Reintroduce the Windows desktop E2E testing skill from stale PR #1334 with current manifest wiring, package publish coverage, catalog counts, and sanitized environment-path guidance.
Port the current-source-safe command documentation subset from stale PR #1687.\n\nEach copied command page maps to an English source file unchanged since the stale PR base; fastapi-review remains deferred because #1687 did not include a matching zh-CN translation.
Port the safe agent-documentation subset from stale PR #1687 after verifying each English source file is unchanged since the PR base.
Skip stale top-level operational docs and agent files whose English sources have changed.
Rebuild the useful homelab VLAN, DNS, and VPN planning surface from stale PR #1413 as a safety-first readiness checklist instead of raw router/firewall commands.
Sync the catalog count from 202 to 203 skills and include the skill in the devops-infra install module and npm publish surface.
- add a maintainer-reviewed MySQL/MariaDB production patterns skill based on PR #1727
- register the skill in database install module and npm publish allowlist
- sync catalog counts to 53 agents, 200 skills, and 69 commands
- add Vite and Redis pattern skills from closed stale PRs
- add frontend-slides support assets
- port skill-comply runner fixes and LLM prompt/provider regressions
- harden agent frontmatter validation and sync catalog counts
Port the safe, narrow pieces from contributor PR #1694 without taking the broad 11-skill rewrite.
- add drift-prone warnings to external research/media/API skills
- make search-first verify tool availability and use current agent naming
- remove unsafe in-memory rate limiter example from backend patterns
- tighten the CSP example in security-review
Validation: node scripts/ci/validate-skills.js --strict; npx markdownlint targeted skill files; node tests/ci/validators.test.js && node tests/ci/catalog.test.js; npm run lint; node tests/run-all.js
* feat(skills): add flox-environments skill
Add a skill for creating reproducible, cross-platform development
environments with Flox. Covers manifest structure, package installation
patterns, language-specific recipes (Python, Node, Rust, Go, C/C++),
hooks/profile configuration, anti-patterns, environment sharing, and
AI-assisted/vibe coding workflows.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(skills): address review feedback on flox-environments
- Add initdb guard to full-stack example so PostgreSQL works on first run
- Replace hardcoded /tmp path with mktemp in agent workflow snippet
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(skills): use variable for mktemp path in agent workflow
$_ resolves to the previous command's last argument (-c), not the
mktemp path. Use an explicit variable instead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Update skills/flox-environments/SKILL.md
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* feat: add ios-icon-gen skill for Xcode asset catalog icon generation
Add a skill that generates PNG icon imagesets (1x, 2x, 3x) for Xcode
asset catalogs from two sources:
- Iconify API: 275k+ open source icons from 200+ collections
(Material Design, Phosphor, Tabler, Lucide, etc.)
- SF Symbols: 5k+ Apple-native symbols (macOS only)
Includes search, preview, and generation scripts with customizable
size, color, weight, and direct output to asset catalogs.
* fix: address PR review feedback for ios-icon-gen skill
Security:
- Fix shell injection in iconify_gen.sh by passing query via sys.argv
instead of interpolating into Python string literal
Robustness:
- Replace all try!/force-unwrap with do/try/catch and guard let in
generate_icons.swift for graceful error handling
- Add option value validation (require_value/requireOptionValue) in
both scripts to prevent crashes on missing flag values
- Add curl timeouts (--connect-timeout 10, --max-time 30) to all
network calls
- Add sips conversion failure warnings instead of silent suppression
- Add error handling for curl in list_collections
Documentation:
- Rename SKILL.md sections to "When to Use", "How It Works", "Examples"
to match repo conventions
* fix: restore canonical SKILL.md headers and validate color/weight CLI inputs
- Revert SKILL.md section headers back to "When to Activate" and
"Core Principles" per CONTRIBUTING.md and SKILL-DEVELOPMENT-GUIDE.md
(the prior rename to "When to Use"/"How It Works" was incorrect)
- Validate --color as a 6-digit hex code at parse time instead of
silently falling back to the default gray
- Validate --weight against the known set of font weights instead of
silently falling back to thin
---------
Co-authored-by: Quang Tran <16215255+trmquang93@users.noreply.github.com>
* fix(ci): flag SKILL.md frontmatter defects in validate-skills
Issue #1663 reported two SKILL.md frontmatter defects (missing `name:`
on skill-stocktake; literal block-scalar `description: |-` on
openclaw-persona-forge) that PR #1664 addresses at the data level.
