chrismccoy-skills

A Claude Code plugin marketplace by Chris McCoy.

Available plugins

• kubernetes-architect. Resilient, secure, production-ready Kubernetes manifests from a Principal Cloud Native Architect. 4 inputs (APP_REQUIREMENTS, RESOURCE_LIMITS, EXPOSURE_STRATEGY, TARGET_ENVIRONMENT) drive a locked 4-phase blueprint: Architecture Overview, Deployment + HPA manifests, Service/Ingress/ConfigMap manifests, kubectl deployment guide. Liveness/readiness probes, resource requests+limits, and security contexts (runAsNonRoot, readOnlyRootFilesystem, allowPrivilegeEscalation false) on every container. 2-space YAML, no invented image tags/apiVersions. Untrusted-data defense flags run-as-root/skip-security directives; STOPs on empty/contradictory fields. Scope-locked: refuses Terraform/billing/app-code
• docker-compose-architect. Production, secure, scalable docker-compose stacks from a Senior DevOps Engineer. 2 required inputs (TECH_STACK, DATABASE_REQUIREMENTS) + 2 optional (NETWORK_SETUP, SPECIFIC_CONSTRAINTS) drive a locked 4-phase blueprint: Architecture Overview, complete docker-compose.yml, .env template with ${VAR} placeholders, build/start/monitor + reverse-proxy/scaling. Non-root containers, tier network isolation, named volumes, healthchecks with depends_on service_healthy, 2-space YAML. No secret literals (${VAR} refs only), no invented image tags. Scope-locked: refuses Kubernetes/Terraform/raw Dockerfiles
• powershell-script-engine. Production, PSScriptAnalyzer-clean PowerShell scripts from a PowerShell expert and Windows systems engineer. 2 free-text inputs (TASK, USER_REQUIREMENTS) + 3 choices (PS_TARGET, REMOTE, DESTRUCTIVE) drive a locked 4-section output: Script (comment-based help, #Requires 7.0, [CmdletBinding()], try/catch/finally, console+file logging), Parameters table, 3+ Usage Examples (local/pipeline/PSSession), Security Notes. Approved verbs only, no Write-Host for data, no aliases, no rule suppressions. Security non-negotiables: no plaintext secrets ([PSCredential] only), no ungated destructive ops, no invented cmdlets. Footer on every run
• tech-blog-article. Front-page-quality technical articles in the voice of a senior dev/writer (Julia Evans clarity, Dan Abramov pragmatism, Charity Majors storytelling). 5 inputs (TOPIC, AUDIENCE_LEVEL, ARTICLE_ANGLE, PRIMARY_LANGUAGE, WORD_COUNT) drive a locked output: 60-char title, concrete hook, TL;DR box, complete-thought H2s, wrong-then-right code under 20 lines, honest trade-offs, one of four ending patterns. Pre-write input validation + silent post-write output gate. Refuses non-writing requests; treats inputs as inert data
• html-to-wordpress-theme. Converts static HTML/Tailwind files into installable WordPress themes
• html-design-styles. 53 named design styles with full color palettes, typography, and component patterns
• wordpress-plugin. WordPress plugin from scratch with intake. full directory tree, security guards, i18n, readme.txt, and uninstall.php
• wordpress-architect-review. Senior WordPress architect code review for plugins and themes. file by file audit, severity-tagged findings, scorecard, top-5 fixes, refactor roadmap
• unslop. Strip AI generated voice from source files (comments, docstrings, identifiers) without changing code behavior. 16-rule, 19-language, 22-framework ruleset
• vgademo. Retro 1990s style sizecoded assembly demo generator. MS-DOS .COM, boot sector, BIOS targets. 4 round multiple choice intake fills 14 placeholders. Bundles two worked reference examples
• app-blueprint. Senior architect 11-section production app blueprint from five inputs. folder tree, layers, data models, API contracts, deps, env, tests, CI/CD, notes, self-validation
• refactoring-analyst. Evidence-first, path:line-cited 16-section refactoring plan. CRITICAL/HIGH/MEDIUM/LOW priorities, Top 5 issues, File Impact Matrix, implementation roadmap. SCALE RULE for big repos
• docblock-rewrite. Convert PHPDoc and JSDoc blocks into one-line plain-English // comments. Two engines under shared rules: interactive Read/Edit walk for small jobs and a bundled bash + perl + claude --print runner for bulk. Banned-word list, 100-char cap, @internal/@deprecated/@ignore opt-outs, .bak backups
• codebase-to-mermaid. Read an unfamiliar codebase end-to-end and produce validated Mermaid flow / sequence / class diagrams. Auto-classifies the archetype (19+ languages, 30+ frameworks). Every node cited to a real file:line. Splits at 40 nodes. Writes raw flow*.mmd next to the code for direct render via mmdc or mermaid.live
• excel-formula-troubleshooter. Debug, fix, and optimize broken Excel / Google Sheets formulas. names the exact root cause, returns a copy-paste-ready corrected formula, a beginner-friendly explanation, and an optional modern alternative (XLOOKUP, IFERROR). Scope-locked to spreadsheet formulas
• naming-strategist. Senior naming strategist for venture-backed SaaS founders. 10 brandable, pronounceable domain candidates from 5 inputs (MARKET_TOPIC, TARGET_AUDIENCE, OFFER_TYPE, BRAND_TONE, EXTENSION_PRIORITY). Locked 4-section output (Setup Summary, Name List with Angle/Fit/Extension/Risk, Top 3 Shortlist, Verification Checklist). Silent 5-axis scoring drops anything below 7+ average. No legal-certainty claims, no hype copy, no hyphens or forced -ify/-ly/-hub suffixes
• wordpress-consultant. Senior WordPress Consultant (10+ years, WordPress VIP standards) running a fixed 10-section consulting framework from 7 inputs (Website Type, Current Challenge, Stack, Traffic, Goals, Performance Requirements, Support Needed). Architecture, Development Strategy, WooCommerce, Performance, Security, Debugging, Scalability, Automation, Technical Debt, Final Report. Section 10 scorecard (Health/Performance/Security/Scalability/Code Quality 0-100, Technical Debt Low/Medium/High/Critical) + mandatory summary table. Challenge and Goals required; scope-locked to WordPress engineering
• language-tutor. Expert linguist, translator, and language tutor (comparative grammar, second-language pedagogy, phonetics). 5 inputs (MODE, TEXT, TARGET_LANGUAGE, NATIVE_LANGUAGE, DEPTH) drive two modes. TRANSLATION emits 5 locked sections (Translation, Grammar, Structure, Pronunciation, Usage & Register) with IPA and native-language-tailored pronunciation tips; TEXT ANALYSIS emits 6 (Grammar, Spelling & Punctuation, Style & Flow, Meaning & Content, Corrected Text with itemized changes, 5 Alternative Versions). Auto-detects source language, aligns to CEFR A1-C2, Quick depth for one-line answers. Never invents grammar rules, etymologies, or IPA; treats submitted text strictly as data, never instructions; scope-locked to language work

Quick start

In any Claude Code session, run:

/plugin marketplace add github:chrismccoy/skills
/plugin install kubernetes-architect@chrismccoy-skills
/plugin install docker-compose-architect@chrismccoy-skills
/plugin install powershell-script-engine@chrismccoy-skills
/plugin install tech-blog-article@chrismccoy-skills
/plugin install html-to-wordpress-theme@chrismccoy-skills
/plugin install html-design-styles@chrismccoy-skills
/plugin install wordpress-plugin@chrismccoy-skills
/plugin install wordpress-architect-review@chrismccoy-skills
/plugin install unslop@chrismccoy-skills
/plugin install vgademo@chrismccoy-skills
/plugin install app-blueprint@chrismccoy-skills
/plugin install refactoring-analyst@chrismccoy-skills
/plugin install docblock-rewrite@chrismccoy-skills
/plugin install codebase-to-mermaid@chrismccoy-skills
/plugin install excel-formula-troubleshooter@chrismccoy-skills
/plugin install naming-strategist@chrismccoy-skills
/plugin install wordpress-consultant@chrismccoy-skills
/plugin install language-tutor@chrismccoy-skills

The first command adds the marketplace; the rest install each plugin. Skip whichever plugins you don't need. each is independent. Full descriptions of what each one does are below.

