skills for everythingedge-case-discovery
Use when user requests exhaustive edge case analysis. Enforces TodoWrite with 15+ items (5 categories). Triggers: "all edge cases", "what could break", "bulletproof", "failure modes". If thinking "main path is sufficient" - use this.
SKILL.md
| Name | edge-case-discovery |
| Description | Use when user requests exhaustive edge case analysis. Enforces TodoWrite with 15+ items (5 categories). Triggers: "all edge cases", "what could break", "bulletproof", "failure modes". If thinking "main path is sufficient" - use this. |
Claude Templates
WARNING: This project is designed for use in sandboxed environments only.
A curated setup for Claude Code combining plugins (from the Claude marketplace) and skills (from skills.sh) with sandbox safety guards. Designed for YOLO mode (--dangerously-skip-permissions).
NOTE: This may be updated at any time as I tweak things to fit my own workflows, so I recommend you to fork it and adapt it to your own usage patterns.
Quick Start
git clone https://github.com/pvillega/claude-templates.git
cd claude-templates
# Installs plugins, skills, and default settings
./install.sh
# Run Claude (added as an alias to your ~/.bashrc or ~/.zshrc)
cl
To update all installed plugins, skills, and tools to their latest versions:
./update.sh
To completely remove everything installed by this project:
./uninstall.sh
If you do not use Bash or Zsh, you can set up the alias manually:
alias cl='claude --dangerously-skip-permissions'
Prerequisites
The installer requires the following to be available before running:
- curl — for downloading installers
- npm — for installing Node.js-based tools and skills
- Homebrew — package manager for CLI tools (macOS and Linux)
- Docker (optional) — required by some security skills (not installed by the installer)
Homebrew is available on both macOS and Linux. To install:
# macOS and Linux
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
For Linux-specific instructions, see Homebrew on Linux.
About Safety
Using agents without restrictions on tools poses some dangers. It could impact files outside your workspace, potentially damaging your system. Or it can exfiltrate data.
As a consequence, using Claude Code from your local environment by itself is risky. At this point in time there are multiple alternatives, so this template doesn't enforce any preferences.
What it does, though, is to restrict very dangerous commands (like git push --force).
Setup
The install.sh script installs plugins, skills, sandbox settings, and marketplace configuration. Run it from the repository root:
./install.sh
Use --clean for a fresh install when you want to remove stale configuration that might not be properly overridden. The --dry-run flag lets you preview what would be deleted before committing.
Optional Tools
At the end of every install, install.sh scans tools/optional/*.sh and offers a numbered menu of opt-in installers. Non-interactive runs honour INSTALL_OPTIONAL=all|<csv>|<empty> (e.g. INSTALL_OPTIONAL=lean,postgres_mcp ./install.sh). Failures in an optional installer warn but never abort the main install.
Currently shipped:
| Script | What it installs | Notes |
|---|---|---|
tools/optional/lean.sh | lean-lsp-mcp at user scope + cameronfreer/lean4-skills marketplace + lean4 plugin + lake build PostToolUse hook | For Lean 4 projects. Requires uv + rg + jq + claude on PATH. Hook only fires when a lakefile.lean is present. |
tools/optional/postgres_mcp.sh | Prereq check + uvx cache pre-warm for postgres-mcp | Does not register the MCP at user scope (load-in-every-project cost). Prints the exact claude mcp add --scope local command and DATABASE_URI convention for per-project opt-in. |
API Keys
Tavily requires an API key. You can configure it via:
- Tavily CLI login (recommended): Run
tvly login --api-key $(echo $TAVILY_API_KEY)to authenticate using your API key. - Shell export: Add
export TAVILY_API_KEY=...to your shell profile.
