
Security News
Next.js moves to scheduled security releases
Vercel is formalizing a monthly release program for Next.js. The change follows React2Shell and a sharp rise in AI-assisted vulnerability discovery.
@open330/agt
Advanced tools
Quickstart •
Skills •
Personas •
Hooks •
Install •
Contributing
한국어
A collection of skills, personas, and hooks for AI coding agents (Claude Code, Codex CLI, Gemini CLI). Each skill is a self-contained markdown module that gives an agent domain-specific capabilities.
CLI tool: Install and manage skills with agt —
npm install -g @open330/agtor justnpx @open330/agt
# Install agt globally
npm install -g @open330/agt
# Install the core profile (essential skills for every workspace)
agt skill install --profile core
# Install all available personas globally
agt persona install --global --from jiunbae/agent-skills
# Verify installation
agt skill list
agt persona list
npx @open330/agt skill install --profile core # Install core skills
npx @open330/agt skill install -g --from jiunbae/agent-skills # Browse & install from repo
npx @open330/agt persona install -g --from jiunbae/agent-skills
npm install -g @open330/agt
agt skill install --profile core
agt skill install -g git-commit-pr # Install a skill globally
agt persona install -g --all # Install all personas globally
agt skill update # Update all remote-installed skills
git clone https://github.com/jiunbae/agent-skills ~/.agent-skills
cd ~/.agent-skills
./install.sh --core # Core skills only
./install.sh --core --hooks # Core + hooks
./install.sh all --link-static --codex # Everything
./install.sh --list # List available options
| Option | Description |
|---|---|
--core | Install core skills globally (recommended) |
--link-static | Symlink ~/.agents -> static/ (global context) |
--codex | Codex CLI support (AGENTS.md + skills symlink) |
--hooks | Install Claude Code hooks |
--personas | Install agent personas |
--copy | Copy instead of symlink |
--dry-run | Preview only |
--uninstall | Remove installed skills |
Installed by default with --core:
development/git-commit-pr — Git commit & PR guidecontext/context-manager — Project context auto-loadercontext/static-index — Global static context indexsecurity/security-auditor — Repository security auditagents/background-implementer — Background parallel implementationagents/background-planner — Background parallel planningagents/background-reviewer — Multi-LLM parallel code review| Skill | Description |
|---|---|
background-implementer | Parallel multi-LLM implementation with context safety |
background-planner | Parallel multi-LLM planning with auto-save |
background-reviewer | Multi-LLM parallel code review (security/architecture/quality) |
| Skill | Description |
|---|---|
context-worktree | Auto git worktree per task |
git-commit-pr | Git commit & PR generation guide |
iac-deploy-prep | IaC deployment prep (K8s, Dockerfile, CI/CD) |
multi-ai-code-review | Multi-AI code review orchestrator |
playwright | Playwright browser automation |
pr-review-loop | PR review await & auto-fix loop |
task-master | Task Master CLI task management |
| Skill | Description |
|---|---|
bm-analyzer | Business model analysis & monetization strategy |
document-processor | PDF, DOCX, XLSX, PPTX processing |
proposal-analyzer | Proposal / RFP analysis |
| Skill | Description |
|---|---|
appstore-connect | App Store Connect automation |
discord-skill | Discord REST API |
google-search-console | Google Search Console API |
kubernetes-skill | Kubernetes cluster management |
notion-summary | Notion page upload |
obsidian-tasks | Obsidian TaskManager (Kanban, Dataview) |
obsidian-writer | Obsidian Vault document upload |
service-manager | Docker container & service management |
slack-skill | Slack app development & API |
vault-secrets | Vaultwarden credentials & API key management |
| Skill | Description |
|---|---|
audio-processor | ffmpeg-based audio processing |
ml-benchmark | ML model benchmarking |
model-sync | Model file server sync |
triton-deploy | Triton Inference Server deployment |
| Skill | Description |
|---|---|
security-auditor | Repository security audit |
| Skill | Description |
|---|---|
context-manager | Project context auto-loader |
static-index | Global static context index with user profile |
| Skill | Description |
|---|---|
karpathy-guide | LLM coding error reduction guidelines |
skill-manager | Skill ecosystem management |
skill-recommender | Skill auto-recommender |
Expert identities as markdown files — usable with any AI agent.
| Persona | Role | Domain |
|---|---|---|
security-reviewer | Senior AppSec Engineer | OWASP, auth, injection |
architecture-reviewer | Principal Architect | SOLID, API design, coupling |
code-quality-reviewer | Staff Engineer | Readability, complexity, DRY |
performance-reviewer | Performance Engineer | Memory, CPU, I/O, scalability |
database-reviewer | Senior DBA | Query optimization, schema, indexing |
frontend-reviewer | Senior Frontend Engineer | React, accessibility, performance |
devops-reviewer | Senior DevOps/SRE | K8s, IaC, CI/CD |
agt persona review security-reviewer --codex
agt persona review security-reviewer --codex "is this architecture scalable?"
agt persona install -g --all
agt persona show security-reviewer
Personas are just .md files. Any agent that can read a file can adopt a persona:
cat personas/security-reviewer.md | codex -q "Review this code"
cat personas/security-reviewer.md # pipe to any AI agent
.agents/personas/security-reviewer.md ← project local (highest priority)
~/.agents/personas/security-reviewer.md ← user global
personas/security-reviewer.md ← library (bundled)
Event-driven automation for Claude Code.
