Add gitea-tea skill for managing Gitea via the tea CLI. Covers issues,
PRs, releases, repos, Actions, webhooks, SSH keys, admin users, and
the generic api command. Significantly expanded from upstream source
to include Actions workflows/secrets/variables, webhooks, SSH keys,
admin user management, and improved AI agent guidance.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
When GH_CONFIG_DIR is passed as a literal string like '$AGENT_HOME/.github'
(unexpanded by the caller), the script now detects this, validates the path
contains only safe characters, then uses eval to expand it to the real path.
Also removes the AGENT_HOME fallback — when GH_CONFIG_DIR is not set, the
script now lets gh use its default config directory (~/.config/gh) directly,
rather than failing or writing to a non-standard location.
- Created trebuchet/SKILL.md with all Hightower content renamed to Trebuchet
- Renamed HIGHTOWER_API_URL -> TREBUCHET_API_URL and HIGHTOWER_API_TOKEN -> TREBUCHET_API_TOKEN
- Renamed hightower-api -> trebuchet-api in architecture docs
- Updated README.md to reference trebuchet instead of hightower
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The hightower skill is now maintained in the Hightower project repo at
farhoodlabs/hightower so the API-owning team controls its agent docs.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add architecture overview explaining what Hightower is: AI pentest platform
forked from KeygraphHQ/shannon, with hightower-api (Hono), Shannon workers
in K8s Jobs, Temporal orchestration, and workspace PVC for reports
- Remove hardcoded `hightower` namespace from intro prose and example URL
(the API URL comes from HIGHTOWER_API_URL env var; namespace is irrelevant)
- Add hightower to README index and CLAUDE.md skill list
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Origin added `kubernetes-reflector/` after the FAR-95 review follow-ups
were drafted; list it in root CLAUDE.md and README.md alongside the other
current skills.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Remove `playwright-ephemeral/` and `shannon/` entirely per board direction
- Fix `minimax-image-generation/SKILL.md` so YAML frontmatter is at line 1
- Add `minimax-image-generation/scripts/generate.sh` (argparse, error-checked, executable) and document invoking it via `bash scripts/generate.sh ...`
- Deduplicate `minimax-image-generation/CLAUDE.md` against SKILL.md
- `github-app-token`: write token to `$GH_CONFIG_DIR/.gh-token` (preferred) or `$AGENT_HOME/.gh-token` (fallback), fail loudly if neither is set instead of leaking to `mktemp`
- Refresh root `CLAUDE.md` to match actual directory contents and patterns
- Add root `README.md` with human-facing skills index
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Allow agents to provide the PEM key directly via GITHUB_APP_PEM env var
instead of requiring a file path via GITHUB_APP_PEM_FILE. The inline PEM
is written to a secure temp file (chmod 600) and cleaned up on exit.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Per board feedback, config isolation is the operator's responsibility.
Setting GH_CONFIG_DIR per-agent is handled outside the skill.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Set GH_CONFIG_DIR=$AGENT_HOME/.config/gh before gh auth login so
each agent writes to its own directory rather than the shared global
config. This prevents tokens from different agents bleeding into one
another's gh auth state.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Move token generation logic from inline SKILL.md code blocks into a
single scripts/generate-token.sh that agents can invoke directly.
Adds env var validation, error handling, and gh CLI auth in one step.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Inline the API call example directly in SKILL.md instead of
providing a separate generate.sh script.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Wraps the MiniMax /v1/image_generation API (model: image-01) as a Claude
Code skill. Pure bash implementation using curl + jq + base64.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add MiniMax as a supported AI backend for Shannon pentesting via the
Anthropic SDK compatibility layer. MiniMax uses ANTHROPIC_AUTH_TOKEN +
ANTHROPIC_BASE_URL instead of ANTHROPIC_API_KEY.
- Add MiniMax credential detection in SKILL.md and setup script
- Add dedicated "Using MiniMax as AI Provider" section with setup guide
- Update env var table with MiniMax-specific variables
- Update frontmatter optionalEnv with new env vars
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Copy the shannon skill from unicodeveloper/shannon into the Agent Skills
repo. Add proper full AGPL-3.0 license text to respect upstream licensing.
Update CLAUDE.md to document the new skill.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Replaces `export GH_TOKEN` with a file-based approach using
`$AGENT_HOME/.gh-token`. Each agent writes its token to its own
file path, avoiding env-var collisions when multiple agents
generate tokens concurrently.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Keep SKILL.md with inline token generation commands and env var
docs. Delete the bundled generate_token.sh script — no backward
compatibility shims.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Script paths used `./github-app-token/scripts/...` which assumed the
working directory was the repo root. When the skill is synced to
consuming agents, the runtime base directory is already inside the
skill folder, so the correct path is `./scripts/...`.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Adds a new skill that provisions ephemeral Playwright MCP browser
sessions as Kubernetes Jobs for E2E testing. Includes provision and
teardown scripts, K8s Job/Service YAML templates, and agent-facing
SKILL.md documentation.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Agents report "not executable" errors when the skill files are
delivered without the executable bit preserved. Using `bash ./...`
instead of `./...` in all examples avoids this regardless of
file permissions in the consuming environment.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add --raw flag that prints only the token value (no export wrapper),
making GH_TOKEN=$(./generate_token.sh --raw) the recommended pattern
for AI agents and CI/CD.
- Clean up die() to only write to stderr (remove eval-safe stdout hack).
- Fix SKILL.md: correct step numbering, remove unused grep prerequisite,
replace placeholder paths, lead with --raw usage, move eval to legacy.
- Update CLAUDE.md to reflect new --raw pattern.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
SKILL.md instructions now clarify that GH_TOKEN must be used in the
same shell invocation as the eval, with chained command examples.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replaced my bash implementation with the user's provided snippet.
Key differences that fix the bad credentials issue on macOS:
1. Uses openssl enc -base64 -A instead of openssl base64
2. Uses jq -r -c . to strictly format the JSON header/payload
3. Explicitly wraps the RSA signature binary in b64enc.
Replaced generate_jwt.py with generate_jwt.sh using only openssl and
coreutils. Updated SKILL.md to remove the python fallback section and
use grep/cut for JSON parsing instead of python3.
The previous implementation had a stdin conflict -- it passed the PEM
key on stdin but also needed to pass the unsigned data on stdin. Now
that we take a file path, openssl reads the key from the file and gets
the data to sign from stdin.
Also removed the dead-code tempfile fallback and unused hashlib import.
Chris Farhood
Gandalf the Greybeard