Plugins
Plugins are installed from the Claude marketplace. They provide commands, agents, skills, and MCP server configurations.
| Plugin | Provides | Description | Trigger |
|---|---|---|---|
| Superpowers | 14 skills, 1 agent | Structured dev workflows: TDD, debugging, brainstorming, planning, worktrees, code review | /brainstorming, /tdd, auto |
| Frontend Design | 1 skill | Production-grade frontend UI generation with bold aesthetic choices | Automatic on UI work |
| Code Review | 5 agents, 1 command | PR analysis with five parallel agents checking compliance, bugs, and git history | /code-review |
| Security Guidance | 1 hook | PreToolUse hook warning about security vulnerabilities on file edits (injection, XSS) | Automatic (pre-Edit/Write) |
| Commit Commands | 3 commands | Git commit, push, PR creation with style analysis; branch cleanup | /commit, /commit-push-pr, /clean_gone |
| Claude Code Setup | 1 skill | Recommends tailored automations (MCP servers, skills, hooks, subagents) for a project | recommend automations |
| Hookify | 1 skill, 1 agent, 4 commands | Create custom hooks from natural language or conversation analysis | /hookify, /hookify:list |
| Skill Creator | 1 skill | Create, modify, and measure skill performance with evals and variance analysis | /skill-creator |
| Engram | 1 skill, MCP server | Persistent memory across sessions via SQLite + FTS5. Disables built-in auto-memory (autoMemoryEnabled: false) — engram's selective retrieval and automatic decay make it the better choice. | mem_save, mem_search (auto + manual) |
The ct plugin (from this repo) adds 47 skills and 7 agents covering two layers: (a) workflow skills for code quality, security, refactoring, and triage; and (b) deep-operational guides for languages (Go, Rust, C, Python/uv, Bash), infra (Kubernetes, ArgoCD, Terraform, Docker BuildKit, GitHub Actions, Traefik, systemd, Hetzner, Coolify), data stores (Postgres, Redis, SQLite WAL, vector search), observability (Grafana, OpenTelemetry), security/networking (secrets-management, TLS/openssl), and ML (PyTorch, CUDA, fine-tuning, LLM inference, RAG, classical/DL/time-series ML). The deep-operational skills load only on incident-diagnosis or runtime-tuning keywords, not day-to-day usage. See SKILLS.md for the complete list. Some skills and agents were adapted from channingwalton/dotfiles.
CLI Tools
The installer sets up the following CLI tools, used by Claude Code for enhanced capabilities:
| Tool | Description | Install Method |
|---|---|---|
| Claude Code | Anthropic's AI coding assistant | Native installer |
| jq | JSON processor for config merging | Homebrew |
| fd | Fast find alternative (aliased as find) | Homebrew |
| ripgrep | Fast grep alternative (aliased as grep) | Homebrew |
| rtk | Token-optimized CLI proxy (60-90% savings) | Homebrew |
| gh | GitHub CLI for PR/issue management | Homebrew |
| Tavily CLI | AI-optimized web search | Native installer |
| jscpd | Copy/paste detection | npm |
| Context7 CLI | Library documentation fetcher | npm |
| agent-browser | AI-first browser automation (50+ commands) | npm + browser install |
| Engram | Persistent memory for AI agents (SQLite + FTS5) | Homebrew |
| Gabb | Local code indexer for semantic code understanding (MCP server) | Homebrew |
| uv | Fast Python package/project manager (required by optional lean-lsp-mcp and postgres-mcp) | Homebrew |
| tac | Reverse-cat used by anti-rationalization hook (macOS only — Linux ships it via coreutils) | Homebrew (coreutils) |
| axe-core CLI + Pa11y | WCAG accessibility auditing (runtime + batch) | npm |
| Nuclei + ZAP | DAST security scanning (fast + deep) | Homebrew + Docker |
| Semgrep | OSS SAST scanner (PostToolUse security scanning via ct plugin hook) | Homebrew |
| Gitleaks | Secret detection via global git pre-commit hook | Homebrew |
Tools are configured in the TOOLS array in config.sh. Each tool has an install, update, and uninstall script in the tools/ directory.
Security Scanning
Two layers of automated security scanning are installed:
Semgrep (Claude Code PostToolUse hook via ct plugin) — scans every file after Claude edits it using Semgrep OSS with community rules (~2,800 rules, no account required). The hook runs semgrep scan on changed files only, blocking further edits until issues are resolved. Skippable via SKIP_SEMGREP=1 environment variable.
Gitleaks (git pre-commit hook) — scans staged changes for secrets before every git commit. Defense-in-depth alongside Semgrep Secrets. Skip with SKIP_GITLEAKS=1 git commit -m "...".
