Skip to main content
在 Manus 中运行任何 Skill
一键导入
GitHub 仓库

socket-cli

socket-cli 收录了来自 SocketDev 的 59 个 skills,并提供仓库级职业覆盖和站内 skill 详情页。

已收集 skills
59
Stars
295
更新
2026-07-09
Forks
53
职业覆盖
7 个职业分类 · 已分类 100%
仓库浏览

这个仓库中的 skills

consolidating-commits
软件开发工程师

Regroup the commits since the previous bump (or a given base) into logical commits — one per concern, bump kept last — via scripts/fleet/consolidate-commits.mts. "Consolidate commits" never means squash-to-one; that is squashing-history.

2026-07-09
driving-cursor-bugbot
软件质量保证分析师与测试员

Drives the Cursor Bugbot review-and-fix loop on a PR. Inventories open Bugbot threads, classifies each (real bug / false positive / already fixed), fixes the real ones, replies on the inline thread (never as a detached PR comment), updates the PR title/body if scope shifted, and pushes. Use when reviewing a PR you just authored, after `gh pr create`, or after a new Bugbot pass on an existing PR.

2026-07-09
reviewing-code
软件质量保证分析师与测试员

Reviews the current branch against a base ref using multiple AI backends. Runs a Workflow that streams the diff through discovery, discovery-secondary, remediation, and adversarial-verify stages, routing each stage to the available agents (codex, claude, opencode, kimi, …) and gracefully skipping any backend that isn't installed. Writes a markdown findings report under docs/. Use when preparing or updating a PR, before merging a feature branch, or when wanting an independent second opinion from a different agent.

2026-07-09
setup-repo
软件开发工程师

Full repo onboarding wizard. Orchestrates all setup concerns for a new engineer or a fresh clone — API token, OS keychain, shell rc bridge, native messaging host, security tools, and repo-specific initialization. Invoke with /setup-repo.

2026-07-09
cascading-fleet
软件开发工程师

Propagate a wheelhouse template change to every fleet repo. Packages the canonical fleet-repo list, the FLEET_SYNC=1 sentinel pattern, the worktree-per-repo loop, push-direct + PR-fallback, and worktree-cleanup that survives mid-loop crashes. Use when a wheelhouse template SHA needs to land in every fleet repo, or when batching multiple template SHAs into one cascade wave. Tool-version pin propagation is the wheelhouse pipeline's job (scripts/repo/pipeline.mts), not this skill's.

2026-07-09
managing-worktrees
软件开发工程师

Manages git worktrees per the fleet's parallel-Claude-sessions rule. Creates new task-worktrees, fans out one worktree per open PR for parallel review, and prunes spent worktrees that have nothing left to land — clean trees whose branch was deleted upstream OR is fully merged into the remote default branch. Use when starting a task that needs an isolated working tree, when reviewing every open PR locally without disturbing the primary checkout, or when cleaning up after merges.

2026-07-09
regenerating-patches
软件开发工程师

Regenerates plugin-cache patches in scripts/fleet/plugin-patches/ against the pinned upstream plugin source when they go stale after a plugin SHA bump. Use when install-claude-plugins.mts warns that a patch no longer applies, or after bumping a plugin's source.sha in marketplace.json.

2026-07-09
tidying-files
软件开发工程师

Sweeps every fleet repo for never-wanted junk (.DS_Store, Thumbs.db, *.orig, *.rej, *.swp, *.pyc, __pycache__) and stray AI/temp scratch (orphaned /tmp cascade dirs, dry-run logs), deleting only untracked-or-ignored paths — never a git-tracked file, never anything inside a submodule. Conservative and no-prompt: dry-run by default, /loop-able. Use for periodic low-friction cleanup of accreted junk across the fleet, or before a commit/cascade.

2026-07-09
tidying-rolldown-bundles
软件开发工程师

Keeps rolldown-bundled fleet repos lean — reports (and with --fix, runs `pnpm dedupe` for) collapsible lockfile transitives, checks that Socket-published packages route through the `catalog:` overrides, and flags any `external/` re-export shim that has grown into a fat re-vendored tree. Conservative and no-prompt: the only mutation is a lockfile-only `pnpm dedupe`; anything that would change the published bundle is reported for a human. Use for periodic dependency hygiene on bundle repos, or before a release.

