feat(skills): add 15 Trail of Bits skill entries (OCI distribution)#1095
Merged
Conversation
Adds the security-focused Trail of Bits skills to the ToolHive catalog.
Content lives upstream at trailofbits/skills (CC-BY-SA-4.0, pinned to
commit e8cc5ba) and is packaged by dockyard to
ghcr.io/stacklok/dockyard/skills/<name>:0.1.0 with Sigstore signatures,
SPDX SBOM, SLSA build provenance, and a cisco-ai-skill-scanner SCAI v0.3
security-scan attestation on each artifact.
Skills:
agentic-actions-auditor, codeql, semgrep, sarif-parsing,
supply-chain-risk-auditor, insecure-defaults, sharp-edges, fp-check,
differential-review, variant-analysis, constant-time-analysis,
property-based-testing, yara-rule-authoring, semgrep-rule-creator,
semgrep-rule-variant-creator
- `registryType: oci` is the primary package; `registryType: git` is a
commit-pinned fallback to trailofbits/skills at the same ref the OCI
artifact was built from.
- License is CC-BY-SA-4.0 per upstream. This is not one of the
explicitly-listed permissive licenses in skill-criteria.md (Apache,
MIT, BSD), but CC-BY-SA is also not explicitly excluded. Trail of
Bits chose CC-BY-SA because SKILL.md files are prose/documentation
rather than code. Flagging for reviewer judgment.
- No `allowedTools` — every included skill uses only Claude Code
built-in tools (Read, Grep, Glob, Bash, Task, etc.), which the
skill-criteria.md "MCP dependencies in catalog" bar does not apply
to. zeroize-audit (the 16th dockyard-packaged skill) was excluded
because it references mcp__serena__* tools and Serena is not in the
catalog; that skill will be revisited separately.
- No `skill/SKILL.md` subfolder. Content is authoritatively in the OCI
artifact; duplicating would risk skill shadowing and drift.
- Icons: single shared shield+magnifier SVG used across all 15 —
thematic for security audit/review and keeps the PR tight. Can be
differentiated later if needed.
Validated locally:
task catalog:validate -> 20 skills, all valid
task catalog:build -> all 15 present under data.skills in
build/toolhive/registry-upstream.json
npx prettier --check -> passes
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Juan Antonio Osorio <ozz@stacklok.com>
Contributor
Registry Build PreviewAll registries built successfully! Registry:
|
rdimitrov
approved these changes
Apr 17, 2026
This was referenced Apr 21, 2026
rdimitrov
pushed a commit
that referenced
this pull request
Apr 21, 2026
Adds the 3-skill Stripe pack from stripe/agent-toolkit to the ToolHive catalog. Content is MIT-licensed, pinned upstream to commit dd6deb03137908d0102ffde97e60c90cf79bf929 and packaged by Dockyard to ghcr.io/stacklok/dockyard/skills/<name>:0.1.0. Follows the OCI-distribution pattern established by PR #1093 (claude-api), PR #1094 (toolhive-cli-user), PR #1095 (trailofbits security skills), and PR #1109 (google-gemini pack). Skills added: - stripe-best-practices — Stripe integration decisions (API selection, Connect, Billing, Treasury, migrations, security) - stripe-projects — bootstrap new apps with the Stripe Projects CLI - upgrade-stripe — upgrade Stripe API versions and SDKs across server-side, Stripe.js, and mobile SDKs Signed-off-by: Juan Antonio Osorio <ozz@stacklok.com>
rdimitrov
pushed a commit
that referenced
this pull request
Apr 21, 2026
Adds the Neon pack from neondatabase/agent-skills to the ToolHive catalog. Content is Apache-2.0, pinned upstream to commit 38c7da85db656c8c9efd1e6433c200212926fd2d and packaged by Dockyard (Dockyard PR #506) to ghcr.io/stacklok/dockyard/skills/<name>:0.1.0. Follows the OCI-distribution pattern established by PR #1093 (claude-api), PR #1094 (toolhive-cli-user), PR #1095 (trailofbits), and PR #1109 (gemini pack). Skills added: - claimable-postgres — instant temporary Postgres via neon.new (no signup, REST/CLI/SDK, 72-hour claim window) - neon-postgres — Neon Serverless Postgres guides (connections, CLI, MCP, branching, autoscaling, scale-to-zero, Platform API) - neon-postgres-egress-optimizer — diagnose and fix excessive Postgres egress (pg_stat_statements, SELECT *, overfetching) Notes: - License: Apache-2.0 (confirmed at neondatabase/agent-skills root; upstream does not embed SPDX in per-skill SKILL.md frontmatter — tracked as an allowed Dockyard manifest issue). - No allowedTools declared by any of the 3 skills. - No skill/SKILL.md subfolder — OCI is authoritative, with a commit-pinned git package as fallback. - Icons: all 3 share a monochrome database/stack SVG (Neon is serverless Postgres). Signed-off-by: Juan Antonio Osorio <ozz@stacklok.com>