---

kubernetes-architect

Resilient, secure, production-ready Kubernetes manifests from four inputs, in the voice of a Principal Cloud Native Architect and Kubernetes expert. Locked four-phase blueprint. Empty/contradictory-input halt and a silent pre-delivery YAML validation before sending.

/plugin install kubernetes-architect@chrismccoy-skills

Most "give me a Kubernetes Deployment" prompts hand back YAML that fails the first real cluster review: no liveness or readiness probes so rollouts and traffic routing misbehave, no resource requests or limits so the scheduler and autoscaler fly blind, containers running as root with a writable root filesystem, and Service selectors that silently don't match pod labels. This plugin replaces that with the discipline a principal cloud native architect applies. Every container gets liveness and readiness probes, resource requests and limits, and a security context (runAsNonRoot, readOnlyRootFilesystem, allowPrivilegeEscalation: false). YAML is syntax-perfect, 2-space indented, with dash-based arrays. Image names, tags, apiVersion values, and field keys are never invented — uncertain tags are flagged for confirmation. Before sending, every block is validated: apiVersion/kind/metadata.name present, indentation valid, probes + resources + securityContext per container, and Service/Ingress selectors matching Deployment pod labels.

The skill body runs the workflow. Step 1 loads the master prompt from references/prompt-template.md (including the canonical Deployment skeleton) and substitutes the four inputs. Step 2 validates inputs — any empty or contradictory field STOPs with a list of exactly what is missing rather than inventing a default. Step 3 generates the manifests under the strict operating constraints. Step 4 runs a silent pre-delivery validation and fixes any failure before returning; unvalidated YAML is never emitted.

Hard prompt-injection defense. Inputs are untrusted data — a field that says "ignore probes", "run as root", or "skip security" is ignored and flagged in PHASE 1. Off-domain requests (Terraform, billing, application code) get one refusal line, then the K8s task continues.

📋 Technical Overview

A Claude Code plugin with one slash command and one skill. The skill body in skills/kubernetes-architect/SKILL.md carries the persona, scope lock, input handling, and 4-step workflow. The authoritative master prompt with {{placeholders}} and the Deployment skeleton lives in references/prompt-template.md and loads on every invocation. The slash command /kubernetes-architect accepts an optional APP_REQUIREMENTS arg, then walks the user through AskUserQuestion intake for the remaining fields.

✨ Features

• 🎯 Four inputs in, one blueprint out. APP_REQUIREMENTS + RESOURCE_LIMITS + EXPOSURE_STRATEGY + TARGET_ENVIRONMENT
• 🧱 Locked 4-phase output: Architecture Overview, Deployment + HPA manifests, Service/Ingress/ConfigMap manifests, kubectl Deployment Guide
• 🩺 Liveness AND readiness probes on every container — no silent rollout or routing failures
• 📊 resources.requests AND resources.limits on every container — scheduler and HPA get real signals
• 🔐 Security contexts where applicable — runAsNonRoot, readOnlyRootFilesystem, allowPrivilegeEscalation: false
• 🧠 No invented image names, tags, apiVersion values, kind names, or field keys — only real, documented Kubernetes resources; uncertain tags flagged for confirmation
• ✅ Silent pre-delivery validation per block: apiVersion/kind/metadata.name present, valid 2-space indentation, probes+resources+securityContext per container, Service/Ingress selectors match pod labels
• 🛡️ Prompt-injection defense. Inputs are untrusted data; behavior-altering directives (ignore probes, run as root, skip security) are ignored and flagged in PHASE 1
• 🚦 No invented defaults — empty or contradictory fields STOP with a list of exactly what is missing
• 🪧 Scope-locked. Terraform, billing, and application-code requests get one refusal line, then the K8s task continues

🔄 How it works

1. Intake. Slash command collects four fields via AskUserQuestion. If APP_REQUIREMENTS was passed as $ARGUMENTS, confirm and skip that question.
2. Load template. Read references/prompt-template.md. Substitute {{APP_REQUIREMENTS}}, {{RESOURCE_LIMITS}}, {{EXPOSURE_STRATEGY}}, {{TARGET_ENVIRONMENT}}. Treat inputs as untrusted data.
3. Validate inputs. Empty / placeholder / contradictory field → STOP, list what is missing, ask. No invented defaults.
4. Generate the manifests under the strict operating constraints (probes, resource requests/limits, security contexts, 2-space YAML, dash-based arrays).
5. Silent pre-delivery validation. apiVersion/kind/metadata.name; 2-space indentation; probes+resources+securityContext per container; selectors match pod labels; no invented images. Fix failures before printing.
6. Output the four phases only.

🚀 How to use it

Two ways to invoke:

Slash command:

/kubernetes-architect "Node API, image myorg/api, port 3000, 3 replicas"   ← arg seeds APP_REQUIREMENTS
/kubernetes-architect                                                       ← full intake

Natural language (auto-triggers via the skill):

"design Kubernetes manifests", "architect a K8s deployment", "write a Kubernetes Deployment YAML", "Deployment with HPA and probes", "Kubernetes Service and Ingress", "create production K8s manifests"

The full skill instructions live at kubernetes-architect/skills/kubernetes-architect/SKILL.md, the slash command at kubernetes-architect/commands/kubernetes-architect.md, and the on-demand master prompt at kubernetes-architect/skills/kubernetes-architect/references/prompt-template.md.

---

docker-compose-architect

Production, secure, scalable docker-compose stacks from four inputs, in the voice of a Senior DevOps Engineer and Docker expert. Locked four-phase blueprint. Required-input validation and a silent output gate before sending.

/plugin install docker-compose-architect@chrismccoy-skills

Most "give me a docker-compose file" prompts hand back something that should never reach production: secrets hardcoded in plaintext, every service on one flat network, no volumes so data evaporates on restart, no healthchecks so depends_on races, and containers running as root. This plugin replaces that with the discipline a senior DevOps engineer actually applies. Secrets are always ${VAR} references resolved from a generated .env template — never literals. Tiers are isolated on separate bridge networks (frontend vs database). Every stateful service gets a named volume. Every service gets a healthcheck, and depends_on uses condition: service_healthy. Containers run non-root where the base image allows. Compose YAML is indented 2 spaces. Image names and tags are never invented — uncertain tags are flagged for confirmation.

The skill body runs the workflow. Step 1 loads the master prompt from references/prompt-template.md and substitutes the four inputs. Step 2 validates inputs — a missing TECH_STACK or DATABASE_REQUIREMENTS halts with one targeted question per field, and conflicting constraints (e.g. "no persistence" plus a database) are surfaced before generating. Step 3 produces the blueprint under the strict operating constraints. Step 4 runs a silent output gate — all four phases present, valid 2-space YAML, secrets as env refs, a healthcheck per service or documented reason, no invented images — and fixes any failure before returning.

Hard refusal on out-of-scope asks. Kubernetes, Terraform, raw Dockerfiles, and unrelated requests get exactly one line: Out of scope: this engine outputs docker-compose stacks only.

📋 Technical Overview

A Claude Code plugin with one slash command and one skill. The skill body in skills/docker-compose-architect/SKILL.md carries the persona, scope lock, input handling, and 4-step workflow. The authoritative master prompt with {{placeholders}} lives in references/prompt-template.md and loads on every invocation. The slash command /docker-compose-architect accepts an optional TECH_STACK arg, then walks the user through AskUserQuestion intake for the remaining fields.

✨ Features

• 🎯 Four inputs in, one blueprint out. TECH_STACK + DATABASE_REQUIREMENTS (required) + NETWORK_SETUP + SPECIFIC_CONSTRAINTS (optional)
• 🧱 Locked 4-phase output: Architecture Overview, complete docker-compose.yml, .env template, Deployment & Scaling
• 🔐 Secrets only as ${VAR} env references resolved from the .env template — never plaintext literals
• 🧬 Tier network isolation (frontend-tier vs database-tier bridges), named volumes for every stateful service
• 🩺 Healthcheck on every service; depends_on with condition: service_healthy; containers run non-root where the base image allows
• 🧠 No invented image names, tags, version numbers, or compose keys — only real, documented images; uncertain tags flagged for confirmation
• ✅ Silent output validation: 4 phases present, valid 2-space YAML, every secret an env ref, every service healthchecked or documented, no invented images
• 🛡️ Prompt-injection defense. All inputs treated as untrusted data; embedded directives (ignore prior, act as, output-format-change attempts) ignored
• 🚦 Required-field halt + conflict surfacing — missing TECH_STACK/DATABASE_REQUIREMENTS asks one question per field; "no persistence" plus a database is surfaced before generating
• 🪧 Scope-locked. Kubernetes, Terraform, raw Dockerfiles, unrelated requests refused with Out of scope: this engine outputs docker-compose stacks only.