./install.sh --hooks
| Hook | Event | Description |
|---|---|---|
english-coach | UserPromptSubmit | Rewrites prompts in natural English with vocabulary |
prompt-logger | UserPromptSubmit | Logs prompts to MinIO for analytics |
You can create your own skills repository with the same structure as this one. agt will discover it automatically.
my-skills/
├── agents/ # Group: AI agent skills
│ └── my-agent/
│ └── SKILL.md # Required
├── development/ # Group: dev tools
│ └── my-tool/
│ ├── SKILL.md # Required
│ ├── scripts/ # Optional: helper scripts
│ └── templates/ # Optional: templates
├── personas/ # Personas directory
│ ├── my-reviewer/
│ │ └── PERSONA.md
│ └── my-expert.md # Single-file persona also works
├── static/ # Optional: global context files
│ └── WHOAMI.sample.md
├── profiles.yml # Optional: installation profiles
├── agt.toml # Optional: post-install manifest
└── README.md
Repos can include an agt.toml to declare setup actions that run after agt skill install --from. This keeps repo-specific setup logic out of the agt CLI itself.
# Copy static context files to ~/.agents/ after skill installation
[[setup.copy]]
from = "static" # Source directory (relative to repo root)
to = "~/.agents" # Target directory (must be ~/... path)
strategy = "merge" # merge: skip existing files, replace: overwrite
# Copy personas to ~/.agents/personas/
[[setup.copy]]
from = "personas"
to = "~/.agents/personas"
strategy = "merge"
| Field | Required | Description |
|---|---|---|
from | Yes | Source path relative to repo root (no .. or absolute paths) |
to | Yes | Target path, must be home-relative (~/...) |
strategy | No | merge (default, skip existing) or replace (overwrite) |
Safety: Source paths must be within the repo. Target paths must be under ~/. Symlink targets are skipped (if ~/.agents is already a symlink, the user manages it). Existing files are preserved with merge strategy.
---
name: my-skill-name
description: "What this skill does. Use for 'keyword1', 'keyword2' requests."
trigger-keywords: keyword1, keyword2, 키워드
allowed-tools: Read, Write, Edit, Bash, Grep, Glob
priority: high
tags: [category, tool-name]
---
# Skill Title
## Quick Start
\`\`\`bash
command --example
\`\`\`
## Workflow
Step-by-step instructions for the AI agent...
## Best Practices
**DO:**
- Follow this pattern
**DON'T:**
- Avoid this anti-pattern
| Field | Required | Description |
|---|---|---|
name | Yes | Skill identifier (kebab-case) |
description | Yes | What the skill does + trigger keywords |
trigger-keywords | No | Comma-separated activation keywords |
allowed-tools | No | Tools available to the skill |
priority | No | high / medium / low |
tags | No | Category tags |
---
name: my-reviewer
role: "Senior Engineer — Domain Expert"
domain: security
type: review
tags: [security, owasp, auth]
---
# My Reviewer
## Identity
Background, expertise, and review philosophy...
## Review Lens
When reviewing, evaluate:
1. Security vulnerabilities
2. Best practice adherence
...
## Output Format
### Findings
#### [SEVERITY] Finding Title
- **File**: path:line
- **Impact**: Description
- **Recommendation**: Fix
| Field | Required | Description |
|---|---|---|
name | Yes | Persona identifier (kebab-case) |
role | Yes | Job title / expert role |
domain | Yes | Expertise domain |
type | Yes | Usually review |
tags | Yes | Relevant focus areas |
core:
description: "Essential skills for every workspace"
skills: # Explicit skill paths
- development/git-commit-pr
- context/context-manager
groups: # Include entire groups
- agents
dev:
description: "Development workflow tools"
groups:
- development
# Point agt to your repo
export AGT_DIR=~/my-skills
# Or clone to the default location
git clone https://github.com/you/my-skills ~/.agent-skills
agt skill list # Verify skills discovered
agt skill install my-skill -g # Install globally
agt skill install --profile core # Install a profile
agt persona install my-reviewer # Install a persona
# Others can install from your repo directly
agt skill install --from you/my-skills
agt persona install --from you/my-skills
Copy-paste these prompts to create skills and personas with any AI agent.
Create a new skill for the agent-skills repository.
