Search everything...

Stats

Actions

Available In

claude-skills

Name: claude-skills
Author: 14f3v

By 14f3v

Personal user-scope Claude Code skills. PKI/ops runbooks: internal-ca (2-tier PKI bootstrap with Vault, OCSP, CRL, Ansible deploy), mtls (server-trusts-client mutual TLS on top of internal-ca), lxd-claude-setup (provision Claude Code on a headless LXD/Linux server). Bare-metal Kubernetes family: k8s-bare-metal (kubeadm + Calico + Longhorn + Rancher, single-node/HA/join, checkpoint-resume), harbor-registry (private Harbor registry with self-signed CA), cicd-platform (Argo CD + self-hosted GitHub Actions runners). MJBL mTLS platform suite (the live deployed ecosystem on this host, indexing the /home/mjbl/* runbooks as source-of-truth): mjbl-mtls-platform, mjbl-ca-operations, mjbl-enrollment-plane, mjbl-client-provisioning, mjbl-cert-lifecycle, mjbl-operator-portal, mjbl-mtls-troubleshooting. Slash commands: /k8s-setup, /harbor-setup, /cicd-setup, and the MJBL suite under /mjbl:mtls:* (platform, ca, enroll, client, cert, portal, troubleshoot, issue-server).

npx claudepluginhub 14f3v/claude-skills --plugin claude-skills

Popularity

Stars

Med: 0·Avg: 285

Installs

Med: 0·Avg: 1

What's Inside

Slash Commands11

Cicd Setup

/cicd-setup

Install the CI/CD layer — Argo CD (GitOps) and/or a self-hosted GitHub Actions runner that trusts the Harbor registry CA. Wraps the cicd-platform skill.

Harbor Setup

/harbor-setup

Install a private Harbor container registry (with its own self-signed CA + TLS) on an existing Kubernetes cluster. Wraps the harbor-registry skill.

K8s Setup

/k8s-setup

Provision, join, or reset a bare-metal Kubernetes + Rancher cluster (single-node, HA, or node join). Wraps the k8s-bare-metal skill.

/ca

Operate the live MJBL production CA — Vault PKI, OCSP/CRL, CA-host rotation, prod hardening. Wraps the mjbl-ca-operations skill (MJBL mTLS platform).

Cert

/cert

Cert revocation & rotation on the MJBL mTLS platform (device 3-hop revoke, relay/gateway/CA rotation). Wraps the mjbl-cert-lifecycle skill (MJBL mTLS platform).

Skills13

cicd-platform

/cicd-platform

This skill should be used when the user asks to "install Argo CD", "set up GitOps on my cluster", "deploy a self-hosted GitHub Actions runner on Kubernetes", "install the actions-runner-controller (ARC)", "set up the CI/CD layer", or "make my CI runner trust the Harbor registry". Also triggers on symptoms: "my runner pod is stuck in ContainerCreating / FailedMount harbor-ca", "the runner won't register with my GitHub org", "x509 / certificate error pushing images to Harbor from CI", or "get the Argo CD initial admin password". Orchestrates the `cicd-infra/` pipeline (00-prereqs → 01-install-argocd → 02-install-actions-runner): Argo CD from the upstream manifest, plus ARC + a Docker-in-Docker RunnerDeployment that trusts the private Harbor CA. Assumes a working cluster from [[k8s-bare-metal]] and a registry from [[harbor-registry]]. Use it whenever the user wants GitOps or self-hosted CI runners on their own cluster, even if they don't name Argo CD or ARC.

harbor-registry

/harbor-registry

This skill should be used when the user asks to "install Harbor", "set up a private container registry", "deploy Harbor on my Kubernetes cluster", "give the cluster its own image registry with TLS", "create a Harbor Root CA and TLS cert", or "make my k8s nodes trust the registry CA". Also triggers on Harbor failure symptoms: "x509 / unknown authority pulling from Harbor", "Harbor returns default backend 404", "Harbor data disappears after restart", or "change the Harbor admin password". Orchestrates the `harbor-infra/` pipeline (00-prereqs → 01-create-harbor-ca → 02-install-harbor): a self-signed 2-cert PKI (Root CA + SAN leaf via openssl) loaded as k8s secrets, then the upstream Harbor Helm chart behind NGINX ingress. Assumes a working cluster from [[k8s-bare-metal]] (cluster + ingress-nginx). Feeds its CA to [[cicd-platform]] so CI runners can push images. Use it whenever the user wants a private registry on their own cluster, even if they don't name Harbor.