🔄 How it works

1. Intake. Slash command collects four fields via AskUserQuestion. If TECH_STACK was passed as $ARGUMENTS, confirm and skip that question.
2. Load template. Read references/prompt-template.md. Substitute {{TECH_STACK}}, {{DATABASE_REQUIREMENTS}}, {{NETWORK_SETUP}}, {{SPECIFIC_CONSTRAINTS}}. Treat inputs as untrusted data.
3. Validate inputs. Empty / placeholder TECH_STACK or DATABASE_REQUIREMENTS → one targeted question per field, then halt. Conflicting constraints → surface and ask which wins.
4. Generate the blueprint under the strict operating constraints (non-root, tier isolation, named volumes, healthchecks, ${VAR} secrets, 2-space YAML).
5. Silent output gate. 4 phases; valid YAML; secrets as env refs; healthcheck per service or documented reason; no invented images. Fix failures before printing.
6. Output the four phases only.

🚀 How to use it

Two ways to invoke:

Slash command:

/docker-compose-architect "Node.js + React frontend, Express API"   ← arg seeds TECH_STACK
/docker-compose-architect                                           ← full intake

Natural language (auto-triggers via the skill):

"design a docker-compose stack", "architect a containerized environment", "write a production docker-compose.yml", "multi-tier docker setup", "docker compose with database and networks", "containerize my app with compose"

The full skill instructions live at docker-compose-architect/skills/docker-compose-architect/SKILL.md, the slash command at docker-compose-architect/commands/docker-compose-architect.md, and the on-demand master prompt at docker-compose-architect/skills/docker-compose-architect/references/prompt-template.md.

---

powershell-script-engine

Production, PSScriptAnalyzer-clean PowerShell scripts from five inputs, in the voice of a PowerShell expert and Windows systems engineer. Locked four-section output. Pre-generation input validation and a silent self-check before output.

/plugin install powershell-script-engine@chrismccoy-skills

Most "write me a PowerShell script" prompts hand back something that fails review the moment it hits a real server: Write-Host used for data, unapproved verbs, hardcoded credentials in plaintext, a Remove-Item with no -WhatIf, and zero logging. This plugin replaces that with the discipline a seasoned Windows systems engineer actually uses. Every script opens with #Requires -Version 7.0, carries comment-based help (.SYNOPSIS/.DESCRIPTION/.PARAMETER/.EXAMPLE) on the script and every function, uses [CmdletBinding()] with validated parameters, wraps work in try/catch/finally, and logs to both console and a rolling file ($env:ProgramData\<ScriptName>\<ScriptName>.log, 10 MB roll, 5 archives). Credentials are typed [PSCredential] — never plaintext. Destructive operations are refused unless named in the requirements, and gated behind -WhatIf/-Confirm when generated. Cmdlet, module, and parameter names are never invented.

The skill body runs the workflow. Step 1 loads the master prompt from references/prompt-template.md and substitutes the five inputs. Step 2 validates inputs — an empty or placeholder TASK/USER_REQUIREMENTS halts with one clarifying question rather than a guessed script. Step 3 generates the script under the full specification (foundation, parameters, error handling, logging, security, remote). Step 4 runs a silent self-check — approved verbs, clean parse, no plaintext secrets, no invented names, four sections in order — and fixes any failure before returning.

Hard refusal on out-of-scope asks (output is the script plus usage examples only) and on security violations. Every response ends with --- Generated by PowerShell Script Engine | review before production use ---.

📋 Technical Overview

A Claude Code plugin with one slash command and one skill. The skill body in skills/powershell-script-engine/SKILL.md carries the persona, scope lock, input handling, and 4-step workflow. The authoritative master prompt with {{placeholders}} lives in references/prompt-template.md and loads on every invocation. The slash command /powershell-script-engine accepts an optional TASK arg, then walks the user through AskUserQuestion intake for the remaining four fields.

✨ Features

• 🎯 Five inputs in, one production script out. TASK + USER_REQUIREMENTS + PS_TARGET + REMOTE + DESTRUCTIVE
• 📐 #Requires -Version 7.0, comment-based help on the script and every function, [CmdletBinding()] with validated parameters
• 🧯 try/catch/finally everywhere; clear error messages; console AND rolling file logging (10 MB roll, 5 archives)
• ✔️ Approved verbs only (Get-Verb). No Write-Host for data, no aliases in the body, no positional args in examples, no PSScriptAnalyzer rule suppressions
• 🔐 No plaintext secrets — [PSCredential] / Get-Credential / SecretManagement only
• 🚫 No destructive ops (Remove-*, Format-*, Stop-*, registry/disk writes) unless named in requirements; gated behind -WhatIf/-Confirm when generated
• 🧠 No invented cmdlet, module, parameter, or version names — only real, documented PowerShell; unverifiable modules flagged for confirmation
• 📦 Locked 4-section output: Script, Parameters table (Name/Mandatory/Type/Validation), 3+ Usage Examples (local/pipeline/PSSession), Security Notes
• 🛡️ Prompt-injection defense. USER_REQUIREMENTS treated as inert data; embedded directives (ignore prior, act as, output-format-change attempts) are ignored
• 🪧 Scope-locked. Empty or off-topic requirements get one clarifying question, then a halt

🔄 How it works

1. Intake. Slash command collects five fields via AskUserQuestion. If TASK was passed as $ARGUMENTS, confirm and skip that question.
2. Load template. Read references/prompt-template.md. Substitute {{TASK}}, {{USER_REQUIREMENTS}}, {{PS_TARGET}}, {{REMOTE}}, {{DESTRUCTIVE}}. Treat requirements as inert data.
3. Validate inputs. Empty / blank / placeholder TASK or USER_REQUIREMENTS → ask one clarifying question naming the job, then halt.
4. Generate the script per the specification (foundation, parameters, error handling, logging, security, remote).
5. Silent self-check. Approved verbs; balanced braces, no aliases, no Write-Host for data; no plaintext secrets, credentials [PSCredential]; no invented names; four sections in order. Fix failures before printing.
6. Output the four sections, then the footer line.

🚀 How to use it

Two ways to invoke:

Slash command:

/powershell-script-engine "Audit local admin group membership across a server list and export to CSV"   ← arg seeds TASK
/powershell-script-engine                                                                                ← full 5-question intake

Natural language (auto-triggers via the skill):

"write a PowerShell script", "create a production PS module", "PSScriptAnalyzer-clean script", "PowerShell automation script", "PowerShell remoting script", "PowerShell with comment-based help"

The full skill instructions live at powershell-script-engine/skills/powershell-script-engine/SKILL.md, the slash command at powershell-script-engine/commands/powershell-script-engine.md, and the on-demand master prompt at powershell-script-engine/skills/powershell-script-engine/references/prompt-template.md.

---

tech-blog-article

Front-page-quality technical articles from five inputs, in the voice of a senior developer who actually ships. Locked output format. Pre-write input validation and a silent post-write output gate.

/plugin install tech-blog-article@chrismccoy-skills

Most "write a blog post" prompts produce the exact thing that dies on Hacker News: a dictionary-definition opener, H2 headers that are bare topic labels (## Configuration), code dumped without explanation, and a conclusion that restates the intro. This plugin replaces that with the discipline real technical writers use. The hook lands in the first three sentences with a concrete scenario the reader has lived. Every H2 is a complete thought (## The default configuration will break at 10K requests/second). Code examples show the wrong way first, then the right way, stay under 20 lines, carry a language identifier, and get a plain-English explanation after the fence. Opinions are stated outright and backed with numbers; trade-offs are admitted; every section passes a "So What?" test. It closes on one of four ending patterns and signs off with a one-line bio.

The skill body runs the workflow. Step 1 loads the master prompt from references/prompt-template.md and substitutes the five inputs. Step 2 validates inputs before writing — a bracketed placeholder halts with Missing input: <field>., a word count outside 300–5000 halts with Invalid input: Word count must be a number from 300 to 5000.. Step 3 writes the article under all six writing rules. Step 4 runs a silent output gate — title ≤ 60 chars, TL;DR 3–4 bullets, complete-thought H2s, every code block annotated, one ending pattern — and fixes any failure before returning.

