Security-First + Efficiency-Optimized Agent Skills
Zero-dependency markdown skills for Claude Code, Cursor, OpenClaw, and any AI agent.
Don't install blind. Guard before you trust. Think in code, not in context.
| Layer | Tool | Protects Against |
|---|---|---|
| Package install | Install Guard | Typosquat + supply chain |
| Skill install | Skill Audit | Malicious skills (7.5% are bad) |
| MCP connect | MCP Supply Chain Guard 🆕 | Zero-dep MCP scanner |
| MCP runtime | MCP Debugger | Broken MCP connections |
| Runtime | Prompt Guard ⭐ | Prompt injection |
| Billing | Hermes Billing Guard | Hidden charges |
| Problem | Solution | Savings |
|---|---|---|
| Agents waste 30-50% context understanding codebase | Project Knowledge | Instant onboarding |
| Context bloat from file reads | Think in Code | 50-700x |
| Context window forced compression | Context Budget Guard 🆕 | Proactive monitoring |
| Prompt changes break behaviors | Prompt Regression | Quality assurance |
| Blind retries burn tokens | Error Doctor | Systematic recovery |
| Wrong model for the task | Model Router | 70% cost reduction |
| Unknown session costs | Session Cost Monitor 🆕 | Real-time tracking |
Security:
- 7.5% of 14,706 skills are malicious (RankClaw audit)
- 59 critical-risk droppers found by Vett.sh
- PyTorch Lightning compromised via dependency (Apr 2026)
Efficiency:
- mattpoclock/skills: 56,697 stars (+35K this week!) — shared language is #1 productivity booster
- free-claude-code: 20,627 stars (+9.3K/week) — cost is THE pain point in 2026
- TradingAgents: 64,866 stars (+8.5K/week) — multi-agent frameworks hot
Zero-dep security scanner for MCP server configs. Detect supply chain risks before you connect.
- Typosquatting detection, external endpoint flags, lifecycle scripts
- Suspicious TLD analysis (.tk, .ml, .xyz)
- One shell script, runs in milliseconds
Know what your AI coding sessions cost. Works with Claude Code & Codex CLI.
- Parse agent logs, see real-time costs
- Budget alerts before it's too late
- Shell script, zero dependencies
Prevent session compression from losing critical context.
- 70% warning threshold, 90% critical alert
- Preserve patterns for key decisions/files
- Pure markdown skill, zero dependencies
Reduce AI Agent token consumption by 60-90% on command outputs.
- Filter git, test, docker, kubectl output automatically
- Typical daily savings: 78% (100K → 22K tokens)
Auto-generate CONTEXT.md from codebase analysis.
- 30-50% fewer "what does this file do?" questions
- Inspired by mattpoclock + jcode semantic memory
| Project | Stars | Growth | Lesson |
|---|---|---|---|
| mattpoclock/skills | 56K | +35K/week | Single-file skills WIN |
| free-claude-code | 20.6K | +9.3K/week | Cost is #1 pain point |
| TradingAgents | 64.9K | +8.5K/week | Multi-agent frameworks hot |
| ruflo | 38.5K | +3K/week | 32 plugins for orchestration |
Takeaway: Simple skills + cost focus = winning combo in 2026
| Metric | Count |
|---|---|
| Total repositories | 20 |
| Total stars | Growing |
| New this week | 3 skills |
| Focus | Security + Cost + Context |
Agent Security
- MCP supply chain scanning (new skill)
- Package install guards
- Typosquat detection
Cost & Context Management
- Session cost monitoring (new skill)
- Context budget guard (new skill)
- Token filtering (60-90% savings)
- Model routing (70% cost reduction)
20 skills • Zero dependencies • Pure markdown • MIT licensed
🛡️ MCP Scanner • 💰 Cost Monitor • 🎯 Context Budget • 🔍 Skill Audit • 🪙 Cost Optimization