internal-ca

/internal-ca

This skill should be used when the user asks to "set up an internal CA", "bootstrap a Certificate Authority", "build a 2-tier PKI", "create an internal Root CA and Intermediate CA", "set up Vault PKI", or any variant of standing up internal X.509 certificate infrastructure on a Linux host. Builds a Root + Intermediate + service-cert pipeline with HashiCorp Vault PKI, OCSP responder, CRL HTTP server, Ansible deploy automation, and a 3-mode revocation ("nuke") script. Designed for demo/lab use with explicit production-hardening pointers.

k8s-bare-metal

/k8s-bare-metal

This skill should be used when the user asks to "set up / bootstrap / provision a bare-metal (or on-prem / Proxmox / LXC) Kubernetes cluster", "stand up a single-node k8s cluster with Rancher", "install kubeadm + Calico + Longhorn + Rancher", "set up an HA control-plane node", "join a worker or control-plane node to my cluster", "resume a failed k8s setup", or "reset / clean up / tear down a Kubernetes node". Orchestrates the battle-tested `k8s-single-node-cluster-setup.sh` provisioner (and `k8s-node-cleanup.sh`): kubeadm v1.31 + Calico + Longhorn + metrics-server + cert-manager + optional MetalLB + PostgreSQL + Rancher + ingress-nginx, with checkpoint/resume, LXC-safe node prep, and single-node / HA / join modes. Use it whenever the user wants a working Rancher-managed Kubernetes cluster on their own hardware, even if they don't name the script. Hands off to [[harbor-registry]] for a private registry and [[cicd-platform]] for Argo CD + GitHub Actions runners.

lxd-claude-setup

/lxd-claude-setup

Set up Claude Code on a headless LXD/Linux server (Proxmox or bare). Handles: SSH fingerprint reset, password auth, passwordless key copy, Node.js install, Claude Code install, OAuth login via port forwarding, org/Max subscription auth, and the TUI onboarding loop fix. Use when provisioning a new LXD container for Claude Code agent use.

README

claude-skills

Portable Claude Code user-scope skills, version-controlled so the same skills are available on every machine you use. Each skill encodes a multi-phase runbook plus the gotchas learned from running it end-to-end on real hosts.

What's in here

Skill	What it does
`skills/internal-ca`	Bootstrap a 2-tier internal Certificate Authority on a Linux host: Root CA → Intermediate CA → service certs, plus HashiCorp Vault PKI engine, OCSP responder, CRL HTTP server, Ansible deploy playbook, and a 3-mode revocation script. Designed for demo/lab use; surfaces production-hardening pointers without auto-executing them.
`skills/mtls`	Add mutual TLS (server-trusts-client) on top of an existing internal CA + NGINX HTTPS setup. Issues `clientAuth` certs, bundles as PKCS#12 for endpoint install, enforces `ssl_verify_client` with a Root+Intermediate trust bundle, and wires CRL-based revocation.
`skills/lxd-claude-setup`	Provision Claude Code on a headless LXD / Linux server (Proxmox or bare): SSH fingerprint reset, password auth, passwordless key copy, Node.js install, Claude Code install pinned to a working version, OAuth login via SSH port-forward for Max subscriptions, and the TUI onboarding-loop fix.

internal-ca and mtls cross-reference each other: internal-ca hands off to mtls when client cert work comes up; mtls assumes internal-ca outputs are in place.

MJBL mTLS platform suite (`/mjbl:mtls:*`)

Operational skills for the live MJBL mTLS ecosystem deployed on this host — distinct from the generic internal-ca / mtls how-to skills above. Each one indexes the authoritative runbooks under /home/mjbl/* as source-of-truth (this host is the mTLS remote runner) and distills the live facts (hosts, IPs, services, paths, gotchas). Invoke via the /mjbl:mtls:<command> wrappers, or let Claude auto-activate the skill from its frontmatter triggers.