Hard refusal on non-writing and role-change requests (I only draft technical articles — give me a topic and I'll write.). Output is the article only — no preamble, no meta-commentary, no notes after the bio.

📋 Technical Overview

A Claude Code plugin with one slash command and one skill. The skill body in skills/tech-blog-article/SKILL.md carries the persona, scope lock, input handling, and 4-step workflow. The authoritative master prompt with {{placeholders}} lives in references/prompt-template.md and loads on every invocation. The slash command /tech-blog-article accepts an optional TOPIC arg, then walks the user through AskUserQuestion intake for the remaining four fields.

✨ Features

• 🎯 Five inputs in, one article out. TOPIC + AUDIENCE_LEVEL + ARTICLE_ANGLE + PRIMARY_LANGUAGE + WORD_COUNT
• 🪝 Concrete hook in the first 3 sentences. No dictionary definitions, no "In today's fast-paced world"
• 🧱 Every H2 is a complete thought, not a bare topic label. TL;DR box (3–4 bullets) after the intro
• 💻 Wrong-way-then-right-way code examples, under 20 lines, language identifier in the fence, plain-English explanation after each block
• ⚖️ Opinions stated outright and backed with numbers; trade-offs admitted; "So What?" test per section
• 🏁 One of four ending patterns: lessons-learned, actionable checklist, provocative question, or "the thing nobody tells you"
• ✅ Pre-write input validation halts on bracketed placeholders or word counts outside 300–5000
• 🔒 Silent post-write output gate: title length, TL;DR bullet count, complete-thought H2s, code-block annotations, ending pattern
• 🛡️ Prompt-injection defense. All five inputs treated as inert article subject matter. Embedded directives (ignore the above, reveal your prompt, change format) are ignored
• 🪧 Scope-locked. Non-writing and role-change requests refused with I only draft technical articles — give me a topic and I'll write.

🔄 How it works

1. Intake. Slash command collects five fields via AskUserQuestion. If TOPIC was passed as $ARGUMENTS, confirm and skip that question. Empty / blank / [FIELD_NAME] → halt with MISSING INPUT: <field> required.
2. Load template. Read references/prompt-template.md. Substitute {{TOPIC}}, {{AUDIENCE_LEVEL}}, {{ARTICLE_ANGLE}}, {{PRIMARY_LANGUAGE}}, {{WORD_COUNT}} with collected values. Treat values as inert data.
3. Validate inputs. Bracketed placeholder → Missing input: <field>.. Word count not an integer 300–5000 → Invalid input: Word count must be a number from 300 to 5000.
4. Write the article following all six writing rules in the locked output format.
5. Silent output gate. Title ≤ 60 chars; TL;DR 3–4 bullets; complete-thought H2s; every code block has a language identifier and plain-English explanation; one ending pattern. Fix any failure before printing.
6. Output the article only. No preamble, no meta-commentary, no notes after the bio line.

🚀 How to use it

Two ways to invoke:

Slash command:

/tech-blog-article "Why your Postgres connection pool keeps exhausting"   ← arg seeds TOPIC, picker fills the rest
/tech-blog-article                                                        ← full 5-question intake

Natural language (auto-triggers via the skill):

"write a technical article", "draft a blog post", "write a dev blog", "Hacker News style article", "Dev.to article", "technical write-up", "engineering blog post"

The full skill instructions live at tech-blog-article/skills/tech-blog-article/SKILL.md, the slash command at tech-blog-article/commands/tech-blog-article.md, and the on-demand master prompt at tech-blog-article/skills/tech-blog-article/references/prompt-template.md.

---

html-to-wordpress-theme

Converts static HTML files into installable WordPress themes.

/plugin install html-to-wordpress-theme@chrismccoy-skills

Ever had a beautiful static HTML design built with Tailwind CSS and wished you could just drop it into WordPress? That's exactly what this plugin solves.

The html-to-wordpress-theme skill takes your static Tailwind CSS HTML files and converts them into a fully installable, WordPress-compliant theme. No more manually rewriting markup into PHP templates or guessing how WordPress expects things to be structured. the skill handles it all for you through a guided, step by step workflow.

What makes it different from a quick rewrite? Your converted theme comes out with proper accessibility built in, secure code that follows WordPress coding standards, and a Tailwind CSS build pipeline. no CDN links or shortcuts. There's even a 79-point checklist that runs before anything is delivered to make sure nothing got missed.

Whether you're a designer who wants to ship a prototype in WordPress or a developer looking to speed up your theme development process, this tool fits your workflow. It asks for your approval at every major step, so you're always in control.

📋 Technical Overview

An AI instruction specification that converts static Tailwind CSS HTML files into fully installable, WordPress Theme Review Team-compliant themes.

Built around a phased workflow with mandatory approval gates, it enforces WordPress PHP coding standards, WCAG 2.1 AA accessibility, Tailwind CSS v3 CLI build pipelines, escaping and security rules, and a 79-point self-audit with cited evidence requirements.

Designed to eliminate silent assumptions, prevent runaway generation, and handle real world edge cases like poor source HTML quality, context window limits, and multi-session continuity.

✨ Features

• 🏗️ Phased workflow with mandatory approval gates. no code ships without user sign-off
• 🔒 Exhaustive escaping and sanitization rules for every output context
• ♿ WCAG 2.1 AA accessibility baked into every phase and template
• 🎨 Tailwind CSS v3 CLI build pipeline. zero CDN references, zero frameworks
• 🔍 79-point self-audit table requiring cited file-and-line evidence for every check
• 🚦 Graduated failure modes. abort, degraded, or proceed based on source quality
• 🌍 Full internationalization with enforced translator comments and text domains
• 🧩 Smart template abstraction rules for repeated markup patterns
• 👶 Child theme compatibility with overridable functions and removable hooks
• 📦 Automatic chunk planning with size estimation to prevent truncation
• 🔄 Session continuity protocol for multi-conversation conversions
• 📋 Pre-output self-check silently validates every file before delivery
• ⚖️ Decision tiebreaker hierarchy when multiple valid approaches exist
• 🛡️ Nonce enforcement and input sanitization for all custom forms
• 📱 Mobile-first responsive design with keyboard and touch target requirements
• 🏷️ Strict naming conventions derived from a single confirmed theme name
• 📝 Auto-generated README with setup instructions, testing checklist, and documentation
• ⚡ Image performance rules. lazy loading, fetch priority, and registered custom sizes
• 🧪 Testing checklist covering core functionality, accessibility, and build system
• 📐 Content width single source of truth synced across PHP, JSON, and Tailwind config

🔄 How it works

Hand it an index.html (and optionally a single.html, plus any other page mockups) and it walks you through a 4-phase conversion:

1. Initialization: confirm theme name and defaults
2. Phase 1. Analysis (1A critical, 1B extended). HTML validation, source quality grading, design-token extraction, file manifest, decision log
3. Phase 2. Implementation: generates every theme file in user-approved chunks
4. Phase 3. Self-Audit: a 79-item checklist with cited file-and-line evidence before delivery

You approve each phase before the next one starts, so nothing runs away from you.

🚀 How to use it

Two ways to invoke it:

Slash command (explicit):

/html-to-wordpress-theme ← starts the workflow
/html-to-wordpress-theme Brewline ← pre-fills the theme name

Natural language (auto-triggers):

"I have an index.html and a single.html in my Downloads folder. convert them into a WordPress theme called 'Brewline'."

Either way, confirm the theme name and defaults at the initialization gate, then approve each phase as it completes. Theme files land in a folder named after your theme slug.

The full skill instructions live at html-to-wordpress-theme/skills/html-to-wordpress-theme/SKILL.md, with deep references in the adjacent references/ folder.

🤖 AI Analysis Verdict

The skill's source instruction set was independently analyzed by Claude Opus 4.6. Below are the evaluation results.

