Agentsys enhance-skills

Use when reviewing SKILL.md files for structure and trigger quality.

install

source · Clone the upstream repo

git clone https://github.com/agent-sh/agentsys

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/agent-sh/agentsys "$T" && mkdir -p ~/.claude/skills && cp -r "$T/.kiro/skills/enhance-skills" ~/.claude/skills/agent-sh-agentsys-enhance-skills && rm -rf "$T"

manifest: .kiro/skills/enhance-skills/SKILL.md

source content

enhance-skills

Analyze skill definitions for trigger quality, structure, and discoverability.

Workflow

Discover - Find all SKILL.md files
Parse - Extract frontmatter and content
Check - Run all pattern checks against knowledge below
Filter - Apply certainty filtering
Report - Generate markdown output
Fix - Apply auto-fixes if --fix flag present

Skill Knowledge Reference

Frontmatter Fields (Complete Reference)

Field	Required	Description	Validation
`name`	No	Display name, defaults to directory name	lowercase, max 64 chars
`description`	Recommended	What skill does and when to use	max 1024 chars, should include trigger
`argument-hint`	No	Autocomplete hint, e.g., `[file-path]`	keep under 30 chars
`disable-model-invocation`	No	`true` = manual only (for side effects)	boolean, default false
`user-invocable`	No	`false` = hidden from `/` menu (auto-only)	boolean, default true
`allowed-tools`	No	Tools Claude can use without permission	comma-separated list
`model`	No	Specific model when skill is active	opus, sonnet, haiku
`context`	No	`fork` = run in isolated subagent context	fork or omit
`agent`	No	Subagent type for execution	Explore, Plan, general-purpose
`hooks`	No	Skill-scoped lifecycle hooks	PreToolUse, PostToolUse

Directory Structure

skills/my-skill/
├── SKILL.md           # Required - core definition (under 500 lines)
├── reference.md       # Optional - detailed documentation
├── examples.md        # Optional - usage examples
└── scripts/           # Optional - helper scripts
    └── helper.py

Storage Locations:

Enterprise: Managed settings
Personal:
```
~/.claude/skills/<name>/SKILL.md
```
Project:
```
.claude/skills/<name>/SKILL.md
```

Invocation Control Patterns

Manual Only (for skills with side effects):

---
name: deploy
description: Deploy to production
disable-model-invocation: true
---

Background Knowledge (auto-only, hidden from menu):

---
name: legacy-context
description: How the legacy payment system works
user-invocable: false
---

Full Access (default - both auto and manual):

---
name: review
description: Use when user asks to review code. Checks quality and security.
---

Trigger Phrases

Description should include trigger context for auto-discovery:

"Use when user asks..."
"Use when..."
"Invoke when..."

Good:

"Use when user asks to 'review code', 'check PR', or 'code review'"

Bad:

"Reviews code"

(no trigger context)

Dynamic Context Injection

Skills can inject dynamic content using backtick syntax:

---
name: pr-summary
description: Summarize PR changes
context: fork
agent: Explore
allowed-tools: Bash(gh:*)
---

## Pull request context
- PR diff: !`gh pr diff`
- PR comments: !`gh pr view --comments`
- Changed files: !`gh pr diff --name-only`

Rules:

Use
```
!
```
followed by backtick-wrapped command
Limit to 3 injections per skill
Each injection adds to context budget

String Substitutions

Variable	Description
`$ARGUMENTS`	All arguments passed when invoking
`${CLAUDE_SESSION_ID}`	Current session ID

Context Budget

Skill descriptions have ~15,000 character default limit
Content beyond limit is truncated
Check with
```
/context
```
command
Increase via:
```
SLASH_COMMAND_TOOL_CHAR_BUDGET=30000
```

Subagent Execution

When using

context: fork

---
name: deep-research
description: Research a topic thoroughly
context: fork
agent: Explore
allowed-tools: Read, Grep, Glob
---

Research $ARGUMENTS thoroughly:
1. Find relevant files
2. Analyze the code
3. Summarize findings

Agent Types:

Agent	Purpose	Tool Access
`Explore`	Read-only codebase exploration	Read, Grep, Glob only
`Plan`	Planning-focused reasoning	Read, analysis tools
`general-purpose`	Full capabilities	All tools

Skill-Scoped Hooks

---
name: secure-operations
hooks:
  PreToolUse:
    - matcher: "Bash"
      hooks:
        - type: command
          command: "./scripts/security-check.sh"
---

Tool Restrictions

Use scoped tool patterns for security:

Pattern	Meaning
`Bash(git:*)`	Only git commands
`Bash(npm:*)`	Only npm commands
`Bash(gh:*)`	Only GitHub CLI
`Read(src/**)`	Only files in src/

Detection Patterns

1. Frontmatter Validation (HIGH Certainty)

Required:

YAML frontmatter with
```
---
```
delimiters
```
name
```
field (lowercase, max 64 chars)
```
description
```
field (max 1024 chars)

