Simple, minimal, lean skills that people don't think about when shipping apps. Things we use at A Major.
Note
These skills have been built and tested with Claude Code. Codex support is untested. If you try them on Codex, we'd love your help. Open an issue to share what works and what doesn't.
📦 ship.md
The end-to-end skill for shipping features without gaps. Up to 10 phases from interview to final verify. Wraps Claude Code's built-in /batch, /goal, and /model commands into a single quality-gated pipeline.
npx skills add -g amajorai/ship.md🪅 vibe.md
The end-to-end skill for spinning up a 24/7 production-ready full-stack dev and deploy environment. One interview, one clean pass: VPS provisioned, Bun installed, GitHub CLI wired, deployment platform running, and your project scaffolded and shipping.
npx skills add -g amajorai/vibe.md🎉 party.md
The 24/7 autonomous build agent. Use GitHub issues and a Projects kanban board as your interface — drop in issues, party.md picks them up, delegates to /ship, opens PRs, and moves cards automatically. Works on a server, a Pi, or GitHub Actions while you sleep.
npx skills add -g amajorai/party.mdRecord a live video of your running app and share the link — straight from chat. Detects your environment, lets you choose a recording approach (Playwright, VNC + ffmpeg, or Computer Use API) and a storage provider (Cloudflare R2, Hetzner, YouTube, or local). Auto-detects a vibe.md server for zero-setup cloud recording.
npx skills add -g amajorai/replay.md| Skill | Status | What it does |
|---|---|---|
edge-cases |
Discover and harden edge cases across 8 categories using parallel subagents | |
e2e |
End-to-end test authoring and execution. Discovers flows, uses agent-browser (web), Playwright (desktop/complex web), or Maestro (iOS/Android/React Native/Flutter), writes tests, fixes failures | |
icons |
Generate app icons, favicons, and splash screens for Tauri, PWA, Capacitor, Expo, and Electron | |
legal-compliance |
Generate production-ready Privacy Policy, Terms, and DPA covering 20+ regulations | |
app-store-compliance |
Audit against Apple App Store and Google Play Store review guidelines with a prioritized fix list | |
hardening |
Harden a self-hosted Linux server. Detects state, runs a structured 5-question interview, then implements in one pass: SSH hardening (auto-randomized port), UFW + provider firewall (AWS Lightsail, EC2, Hetzner, DigitalOcean, OVH, or any other), fail2ban, kernel hardening, ClamAV, 2FA, and more. Uses subagent SSH verification instead of "open a new terminal" prompts. Includes rescue-mode docs for all providers. | |
youtube-to-skill |
Convert a YouTube video into a reusable Claude Code / Codex skill file | |
lighthouse |
Audit with Lighthouse across performance, accessibility, best practices, and SEO. Fix and re-verify | |
seo |
Optimize for search. Meta tags, structured data, sitemap, robots.txt, Core Web Vitals, hreflang | |
aso |
Make a site agent-ready with Cloudflare AI Search, markdown negotiation, MCP card, and agent skills listing | |
better-t-stack |
Scaffold a Better T Stack project. Picks frontend, backend, database, ORM, auth, payments, and runs the CLI | |
distill-skill |
Scan conversation history for repeated workflows and extract them into reusable skill files | |
mirror |
Scan past transcripts for recurring patterns and improvement opportunities, then update CLAUDE.md or AGENTS.md | |
reflect |
Reflect on the current conversation to extract corrections and learnings, then update CLAUDE.md or AGENTS.md |
| Skill | Status | What it does |
|---|---|---|
owasp-web-top10 |
Audit a web application against OWASP Top 10:2025. Parallel subagents per category, prioritized findings report, optional fixes | |
llm-top10 |
Audit an LLM-powered application against OWASP LLM Top 10. Covers prompt injection, data leakage, supply chain, excessive agency, and more | |
ai-agent-security |
Implement or audit AI agent security controls across 9 pillars: tool least-privilege, input validation, memory security, HITL, output guardrails, monitoring, multi-agent trust, data protection, adversarial testing | |
prompt-injection |
Audit and fix LLM prompt injection vulnerabilities. Covers direct, indirect, encoding, typoglycemia, Best-of-N, RAG poisoning, and agent-specific attacks | |
agentic-skills-top10 |
Review AI agent skills/plugins against OWASP Agentic Skills Top 10. Covers malicious skills, supply chain, over-privilege, insecure metadata, and governance | |
agentic-ai-threats |
Threat model an agentic AI system against OWASP Agentic AI Threats and Mitigations. Produces STRIDE-style threat model with mitigations and implementation roadmap |
| Skill | Status | What it does |
|---|---|---|
payments |
Integrate Stripe, LemonSqueezy, or Polar.sh (web) or Superwall/RevenueCat (mobile). Products, webhooks, subscription portal, billing page, live checklist | |
auth |
Add authentication with Better Auth. OAuth, magic links, passkeys, sessions, route protection, and user model boilerplate | |
observability |
Set up Sentry error tracking, structured logging (pino), and uptime monitoring in one pass | |
analytics |
Add product analytics with PostHog or Plausible. Event taxonomy, funnels, and a starter dashboard | |
email-transactional |
Wire up Resend (CLI-driven), Postmark, useSend, or Plunk with templates for welcome, reset, notifications, and digest emails | |
launch-checklist |
Pre-launch audit. SSL, DNS, secrets, env vars, rate limits, backups, monitoring, and a go/no-go report | |
ci |
Set up GitHub Actions. Lint, typecheck, test, build, preview deploys on PRs, and production deploy on merge | |
og-images |
Dynamic Open Graph images via edge function. No third-party service, cached, 1200x630 | |
waitlist |
Waitlist landing page with email capture, referral mechanics, position tracking, and welcome email | |
cookie-consent |
GDPR/CCPA cookie consent. Blocks non-essential scripts until consent, with a preferences modal | |
a11y |
WCAG 2.2 AA audit and fixes. Keyboard nav, screen reader support, contrast, focus management | |
free-trial |
Add a time-boxed free trial. Expiry tracking, gating, reminder emails, and upgrade prompt flow | |
bundle-analysis |
Analyze JS bundle size, identify bloat, implement code splitting, lazy loading, and dependency swaps | |
i18n |
Add internationalization. Extract strings, locale routing, translation library, locale switcher | |
db-migrate |
Run a production database migration safely. Dry-run, rollback plan, zero-downtime patterns, verification | |
load-test |
Load test with k6. Baseline, spike, and soak scenarios; find throughput limits before users do | |
push-notifications |
Web push (service worker + VAPID) or Expo mobile push. Preferences UI and server-side sending | |
context |
Set up Context7 (live library docs MCP) and opensrc (real package source), plus a project CLAUDE.md | |
agent-quality |
Set up react-doctor, react-scan, react-grab, expect, and agentation. Quality tools for AI-generated React code |
npx skills add -g amajorai/skillsInstalls all skills and automatically configures them for whichever coding agents you have installed (Claude Code, Codex, Cursor, and 50+ others).
Install a single skill:
npx skills add -g amajorai/skills/skills/hardening# Update a single skill by name
npx skills update hardening
# Update multiple specific skills
npx skills update hardening lighthouse seo
# Update all installed skills (interactive scope prompt)
npx skills update
# Update only global or project skills
npx skills update -g
npx skills update -p
# Non-interactive (auto-detects scope)
npx skills update -y/plugin marketplace add amajorai/skills
/plugin install amajor-skills@amajorai
Invoked as /amajor-skills:ship <task>.