Note: The global git hooks path (
core.hooksPath) is set to~/.git-hooks/. This overrides per-repo.git/hooks/directories, but the hook script chains to repo-local hooks as a fallback. If you use the pre-commit framework in some repos, the chain-through ensures those hooks still run.
Skills
This template provides 79 skills total — 66 from plugins (Superpowers 14, CT 47, plus Frontend Design, Claude Code Setup, Hookify, Skill Creator, Engram) and 13 global skills from skills.sh + tools:
| Category | Count | Sources | Highlights |
|---|---|---|---|
| Code Quality & Review | 4 | getsentry/skills | find-bugs, security-review, GHA security, skill-scanner |
| Web Research & Documentation | 3 | tavily-ai, upstash/context7 | tavily-cli, tavily-map, library docs |
| Browser Automation | 2 | vercel-labs | agent-browser, dogfood (QA) |
| Knowledge Management | 2 | kepano/obsidian-skills | Obsidian CLI, markdown |
| UI Components | 1 | shadcn/ui | Component management and debugging |
| Code Navigation | 1 | gabb-software | Semantic file exploration |
See SKILLS.md for the complete inventory and WORKFLOWS.md for task-driven usage guidance.
Skills are installed globally (-g) so they are available in all projects. To add more, edit the SKILLS array in config.sh or install manually:
npx skills add <owner/repo> -g --all
Browse available skills at skills.sh.
LSP Integration
Claude Code supports Language Server Protocol for code intelligence (go-to-definition, find-references, diagnostics, etc.). This is highly recommended for effective code navigation and analysis.
Install the plugin and language server for each language you use:
Official Plugins (claude-plugins-official)
| Language | Plugin Install | Language Server Install |
|---|---|---|
| TypeScript/JS | claude plugin install typescript-lsp@claude-plugins-official | npm install -g typescript-language-server typescript |
| Python | claude plugin install pyright-lsp@claude-plugins-official | npm install -g pyright |
| Go | claude plugin install gopls-lsp@claude-plugins-official | go install golang.org/x/tools/gopls@latest |
| Rust | claude plugin install rust-analyzer-lsp@claude-plugins-official | rustup component add rust-analyzer |
| C/C++ | claude plugin install clangd-lsp@claude-plugins-official | brew install llvm (or sudo apt install clangd) |
| Java | claude plugin install jdtls-lsp@claude-plugins-official | brew install jdtls (requires JDK 21+) |
| C# | claude plugin install csharp-lsp@claude-plugins-official | dotnet tool install --global csharp-ls |
| Ruby | claude plugin install ruby-lsp@claude-plugins-official | gem install ruby-lsp (requires Ruby 3.0+) |
| PHP | claude plugin install php-lsp@claude-plugins-official | npm install -g intelephense |
| Kotlin | claude plugin install kotlin-lsp@claude-plugins-official | brew install kotlin-language-server |
| Lua | claude plugin install lua-lsp@claude-plugins-official | brew install lua-language-server |
| Swift | claude plugin install swift-lsp@claude-plugins-official | Included with Xcode (or brew install swift) |
Community / Third-Party Plugins
These languages have LSP servers but no official Claude plugin. Use third-party marketplaces or community plugins instead.
| Language | Plugin Source | Language Server Install | Notes |
|---|---|---|---|
| Scala | Piebald-AI/claude-code-lsps (Metals) | cs install metals | Requires Coursier: brew install coursier/formulas/coursier && cs setup. JDK 11+ needed. |
| Haskell | m4dc4p/claude-hls (community) | ghcup install hls | Requires GHCup: curl --proto '=https' --tlsv1.2 -sSf https://get-ghcup.haskell.org | sh. HLS must match your GHC version. |
| OCaml | Piebald-AI/claude-code-lsps or boostvolt/claude-code-lsps | opam install ocaml-lsp-server | Requires opam: brew install opam && opam init. Install in the same opam switch as your project. |
| Unison | No plugin available yet | brew install unisonweb/unison/ucm | LSP is built into UCM. Run ucm lsp to start the language server. Feature coverage is still evolving. |
To use third-party marketplaces, add them first:
claude plugin marketplace add Piebald-AI/claude-code-lsps
claude plugin marketplace add boostvolt/claude-code-lsps
After installing, restart Claude Code. Verify with: check ~/.claude/debug/latest for Total LSP servers loaded: N.