rdimitrov
pushed a commit
that referenced
this pull request
Apr 21, 2026
Adds the Sentry pack from getsentry/skills to the ToolHive catalog, pinned to commit 94ea2a26 and packaged by Dockyard (PR #498) to ghcr.io/stacklok/dockyard/skills/<name>:0.1.0. Follows the OCI-distribution pattern established by PR #1093 (claude-api), PR #1094 (toolhive-cli-user), PR #1095 (trailofbits), and PR #1109 (google-gemini). The upstream `code-review` skill collides with the existing homegrown `registries/toolhive/skills/code-review` entry and is intentionally skipped in this PR; 17 of the 18 upstream skills are added. Signed-off-by: Juan Antonio Osorio <ozz@stacklok.com>
rdimitrov
pushed a commit
that referenced
this pull request
Apr 21, 2026
…1124) Adds the Hugging Face skill pack from https://github.com/huggingface/skills (Apache-2.0), pinned to upstream commit 061ab494cb145f43ae8f218939b99160e2c61c58 and packaged by Dockyard to ghcr.io/stacklok/dockyard/skills/<name>:0.1.0. Skills added: - hf-cli - hf-mcp - huggingface-community-evals - huggingface-datasets - huggingface-gradio - huggingface-llm-trainer - huggingface-paper-publisher - huggingface-papers - huggingface-tool-builder - huggingface-trackio - huggingface-vision-trainer - transformers-js Follows the OCI-distribution pattern from PRs #1093, #1094, #1095, #1109. Signed-off-by: Juan Antonio Osorio <ozz@stacklok.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds 15 security-focused agent skills from
trailofbits/skillsto the ToolHive catalog. Content is CC-BY-SA-4.0, pinned upstream to commite8cc5baand packaged by Dockyard (see stacklok/dockyard#466) toghcr.io/stacklok/dockyard/skills/<name>:0.1.0with Sigstore signatures, SPDX SBOM, SLSA build provenance, and a Cisco AI Defense skill-scanner SCAI v0.3 security-scan attestation on each artifact.Follows the OCI-distribution pattern established by PR #1093 (claude-api) and PR #1094 (toolhive-cli-user).
Skills added
Security analysis
agentic-actions-auditor— audits GitHub Actions workflows for AI-agent security holes (prompt injection, env-var intermediary, wildcard allowlists)codeql,semgrep,sarif-parsing— classic SAST tooling from the upstreamstatic-analysispluginsemgrep-rule-creator,semgrep-rule-variant-creator— authoring/porting custom Semgrep rulesSupply chain and defensive review
supply-chain-risk-auditor— dependency takeover/exploitation riskinsecure-defaults— fail-open configurations and hardcoded secretssharp-edges— footgun APIs and dangerous defaultsfp-check— false-positive verification with mandatory gate reviewsdifferential-review— security-focused PR/commit reviewvariant-analysis— finding bug variants across a codebaseCryptographic verification
constant-time-analysis— timing side-channels across 12 languagesproperty-based-testing— PBT guidance across multiple languagesMalware analysis
yara-rule-authoring— YARA-X detection rule authoringNotes for review
CC-BY-SA-4.0. Upstream picked CC-BY-SA becauseSKILL.mdfiles are prose, not code. Not one of the permissive licenses explicitly listed indocs/skill-criteria.md(Apache/MIT/BSD), but also not on the excluded list (GPL/AGPL/LGPL). Flagging for reviewer judgment — happy to revisit scope if the call is that CC-BY-SA is a blocker.zeroize-auditintentionally excluded. The 16th skill in the dockyard batch requiresmcp__serena__*tools, and Serena is not yet in the catalog. Per skill-criteria.md that's a hard blocker; Serena-as-a-server is a separate thread (upstream container is SSE-only, experimental, and:latest-tagged; the PyPI route has an executable-name mismatch with dockhand). Will revisit.allowedTools. Every included skill uses only Claude Code built-in tools (Read, Grep, Glob, Bash, Task, AskUserQuestion, etc.), which are out of scope for the "MCP dependencies in catalog" bar.skill/SKILL.mdsubfolder. Following theclaude-api/toolhive-cli-userprecedent — OCI is authoritative, duplicating SKILL.md risks shadowing and drift. Git fallback package is commit-pinned.Test plan
task catalog:validate— 20 skills total, all validtask catalog:build— all 15 present underdata.skillsinbuild/toolhive/registry-upstream.jsonnpx prettier --checkon all newskill.jsonfiles — passestask catalog:validatein CIregistry-upstream.jsonfeedSigned-off-by: Juan Antonio Osorio ozz@stacklok.com
🤖 Generated with Claude Code