A collection of AI agent skills for software engineering workflows — code quality reviews, living documentation, and security audits. Built for developers and engineering teams who want Claude Code to apply expert-level analysis to their codebases.
Skills are Markdown files that give AI agents specialized knowledge, workflows, and output templates for specific tasks. When installed, Claude Code recognizes relevant requests and applies the skill automatically — no manual prompting required.
| Skill | Description |
|---|---|
| spec-doc | Generate or sync a "Living Specification" from source code to eliminate doc-code drift. Use when creating, updating, or reviewing architecture documentation for a directory or module. |
| software-evaluation | Evaluate code quality across five pillars (Architecture, Reliability, Observability, Security, DX) and produce a 1–10 scorecard with a strategic improvement roadmap. |
| vulnerability-scan | Run an OWASP-based offensive security audit using Semgrep and produce a read-only vulnerability report with severity ratings and remediation recommendations. |
npx skills add ymd38/dev-skillsThis automatically installs all skills to your project's .claude/skills/ directory.
To install a single skill:
npx skills add ymd38/dev-skills --skill spec-docCopy any skill directory into your project:
cp -r skills/spec-doc .claude/skills/spec-docOr copy all skills at once:
cp -r skills/* .claude/skills/Add as a submodule to keep skills up to date with upstream changes:
git submodule add https://github.com/ymd38/dev-skills.git .claude/dev-skillsThen reference skills from .claude/dev-skills/skills/.
Once installed, describe your task naturally and the relevant skill is applied automatically:
"Generate a spec for src/api/"
→ Uses spec-doc skill
"Review the code quality of src/backend/"
→ Uses software-evaluation skill
"Scan src/ for security vulnerabilities"
→ Uses vulnerability-scan skill
You can also invoke skills directly:
/spec-doc src/
/software-evaluation src/backend/
/vulnerability-scan src/
spec-doc— Generates a machine-readable "Living Specification" (docs/spec.md) from source code. Covers architecture, interfaces, data models, state transitions, and development constraints. Syncs with existing specs rather than replacing them.
software-evaluation— Scores a codebase across five pillars with evidence-based findings (file:line citations required). Produces a prioritized roadmap with P0–P3 action items.
vulnerability-scan— Combines automated Semgrep scanning with a manual review checklist covering OWASP Top 10. Triages true positives from false positives and includes a dependency CVE audit.