2026-07-09
scanning-quality
软件质量保证分析师与测试员

Scans the codebase for bugs, logic errors, cache races, workflow problems, insecure defaults, security regressions in the diff, and variant analysis on prior findings. Runs a Workflow that fans out one finder per scan type in parallel, runs variant-analysis as a dependent stage, adversarially verifies High/Critical findings, deduplicates, and produces an A-F prioritized report. Use when preparing a release, investigating quality issues, running pre-merge checks, or whenever a recent diff touches security-sensitive code.

2026-07-08
auditing-api-surface
软件开发工程师

Audits a lib's published export surface for dead/unconsumed subpaths. For each `package.json#exports` subpath, checks whether any other fleet repo imports it and whether the lib's own `src/` references it, then classifies every subpath (dead / single-consumer / internal-only / consumed) into a ranked report. Read-only — reports prune candidates, never deletes. Use weekly (the `audit-api-surface.lock.yml` gh-aw cron drives it), before a major version bump, or when trimming bundle size on an infra lib.

2026-07-08
auditing-gha
软件开发工程师

Audits a repo's GitHub Actions permissions + allowlist against the fleet baseline. Reports drift only. Fixes are manual in Settings → Actions because flipping these silently is unsafe. Use when a CI failure looks like "action X is not allowed to be used", when onboarding a new fleet repo, or as a periodic fleet-wide health check.

2026-07-08
cleaning-ci
软件开发工程师

Sweeps a fleet repo (or every fleet repo) for redundant CI surface. Three classes: orphan workflow YAML files (lint.yml / check.yml / type.yml / test.yml that the unified ci.yml replaced), GitHub-Dependabot auto-fix PRs that the fleet handles via /updating-security, and stale workflow run history in the Actions sidebar. Deletes the YAML files, disables Dependabot automated-security-fixes via gh api, and reports anything that needs a manual UI toggle. Once-and-never-again sweep meant to leave a repo clean.

2026-07-08
greening-ci-local
软件开发工程师

Drive a repo's CI to green LOCALLY with Agent-CI (Docker), the local analog of greening-ci. Runs a workflow (or all PR/push workflows) in containers, and on the first paused step reads the failure log, fixes the code locally, and `agent-ci retry`s the SAME paused runner — looping until the run lands green or a wall-clock budget expires. Use to validate a workflow change or a release dispatch BEFORE burning a remote run, to catch a CI failure on your own machine, or as the local pre-flight before `republishing-stubs` / any remote build-matrix dispatch. Where greening-ci watches GitHub Actions remotely and fixes-then-pushes, this runs in local containers and fixes-then-retries in place — no push, no remote runner minutes.

2026-07-08
greening-ci
软件开发工程师

Drive a target repo's CI back to green. Watches GitHub Actions, surfaces the first failure log, fixes it locally, commits + pushes, and re-watches until the run lands green (or a wall-clock budget expires). Three modes: fast (ci.yml), release (build-server matrices, fail-fast 30s polls then cool down on first success), cool (just confirm the rest of a matrix). Use when main goes red, when a build-server dispatch is failing, or when babysitting a freshly-pushed fix to verify it lands green.

2026-07-08
migrating-rule-packs
软件开发工程师

Run a code migration (zod → typebox, fetch → http-request, lib → lib-stable, etc.) as a rule-pack-driven autonomous loop across many target files in parallel. Runs a Workflow that streams the target files through a transform → build/fix/check/test pipeline, one worktree-isolated agent per file, with a feedback channel that rewrites PR-review comments back into the rule files. Use when a migration touches 10+ files with a deterministic transformation, when each target file is independently transformable, or when human-led serial editing would dominate the wall-clock time. The skill packages the four pieces a rule-pack migration needs: a rule-pack format, an autonomous per-file build/fix/check/test loop, parallel worktree execution, and a feedback channel that rewrites PR-review comments back into the rule files.

2026-07-08
refreshing-history
软件开发工程师

Squashes the repo's default branch (main, falling back to master) to a single signed "Initial commit", refreshes deps + lockfile, runs format / fix / check / type passes, amends results, and force-pushes. Wraps the lower-level `squashing-history` skill with a dep-refresh + integrity check + verified-signature workflow. Use when cutting a fleet-wide history reset or preparing a clean baseline before a major release.

2026-07-08
rendering-chromium-to-png
软件开发工程师

Render a web page, local HTML file, or a real unpacked Chrome MV3 extension popup to a PNG so you can SEE it — then Read the image to put the actual rendered pixels in context. Catches layout / color / empty-state / render-throw bugs that code-reading misses (a view can look correct in source and render broken). Use before redesigning UI, when "verify rendered output before commit" applies, or to inspect an extension popup with its real chrome.* powers. Page mode renders any url/file; extension mode loads an unpacked MV3 extension (background SW + content scripts + popup) and screenshots a page inside it.

