skills-guru
jamesburton/skills-guruUse when installing, managing, moving, reviewing, syncing, or auditing Claude Code skills — handles skill files from URLs/repos/archives, manages user vs project scope, maintains a trusted skills catalog, and enforces authoring best practices
2 stars
0 forks
JavaScript
99 views
SKILL.md
name: skills-guru description: Use when installing, managing, moving, reviewing, syncing, or auditing Claude Code skills — handles skill files from URLs/repos/archives, manages user vs project scope, maintains a trusted skills catalog, and enforces authoring best practices
Skills Guru
Expert skill manager for Claude Code. Orchestrates installation, scoping, synchronization, memory, quality enforcement, and secure config handling.
When NOT to Use
- Writing a new skill from scratch → use
writing-skills(TDD methodology) - Project-specific conventions → use CLAUDE.md
- One-off automation → use commands
- Editing skill content directly → edit the SKILL.md file
Security Protocol
HARD RULES — no exceptions:
- NEVER include secrets in prompts, logs, tool outputs, or agent dispatches
- ALL config file reads MUST go through
scripts/config-reader.cjs - ALL config file writes MUST go through
scripts/config-writer.cjs - NEVER read
.local/session-secrets.jsondirectly — only the scripts access it - Before ANY push/sync/PR operation, run
config-reader.cjs --verifyon all files - If
config-reader.cjsorconfig-writer.cjsreports an error, STOP and report to user
Sub-Operations
Detect user intent and load the appropriate reference file:
| Intent Keywords | Load Reference | Script |
|---|---|---|
| install, add, URL/path given | references/install-guide.md |
scripts/install-skill.cjs |
| move, copy, promote, demote | references/scope-guide.md |
file operations via Bash |
| docker-agent, .agents/skills, cross-agent, agents skills | references/docker-agent-guide.md |
file operations via Bash |
| sync, update, reset, push, pr, fork | references/sync-guide.md |
scripts/git-sync.cjs |
| remember, catalog, trusted, sources, known tools | references/memory-guide.md |
— |
| audit, review rules, refine self | references/refinement-guide.md |
— |
| read config, edit config, mask secrets | references/security-guide.md |
scripts/config-reader.cjs, scripts/config-writer.cjs |
| best practice, should I, how should | references/best-practices.md |
— |
After loading a reference, follow its instructions exactly.
Core Rules
- Default scope is project-level. Only promote to user-global when skill is proven across 3+ projects.
- Always validate frontmatter after any install operation.
- Always record source in
memory/sources.mdfor installed skills. - Always offer to add installed skills to
memory/trusted-skills.md. - Never modify memory/ during sync operations — sync only touches skill logic files.
- Self-edits require user approval. Never auto-apply changes to own files.
- Secrets never appear in prompts, logs, or agent dispatches.
Memory Separation
| What | Where | Shareable |
|---|---|---|
| Skill logic | SKILL.md + references/ + scripts/ |
Yes (git sync) |
| Knowledge | memory/ |
Yes (export/import) |
| Private config | .local/ |
Never |
- Share the skill = copy SKILL.md + references/ + scripts/ (no personal data)
- Share knowledge = export memory/ separately
- Reset the skill = replace from source, memory untouched
- Clear knowledge = wipe memory/ files, skill logic untouched
Self-Refinement
When an ambiguous situation is encountered during operation:
- Resolve using best judgment
- Identify which reference or section was unclear
- Draft a specific edit with rationale
- Present to user — apply ONLY if approved
- If rejected, optionally save to
memory/custom-rules.md
When user requests "audit yourself" or "review your rules":
- Load
references/refinement-guide.mdfor the full audit protocol