Recommended:

```
version
```
field for tracking
```
argument-hint
```
for skills accepting input
```
allowed-tools
```
for security
```
model
```
when specific model required

Flag:

Missing frontmatter delimiters
Invalid field values (uppercase name, description >1024 chars)

2. Trigger Quality (HIGH Certainty)

Check: Description includes trigger phrase Trigger patterns: "Use when", "Invoke when", "Use when user asks"

Flag:

Description without trigger context
Vague descriptions like "Useful tool" or "Does stuff"

3. Invocation Control (HIGH Certainty)

Check: Side-effect skills are protected

Flag:

Skills with deploy/ship/publish in name but
```
disable-model-invocation
```
not set
Dangerous auto-invocable skills (can accidentally trigger)

4. Tool Restrictions (HIGH Certainty)

Check: Tools are appropriately scoped

Flag:

Unrestricted
```
Bash
```
(should be
```
Bash(git:*)
```
or similar)
Read-only skills with Write/Edit
Research skills with Task tool

5. Content Scope (MEDIUM Certainty)

Guidelines:

SKILL.md under 500 lines
Large content in
```
references/
```
subdirectory
Max 3 dynamic injections

Flag:

SKILL.md over 500 lines
More than 3
```
!
```
backtick`` injections
Embedded large examples (move to examples.md)

6. Structure Quality (MEDIUM Certainty)

Recommended Sections:

Purpose/overview
Required checks or workflow steps
Output format
Examples (if complex)

7. Context Configuration (MEDIUM Certainty)

Check: Context settings are appropriate

Flag:

```
context: fork
```
without
```
agent
```
type
```
agent
```
type without
```
context: fork
```
Mismatch between agent type and allowed-tools

8. Anti-Patterns (LOW Certainty)

Vague descriptions without specific triggers
Too many responsibilities (should split into multiple skills)
Missing
```
argument-hint
```
for skills that clearly need input
Redundant chain-of-thought instructions (modern models don't need "think step by step")

Auto-Fix Implementations

1. Missing frontmatter

---
name: skill-name
description: "Use when..."
version: 4.2.0
---

2. Missing trigger phrase

Add "Use when user asks..." prefix to description

3. Unrestricted Bash

Replace

Bash

with

Bash(git:*)

or appropriate scope

Output Format

## Skill Analysis: {skill-name}

**File**: {path}

### Summary
- HIGH: {count} issues
- MEDIUM: {count} issues

### Frontmatter Issues ({n})
| Issue | Fix | Certainty |

### Trigger Issues ({n})
| Issue | Fix | Certainty |

### Invocation Issues ({n})
| Issue | Fix | Certainty |

### Tool Issues ({n})
| Issue | Fix | Certainty |

### Scope Issues ({n})
| Issue | Fix | Certainty |

Pattern Statistics

Category	Patterns	Auto-Fixable
Frontmatter	5	2
Trigger	2	1
Invocation	3	1
Tool	3	1
Scope	3	0
Structure	2	0
Context	3	0
Anti-Pattern	4	0
Total	25	5

<examples> ### Example: Missing Trigger Phrase

<bad_example>

name: code-review
description: "Reviews code for issues"

Why it's bad: No trigger context for auto-discovery. </bad_example>

<good_example>

name: code-review
description: "Use when user asks to 'review code', 'check this PR'. Reviews code for issues."

Why it's good: Clear trigger phrases enable auto-discovery. </good_example>

Example: Dangerous Auto-Invocation

<bad_example>

name: deploy
description: "Deploys code to production"

Why it's bad: Side-effect skill could be auto-invoked accidentally. </bad_example>

<good_example>

name: deploy
description: "Deploy to production environment"
disable-model-invocation: true

Why it's good: Manual-only prevents accidental deployments. </good_example>

Example: Unrestricted Tools

<bad_example>

name: git-helper
allowed-tools: Bash

Why it's bad: Unrestricted Bash allows any command. </bad_example>

<good_example>

name: git-helper
allowed-tools: Bash(git:*)

Why it's good: Scoped to only git commands. </good_example>

Example: Oversized Skill

<bad_example>

# Complex Analysis
[800 lines of detailed instructions]

Why it's bad: Large skills consume context budget (15K char limit). </bad_example>

<good_example>

# Complex Analysis
Core instructions here (under 500 lines).
For details, see `references/detailed-guide.md`.

Why it's good: Core skill is concise; details in separate files. </good_example>

Example: Context/Agent Mismatch

<bad_example>

name: researcher
context: fork
# Missing agent type

Why it's bad: Fork context without specifying agent type. </bad_example>

<good_example>

name: researcher
context: fork
agent: Explore
allowed-tools: Read, Grep, Glob

Why it's good: Agent type matches allowed tools (Explore = read-only). </good_example> </examples>

Constraints

Only apply auto-fixes for HIGH certainty issues
Consider skill context when evaluating trigger quality
Never remove content, only suggest improvements
Validate against embedded knowledge reference above