Claude Code Skills Ecosystem: 1,340+ Installable Agent Skills for AI Coding Assistants

Contents

The Claude Code skills ecosystem passed 1,340 installable skills in early 2026, and the number keeps climbing. These skills use the universal SKILL.md format - folders of structured instructions that teach AI coding assistants how to complete specialized tasks. They work across Claude Code, Cursor, Codex CLI, Gemini CLI, and other tools without modification. Official contributions have come from teams at Anthropic, Trail of Bits, Vercel, Stripe, Cloudflare, and dozens of independent developers. Installation takes a single npx command.

What started as a handful of custom instructions has turned into something resembling a package ecosystem, with multiple competing repositories, a marketplace, and all the growing pains you’d expect.

What Are Agent Skills and How SKILL.md Works

Skills are the extension mechanism that turned Claude Code from a generic coding assistant into a specialized tool capable of adopting domain expertise on demand. A skill is a folder containing a SKILL.md file with two parts: YAML frontmatter that tells Claude when to activate the skill, and a markdown body with instructions Claude follows once triggered.

The frontmatter fields control skill discovery and behavior:

Field	Purpose
`name`	Display name shown in the skill list
`description`	Tells Claude when this skill is relevant - be specific
`globs`	File patterns that trigger the skill (e.g., `*.tf` for Terraform files)
`tools`	Optional MCP tools the skill can call
`context`	Set to `fork` to run the skill in isolation
`allowed-tools`	Tools available without per-use approval when active

The markdown body below the frontmatter reads like a briefing for a skilled contractor: what to do, what not to do, expected output format, and edge cases to handle. Skills can bundle additional files beyond the main SKILL.md - supplementary references like FORMS.md or REFERENCE.md containing specialized guidance, along with optional scripts for deterministic tasks like linting or file generation.

Claude uses a three-level loading strategy to keep context window usage efficient. Frontmatter metadata (about 100 tokens per skill) stays in context at all times for triggering decisions. The full SKILL.md body loads only when a skill activates - Anthropic recommends keeping this under 2,000 tokens. Supporting scripts and reference files load on demand.

Skills install into .claude/skills/ for project-level use or ~/.claude/skills/ for global availability. Claude auto-discovers them at session start.

The Major Repositories and How to Install Skills

Multiple community repositories have emerged as skill hubs. As of early April 2026, these are the main ones:

Antigravity Awesome Skills is the largest collection with 1,340+ skills, 22,000+ GitHub stars, and 3,800+ forks. The repository (v7.3.0) includes an installer CLI, skill bundles, workflows, and generated catalogs. Installation targets specific tools:

npx antigravity-awesome-skills --claude    # Claude Code
npx antigravity-awesome-skills --codex     # Codex CLI
npx antigravity-awesome-skills --cursor    # Cursor
npx antigravity-awesome-skills --gemini    # Gemini CLI

VoltAgent Awesome Agent Skills maintains 1,000+ skills from official development teams and the community, with a strong emphasis on cross-tool compatibility. VoltAgent also publishes Awesome Claude Code Subagents , a collection of 100+ specialized subagent definitions that go beyond single-skill scope into multi-step workflows. Subagents run in isolated context windows, preventing cross-contamination between different tasks.

Awesome Claude Code is a community-curated directory of 195+ Claude Code ecosystem resources including skills, hooks, slash-commands, agent orchestrators, and plugins.

Awesome Claude Code project social banner featuring Clawd and Leo mascots — The Awesome Claude Code community directory

Image: Awesome Claude Code

Awesome Claude Skills takes a quality-over-quantity approach with detailed reviews and categorization for each listed skill.

Official Anthropic Skills is the canonical reference from Anthropic engineers. Smaller in number but maintained as the format specification and quality baseline.

SkillsMP operates as a dedicated marketplace with 66,500+ indexed skills. It offers smart search, occupation-based filtering, and quality indicators. All listed skills use the open SKILL.md standard. The platform is free to browse and independent of Anthropic.

Best Skills by Category

Not all 1,340+ skills are equally useful. The standout categories follow a “one skill, one job” principle - focused scope produces better results than skills trying to cover multiple domains.

Security Auditing - Trail of Bits published skills for security research, vulnerability detection, and audit workflows. Their approach encodes expertise rather than procedures - skills teach Claude how to think about security work rather than run specific command sequences. Trail of Bits also maintains claude-code-config , providing opinionated defaults for sandboxing, permissions, and hooks. Snyk has published complementary vulnerability scanning skills.

Code Review - Skills that enforce structured review patterns, checking for security issues, performance problems, and style violations before suggesting changes. The better implementations use a confidence classification system (HIGH/MEDIUM/LOW) to reduce false positives.

Testing - Test writer skills analyze your existing test patterns and generate new tests matching your project’s framework and conventions, rather than imposing generic templates. This makes them useful from the first run since the output fits your codebase style.