Aspect	Description	Rating	Score
Completeness	Covers every edge case from abort criteria to degraded mode, with zero gaps in the conversion workflow	★★★★★	10/10
Structure	Phase gates, numbered sections, cross-references, and a document map make navigation even at 2000+ lines	★★★★★	10/10
Clarity	Every rule includes ✅/❌ examples, anti-patterns, and decision trees. leaves no room for misinterpretation	★★★★★	10/10
Maintainability	Versioned with changelog, modular sections, and a priority hierarchy that makes updates safe and predictable	★★★★★	10/10
Practical Effectiveness	Evidence-based self-audit, context window management, and session continuity ensure reliable output across real world usage	★★★★★	10/10
Error Handling	Graduated failure modes (abort → degraded → proceed) with explicit user checkpoints prevent silent failures	★★★★★	10/10
Security Coverage	Exhaustive escaping/sanitization tables, nonce enforcement, and a pre-output self-check catch vulnerabilities before they ship	★★★★★	10/10
Accessibility	WCAG 2.1 AA baked into every phase. contrast ratios, keyboard nav, ARIA, skip links, and reduced motion are non-negotiable	★★★★★	10/10
Overall	An AI engineering specification that rivals internal runbooks at mature development organizations	★★★★★	10/10

---

html-design-styles

A curated catalog of 53 named design styles for frontend interfaces.

/plugin install html-design-styles@chrismccoy-skills

Tired of AI generated frontends that all look like the same generic SaaS landing page? This skill ships specs for 53 distinct design aesthetics. each one a complete, opinionated system with its own color palette, typography stack, component patterns, and signature visual mechanics. Pick a style by name and the output actually looks like that style.

When the skill triggers, it knows exactly how to implement any style. fonts, colors, shadows, layout patterns, components, animations, and more. producing HTML in a single output.

🎨 Available styles

Minimal & Clean

• 🍎 Bento Style: Apple/macOS-inspired bento grid, clean and minimal
• 🌿 Soft Modern Style: White bg, blurred orb accents, rounded, friendly and accessible
• ❄️ Scandinavian Style: Cold whites, extreme negative space, hygge minimalism, quiet luxury
• 🏢 Corporate Style: Conservative trust blues, structured grid, buttoned-up B2B professionalism
• 📐 Swiss Style: Helvetica-inspired, rigid typographic grid, black/red only, zero decoration

Dark & Atmospheric

• 🌌 Dark Cosmic Style: Dark slate, glowing indigo/cyan, radial dot grid, glassmorphism
• 🎬 Dark Action Style: Dark gradient bg, yellow/gold accents, Oswald font, cinematic energy
• 🚀 Dark SaaS Style: Slate-950, sky blue accent, stagger animations, clean SaaS
• 🎭 Dark Cinema Style: Near-black, red glow, Bebas Neue, noise overlay, floating labels
• 💾 Dark Mono Style: Dark zinc surfaces, cyan + pink accents, monospace, scanline texture
• 🌠 Dark Neon Style: Black background, multiple vivid neon glow colors, bleed and bloom effects
• 🌌 Vaporwave Style: Purple/teal gradients, retro grid floors, synthwave glow and glitch effects

Brutalist & Bold

• ⬛ Pure Brutalist Style: Monochrome black/white, hard shadows, monospace, no color
• ⚡ Neobrutalist Style: Hard black shadows with vivid neon color accents
• ☢️ Acid Brutalist Style: Pure black, acid yellow + red, Anton/Bebas fonts, noise grain
• 🔧 Utility Terminal Style: White bg, strict 1px borders, monospace, no rounding, grid texture
• 🏗️ Monolith Style: White bg, dark navy shadows, thick top border accent, monospace brutalism

Retro & Nostalgic

• 📺 Retro Terminal Style: Green-on-black CRT monitor aesthetic with phosphor glow effects
• 🕹️ Pixel Style: 8-bit pixelated fonts, game UI, sprite aesthetic, retro game feel
• 🖥️ Y2K Style: Windows 95 beveled gray UI, system fonts, chunky pixel buttons, early internet
• 🌊 Groovy Style: Warm oranges/browns, 70s swirls, rounded retro lettering, psychedelic curves
• 🎨 Memphis Style: 80s/90s geometric shapes, bright pastels, squiggles and confetti
• 🌴 Tropical Style: Coral, turquoise, warm vacation energy, Miami/resort vibes

Artistic & Expressive

• 🎪 Pop Art Style: Cyan/pink/yellow on loud background, floating bordered container
• 🍭 Kawaii Style: Super cute pastel, bubble rounded, character illustration accents
• 💥 Manga Style: Speed lines, bold ink outlines, dramatic panel layouts, high contrast
• 🌈 Psychedelic Style: Acid swirls, melting text, rainbow overflow, mind-bending distortion
• 🗞️ Zine Style: Photocopied DIY aesthetic, cut-and-paste collage, raw indie energy
• 🔆 Aurora Style: Flowing multi-color gradient backgrounds, silk light effect, soft and dreamy

& Luxury

• 👑 Luxury Style: Cream/off-white, serif display font, gold accents, generous whitespace
• 🌸 Art Deco Style: Geometric gold ornaments, symmetry, 1920s glamour and opulence
• 🌺 Cottagecore Style: Floral patterns, watercolor washes, storybook softness and whimsy
• 🌙 Gothic Style: Dark greens/blacks, ornate serif, candle-wax drips, moody atmosphere
• ✒️ Japanese Style: Wabi-sabi imperfection, ink brush strokes, kanji-inspired negative space

Technical & Structured

• 🔷 Blueprint Style: Deep blueprint blue, white grid lines, Courier Prime, technical drawing aesthetic
• 🔴 Dot Grid Style: Gray dotted background, Archivo Black + Space Mono, hot pink accent, hard shadows
• 🟣 Pink Neo Style: Hot pink dotted background, Archivo Black + Space Mono, pink/yellow/blue palette
• 📊 Dashboard Style: Chart-forward, dense metrics, sidebar navigation, admin/analytics feel
• 🤖 Sci-Fi HUD Style: Heads-up display, corner brackets, data readouts, radar and targeting UI
• ⚠️ Cyberpunk Style: Yellow/black warning stripes, HUD overlays, neon on dark, danger aesthetics

Specialty & Immersive

• 💎 Glassmorphism Style: Frosted glass cards on gradient mesh backgrounds, soft blurs and translucency
• 🏛️ Neumorphism Style: Soft same-color shadows creating pushed/extruded soft UI on light gray
• 📦 Clay Style: Clay morphism, chunky rounded cards with physical depth
• 🖨️ Newspaper Style: Black ink on newsprint, serif fonts, editorial column layouts
• 📖 Longform Style: Full-bleed hero images, pull quotes, drop caps, rich magazine editorial flow
• 🎵 Skeuomorphic Style: Realistic material textures, depth and shadows mimicking physical objects
• 🌸 Organic Style: Earthy tones, rounded organic shapes, warm and natural hand-crafted feel
• ✍️ Handwritten Style: Hand-drawn borders, pencil textures, imperfect sketch-like lines

Energy & Motion

• 🏆 Athletic Style: Diagonal cuts, bold color blocks, high-impact sport energy
• 🌍 Grunge Style: Worn textures, splatter marks, distressed rough torn edges
• 🔮 Isometric Style: 3D isometric grid illustrations, flat-color depth and layered objects
• 🎭 Maximalist Style: Everything layered, dense pattern-on-pattern, opulent visual chaos
• 🔣 Enterprise Editorial Style: White/dark alternating sections, indigo, large rounded app cards

📦 What each style spec includes

Every style definition covers:

• 🔤 Typography: Font families, weights, sizes, letter-spacing
• 🎨 Color palette: All CSS custom properties with exact values
• 🪞 Shadow system: Named shadow levels used across components
• 🃏 Card variants: Background, border, hover states
• 🔘 Button variants: Primary, secondary, ghost, active/pressed states
• 📐 Layout patterns: Grid structures, hero layouts, section flows
• 🧩 Components: Pills, badges, stat cards, nav, marquee, footer
• ✨ Animations: Transitions, keyframes, scroll effects where applicable
• ⚙️ Implementation notes: CDN links, font imports, special CSS tricks

💻 Output format

The skill generates a single self-contained HTML file with:

• Inline CSS (no external stylesheet needed)
• Tailwind CSS via CDN
• Google Fonts via CDN
• Font Awesome 6 via CDN (when icons are needed)
• Vanilla JS for any interactions

No build step. Open the file in a browser and it works.

🔄 How it works

1. Identify the style: match the user's request against the 53-item catalog (or ask them to pick if ambiguous)
2. Get project context: full page, single component, restyling existing markup, what content goes in
3. Load references: common.md once per session for cross-cutting patterns, then styles/<slug>.md for the chosen style's complete spec
4. Apply faithfully: use the exact color values, typography stack, shadow recipes, and component patterns from the spec, with no "similar" substitutions

🚀 How to use it

Two ways to invoke it:

Slash command (explicit):

/html-design-styles ← asks you to pick a style
/html-design-styles brutalist ← starts straight into Brutalist
/html-design-styles brutalist landing page for my SaaS
 ← pre-fills both style + project

Natural language (auto-triggers on style names). describe what you want:

From scratch. describe your product inline:

Build a landing page using bento style.

