Explore AI Agent Skills & Claude Prompts
Discover open-source agent skills for Claude Code, Codex, ChatGPT, and any tool that uses SKILL.md.
Enter through keywords, occupations, creators, and GitHub sources to see what kinds of skills are emerging across domains.
Use the same catalog through the API
Connect 381,784 public skills to your own search, analytics, or agent workflow with the REST API.
Querying local SQLite index...
java-file-upload-audit
by RuoJi6当用户要求审计 Java 源码、字节码或 pipeline 证据中的文件上传、MultipartFile、Part、Commons FileUpload、FileItem、上传保存路径、文件名处理、上传目录访问性、任意文件写入或上传路径穿越风险时使用;只做路由枚举、调用链追踪、文件读取、XXE、SQL、反序列化、鉴权或组件漏洞编号扫描时不要使用。
java-auth-audit
by RuoJi6当用户要求审计 Java Web 认证、授权、路由鉴权覆盖、Filter/Interceptor/Shiro/Spring Security/JWT/Session 规则、鉴权绕过、权限提升、IDOR 或水平/垂直越权时使用;只做路由提取、依赖 CVE、SQL/XXE/上传/文件读取/反序列化、Cookie 加固或通用安全基线时不要使用。
java-deserialization-audit
by RuoJi6用于 Java 反序列化漏洞深度审计。用户要求分析 DESERIALIZE sink、ObjectInputStream/readObject、XMLDecoder、Fastjson、XStream、JDBC 反序列化、Shiro RememberMe、Log4j/JNDI 或 gadget 链可利用性时触发;纯组件 CVE 查询、XXE 或 SQL 注入审计不触发。
java-file-read-audit
by RuoJi6当用户要求审计 Java 源码、字节码或 pipeline 证据中的任意文件读取、路径遍历、文件下载、FileInputStream/Files/Resource/InputStream 文件读取 sink,或需要判断外部参数是否能控制读取路径时使用;只做路由枚举、调用链追踪、文件上传、SQL、XXE、反序列化、鉴权或组件 CVE 扫描时不要使用。
java-route-mapper
by RuoJi6当用户要求从源码、WAR/class/JAR 产物中提取、枚举、映射或记录 Java Web 路由、端点和请求参数,尤其是为后续鉴权、调用链、SQL、XXE、上传、文件读取或完整流水线审计提供输入时使用;仅做漏洞判定、调用链追踪、鉴权判断、依赖 CVE 扫描,或不需要路由提取的通用 API 文档润色时不要使用。
java-route-tracer
by RuoJi6当用户要求从已知 Java Web 路由、入口方法或 pipeline 批次追踪参数调用链到 SQL/FILE/XML/COMMAND/HTTP/LDAP/EXPRESSION/DESERIALIZE/RESPONSE 等 sink,并输出可控性、分支条件和证据时使用;只提取路由、判断具体漏洞、鉴权审计或依赖组件风险扫描时不要使用。
java-sql-audit
by RuoJi6当用户要求审计 Java 源码中的 SQL 注入、动态 SQL 拼接、JDBC/MyBatis/Hibernate/JPA 查询参数化缺陷,或 pipeline 已有路由/调用链证据需要判定 SQL sink 是否可被用户输入影响时使用;只做路由梳理、调用链追踪、鉴权、XXE、文件、反序列化或组件 CVE 扫描时不要使用。
java-vuln-scanner
by RuoJi6当用户要求审计 Java 项目的第三方依赖、pom.xml/build.gradle/WEB-INF/lib/JAR 中的组件版本、CVE/组件风险命中、SCA 风险或 pipeline 需要组件版本证据时使用;只要求证明某个业务风险是否真实成立、生成可复制验证材料、审计 SQL/XXE/文件/上传/反序列化/鉴权/调用链时不要使用。
java-xxe-audit
by RuoJi6当用户要求审计 Java 源码、字节码或 pipeline 证据中的 XML 外部实体注入、XML 解析器安全配置、SOAP/XML 请求体解析、JAXP/JDOM/dom4j/StAX/JAXB/Transformer/Schema/XStream XML 解析风险时使用;只做路由枚举、调用链追踪、SQL、文件、反序列化、鉴权或组件 CVE 扫描时不要使用。
java-audit-pipeline
by RuoJi6当用户要求用 Claude team/多 agent 编排 Java Web 全链路安全审计、调度 route-mapper/auth/vuln-scanner/route-tracer/SQL/XXE/上传/文件读取/反序列化 worker,并由独立质检员 agent 做阶段门禁和最终 quality_report 时使用;只要求单一 skill、单条调用链、依赖扫描或普通报告润色时不要使用。
net-route-mapper
by RuoJi6ASP.NET 源码路由与参数映射分析工具。从 .NET 项目源码或反编译产物中提取**所有** HTTP 路由(含控制器/Action/Web Forms 页面)和参数结构,并自动保存为 MD 文档。适用于:(1) 无 API 文档的 .NET 项目完整接口梳理,(2) 下游漏洞审计 Skill 的路由数据源,(3) 闭源 dll 反编译后的端点完整分析。支持 ASP.NET MVC 5 及以下、ASP.NET Core (.NET 5/6/7+)、ASP.NET Web Forms 三大类框架。**必须输出所有接口,不省略任何内容**。
net-auth-audit
by RuoJi6.NET / ASP.NET 鉴权机制审计。用于用户要求检查登录校验、权限校验、[Authorize]/[AllowAnonymous]/Role/Policy、未授权访问、越权/IDOR、基于路由映射分析接口鉴权状态,或对只有 bin/dll/web.config/aspx 的闭源项目先反编译再审计鉴权。适用于 ASP.NET Core、MVC5/Web API2、Web Forms、Minimal API、Handler/ASMX;不用于单纯路由提取、通用漏洞审计、鉴权原理解释、登录功能开发、前端菜单权限或 NuGet CVE 检查。
Browse Agent Skills by Occupation
23 major groups · 867 SOC occupations
Browse by Category
Explore agent skills organized by their primary use case
Explore the agent skills ecosystem by occupation and creator
SkillMD is not just a keyword search box. It is an open map that organizes public skills by occupation, creator, and repository, helping you see which workflows, judgment criteria, and domain habits people are writing for AI agents.