Git Workflows - Skills for commit message formatting, PR creation, branch management, and changelog generation. These are the most universally applicable starting point for anyone new to skills - every project benefits and the risk of a bad output is low.

Documentation - API docs, README files, inline code documentation, and architecture decision records. Several skills from the Awesome Claude Code toolkit cover documentation alongside agents and commands.

Infrastructure as Code - Terraform, Kubernetes, Docker, and CI/CD pipeline generation and review. The glob-based triggering (*.tf, Dockerfile, *.yml) makes these activate exactly when needed.

Official team contributions from Vercel, Stripe, Cloudflare, Netlify, Sentry, Expo, Hugging Face, and Figma are tuned to their specific platforms and APIs. These tend to be the most reliable because they’re maintained alongside the products themselves.

Building Your Own Skills

The SKILL.md format is intentionally simple. Creating a basic skill takes minutes:

Create a folder in .claude/skills/ (or ~/.claude/skills/ for global)
Add a SKILL.md with YAML frontmatter and markdown instructions
Claude discovers it at the next session start

A minimal example:

---
name: PR Review
description: Use when reviewing pull requests or when the user asks for a code review
globs:
  - "*.py"
  - "*.js"
  - "*.ts"
---

## Instructions

Review the changed files for:
- Security vulnerabilities (SQL injection, XSS, auth bypass)
- Performance issues (N+1 queries, unnecessary allocations)
- Style violations against project conventions

Rate each finding as HIGH, MEDIUM, or LOW confidence.
Do NOT flag stylistic preferences as issues.

Instruction design matters more than format. Write as if briefing a skilled contractor: state what to do, what NOT to do, what output format to use, and what edge cases to watch for. Vague instructions produce vague output.

For complex workflows, split instructions across multiple markdown files and reference them from the main SKILL.md. A security audit skill might include separate CHECKLIST.md and SEVERITY_GUIDE.md files.

Testing your skill means running Claude Code in a test project with the skill installed and verifying it triggers correctly across different file types and scenarios. Pay attention to whether it activates when it shouldn’t - overly broad globs or description fields cause unwanted interference.

Publishing is straightforward: push to GitHub and submit to one of the awesome-lists, or list on SkillsMP for broader distribution. Skills should follow semver - breaking changes to instruction format or trigger conditions warrant a major version bump.

Performance Impact of Many Skills

A common question is whether installing dozens or hundreds of skills slows things down. The three-level loading strategy helps: Claude reads only the name and description from each skill at startup, roughly 100 tokens per skill. Full instructions only load when a skill is deemed relevant.

In practice, the context window impact is modest. Ten skills at 2,000 tokens each consume about 20,000 tokens of context - roughly 5% of Claude’s available window. Startup time remains fast because full content loads lazily.

The actual limit is behavioral. At 3-4 well-chosen skills, Claude operates smoothly. At 8-10 mixed skills, behavior starts to degrade: more verbose preambles, second-guessing, and occasional conflicts between skill instructions. The practical fix is using project-level skills (.claude/skills/) scoped to specific repositories rather than loading everything globally.

The Ecosystem’s Growing Pains

At 1,340+ skills across multiple repositories, the ecosystem is hitting problems that every package ecosystem faces eventually.

Discovery remains difficult. Finding the right skill for a specific use case means digging through catalogs, README files, and community recommendations. SkillsMP’s search and filtering helps, but there’s no unified registry comparable to npm or PyPI.

Quality varies widely. No formal review process exists for community skills. Some have been battle-tested by thousands of users; others are weekend projects that were never updated. Trail of Bits addresses this with skills-curated , a reviewed and approved subset of their marketplace, but this approach hasn’t scaled to the broader ecosystem.

Security is the most serious unresolved problem. Skills contain arbitrary instructions that Claude will follow, potentially including malicious ones. There’s no code signing, sandboxing, or permission scoping for skill content. A malicious skill could instruct Claude to exfiltrate code, inject vulnerabilities, or modify files in unexpected ways.

Fragmentation means the same skill might exist in different versions across different repositories with no canonical source of truth. Antigravity, VoltAgent, and the various awesome-lists overlap substantially.

Cross-tool compatibility has a catch. The universal SKILL.md format works across tools in theory, but different tools interpret frontmatter fields slightly differently, leading to subtle behavioral differences.

The parallels to early npm are hard to ignore. Just as npm went from a few hundred packages to millions while accumulating problems around supply chain security, abandoned packages, and naming conflicts, the skills ecosystem needs package signing, vulnerability scanning, and deprecation workflows before it can be trusted in enterprise settings. Whether that comes from Anthropic building a first-party registry or from community efforts like SkillsMP establishing review standards remains to be seen.

For now, the practical advice is to start with a handful of well-maintained skills from known sources - Trail of Bits for security, official team skills for your platform stack, and git workflow skills as a universal baseline. Install at the project level rather than globally, and audit any skill’s SKILL.md before trusting it with your codebase.