Skill name: [YOUR_SKILL_NAME]
Group: [GROUP_NAME] (e.g., development, integrations, agents, ml, security)
Description: [WHAT_THE_SKILL_DOES]
Create the file at [GROUP]/[SKILL_NAME]/SKILL.md with this structure:
1. YAML frontmatter with: name, description (include trigger keywords and Korean keywords
if applicable), trigger-keywords, allowed-tools, priority, tags
2. A "Quick Start" section with 2-3 essential commands/examples
3. A "Workflow" section with step-by-step instructions
4. A "Best Practices" section with DO/DON'T guidelines
Rules:
- Description should be third person, under 200 chars, end with trigger conditions
- Keep under 300 lines total
- Code examples should be practical and production-ready
- Include both English and Korean trigger keywords where relevant
- Focus on what the AI agent should DO, not theory
Reference this existing skill for style:
---
name: git-commit-pr
description: "Guides git commit and PR creation with security validation. Activates on
commit, PR, pull request requests."
trigger-keywords: commit, pr, pull request, 커밋
allowed-tools: Read, Bash, Grep, Glob
priority: high
tags: [git, commit, pr, security]
---
Create a new code review persona for the agent-skills repository.
Persona name: [PERSONA_NAME]-reviewer
Domain: [DOMAIN] (e.g., security, architecture, performance, database, frontend, devops)
Role: [JOB_TITLE]
Create the file at personas/[PERSONA_NAME]/PERSONA.md with this structure:
1. YAML frontmatter with: name, role, domain, type (review), tags
2. "Identity" section: background, expertise (5+ bullet points), attitude (2-3 sentences)
3. "Review Lens" section: numbered list of what they evaluate
4. "Evaluation Framework" section: table with Category, Severity (CRITICAL/HIGH/MEDIUM/LOW), Criteria
5. "Output Format" section: markdown template for review output
6. "Red Flags" section: patterns that MUST always be flagged
7. "Key Principles" section: numbered guiding principles
Rules:
- The persona should be opinionated and have a clear point of view
- Include specific technologies/frameworks in their expertise
- Red flags should be concrete, not generic
- Output format should include: Summary, Findings (with severity), Positive Observations
- Keep under 200 lines
Reference this existing persona for style:
---
name: security-reviewer
role: "Senior Application Security Engineer"
domain: security
type: review
tags: [security, owasp, auth, injection, xss, ssrf]
---
Create a new installation profile for the agent-skills repository.
Profile name: [PROFILE_NAME]
Purpose: [WHO_IS_THIS_FOR]
Available groups: agents, development, business, integrations, ml, security, context, meta
Add the profile to profiles.yml with:
- description: one-line description of the profile
- skills: list of specific group/skill-name paths to include (optional)
- groups: list of group names to include all skills from (optional)
You can mix both "skills" (specific picks) and "groups" (entire categories).
Example:
```yaml
backend:
description: "Backend development essentials"
skills:
- context/context-manager
- security/security-auditor
groups:
- development
- integrations
Keep profiles focused — a profile with everything is just "full" or "all".
</details>
### Create a Complete Skills Repo
<details>
<summary><b>Prompt: Bootstrap a new skills repository</b></summary>
Create a new agent-skills repository with the following structure. This repo will be
discoverable by the agt CLI tool (https://github.com/open330/agt).
Repository purpose: [YOUR_PURPOSE] Skills to include: [LIST_OF_SKILLS] Personas to include: [LIST_OF_PERSONAS]
Create the following structure:
Requirements:
Users install with: git clone https://github.com/you/repo ~/.agent-skills agt skill install --profile core -g agt persona install --all -g
</details>
---
## Architecture
agent-skills/ open330/agt (CLI tool) ├── agents/ AI agent skills ├── agt/ Rust CLI ├── development/ Dev tool skills ├── npm/ npm packaging ├── business/ Business skills ├── setup.sh Installer ├── integrations/ Integration skills └── assets/ Branding ├── ml/ ML/AI skills ├── security/ Security skills ├── context/ Context management ├── meta/ Meta skills ├── personas/ Expert personas ├── hooks/ Claude Code hooks ├── static/ Global context ├── agt.toml Post-install manifest ├── install.sh Local installer └── codex-support/ Codex CLI
---
## Contributing
1. **Add a skill** — Create a new skill in the appropriate category
2. **Add a persona** — Create a domain expert persona
3. **Improve docs** — Fix typos, add examples, translate
4. **Report issues** — Bug reports and feature requests welcome
```bash
git clone https://github.com/jiunbae/agent-skills ~/.agent-skills
cd ~/.agent-skills
./install.sh --core
For CLI tool contributions, see open330/agt.
MIT License.
33 skills | 7 personas | 2 hooks
CLI tool: open330/agt
FAQs
agt — A modular toolkit for extending AI coding agents
The npm package @open330/agt receives a total of 11 weekly downloads. As such, @open330/agt popularity was classified as not popular.
We found that @open330/agt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
Vercel is formalizing a monthly release program for Next.js. The change follows React2Shell and a sharp rise in AI-assisted vulnerability discovery.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.