Open Source Tools
Claude Code skills I built for my own development workflow. Each one solves a specific problem I kept running into. They work as standalone skills you can install in one command.
Solana Development
solana-master
SolanaFull-stack Solana dApp development with strict coding standards. Covers UI, SDK, programs, and testing with enforced TypeScript style and TDD practices.
Enforces a complete development methodology: @solana/client + @solana/react-hooks for UI, @solana/kit for SDK, Anchor or Pinocchio for programs, LiteSVM/Mollusk/Surfpool for testing. Includes coding standards (Array<T> syntax, no abbreviations, no any), deletionist philosophy, and security checklists baked into every workflow step.
Install
carbon-decoder
SolanaBuild correct Carbon framework decoders for Solana program indexing. Covers codegen CLI, discriminators, account and instruction decoding, events, and pipeline wiring.
The Carbon framework indexes Solana transactions but building decoders correctly is tricky. This skill covers the full lifecycle: codegen CLI setup, trait implementation, discriminator computation, ArrangeAccounts patterns, event decoding, and wiring decoders into the Carbon pipeline. Prevents the most common failure mode: silent parse failures where transactions are dropped instead of erroring.
Install
borsh-schema-gen
SolanaGenerate TypeScript Borsh codecs from on-chain Rust struct definitions. Paste a Rust struct, get a working decode function.
Handles the tedious translation between Rust struct layouts and TypeScript Borsh schemas. Correctly maps Rust types (u64, Pubkey, Option<T>, Vec<T>, enums with data) to their Borsh codec equivalents. Produces working deserialize functions you can use immediately to read Solana account data.
Install
discriminator-verify
SolanaVerify or compute Anchor instruction and account discriminators. Catches silent parse failures from discriminator mismatches.
Anchor uses SHA256-based discriminators to identify instructions and accounts. A mismatch means transactions are silently dropped rather than failing visibly. This skill computes the correct discriminator from the instruction or account name and cross-checks it against your parser code.
Install
pda-audit
SolanaAudit PDA derivations for correctness. Wrong seeds produce wrong addresses silently, causing runtime failures or worse.
Traces every PDA derivation in the codebase and verifies seeds and program IDs match the on-chain program expectations. Catches the class of bugs where a PDA resolves to an account owned by a different program, or where seed ordering produces a valid but incorrect address.
Install
solana-dev
SolanaEnd-to-end Solana development playbook. Framework-kit-first approach with @solana/kit, wallet-standard connections, and modern testing.
Opinionated playbook covering the 2026 Solana stack: @solana/client + @solana/react-hooks for React UI, @solana/kit for all client/RPC code, Anchor or Pinocchio for programs, Codama for client generation, and LiteSVM for fast local testing. Includes migration guidance from legacy web3.js.
Install
solana-security-checklist
SolanaClient-side security checklist for TypeScript code that interacts with Solana programs. Covers swap execution, wallet ops, fees, and account data.
Adapts Solana program security best practices to the TypeScript client layer where the same bug classes appear. Checks for: unchecked account ownership, missing signature verification, incorrect PDA seeds, unsafe deserialization, fee calculation overflow, and stale account data. Run this before merging any client code that touches on-chain interactions.
Install
token2022-audit
SolanaAudit code for Token 2022 vs original SPL Token handling gaps. Ensures both TOKEN_PROGRAM_ID and TOKEN_2022_PROGRAM_ID are handled correctly.
Token 2022 introduced transfer fees, interest-bearing tokens, and confidential transfers. Code that only handles the original SPL Token program will silently fail or produce wrong results for Token 2022 assets. This skill finds every place that reads token data and checks for dual-program handling.
Install
Security
vulnhunter
SecurityVulnerability detection and variant analysis. Finds dangerous APIs, footgun patterns, and error-prone configurations across codebases.
Combines sharp-edges detection (dangerous APIs, footgun patterns, error-prone configurations) with variant hunting methodology (find all instances of a vulnerability pattern across the codebase). Inspired by Trail of Bits' approach to security research. Produces a prioritized list of findings with severity, location, and remediation guidance.
Install
code-recon
SecurityDeep architectural context building for security audits. Rapidly understand unfamiliar codebases before vulnerability analysis.
Builds comprehensive architectural understanding through ultra-granular code analysis. Maps trust boundaries, data flows, authentication patterns, and attack surfaces. Designed for security auditors who need to rapidly understand unfamiliar codebases before diving into vulnerability research. Inspired by Trail of Bits methodology.
Install
Developer Workflow
tla-precheck
WorkflowDesign and verify state machines using a TypeScript DSL. Catches impossible transitions, stuck states, and invariant violations before they ship.
Formal verification for state machines without learning TLA+. Write your machine in TypeScript, define invariants (e.g., 'at most one running item per user'), and the skill verifies all reachable states satisfy them. Use for billing flows, subscription lifecycles, agent orchestration, queue processing, or any state machine where a bug means corrupted data or stuck users.
Install
improve-claude-md
WorkflowOptimize CLAUDE.md files for better AI instruction adherence. Adds conditional blocks and restructures for higher compliance rates.
Uses <important if> conditional blocks to make instructions context-aware rather than always-on. Restructures CLAUDE.md files so the AI agent follows instructions more reliably. Cuts instructions the agent can discover from existing code patterns, and strengthens the ones that actually need to be explicit.
Install
youtube-transcribe
WorkflowTranscribe YouTube videos or full playlists into structured Obsidian notes. Free, uses yt-dlp, no external transcription service needed.
Extracts captions via yt-dlp, structures them into Obsidian-compatible markdown with YAML frontmatter, auto-generated tags, timestamps, and wikilinks. Handles single videos and full playlists. Infers vault path from channel name and content topic. Part of my Obsidian-based research workflow where video content becomes searchable, linkable knowledge.
Install
How to install
Each skill is a SKILL.md file that Claude Code reads as context when working on relevant tasks. Clone the repo once, then copy any skill into your project.