and what was skipped.
Skip the CLI entirely — clone the repo and copy folders:
git clone https://github.com/tahirraufkeeyu/software-development-agent-stack--sdas.git
mkdir -p ~/.claude/skills
cp -R software-development-agent-stack--sdas/departments/developers/skills/* ~/.claude/skills/Same result.
CLAUDE_SKILLS_DIR=/custom/path skillskit install allUseful if you want to keep skills in a shared folder or sync them via Dropbox.
After installation, start Claude Code and just ask for what you want in plain English. Claude picks the right skill automatically.
You: Can you review the changes in my latest commit?
Claude: [auto-triggers code-review skill]
I'll review the diff against the structured checklist.
SECURITY
- Line 42: user input is concatenated into a SQL query.
Recommend parameterised query. (High severity)
PERFORMANCE
- Line 87: nested loop over all users × all orders. Likely
N+1 query. Consider a join. (Medium severity)
STYLE
- Line 15: function name `doStuff` is vague. Suggest `calculateTax`.
[... etc]
You: Draft my weekly status update. We shipped the new login page,
finished most of the mobile redesign, and the billing integration
is blocked on vendor API access.
Claude: [auto-triggers status-update skill]
Week of April 19
Shipped
- New login page — 18% faster TTI, replaces legacy flow
In flight
- Mobile redesign — 80% done, shipping Friday
Blocked
- Billing integration — waiting on vendor API access since Apr 14.
Ask: need @procurement to escalate.
[... etc]
You: Research Acme Corp for me before our call tomorrow.
Claude: [auto-triggers lead-research skill]
[searches web, reads their site, checks news]
Acme Corp — Company Brief
- Size: ~500 employees, $80M ARR estimated
- Stack: AWS, Shopify Plus, Snowflake
- Recent: Series C in Feb 2026, new CTO hired from Stripe
- Pain signals: 3 recent G2 reviews mention "slow checkout"
Outreach angles:
1. New CTO is reorganising — right moment for new tooling
2. Checkout speed pain aligns with our value prop
3. Snowflake users typically struggle with X — our integration helps
[... etc]
Each skill has a short description like:
"Use when someone asks to review code, review a pull request, or check a diff for issues."
Claude reads all these descriptions and matches them against what you're asking. You don't have to remember skill names — just describe what you want. If two skills could fit, Claude will pick the most specific one.
You: Use the pentest-report skill to format my scan results into a report.
| Department | Skills | Orchestrator(s) | One-line description |
|---|---|---|---|
| developers | 8 | ship-feature |
Code review, tests, refactoring, debug, commits, API design, docs, scaffolding |
| security | 11 | full-security-audit, full-security-remediation |
Scan half: audit, secret scan, CVE check, pentest report, container scan, SOC2. Remediation half: rotate secrets, upgrade deps, fix SAST/DAST, rebuild containers, close compliance gaps. |
| devops | 6 | release-to-prod |
Deploy, CI/CD YAML, Terraform, Helm, incidents, cost optimisation |
| infrastructure | 6 | infra-triage |
Monitoring, logs, SSL certs, network, backups, cluster health |
| qa | 6 | full-regression |
E2E tests, API tests, perf, accessibility, test data, bug reports |
| sales | 6 | outbound-sequence |
Lead research, competitive analysis, proposals, outreach, RFPs, meeting prep |
| marketing | 6 | marketing-weekly |
Content, social, SEO, email, competitor tracking, analytics |
| internal-comms | 6 | comms-weekly |
Status updates, postmortems, meeting notes, changelogs, onboarding, announcements |
The Skills column counts task skills. Every department ships at least one Orchestrator — a workflow skill that chains the task skills into an end-to-end flow (pre-commit gate, release audit, weekly cycle, …). Security ships two: one for the scan pass and one for the scan-and-close-out pass. Click any department above to see the full skill list, install instructions, and recommended workflows.
Every skill is a plain Markdown file. Edit them freely — this is the whole point.
After running skillskit install, your skills live at ~/.claude/skills/<skill-name>/SKILL.md.
Open one in any text editor:
# macOS/Linux
open ~/.claude/skills/code-review/SKILL.md
# or just any editor:
code ~/.claude/skills/code-review/SKILL.md- Swap vocabulary — if your team says "MR" (merge request) not "PR" (pull request), find/replace in the file.