Agent Teams
The sandbox settings enable the experimental Agent Teams feature (CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS), which allows Claude to coordinate multiple agents working together on complex tasks.
Thinking Configuration
The sandbox settings configure extended thinking for maximum depth:
| Setting | Value | Effect |
|---|---|---|
alwaysThinkingEnabled | true | Extended thinking is always on — Claude never skips the thinking step |
effortLevel | "high" | Default effort level is high (equivalent to /effort high every session) |
Together these ensure Claude always thinks deeply, regardless of perceived task complexity. To temporarily lower effort in a session, use /effort medium or /effort low.
Note: There is a tier above
highcalled ultrathink, which triggers max-level thinking for that single turn. It is activated per-turn by including "ultrathink" or "megathink" in your prompt, without changing your persistent effort setting.
Status Line
A custom status line script (templates/statusline.sh) is installed to ~/.claude/statusline.sh and configured via sandbox-settings.json. It displays up to three lines:
| Line | Content | Details |
|---|---|---|
| 1 | 📁 folder │ 🌿 branch │ 💭 mode | Current directory, git branch, thinking mode |
| 2 | Model │ ▓▓▓░░░░░ 15% [1M] │ 5h: 12% │ 7d: 8% | Model name, context usage bar, 5-hour and 7-day rate limits |
| 3 | 🤖 agent │ 🌳 worktree (branch) | Only shown when an agent or worktree is active |
The context bar and rate limits are color-coded: green (< 70%), yellow (70–89%), red (90%+).
Shell Alias Awareness
A SessionStart hook owned by the ct plugin automatically loads your shell aliases into Claude's context at the start of every session. This prevents issues where Claude uses a command (e.g., grep) that is aliased to a different tool (e.g., rg) with incompatible flags.
The install.sh script adds a line to your ~/.bashrc and/or ~/.zshrc that exports aliases to ~/.claude/shell-aliases.txt on every new shell. The hook reads that file (kept outside the plugin so it survives plugin updates and reinstalls) at session start.
If you install new tools or update aliases, regenerate the file by running:
./export-aliases.sh
If you use a different shell (fish, nushell, etc.), add the equivalent of alias > ~/.claude/shell-aliases.txt to your shell's config file so the aliases are kept up to date.
Remote Notifications (ntfy.sh)
The ct plugin ships Stop and Notification hooks that POST to ntfy.sh so you get a push notification (mobile app, browser at https://ntfy.sh/app, or CLI subscriber) when Claude finishes a turn or blocks waiting for input. Designed for tmux-over-SSH workflows where osascript or terminal bells don't reach you.
install.sh auto-generates a random topic of the form claude-$USER-<16-hex> and writes it to NTFY_TOPIC inside the env block of ~/.claude/settings.json. Subscribe on your device to that topic URL to start receiving events. The hook silently no-ops when NTFY_TOPIC is unset, so removing the entry disables notifications without further changes.
Other Contents
- SKILLS.md - Complete inventory of all plugins, skills, agents, commands, and MCP servers
- WORKFLOWS.md - Task-driven guide: "when I need X, use Y"
- install.sh - Setup script (marketplace, plugins, skills, sandbox settings)
- update.sh - Updates all installed plugins, skills, and npm packages
- uninstall.sh - Removes all plugins, skills, tools, settings, and shell aliases
- export-aliases.sh - Regenerates
~/.claude/shell-aliases.txt(run after installing new tools) - plugins/ct/ - The local Claude Code plugin (skills, commands, agents)
- templates/CLAUDE.md - Template project instructions
- templates/statusline.sh - Custom status line (folder, branch, model, context, rate limits, agent/worktree)
- sandbox-settings.json - Sandbox security configuration
- mise.toml.example - Environment variable template for API keys
Acknowledgements
This repository was inspired by and incorporates patterns from:
- SuperClaude Framework: A comprehensive framework for enhanced Claude Code capabilities
- Superpowers: A comprehensive skills library of proven techniques, patterns, and workflows for AI coding assistants
- channingwalton/dotfiles: Code review, fixer, and fix-loop agent/skill patterns
- gojko/bugmagnet-ai-assistant: Edge case discovery and test coverage gap analysis methodology (bugmagnet skill)