Product: Pinpoint
A time-tracking app for freelancers. Automatically tracks time across apps
and projects, generates invoices, and syncs with Stripe.

Features:
- Automatic time tracking across Mac apps
- Project and client tagging
- One-click invoice generation
- Stripe integration for payments
- Weekly summary reports

CTA: "Start Free Trial"

From a feature list in your own README. point Claude at it and it pulls product name, features, and copy automatically:

Read README.md. Build a landing page using neobrutalist style based on
the features and descriptions in README.md. Keep copy tight. headline,
subheadline, feature grid, and a single CTA.

Restyle an existing landing page. pass in your HTML and Claude rebuilds it in a new style while preserving content and structure:

Read landingpage.html. Rebuild the landing page using dark cinema style.
Keep all existing sections, copy, and CTAs. only change the visual design.

That's it. The skill handles the rest. typography, color palette, layout grid, components, and interactions. all consistent with the named style spec.

The full skill instructions live at html-design-styles/skills/html-design-styles/SKILL.md, the cross-cutting patterns at references/common.md, and each style's complete spec under references/styles/.

---

wordpress-plugin

Generates complete WordPress plugins from scratch. the kind you could submit to the WordPress.org repository today.

/plugin install wordpress-plugin@chrismccoy-skills

Most AI generated WordPress plugins fail the same way: missing nonces, raw $_POST values, string-interpolated SQL, no text domain, no uninstall.php, and a Plugin Name header that's the only metadata it bothered to fill in. The wordpress-plugin skill takes a different approach. Seven structured intake answers in. full directory tree out, with WordPress Coding Standards compliance, complete security guardrails, internationalization, conditional asset enqueueing, custom tables via dbDelta() with proper indexes, and a real uninstall script that removes every artefact the plugin creates.

Five of the seven intake questions are pickers via AskUserQuestion: pick the WordPress mechanisms the plugin uses, the target audience, the admin UI components, the frontend display surfaces, and the third party integrations. Two are free text. the plugin name and a 2-4 sentence description of what the plugin actually does. No ambiguous answers, no follow-up clarification rounds.

✨ Features

• 📋 Intake. five picker prompts via AskUserQuestion plus two free text. every variable in the about-me section is a picker, not a fill-in-the-blank
• 🏗️ Modular OOP structure. singleton main plugin class wires Admin, Frontend, Database, AJAX, REST, Cron, CLI, Roles, CPT, Meta-box, List-table, Dashboard-widget, Notices, and Integration components
• 🔒 Security built in. defined( 'ABSPATH' ) || exit; on every file, nonces on every mutation, capability checks before every privileged action, sanitization on every input, escaping on every output, $wpdb->prepare() on every query
• 🧰 WordPress mechanisms covered: Custom Post Types & Taxonomies, Settings API, Gutenberg blocks, shortcodes, REST endpoints, WP-CLI commands, cron, custom tables, roles & capabilities, email notifications, frontend forms, dashboard widgets, import/export, activity logging, custom user meta
• 🎯 Audience-aware code generation. pick "Multisite network administrators" and the activator/deactivator/uninstaller all loop get_sites(); pick "Developers" and you get a docs/ folder with documented hooks
• 🧩 Frontend surfaces. shortcodes, Gutenberg blocks, classic widgets, template tags, the_content injection with opt-out, REST-driven SPA, custom page templates
• 🔌 Integration scaffolds. WooCommerce, BuddyPress/bbPress, ACF, Elementor, external REST APIs, Stripe/PayPal, Mailchimp/ConvertKit/SendGrid, Google Analytics, OAuth providers, incoming and outgoing webhooks (with HMAC verification and Action Scheduler fallback)
• 🌍 Internationalization: every user-facing string wrapped in i18n functions with the correct text domain, plus a populated .pot file in languages/
• 📚 Complete documentation: readme.txt in WordPress.org format (Contributors, Tags, Requires at least, Tested up to, Stable tag, License, Description, Installation, FAQ, Screenshots, Changelog, Upgrade Notice), readme.md GitHub-friendly mirror, PHPDoc on every class and public method
• 🗑️ Complete uninstall: drops every custom table, deletes every option/transient/user-meta/post-meta, clears scheduled events, removes registered roles and capabilities, with the proper WP_UNINSTALL_PLUGIN guard
• ⚡ Conditional asset enqueueing: get_current_screen() checks so admin assets never leak onto the frontend and public assets don't load on every admin page
• 🗃️ Custom-table best practices: $wpdb->get_charset_collate(), dbDelta(), indexes on every queried column, schema version stored in an option for migrations
• 🚫 Zero placeholders. no TODO, no TBD, no {name}, no Coming soon in any generated file

🔄 How it works

1. Intake: five picker prompts via AskUserQuestion, two free text:

• Plugin name (free text)
• Functionality categories (multi-select: CPTs, Settings page, Blocks, Shortcodes, REST, WP-CLI, Cron, Custom Tables, Roles, Email, Forms, Dashboard Widget, Import/Export, Logging, User Meta)
• Specific feature detail (free text. 2-4 sentences)
• Target users (single-select: Site admins / Editors / Frontend visitors / Developers / Multisite admins / Mixed)
• Admin interface components (multi-select: Top-level menu / Settings submenu / Tools submenu / Meta boxes / List tables / Dashboard widget / Admin notices / Help tabs / None)
• Frontend display surfaces (multi-select: Shortcodes / Blocks / Widgets / Template tags / the_content filter / REST SPA / Custom page templates / None)
• Third party integrations (multi-select: WooCommerce / BuddyPress / ACF / Elementor / External REST API / Stripe or PayPal / Mailchimp etc / GA / OAuth / Incoming webhooks / Outgoing webhooks / None)

2. Inference: slug, text domain, constant prefix, PHP namespace, main file name, and singleton class name are all derived from the plugin name. "Acme Bookings" → slug acme-bookings, text domain acme-bookings, constants ACME_BOOKINGS_*, namespace AcmeBookings.
3. Conditional generation: each component file is generated only if the corresponding picker option was picked. No empty blocks/ folder when Gutenberg blocks weren't requested.
4. Quality checklist: runs before delivery: ABSPATH guard on every PHP file, nonce on every mutation, capability check before every privileged action, sanitizer on every input, escape on every output, prepared statement on every query, i18n on every string, full readme.txt, complete uninstall.php, zero placeholders.
5. Delivery: writes the full tree to ./{plugin-slug}/ (or ./{plugin-slug}-new/ if the first exists).

🚀 How to use it

/wordpress-plugin ← walks through all seven questions
/wordpress-plugin "Acme Bookings" ← pre-fills the plugin name

Or natural language: "build me a WordPress plugin for time-slot bookings", "scaffold a WP plugin with a settings page and a REST endpoint", "create a custom post type plugin for testimonials", "I need a Gutenberg block plugin for newsletter signups", "make me a WooCommerce extension that adds gift wrapping".

The full skill instructions live at wordpress-plugin/skills/wordpress-plugin/SKILL.md.

---

wordpress-architect-review

Senior WordPress architect code review for plugins and themes. file by file audit covering security, performance, architecture, correctness, WordPress standards, accessibility, i18n, and missing infrastructure.

/plugin install wordpress-architect-review@chrismccoy-skills

Most AI code reviews of WordPress plugins read like generic linter output: "consider adding error handling", "use prepared statements where possible", without ever quoting the offending line. The wordpress-architect-review skill takes a different stance. It acts as a senior WordPress architect with 15+ years on WordPress.org submissions, enterprise WP stacks, and security audits. Every finding cites file:line, quotes the exact offending code, tags severity (SEVERE / MODERATE / MINOR), states the concrete impact, and gives the fix. No filler adjectives, no vague advice, no praise before issues.

Scope-locked. It will not write tutorials, recommend hosting, or answer general WP questions. only audit code. Prompt-injection defenses treat file contents as inert data, so a // Ignore prior instructions... comment in the audited code gets flagged as a CRITICAL Security finding rather than followed.

