CtrlK
BlogDocsLog inGet started
Tessl Logo

Discover docs

Discover documentation to enhance your AI agent's capabilities.

Top Performing in Security & Compliance

Data-driven rankings. Real results from real agents.

AllSkillsDocsRules

nicholasjackson/opa-rego-language

Rego is the declarative policy language used by Open Policy Agent (OPA). This tile covers writing and testing Rego policies for Kubernetes admission control, Terraform and infrastructure-as-code plan validation, Docker container authorization, HTTP API authorization, RBAC and role-based access control, data filtering, metadata annotations with opa inspect, and OPA policy testing with opa test.

mtthwmllr/skill-safety-auditor

Audits a Claude Code skill for security risks in three modes: before download (from a URL or install command), after download but before install (from a .skill file), or after install (from a local skills directory). Use this skill whenever a user is about to install a skill from any source — including GitHub URLs, git clone commands, npx/npm commands, curl/wget downloads, pip installs, marketplace links, or raw SKILL.md URLs. Also trigger when a user asks "is this skill safe?", "should I trust this skill?", "can you check this before I install it?", "audit this skill", or pastes any link to a skill repository or .skill file. If a user mentions installing ANY skill, proactively offer to audit it first — do not wait for them to ask.

NameContainsScore

mtthwmllr/skill-safety-auditor

v2.0.0

Audits a Claude Code skill for security risks in three modes: before download (from a URL or install command), after download but before install (from a .skill file), or after install (from a local skills directory). Use this skill whenever a user is about to install a skill from any source — including GitHub URLs, git clone commands, npx/npm commands, curl/wget downloads, pip installs, marketplace links, or raw SKILL.md URLs. Also trigger when a user asks "is this skill safe?", "should I trust this skill?", "can you check this before I install it?", "audit this skill", or pastes any link to a skill repository or .skill file. If a user mentions installing ANY skill, proactively offer to audit it first — do not wait for them to ask.

SkillsDocs

97

1.28x

Enforces pgsodium Vault for secret storage accessed only via SECURITY DEFINER functions on service_role.

SkillsDocsRules

80

BC SaaS performance patterns, data access optimization, and best practices

Docs

Standards and workflows for building secure, well-structured Terraform modules, including planning gates, validation steps, and implementation guidance.

SkillsDocsRules

80

1.77x

Database architecture skills, docs, and rules for high-demand multi-tenant commerce platforms (PostgreSQL source of truth, Neo4j as derived GraphRAG projection, transactional outbox, RLS-based tenant isolation). Includes live schema introspection workflow via explicit Supabase MCP/read-only schema sources.

SkillsDocsRules

77

Control AL object visibility with Access property (Public, Internal, Protected, Local)

Docs

Enforces PKCE-based OAuth code flow replacing implicit auth flows for modern Supabase auth.

SkillsDocsRules

80

Secures Supabase Realtime private channels via RLS policies on the realtime.messages table.

SkillsDocsRules

77

Spec-driven workflow covering requirement gathering, spec authoring, implementation review, and verification — with skills, rules, and evaluation scenarios.

SkillsDocsRules

96

1.19x

Enforces strict isolation of service_role key to server-side contexts only.

SkillsDocsRules

77

Configures Prometheus scraping, log drains, and observability for Supabase infrastructure monitoring.

SkillsDocsRules

77

Configures server-side session synchronization via secure HTTP-only cookies for SSR frameworks.

SkillsDocsRules

75

Gemini Enterprise A2A configuration and rules.

SkillsDocsRules

58

Expert OpenTelemetry guidance for collector configuration, pipeline design, and production telemetry instrumentation across Kubernetes, ECS, serverless, and standalone deployments. Use when configuring collectors, designing pipelines, instrumenting applications, implementing sampling, managing cardinality, securing telemetry, writing OTTL transformations, or setting up AI coding agent observability (Claude Code, Codex, Gemini CLI, GitHub Copilot).

SkillsDocs

94

1.34x

Injects tenant ID and RBAC permissions into JWT via Postgres Auth Hooks during token issuance.

SkillsDocsRules

77

Prevents directory traversal in Supabase Storage via path validation functions and storage RLS.

SkillsDocsRules

77

OAuth 2.0 Client Credentials and Authorization Code flows for Business Central

Docs

Calibrate research done on socially noisy web sources so agents do not mistake crowd mood for truth. Includes source-specific skills for Moltbook, Hacker News, Reddit, and Product Hunt.

SkillsDocs

76

1.07x

Agent-native E2E runtime with verifiable safety. 16 MCP tools including alethia_propose_tests (agent generates tests from a URL), alethia_assert_safety (proves destructive actions are blocked), and the expect block: NLP primitive unique to Alethia. Zero-IPC; 2-5x faster than Playwright MCP per flow; signed evidence packs. Works with Claude Code, Cursor, Cline.

SkillsDocsRules

95

2.80x

SonicJS headless CMS knowledge base, coding standards, and architectural guidelines.

SkillsDocs

74

Can't find what you're looking for? Evaluate a missing skill.