2026-07-08
reordering-release-bump
软件开发工程师

Moves an existing `chore: bump version to X.Y.Z` commit to the tip of the default branch when work landed on top of it, then retags vX.Y.Z onto the moved commit and force-pushes — with a timestamped backup branch, tree-identical integrity verification, and the package.json+CHANGELOG-only bump check. Use when a release bump is no longer the latest commit and needs to be again.

2026-07-08
squashing-history
软件开发工程师

Squashes all commits on the repo's default branch (main, falling back to master) to a single conventional-commit "chore: initial commit" with backup branch, integrity verification, and user confirmation before force push. Use when cleaning history or preparing for fresh start.

2026-07-08
trimming-bundle
软件开发工程师

For repos that ship a built bundle, finds unused code paths in dist/ and iteratively stubs them via the bundler's stub plugin. Each candidate stub goes through stub → rebuild → test loop; only paths that pass the loop are kept. Today the only supported bundler is rolldown (createLibStubPlugin); the skill shape generalizes to other bundlers if the fleet adopts them. Use after a bundler migration, before publishing a new version, or whenever bundle size grows unexpectedly.

2026-07-08
updating
软件开发工程师

Umbrella update skill for a Socket fleet repo. Runs `pnpm run update` (npm), validates `lockstep.json` via `pnpm run lockstep` (if present), optionally bumps submodules, checks workflow SHA pins, resolves open Dependabot security alerts, refreshes the README coverage badge when applicable, and audits GitHub repo + Actions settings drift via `scripts/lint-github-settings.mts`. Discovers what applies via a parallel read-only Workflow sweep, then applies per-category drift (per-row lockstep bumps, per-alert security) as pipeline fan-out. Use when asked to update dependencies, sync upstreams, fix security advisories, refresh coverage, or prepare for a release.

2026-07-08
authoring-spec
软件开发工程师

Synthesize the current conversation into a spec (problem, solution, user stories, decisions, test seams, enforcement plan) and publish it to the tracker. No interview — pure synthesis. Use when the user wants a spec (aka PRD) written up from what's been discussed.

2026-07-07
building-tdd
软件质量保证分析师与测试员

Test-driven development — build a feature or fix a bug test-first. Use when the user wants test-first / red-green-refactor, or asks to build a feature with tests.

2026-07-07
codifying-disciplines
软件开发工程师

Scans a repo for disciplines that exist only in prose, convention, or agent memory but are NOT enforced by executable code, then codifies each into the right surface — a script, a hook, a lint rule, or a CLAUDE.md rule. Runs a Workflow that fans out scanner agents (CLAUDE.md rules with no enforcer, repeated review/PR feedback, build/release steps relying on humans remembering, conventions stated in docs but unchecked), dedups, ranks by blast radius, and for each gap proposes the lowest-friction codification with a concrete diff. "Code is law" — agent memory and prose don't enforce; scripts/hooks/rules do. Use after a session surfaces a recurring discipline, when onboarding a repo, or whenever "we keep having to remember X" comes up.

2026-07-07
creating-guards
软件开发工程师

How to author or convert a fleet PreToolUse / PostToolUse / Stop hook guard to the uniform contract (export const check + block/notify/undefined verdict + runGuard), so the per-event dispatcher runs it in ONE process instead of spawning a node process per guard. Loads on demand when adding a `.claude/hooks/fleet/<name>/` guard or converting an old one.

2026-07-07
decomposing-tickets
项目管理专家

Break a plan, spec, or findings report into independently-grabbable tracker tickets using vertical-slice tracer bullets. Use when the user wants to turn a plan into tickets, or to decompose a findings report into assignable work.

2026-07-07
deduping-dependencies
软件开发工程师

Reduce duplicate installs across the fleet through safe pnpm overrides, @socketregistry hardened drop-ins, and compatibility patches. Packages the dedup decision tree (collapse / scope / force-ESM-for-bundling / patch-for-compat), the mandatory consumer-grep verification, and the cross-repo frozen-lockfile safety gate. Use on the weekly-update cadence, during a tidying/cleaning pass, or whenever the lockfile carries duplicate majors of a package.

2026-07-07
delegating-execution
其他计算机职业

Route non-trivial build/design work through the tier cycle — big-brain plan, floor execute, big-brain review, floor follow-up. Use when a task deserves a written plan and the execution is delegable grunt work; benign infra/docs planning routes to Fable, security-sensitive planning to Opus 4.8.