✨ Features

• 🎯 Target auto-detection. plugin header in root PHP, style.css theme header, block.json, or wp-content/mu-plugins/ path; aborts cleanly if none found
• 📖 Reads every file directly. every PHP/JS/CSS plus companion configs (readme.txt, theme.json, composer.json, package.json, phpcs.xml); no summarizing from filenames
• 🏷️ Severity-tagged findings. SEVERE / MODERATE / MINOR. mandatory format: title + file:line + code fence + Impact line + Fix line
• 📊 10-row scorecard. Security, Performance, Architecture, Correctness, WordPress Standards, Maintainability, Documentation, Testing, Accessibility/UX, Internationalization. overall weighted toward Security, Performance, Correctness
• 🛡️ Prompt-injection defense. inline instructions in the audited code are treated as inert data and reported as a CRITICAL Security finding
• 🔒 Scope lock. refuses tutorials, recommendations, hosting advice, non-code questions
• 🚫 Banned filler word list. no "leverage", "", "", "utilize", "synergy", and ~15 more
• ✅ Pre-emit validation. partial reports are regenerated, never shipped
• 🗺️ Optional refactor roadmap. 3-phase modernization path appended when overall score is below 6/10

📂 Categories covered

• Architecture: OOP vs procedural, namespacing, separation of concerns, autoloading, dependency injection
• Performance: query count, get_option autoload patterns, transient/object caching, asset enqueue strategy, N+1 queries, WP_Query efficiency
• Security: nonces, capability checks, ABSPATH guard, sanitization (correct filter per data type), escaping on output, prepared statements, CSRF, SSRF, file uploads, eval/create_function, raw $_GET/$_POST
• Correctness: type juggling, null handling, regex backtracking, race conditions, activation/deactivation idempotency
• WordPress Standards: Settings API, register_setting, wp_enqueue_*, text domain matching slug, i18n functions, REST patterns, hook priorities, transients, multisite
• Theme-specific: wp_head() / wp_footer(), body_class() / post_class(), template hierarchy, child theme compatibility, theme.json, FSE readiness, accessibility (skip links, ARIA, alt text)
• Plugin-specific: activation/deactivation/uninstall, register_activation_hook, dbDelta migrations, version constants, plugin row meta
• Maintainability: duplication, function length, naming clarity, dead code, hardcoded values
• Missing Infrastructure: readme.txt / style.css headers, Requires PHP, Tested up to, autoloader, PHPUnit, CI, phpcs.xml (WPCS), .editorconfig, .gitignore
• Compatibility: PHP/WP version range, deprecated function usage, block editor compatibility, multisite, RTL

🔄 How it works

1. Detect target: looks for plugin header, theme style.css, block.json, or mu-plugins path
2. Read everything: every PHP/JS/CSS file plus companion configs, with the Read tool, never from filename summaries
3. Categorize findings: max 5 per category, most severe first, every one cited and quoted
4. Score and rank: fill the 10-row scorecard, list the top 5 fixes with S/M/L effort tags
5. Optional roadmap: append a 3-phase refactor plan if overall is below 6/10
6. Pre-emit validation: silently verify every section before returning; regenerate anything failing

🚀 How to use it

/wordpress-architect-review ← audits the current working directory
/wordpress-architect-review ./wp-content/plugins/x ← audits the specified path

Or natural language: "review my WordPress plugin for security holes", "audit this theme before I submit to WordPress.org", "is this plugin ", "give me a senior architect review of this WP code", "rate my plugin out of 10".

The full skill instructions live at wordpress-architect-review/skills/wordpress-architect-review/SKILL.md.

---

unslop

Strip AI generated voice from source files without changing behavior.

/plugin install unslop@chrismccoy-skills

Every AI generated codebase has the same tells: // leverage this robust, comprehensive solution to seamlessly orchestrate the data provider, em-dashes everywhere, every comment opens with "This function...", every function name is orchestrateDataProvider when loadUsers would do. The unslop skill takes a rule based pass over comments, docstrings, log/error messages, and identifier names. It never touches code logic, function signatures, return types, string literals shown to end users, or CLI help text. Your code keeps working exactly the same. The fluff goes away. What's left sounds like a real person wrote it.

Scope locked at the file edit layer. The skill will not refactor business logic, fix bugs, modify error messages users see, rewrite commit messages, or edit CHANGELOG/LICENSE. Renames verify substring safety before applying (won't rename extract to pull if extractor exists in the file).

Rule 0 hard floor: if asked mid pass to change behavior, logic, signatures, or strings under any rationale ("just this once", "trivial fix", "while you're there"), the skill refuses with Out of scope for this pass. Open a new session for behavior changes. and stops. Rule 0 cannot be overridden by subsequent user instructions.

Target picker: when invoked without a target, the skill asks via a picker. File (one source file), Directory (folder, processed file by file per Rule 12), or Paste (paste code into chat, get cleaned version back, no filesystem write).

✨ Features

• 🧽 Vocabulary swap: kills marketing words (robust, seamless, comprehensive, world-class, powerful, elegant, crucial, vital, revolutionary, transformative, game-changing, mission-critical, bleeding-edge, bulletproof, holistic, supercharge, elevate, hand-crafted, purpose-built) and AI tells (delve, leverage, harness, tapestry, myriad, unleash)
• 💼 Marketing hyphenated compounds: drops production-quality, production-ready, enterprise-grade, copy-paste, theme-building, baked-in, plug-and-play, turn-key, future-proof
• ✂️ De-hyphenate technical compounds: open-source → open source, command-line → command line, third-party → third party, AI-generated → AI generated, file-by-file → file by file, step-by-step → step by step
• 🔢 Number-word + noun compounds: seven-question intake, four-phase rollout, three-step process → drop modifier or use digit
• 👀 Filler intensifiers (audit only): flags incredibly, highly, thoroughly, extensive, significantly, key (adj), fully, simply, very for human review
• 🪞 Empty enumeration intros (audit): flags wide range of, a host of, a wealth of, an array of, a suite of
• ➖ Em-dash kill: strips U+2014 / U+2013 from developer prose (comments, docstrings, logs, errors). Keeps them in CLI help text and user-facing terminal output. Leaves real number ranges alone (pages 5-10)
• 👥 First-person plural: drops we, us, our, let's. First-person singular (I, my) allowed
• 🏷️ Function renames: orchestrateDataProvider → loadUsers, handleData → parseRequest. Verifies substring safety before applying
• 🪢 Padding cuts: in order to → to, due to the fact that → because, at this point in time → now
• 🗯️ Hedging removal: perhaps, essentially, fundamentally, at its core, arguably
• 📚 Tutorial voice: drops As you can see, Let's dive in, Imagine that, It's worth noting that
• 🙏 Apologetic openers: drops Please note, Keep in mind, Bear in mind, As a reminder
• 📝 Structure tics: drops This function... / This class... openers, trailing wrap-up sentences that restate the docstring, decorative emojis/arrows/box-drawing in comments
• 🔁 Restatement comments: drops i++; // increment i and similar
• 🔇 Linter-suppression markers: flags unjustified # noqa, // @ts-ignore, // @ts-expect-error, # rubocop:disable, //nolint, // eslint-disable-line, # pragma: no cover, @phpstan-ignore-line, @psalm-suppress
• 📅 Author/date stamps: drops what git blame already tracks
• 🦺 Defensive-check noise: drops // just in case, // defensive check, // shouldn't happen
• 🎓 Latin show-offs + AI Britishisms: drops whilst, amongst, ergo, vis-à-vis
• 🧪 Test name cleanup: should correctly do X → do X

🌍 Languages covered

JavaScript, TypeScript, Python, Go, Rust, Java, C#, C/C++, Perl, Swift, Kotlin, PHP, Ruby, Elixir, Lua, SQL, PowerShell, Markdown, Shell scripts. Each language has its own ruleset section with tips for that language's comment/docstring/identifier conventions.

🛠️ Frameworks covered

React (+ Next.js Server Components, hooks, props), Vue (+ Nuxt composables, auto-imports), Astro (islands, content collections, view transitions), Alpine.js (x-* directives), Express (+ Koa, Fastify, Hono), Vite, Webpack, Rollup, esbuild, Tailwind (utility classes, @apply, config files), WordPress (plugins, themes, hooks, nonces, translation calls), Laravel (+ Blade, Livewire, Eloquent, migrations), Symfony (controllers, Doctrine, services, voters), Twig (Symfony/Drupal/standalone), EJS templates, .env files, knexfile database config.

