Claude Code Skills Ecosystem: 1,340+ Installable Agent Skills for AI Coding Assistants

The Claude Code skills ecosystem passed 1,340 installable skills in early 2026, and the number keeps climbing. These skills use the universal SKILL.md format : folders of structured instructions that teach AI coding tools to do special tasks. They work across Claude Code, Cursor, Codex CLI, and Gemini CLI without changes. Official skills have shipped from teams at Anthropic, Trail of Bits, Vercel, Stripe, Cloudflare, and dozens of solo devs. Install takes one npx command.

What began as a few custom prompts now looks like a package ecosystem, with rival repos, a market, and all the growing pains you’d expect.

What Are Agent Skills and How SKILL.md Works

Skills turned Claude Code from a generic coding tool into one that can pick up domain expertise on demand. A skill is a folder with a SKILL.md file in two parts. The YAML frontmatter tells Claude when to fire the skill. The markdown body holds the steps Claude follows once it does.

The frontmatter fields control skill discovery and behavior:

The body reads like a brief to a skilled contractor: what to do, what not to do, the output shape, and edge cases to handle. Skills can bundle extra files next to the main SKILL.md. Common ones include FORMS.md or REFERENCE.md for niche guidance, plus optional scripts for steady jobs like linting or file gen.

Claude uses a three-level loading plan to keep context use lean. Frontmatter metadata (about 100 tokens per skill) stays in context at all times for trigger choices. The full SKILL.md body loads only when a skill fires. Anthropic suggests keeping it under 2,000 tokens. Helper scripts and reference files load on demand.

Skills install into .claude/skills/ for one project, or ~/.claude/skills/ for all of them. Claude finds them at session start.

The Major Repositories and How to Install Skills

Many community repos have grown into skill hubs. These are the main ones:

Antigravity Awesome Skills is the biggest set: 1,340+ skills, 22,000+ GitHub stars, and 3,800+ forks. The repo (v7.3.0) ships an installer CLI, skill bundles, workflows, and built catalogs. Install targets one tool at a time:

npx antigravity-awesome-skills --claude    # Claude Code
npx antigravity-awesome-skills --codex     # Codex CLI
npx antigravity-awesome-skills --cursor    # Cursor
npx antigravity-awesome-skills --gemini    # Gemini CLI

VoltAgent Awesome Agent Skills holds 1,000+ skills from official dev teams and the community. It leans hard on cross-tool fit. VoltAgent also ships Awesome Claude Code Subagents , a set of 100+ niche subagent defs. These go past single-skill scope into multi-step flows. Subagents run in their own context windows, so tasks don’t bleed into each other.

Awesome Claude Code is a community-picked list of 195+ Claude Code resources. It covers skills, hooks, slash-commands, agent orchestrators, and plugins.

Awesome Claude Skills picks quality over quantity. Each listed skill gets a full review and a category tag.

Official Anthropic Skills is the canonical ref from Anthropic engineers. Smaller in count, but kept as the format spec and quality bar.

SkillsMP runs as a dedicated market with 66,500+ indexed skills. It offers smart search, job-based filters, and quality tags. Every skill uses the open SKILL.md standard. The site is free to browse, and it’s not tied to Anthropic.

Best Skills by Category

Not all 1,340+ skills are equally useful. The best ones follow a “one skill, one job” rule. Tight scope beats skills that try to cover many domains.

Security Auditing - Trail of Bits ships skills for security research, bug hunts, and audit flows. They encode expertise, not steps. Skills teach Claude how to think about security work, not which commands to run. Trail of Bits also keeps claude-code-config , with strong defaults for sandboxing, permissions, and hooks. Snyk has shipped matching scanning skills.

Code Review - These skills push set review patterns. They check for security bugs, slow code, and style breaks before they suggest changes. The best ones use a HIGH/MEDIUM/LOW tag to cut down false flags.

Testing - Test writer skills read your current test code and write new tests that fit your framework and house style. They don’t push a generic template. That’s why they’re useful from the first run: the output fits your codebase.

Git Workflows - Skills for commit messages, PR drafts, branch admin, and changelog gen. These are the safest start for anyone new to skills. Every project gains, and the risk of a bad output is low.

Documentation - API docs, README files, inline code docs, and architecture records. Several skills from the Awesome Claude Code toolkit cover docs next to agents and commands.

Infrastructure as Code - Terraform, Kubernetes, Docker, and CI/CD pipeline gen and review. Glob-based triggers (*.tf, Dockerfile, *.yml) fire these exactly when you need them.