Then follow creators and GitHub repositories back to the source: compare the skills a team maintains, whether the repo is active, and how the README frames the work before you open, install, or reuse anything.
Use it three ways: learn an unfamiliar field by occupation, study how creators organize skills, then use source context to decide what is worth opening or reusing.
01 Map a field
Browse 23 occupation groups and 867 SOC roles to learn what skills exist in adjacent domains and how they break down real work.
02 Follow creators
Use creator and repository pages to inspect maintained skill collections, recent updates, and source context before trusting a result.
03 Search with sources
Search 1.7M+ collected skills, then use occupation tags, creators, and GitHub source context to decide what is worth opening.
Start with the occupation map, then follow creators and repositories back to real code. SkillMD helps explain why a skill is worth opening, not only what it is named.
Standardizing Agent Capabilities with SKILL.md and Model Context Protocol (MCP)
In the rapidly evolving landscape of artificial intelligence, LLM agents (Large Language Model agents) have transitioned from simple text predictors to autonomous problem solvers. To orchestrate complex, multi-step agentic workflows, developers require a standardized format to specify agent capabilities, prompt instructions, system rules, and database bindings. This is where SKILL.md and the Model Context Protocol (MCP) have emerged as standard developer paradigms. SkillMD serves as the central directory for indexing, exploring, and sharing these critical agent configurations.
Our open-source registry currently tracks over 1.7 million collected SKILL.md configurations and system prompts. By compiling agent configurations from active developers on GitHub, we bridge the gap between prompt engineering research and production execution. Whether you are building agents with Anthropic's Claude Code, OpenAI's GPT-4, Google's Gemini, or local models using Ollama and LlamaIndex, standardized skill definitions ensure your agents behave predictably across different runtime environments.
What is the Model Context Protocol (MCP)?
The Model Context Protocol (MCP) is an open-source standard designed to connect LLMs to data sources, developer tools, and external environments. MCP establishes a bidirectional communication channel between client applications (like Cursor, Claude Desktop, or custom agent systems) and servers hosting data or capabilities. Standardizing instructions via SKILL.md enables LLMs to query databases, read local files, execute terminal commands, and integrate third-party APIs. SkillMD allows you to find ready-to-run MCP servers and prompt instructions for various occupations and technical tasks.
The Structure of a Professional SKILL.md File
A valid SKILL.md configuration is designed to be easily read by humans and parsed by LLMs. It contains precise system instructions, trigger conditions, required parameters, and execution examples. Below is the typical architectural blueprint of a professional agent skill:
- Metadata & Core Scope: Declares the name of the skill, author details, target models, and a description of the capability.
- Triggers & Intent Detection: Details semantic triggers that help the agent decide when to invoke this skill.
- System Prompts: Explicit system-level instructions that direct the agent's behavior, personality, safety guardrails, and formatting preferences.
- Capabilities & Tools: Lists the files, databases, or APIs the agent must access to complete the tasks.
- Few-Shot Examples: Demonstrates real inputs and outputs, helping the model generalize behavior through in-context learning.
Optimizing Agent Workflows for Modern LLMs
Writing effective agent skills requires deep knowledge of prompt engineering. With the release of advanced reasoning models like Claude 3.5 Sonnet, ChatGPT o1, and DeepSeek-V3, prompt templates must focus on structured thinking. Developers are encouraged to use XML tags (e.g., <thought>, <context>, and <rules>) to isolate execution boundaries. Standardized prompts prevent agents from suffering from context drift, ensuring that long-running tasks remain aligned with the initial system parameters.
Exploring by SOC Occupations and Creator Profiles
What makes SkillMD unique is its taxonomy. Instead of simple text search, we parse and organize files according to the Standard Occupational Classification (SOC) system. This means you can discover skills written for Computer and Mathematical roles, Business and Financial operations, Legal, Design, and and Educational Instruction fields. By tracking creator profiles, developers can study how different teams organize their custom instructions, compare version updates, and fork public configs for specialized enterprise use cases.
SkillMD operates as a high-performance index running on a fast Go backend and a highly responsive Astro SSR frontend. All search queries execute in milliseconds, featuring smart debouncing to prevent multiple API requests while keeping user data secure. Join our community of developers to standardize your AI agent instructions and optimize your LLM prompting workflows today.
Frequently Asked Questions
A practical guide to agent skills: what they are, how to inspect them, and how SkillMD helps you explore the ecosystem.