This change is complementary: it extends `scripts/ci/validate-skills.js`
to catch the same class of defect statically going forward, so the
frontmatter-vs-renderer problems do not silently reappear as new skills
land.
## Checks added
- Frontmatter must declare a `name:` field.
- Frontmatter `description:` must not use a literal block scalar
(`|` / `|-` / `|+`) — these preserve internal newlines and break
flat-table renderers keyed off `description`. Folded (`>`) and inline
strings are accepted.
## Behavior
- Frontmatter findings default to WARN (exit 0) so this PR does not
break CI while the two known offenders are still on main. Pass
`--strict` or set `CI_STRICT_SKILLS=1` to promote them to ERROR
(exit 1). Structural findings (missing / empty SKILL.md) remain
errors as before.
- Today against main, the validator reports exactly two warnings —
the same two files called out in #1663 — and exits 0. When #1664
lands, the validator reports zero warnings, at which point strict
mode can be enabled in CI.
## Parser notes
- Bespoke frontmatter parser mirrors the style of `validate-agents.js`
(tolerant of UTF-8 BOM and CRLF; no new npm dependency).
- Block-scalar continuation lines are skipped so keys inside a block
scalar are not mistaken for top-level keys.
- Hidden directories (`.something/`) under skills/ are now skipped.
## Tests
Adds five focused tests to `tests/ci/validators.test.js`:
- warns when frontmatter is missing `name` (default mode)
- errors when frontmatter is missing `name` (--strict mode)
- warns on literal block-scalar description (|-)
- accepts folded (>) and inline descriptions under --strict
- skips hidden directories under skills/
## Docs
Adds two bullets to the `Skill Checklist` in CONTRIBUTING.md covering
the two rules now surfaced by the validator.
Refs #1663. Complements (does not compete with) #1664.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(ci): harden SKILL.md frontmatter checks after bot review
Address findings from CodeRabbit, Greptile, and cubic on #1669:
- Guard empty or whitespace-only `name:` values. Previously
`name: ` silently passed because the presence check only
tested key-set membership; now inspectFrontmatter captures
trimmed values and validate flags an explicit 'name is empty'
WARN/ERROR.
- Broaden block-scalar detection to cover YAML 1.2 indent
indicators (`|2`, `|-2`, `>2-`) and trailing comments
(`|- # note`). The old regex required a bare `|`/`>` with
optional `+`/`-`, which let valid-but-disallowed forms slip
through.
- Update CONTRIBUTING.md checklist to list `|+` alongside `|`
and `|-` for parity with the validator.
- Extend runSkillsValidator to accept env overrides and add four
regression tests: empty name, |+ description, |-2 + comment, and
CI_STRICT_SKILLS=1.
* fix(ci): address round-2 review on validate-skills frontmatter
- Tighten extractFrontmatter closing delimiter to require a newline or
end-of-file after the closing `---`, so body lines beginning with
`---text` are not parsed as frontmatter (CodeRabbit).
- Strip both trailing and comment-only values in inspectFrontmatter, so
`name: # todo` is surfaced as empty rather than silently passing
(cubic P2).
- Extract validateSkillDir helper so the per-directory validation
block moves out of validateSkills, keeping both functions under the
50-line guideline (CodeRabbit nit).
- Hoist runSkillsValidator to module scope in the test harness and
share the spawnSync import with execFileSync so the helper stops
re-requiring child_process on every invocation (CodeRabbit nit).
- Add regression tests: comment-only `name:` values must fail strict
mode; `---trailing` body lines must not be parsed as frontmatter.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Update tests/ci/validators.test.js
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