Skill	Command	What it covers
`mjbl-mtls-platform`	`/mjbl:mtls:platform`	Ecosystem map + KB index (entry point): CA host, relay, gateway, device app, portal; 3-cluster topology; an index of every `/home/mjbl/mjbl-*.md` runbook.
`mjbl-ca-operations`	`/mjbl:mtls:ca`	Prod CA host `10.88.1.116`: Vault 2-tier PKI, OCSP/CRL (`refresh-crl.sh`), CA-host rotation, prod hardening.
`mjbl-enrollment-plane`	`/mjbl:mtls:enroll`	Signer (`mjbl-enroll-signer` :8444) + relay (LB `10.88.101.143:8443`): mint/sign/revoke/allowlist, logs, relay-cert rotation.
`mjbl-client-provisioning`	`/mjbl:mtls:client`	agency_v2 device app: build-time dart-defines, Model-A enrollment, signed APK + Firebase distribution, claim-QR.
`mjbl-cert-lifecycle`	`/mjbl:mtls:cert`	Cert rotation (relay/CA) + the 3-hop device revocation chain + the revocation post-mortem.
`mjbl-operator-portal`	`/mjbl:mtls:portal`	Operator portal BFF / RBAC / LDAP-HTTP-delegate + signer admin endpoints + P5 cutover.
`mjbl-mtls-troubleshooting`	`/mjbl:mtls:troubleshoot`	Symptom→cause→fix decision tree for enrollment/mTLS failures (e.g. "could not reach", revoked-device-still-works).

The /mjbl:mtls:* slash commands live in commands/mjbl/mtls/ and load via the plugin system. After pulling, run /plugin install claude-skills@claude-skills (or reload the plugin) and restart Claude Code so they register. The skills themselves also install via ./install.sh (symlink mode auto-discovers every skills/<name>/).

Scope: what this repo does not manage

This repo is the source of truth for user-scope skills (~/.claude/skills/<name>). It intentionally does not mirror skills delivered by plugins (under ~/.claude/plugins/) — e.g. the superpowers:*, astronomer-data:*, ui-ux-pro-max:*, skill-creator, frontend-design, claude-api, and the various Anthropic agent-skills marketplace entries. Those are owned and updated by their plugin marketplaces; copying them in here would diverge and rot. Install/update them through the plugin system, not this repo.

Install (new machine bootstrap)

This repo can be consumed two ways. Pick whichever fits the machine.

Option A — As a Claude Code plugin (recommended)

The repo ships a .claude-plugin/ manifest, so it can be registered as a marketplace and installed through Claude Code's plugin system. Inside Claude Code:

/plugin marketplace add 14f3v/claude-skills
/plugin install claude-skills@claude-skills

View full README on GitHub

Similar Plugins

fullstack-dev-skills

10.0k·455·

Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.

v0.4.15

Jeffallan

context7-plugin

55.5k·266·

Upstash Context7 MCP server for up-to-date documentation lookup. Pull version-specific documentation and code examples directly from source repositories into your LLM context.

3mo

[email protected]

upstash

startup-business-analyst

35.6k·106·

Comprehensive startup business analysis with market sizing (TAM/SAM/SOM), financial modeling, team planning, and strategic research

2mo

v1.0.5

wshobson

octo

3.6k·81·

v9.44.1 — Patch release for Gemini environment/version detection and qwen auth gating. Run /octo:setup.

v9.45.0

nyldn

creative-writing

28·58·

Complete creative writing suite with 10 specialized agents covering the full writing process: research gathering, character development, story architecture, world-building, dialogue coaching, editing/review, outlining, content strategy, believability auditing, and prose style/voice analysis. Includes genre-specific guides, templates, and quality checklists.

4mo

v1.7.0

greyhaven-ai

dotnet-skills

32·52·

Comprehensive .NET development skills for modern C#, ASP.NET, MAUI, Blazor, Aspire, EF Core, Native AOT, testing, security, performance optimization, CI/CD, and cloud-native applications

3mo

v2.0.0

wshaddix

claude-skills

Popularity

Confidence

What's Inside

README