Official team skills from Vercel, Stripe, Cloudflare, Netlify, Sentry, Expo, Hugging Face, and Figma fit each platform’s APIs. They tend to be the most reliable. The teams keep them in sync with their own products.

Building Your Own Skills

The SKILL.md format is simple by design. A basic skill takes minutes:

1. Make a folder in .claude/skills/ (or ~/.claude/skills/ for global)
2. Add a SKILL.md with YAML frontmatter and markdown steps
3. Claude finds it at the next session start

A minimal example:

---
name: PR Review
description: Use when reviewing pull requests or when the user asks for a code review
globs:
  - "*.py"
  - "*.js"
  - "*.ts"
---

## Instructions

Review the changed files for:
- Security vulnerabilities (SQL injection, XSS, auth bypass)
- Performance issues (N+1 queries, unnecessary allocations)
- Style violations against project conventions

Rate each finding as HIGH, MEDIUM, or LOW confidence.
Do NOT flag stylistic preferences as issues.

Instruction design beats format. Write as if you’re briefing a skilled contractor. State what to do, what NOT to do, the output shape, and the edge cases to watch. Vague prompts give you vague output.

For tricky flows, split steps across many markdown files and link them from the main SKILL.md. A security audit skill might add a CHECKLIST.md and a SEVERITY_GUIDE.md.

Testing your skill means running Claude Code in a test project with the skill on. Check that it fires on the right file types and scenes. Watch for cases where it fires when it shouldn’t. Broad globs or description fields cause noise. For a walkthrough of Claude Code with custom tools, see the guide on building a local AI coding agent .

Publishing is simple. Push to GitHub and submit to one of the awesome-lists. Or list on SkillsMP for wider reach. Skills should follow semver. Breaking changes to the prompt format or triggers earn a major version bump.

Performance Impact of Many Skills

A common question: do dozens or hundreds of skills slow things down? The three-level loading plan helps. Claude reads only the name and description from each skill at startup. That’s about 100 tokens per skill. Full steps load only when a skill is deemed relevant.

In practice, the context hit is small. Ten skills at 2,000 tokens each take about 20,000 tokens of context. That’s about 5% of Claude’s window. Startup stays fast since full content loads lazily.

The real limit is behavior. At 3 to 4 picked skills, Claude runs smoothly. At 8 to 10 mixed skills, the model starts to wobble: longer preambles, second-guessing, and now and then a clash between skills. The practical fix is to use project-level skills (.claude/skills/) scoped to one repo, not loaded across all of them.

The Ecosystem’s Growing Pains

At 1,340+ skills across many repos, the ecosystem is hitting issues that every package world faces in time.

Discovery is still hard. To find the right skill for a use case, you dig through catalogs, README files, and community picks. SkillsMP’s search and filters help, but there’s no unified registry on par with npm or PyPI.

Quality varies a lot. No formal review exists for community skills. Some have been tested by thousands of users. Others are weekend builds that no one ever updated. Trail of Bits handles this with skills-curated , a reviewed and approved subset of their market. The approach hasn’t scaled to the wider ecosystem.

Security is the most serious open problem. Skills hold prompts Claude will follow, and some of those prompts could be bad. There’s no code signing, no sandbox, and no per-skill permission scope. A bad skill could tell Claude to leak code, plant bugs, or change files in ways you don’t expect. This is the same risk that turns AI coding agents into supply chain insider threats : a poisoned skill steers an AI that already holds wide system access.

Fragmentation means the same skill can exist in many versions across many repos, with no source of truth. Antigravity, VoltAgent, and the various awesome-lists overlap a lot. For a view of the most useful open-source repos that extend Claude Code in early 2026, see 5 Open Source Repos That Make Claude Code Unstoppable .

Cross-tool compat has a catch. The universal SKILL.md format works across tools in theory. In practice, different tools read frontmatter fields a bit differently. That leads to small behavior gaps.

The parallels to early npm are hard to miss. npm went from a few hundred packages to millions. Along the way it picked up supply chain risk, dead packages, and name clashes. The skills world needs package signing, vuln scans, and deprecation flows before any enterprise can trust it. Anthropic could build a first-party registry. Community efforts like SkillsMP could set review standards. Either way, it isn’t here yet.

For now, the practical advice is to start with a handful of well-kept skills from known sources. Trail of Bits for security, official team skills for your platform stack, and git workflow skills as a baseline. Install at the project level, not the global one. Audit any skill’s SKILL.md before you trust it with your codebase.