Claude skills

Claude Code and Cursor both support skills — SKILL.md files that the AI agent can load on demand to gain specialized capabilities. This repo ships two skills in .claude/skills/:

Each skill is self-contained: the SKILL.md file holds the description (used for triggering), the runbook content, and any required helper files in its directory. Agents load a skill when its description matches the current task.

use-cloud-credentials

.claude/skills/use-cloud-credentials/SKILL.md maps every credential in .env.cloud.example to the contexts where you can use it. The motivating problem: variable names reflect historical CI use cases, not actual scope. VERCEL_AUTOMATION_BYPASS_SECRET works for any client (Playwright, curl, manual testing) despite the "automation" wording.

The skill covers:

1. GH_TOKEN — clone sibling repos, hit GH API beyond the agent's built-in tools
2. Running E2E (smoke / full) against a preview URL
3. Hitting Vercel-protected preview URLs via curl / fetch
4. Signing in as a real test user without email delivery (E2E users + the /internal/e2e/last-otp endpoint)
5. Running full local E2E against the real todayai.dev domain via mitmproxy — the preferred fast-iteration loop
6. Tailing CloudWatch backend logs via AWS CLI

Load it via Cursor / Claude Code's skill mechanism — the description string triggers on phrases like "test admin login", "run e2e", "clone today-cloud", "check the backend logs", "why is this preview 401".

maintain-cloud-dev

.claude/skills/maintain-cloud-dev/SKILL.md is a monthly audit of the cloud-dev infrastructure. It checks:

1. Credential liveness — probes every credential in .env.cloud.example, reports which need rotation
2. Env drift — flags variables in .env.cloud that aren't in the .example template (potential leak) or vice versa
3. MCP package reachability — npx -y <package> for each configured MCP server, reports unreachable ones
4. Version updates — checks for major-version bumps of MCP servers, pnpm cloud:bootstrap dependencies

Output is a single table; the skill never auto-fixes. Always reports first; the user decides what to act on.

Trigger phrases: "维护云端配置", "refresh cloud dev", "audit cloud setup", "检查云端配置", or run on a recurring schedule via /schedule.

Adding a new skill

The format is dead simple — a single file:

.claude/skills/<skill-name>/SKILL.md

Header:

---
name: <skill-name>
description: <when to load this skill — a single dense paragraph triggered on phrases the agent will hear>
---

# <Skill Name>

<the runbook content>

The description field is the most load-bearing prose in the skill — it's what the agent's skill-loader matches against. Write it as one dense paragraph describing the trigger conditions, not the contents of the runbook. Look at the two existing skills' description fields for the template.

Body content can be arbitrary Markdown. Include shell commands inline as fenced blocks; the agent will execute them when the runbook says to.

When NOT to add a skill

A new skill is justified when:

• The task has specific external-service or domain-knowledge requirements that aren't obvious from CLAUDE.md
• The runbook is multi-step with branching, not just a single command
• The trigger conditions are clear and recurring — you can predict when it should fire

A new skill is not justified for:

• One-off scripts → put them in scripts/
• Things that should be muscle memory for the team → add to AGENTS.md or CLAUDE.md
• Tasks the agent already handles natively via built-in tools — skills exist to add capability, not to wrap existing capability

Related

• Cloud dev (Claude Code on the web) — how the cloud-dev session loads these skills
• Cloud credentials — the credentials the use-cloud-credentials skill operates on
• Agent E2E testing — running Playwright against auth-gated flows, which is the main use-cloud-credentials consumer