- Add your coding standards — drop them in the
references/folder beside the skill and link from SKILL.md. - Change the output format — if your team uses a specific incident report template, replace the example in the
Examplessection. - Tighten when it triggers — edit the
description:line at the top. That's what Claude uses to decide whether to invoke the skill.
Option A — keep them in a team Git repo and use symlinks:
# instead of the installer, symlink each skill directory
ln -s /path/to/team-repo/code-review ~/.claude/skills/code-reviewOption B — fork this repo internally, put your changes in, and have everyone install from the fork.
These skills are written in plain Markdown, so they work with any AI tool that can read a file. Claude Code is the most natural fit (auto-discovery), but:
- Cursor — paste a SKILL.md into your
.cursorrulesor drop it into chat with@file. - Gemini CLI — point
--systemat the SKILL.md contents. - Codex CLI / GitHub Copilot Chat — copy SKILL.md into the system prompt or repo context.
- ChatGPT, Grok, any chat app — copy-paste the skill into the conversation as context.
You don't have to use Claude Code. The skills are the value; the tool is the delivery mechanism.
No. The sales, marketing, and internal-comms skills work fine without any coding knowledge — just install and start asking Claude things in plain English. The developer/security/devops skills are written for engineers.
Not by this repo. skillskit install only copies files locally. Whatever data-sharing policy applies to the AI tool you use (Claude Code, Cursor, etc.) is the same before and after you install skills.
Yes, this repo is free (MIT licensed). You'll pay for the AI tool you use Claude Code with — Anthropic has a free tier and paid tiers.
Yes. The skillskit CLI ships as a native Windows binary — no WSL, no Git Bash required:
scoop bucket add skillskit https://github.com/tahirraufkeeyu/scoop-bucket
scoop install skillskit
skillskit install allOr use the PowerShell one-liner: iwr https://skillskit.dev/install.ps1 -useb | iex.
skillskit install sets the executable bit on .sh and .py helpers automatically on macOS/Linux. If you copied skills into ~/.claude/skills/ manually (e.g. git clone + cp -r), Go's embed strips the executable bit on go install-style copies — run them with bash run-dast.sh, or restore the bit once:
chmod +x ~/.claude/skills/security-audit/scripts/*.sh \
~/.claude/skills/secret-scanner/scripts/*.shskillskit remove all # remove every SDAS-installed skill
skillskit remove <name> # remove a specific skill
skillskit remove developers # remove a whole departmentskillskit remove only touches skills it installed — your other skills, custom files, and tool settings are left alone. (To wipe ~/.claude/skills/ entirely you can rm -rf the folder, but that also removes any non-SDAS skills you have.)
Two things to check:
- Does the file exist?
ls ~/.claude/skills/— you should see the skill folder. - Is your request specific enough? Try naming the skill: "Use the
code-reviewskill to …".
You can also edit the description: field in the SKILL.md to include words you'd naturally use.
A skill is a reusable prompt that follows a rigorous structure, co-exists with reference material, and auto-triggers without you having to re-paste it every time. Writing a good skill is a few hours of thought. Writing the same good prompt every time is a few hours a week, forever.
Yes please! See CONTRIBUTING.md.
We want this to stay the highest-signal, most-practical skill collection on the web. If your team has a skill that makes real daily work better, open a PR.
See CONTRIBUTING.md for:
- The skill template.
- Style rules (no emojis in skills, no unexplained jargon, examples must be runnable).
- How to add a whole new department.
By participating you agree to our Code of Conduct. Please report security issues privately per the Security Policy — not as a public issue.
MIT. Use it, fork it, modify it, ship it. Attribution appreciated but not required. See LICENSE.
Skills here encode practices from: OWASP (security), Conventional Commits (commit-message), Keep a Changelog (changelog), Core Web Vitals (performance-test), WCAG 2.1 (accessibility-audit), Martin Fowler's Refactoring (refactor), RFC 7807 & Google AIPs (api-design), the SRE / DORA body of work (deploy, incident-response, cost-optimizer), and thousands of hours of practitioner experience across the teams who contributed.