2026-07-07
diagnosing-bugs
软件开发工程师

Diagnosis loop for hard bugs and performance regressions. Use when the user says "diagnose" / "debug this", or reports something broken, throwing, failing, or slow.

2026-07-07
grilling-plan
软件开发工程师

Interview the user relentlessly to stress-test a plan or design BEFORE building, one question at a time. Use when the user wants to grill / pressure-test a plan, or before a change that touches fleet-shared resources (template/, _shared/, a new hook/lint rule/check).

2026-07-07
grooming-backlog
项目管理专家

Consolidate a bloated task backlog into a lean, accurate set — complete verified-done tasks, fold related clusters into umbrella survivors (folding each child's scope into the umbrella BEFORE deleting), delete superseded/duplicate/stale/parked, and keep in_progress honest (only actively-worked items). Use when the task list is noisy, when asked to "get pending under N", or to triage a stale in_progress list. The inverse of decomposing-tickets.

2026-07-07
guarding-paths
软件开发工程师

Audits and fixes path duplication in a Socket repo. Applies the strict "1 path, 1 reference" rule: every build/test/runtime/config path is constructed exactly once; everywhere else references the constructed value. Default mode finds and fixes; `check` mode reports only; `install` mode drops the gate + hook + rule into a fresh repo. Use when path drift surfaces from `pnpm check`, when a new sibling package needs path conventions, or when bootstrapping a fresh Socket repo.

2026-07-07
locking-down-claude
软件开发工程师

Reference for locking down programmatic Claude invocations (the `claude` CLI in workflows/scripts, the `@anthropic-ai/claude-agent-sdk` `query()` in code). Loads on demand when writing or reviewing any callsite that runs Claude programmatically. Source: https://code.claude.com/docs/en/agent-sdk/permissions.

2026-07-07
opening-pr
软件开发工程师

Implement a fix for an issue / finding / request, ensure it has a unit test or a verification path, and open the PR. Use when the user wants a change shipped as a PR — not just described, but fixed AND verified.

2026-07-07
prose
技术写作员

Removes AI writing patterns from prose. Use when drafting, editing, or reviewing essays, blog posts, docs, release notes, commit message bodies, PR descriptions, CHANGELOG entries, README content, or any human-facing text that reads AI-generated: hedged, metronomic, padded with throat-clearing, or full of em-dashes, adverbs, and "not X, it's Y" contrasts.

2026-07-07
pushing
软件开发工程师

Run the pre-push gate (update, install, fix --all, check --all, cover) and, only on all-green, push origin + watch CI to green. The deterministic executor for the fleet push workflow — landing on local main is the default; this guards the push when you choose to send it. Use before pushing the wheelhouse (the fleet's canonical source) to origin.

2026-07-07
releasing-a-package
软件开发工程师

End-to-end release of a single-package fleet repo — pre-bump wave, public-facing CHANGELOG, a `chore: bump version to X.Y.Z` commit, a `vX.Y.Z` tag, a CI staged-publish (OIDC trusted publisher + provenance) via `scripts/fleet/npm-publish.mts --staged`, then a local human 2FA `--approve` (web-OTP browser flow). Use when shipping a new version of a repo whose `publish` script is the canonical `scripts/fleet/npm-publish.mts`. NOT for socket-registry / socket-addon, which keep a bespoke multi-package publish.mts.

2026-07-07
syncing-fleet
软件开发工程师

Sync a NAMED slice of the wheelhouse cascade — call out a target (pnpm-workspace, lint-config, foundationals, …) and sync just that, at one of three scopes (dogfood self, the whole fleet, or one member repo). The thin vocabulary layer over the cascade engine; full sync logic lives in scripts/fleet/sync.mts. Use when you want to cascade ONE concern instead of the full template, or to push a one-repo override.

2026-07-07
tidying-worktrees
软件开发工程师

Sweeps every fleet repo and removes spent git worktrees — clean trees whose branch is fully merged into the remote base, or gone from the remote with nothing unpushed. Conservative and no-prompt: a dirty worktree, or one carrying unpushed commits, is always kept (it may be a parallel session's live work). Use for periodic low-friction care of the fleet's worktree clutter, or before a cascade wave to clear interrupted-wave leftovers. Defaults to dry-run; pass --fix to act.

2026-07-07
当前展示该仓库 Top 40 / 59 个已收集 skills。