A collection of AI agent skills for software engineering workflows — code quality reviews, living documentation, and security audits. Built for developers and engineering teams who want Claude Code to apply expert-level analysis to their codebases.
Skills are Markdown files that give AI agents specialized knowledge, workflows, and output templates for specific tasks. When installed, Claude Code recognizes relevant requests and applies the skill automatically — no manual prompting required.
These skills form a continuous improvement loop for your codebase:
graph LR
Diagnose["🔍 Diagnose<br/>software-evaluation<br/>vulnerability-scan"]
Visualize["📊 Visualize<br/>progress-dashboard"]
Register["📋 Register Issues<br/>report-to-issues"]
Plan["🧠 Plan<br/>gh-issue-planner"]
Resolve["🛠️ Resolve<br/>gh-issue-resolver"]
Verify["✅ Verify<br/>Re-run diagnosis"]
Diagnose -- "Reports + JSON" --> Visualize
Diagnose -- "Reports" --> Register
Register -- "GitHub Issues" --> Plan
Plan -- "Agreed plan comment" --> Resolve
Resolve -- "PR + Code Changes" --> Verify
Verify -- "Confirm fix / Next cycle" --> Diagnose
Visualize -. "Track trends" .-> Verify
| Step | Skill | What happens |
|---|---|---|
| Diagnose | software-evaluation, vulnerability-scan |
Evaluate code quality and security, produce reports + JSON summaries |
| Visualize | progress-dashboard |
Generate an interactive HTML dashboard from JSON summaries to track improvement trends |
| Register | report-to-issues |
Parse reports, deduplicate against existing issues, create GitHub Issues |
| Plan | gh-issue-planner |
Investigate the issue, propose a structured response plan, post the agreed plan as an issue comment |
| Resolve | gh-issue-resolver |
Pick up the agreed plan comment, create a branch, implement, run tests, open a PR |
| Verify | Re-run software-evaluation or vulnerability-scan |
Confirm the fix resolves the finding, close the loop |
Note:
spec-docis independent of this cycle — use it anytime to generate or sync living documentation.
| Skill | Description |
|---|---|
| spec-doc | Generate or sync a "Living Specification" from source code to eliminate doc-code drift. Use when creating, updating, or reviewing architecture documentation for a directory or module. |
| software-evaluation | Evaluate code quality across five pillars (Architecture, Reliability, Observability, Security, DX) and produce a 1–10 scorecard with a strategic improvement roadmap. |
| vulnerability-scan | Run an OWASP-based offensive security audit using Semgrep and produce a read-only vulnerability report with severity ratings and remediation recommendations. |
| report-to-issues | Parse reports from software-evaluation or vulnerability-scan, interactively select tasks, and register them as GitHub Issues using the gh CLI. |
| gh-issue-planner | Fetch a GitHub Issue by ID, investigate related code, propose a structured response plan (approach, impact scope, implementation steps), and post the agreed plan as an issue comment. Implementation is out of scope. |
| gh-issue-resolver | Implement and verify a fix for a GitHub Issue whose response plan has already been posted as a comment by gh-issue-planner. Creates a branch, applies the agreed plan, runs tests, and opens a Pull Request. |
| progress-dashboard | Generate an interactive HTML dashboard that visualizes quality scores and security findings over time from JSON summaries. |
npx skills add ymd38/dev-skillsThis automatically installs all skills to your project's .claude/skills/ directory.
To install a single skill:
npx skills add ymd38/dev-skills --skill spec-docCopy any skill directory into your project:
cp -r skills/spec-doc .claude/skills/spec-docOr copy all skills at once:
cp -r skills/* .claude/skills/Add as a submodule to keep skills up to date with upstream changes:
git submodule add https://github.com/ymd38/dev-skills.git .claude/dev-skillsThen reference skills from .claude/dev-skills/skills/.
Once installed, describe your task naturally and the relevant skill is applied automatically:
"Generate a spec for src/api/"
→ Uses spec-doc skill
"Review the code quality of src/backend/"
→ Uses software-evaluation skill
"Scan src/ for security vulnerabilities"
→ Uses vulnerability-scan skill
"Create GitHub Issues from docs/evaluation/myapp.20260406.md"
→ Uses report-to-issues skill
"Plan issue #42" / "Issue #42の対応方針を立てて"
→ Uses gh-issue-planner skill
"Implement issue #42" / "Issue #42を実装して"
→ Uses gh-issue-resolver skill (requires an agreed plan comment from gh-issue-planner)
"Generate a progress dashboard" / "Show improvement trends"
→ Uses progress-dashboard skill
You can also invoke skills directly:
/spec-doc src/
/software-evaluation src/backend/
/vulnerability-scan src/
/report-to-issues docs/evaluation/myapp.20260406.md
/gh-issue-planner
/gh-issue-resolver
/progress-dashboard
spec-doc— Generates a machine-readable "Living Specification" (docs/spec.md) from source code. Covers architecture, interfaces, data models, state transitions, and development constraints. Syncs with existing specs rather than replacing them.
software-evaluation— Scores a codebase across five pillars with evidence-based findings (file:line citations required). Produces a prioritized roadmap with P0–P3 action items.
vulnerability-scan— Combines automated Semgrep scanning with a manual review checklist covering OWASP Top 10. Triages true positives from false positives and includes a dependency CVE audit.
progress-dashboard— Reads JSON summaries fromsoftware-evaluationandvulnerability-scan, then generates a self-contained HTML dashboard with quality score trends, radar charts, security findings trends, roadmap progress, and dependency risk panels.
report-to-issues— Decomposes evaluation or security-audit reports into actionable tasks, presents them for user selection, and registers the chosen items as GitHub Issues with appropriate labels and priority.gh-issue-planner— Fetches a GitHub Issue viaghCLI, classifies it (bug/feature/refactor/docs), searches related code, and presents a structured plan (approach, impact scope, steps, open questions). Posts the agreed plan as an issue comment tagged with<!-- gh-issue-planner:agreed-plan -->.gh-issue-resolver— Picks up the agreed plan comment posted bygh-issue-planner, creates a feature branch, applies the changes, runs tests, opens a Pull Request, and verifies the fix against the original issue.
Sample dashboard generated from 3 months of evaluation and security scan data. Open
examples/progress-dashboard/dashboard.htmlin a browser to try it interactively.
The examples/progress-dashboard/ directory contains working sample data:
| File | Description |
|---|---|
evaluation/my-app.*.json |
3 months of software-evaluation JSON summaries (Feb–Apr 2026) |
security-audit/my-app.*.json |
3 months of vulnerability-scan JSON summaries (Feb–Apr 2026) |
dashboard.html |
Self-contained HTML dashboard with Chart.js — open in any browser |