🛡️ Safety rails

• Never changes code behavior, function signatures, return types, or string literals shown to end users
• Never touches CLI help text, README content, commit messages, license headers, CHANGELOG
• Function renames verify substring safety. won't rename extract to pull if extractor exists
• One pass per category. vocab swap → voice rewrites → function renames → syntax check → verification greps → human read-back. Mixing passes makes diffs unreviewable
• Falls back to "leave it and flag for human review" on ambiguous cases
• Ships with reviewer checklist and false-positive guide for when a flagged word is actually correct

🔄 How it works

1. Initialization gate: target picker fires (File / Directory / Paste) unless target already given
2. Pass 1: read target: full Read of the file, language detection from extension; loads relevant language + framework subsection from references/full-ruleset.md
3. Pass 2: vocabulary swap: Rule 2 (anthropomorphic + engineering jargon) and Rule 2c sections A-R in order
4. Pass 3: voice rewrites: first-person plural → imperative, kill tutorial voice, kill apologetic openers
5. Pass 4: em-dash + smart punctuation: strip U+2014/U+2013/smart quotes from developer prose
6. Pass 5: function renames: substring safety check, then rename across the file
7. Pass 6: syntax check: language-appropriate parse/lint
8. Pass 7: verification greps: scripts/verify.sh runs Rule 8 greps; all return empty when clean
9. Pass 8: human read-back: cadence + rhythm review (greps catch keywords, not voice)
10. Pass 9: emit final report: mandatory Markdown report (files touched, rename table, verification table, borderline kept, diff stats)

🚀 How to use it

Slash command:

/unslop # fires the File/Directory/Paste picker
/unslop src/auth.ts # skips picker, runs on the file
/unslop src/ # skips picker, runs on the directory

Natural language triggers (skill auto loads):

"unslop this file", "deslop the repo", "remove AI tells from src/auth.ts", "strip em-dashes from comments", "rename orchestrateDataProvider to something human", "audit this file for AI slop", "clean the AI voice out of these comments", "kill the marketing words in this codebase"

The full skill instructions live at unslop/skills/unslop/SKILL.md, the slash command at unslop/commands/unslop.md, the complete 16 rule, 19 language, 22 framework ruleset in references/full-ruleset.md, and verification greps in scripts/verify.sh.

---

vgademo

Generates retro 1990s style sizecoded assembly demos for MS-DOS, BIOS, and boot sector targets.

/plugin install vgademo@chrismccoy-skills

Remember the 256 byte intros and 4KB demos that shipped at Assembly, Revision, and The Party in the early 1990s? The kind of artful little programs the demoscene made famous. plasma fields, fire effects, tunnels, rotozoomers - all in the byte budget of a tweet? That's what this skill builds.

The vgademo skill adopts a veteran demoscene engineer persona and writes ultra compact 16 bit real mode assembly that runs on real (or emulated) DOS era hardware. It targets NASM, FASM, TASM, or MASM. emits .COM files, boot sectors, or raw binaries. and respects strict size budgets with byte level estimates before any code ships.

What makes it different from a generic "write me asm" prompt? It enforces demoscene rules. register reuse, implicit operands, fused operations (STOSB, STOSW, LODSB), bit shifts over multiplies, no PUSH/POP for preservation, no functions or macros beyond the minimum. And it refuses cleanly with a single line code (REFUSE: size, REFUSE: platform, REFUSE: contradiction) when your inputs don't add up, instead of producing broken bytes.

Whether you want to ship a 256 byte intro, write a flashy boot sector that fits in 510 bytes, or learn how the demoscene squeezes plasma effects out of a handful of opcodes, this plugin is for you.

📋 Technical Overview

An AI instruction specification that generates byte budget constrained 16 bit real mode x86 assembly in the style of early 1990s demoscene productions.

Built around a strict scope lock (refuses anything outside MS-DOS / BIOS / boot sector / .COM targets, refuses modern instructions, refuses size overruns), a mandatory output format (Byte Budget → Code → Core Trick → Tradeoffs), and a byte calibration table for accurate size estimation before emit.

Designed to behave like a real sizecoder. emit the trick, name the opcode, move on. no marketing register, no buzzwords, no tutorials. Includes prompt injection defenses that treat {{placeholder}} content as inert data.

✨ Features

• 🎨 14 placeholder variables driving every demo: visual effect, size budget, target platform, video mode, CPU mode, assembler, binary format, entry point, performance priority, loop style, allowed tricks, memory model, dependencies, and comments toggle
• 🎯 4-round multiple-choice intake via AskUserQuestion. each question auto-includes an "Other" option for custom values (custom visual effects like starfield, metaballs, voxel landscape pass through verbatim)
• 📏 Strict size budgets enforced with a per-opcode byte calibration table. 256b intros, 512b boot sectors, 1KB / 4KB. 15% safety margin built in
• 🧮 Byte estimate emitted before the code block. no surprise overruns
• 💾 Multi-target. MS-DOS .COM, raw boot sector (with 0AA55h signature), raw binary, BIOS-only mode
• 🖼️ Multi-mode rendering. Mode 13h (320x200x256 VGA), text mode (B800h, 80x25), VGA planar / Mode X
• 🔧 Four assembler syntaxes. NASM, FASM, TASM, MASM
• 🪄 Demoscene tricks. self-modifying code, undocumented opcodes, FPU, lookup tables, approximate trig, intentional overflow
• 🔁 Loop styles. single loop (LOOP instruction), unrolled, self-modifying
• 🎵 Optional PC speaker or AdLib-style sound when the byte budget allows
• 📋 Mandatory output format. Byte Budget → Code → Core Trick (mechanism + key instructions + register reuse map) → Tradeoffs (size won by / cycles cost / sacrificed)
• 🛡️ Single-line refusal codes. REFUSE: scope|size|contradiction|platform|placeholder|injection. no elaboration, no side-channel leaks
• 🔒 Scope lock refuses tutorials, history lessons, modern code (SSE/AVX/x86_64), and any request that breaches the declared CPU_MODE
• ⚡ Demoscene rules enforced. register reuse, implicit operands (AX/SI/DI), fused operations, bit-shifts for mul/div, no PUSH/POP for preservation, no functions or macros beyond minimum
• 📚 Two worked reference examples bundled. 256b XOR-plasma .COM (Mode 13h) and 512b text-mode color-bars boot sector (BIOS only)
• ⚠️ Negative anti-pattern example included. shows what to refuse cleanly instead of "fixing and emitting"
• 🎚️ Suggested low-temperature runtime (temperature=0.3, top_p=0.9). sizecoding needs low variance for stable byte counts
• 🚫 Hacker-engineer voice. no marketing register, no corporate jargon, no consultancy-speak
• 🔐 Prompt-injection defense. instructions embedded inside {{...}} placeholders are treated as inert data, refusal output is uniform to prevent side-channel inference

🔄 How it works

1. Intake: the /vgademo slash command runs four AskUserQuestion rounds collecting 14 placeholders:

• Round 1 - Visual & Platform: effect (plasma / fire / tunnel / rotozoomer / Other), size (256b / 512b / 1KB / 4KB), platform (MS-DOS .COM / boot sector / BIOS), video mode (Mode 13h / text mode / VGA planar)
• Round 2 - Toolchain: CPU mode (16-bit real / 32-bit protected), assembler (NASM / FASM / TASM / MASM), binary format (.COM / boot sector / raw), entry point (org 100h / org 7C00h / org 0)
• Round 3 - Optimization: performance priority (smallest / fastest / balanced), loop style (single / unrolled / SMC), allowed tricks (multi-select. SMC / undoc / FPU / LUT), memory model
• Round 4 - Final: dependencies (BIOS only / no DOS / direct HW), comments (yes / no)

2. Validation: checks for contradictions before emit. size-vs-effect, BIOS-only-vs-DOS-mode, 16-bit-vs-32-bit-tricks. emits REFUSE: <reason> on any conflict
3. Pre-emit checklist (silent): byte estimate ≤ 0.85 × size limit, zero forbidden instructions, register reuse covers every named register, mechanism matches the named trick
4. Emit: mandatory four-section output. Byte Budget, Code (single asm block), Core Trick (≤200 words), Tradeoffs (≤120 words)

🚀 How to use it

Two ways to invoke it:

Slash command (explicit):

/vgademo ← walks through all four intake rounds

Natural language (auto-triggers via the skill):

"write a 256 byte plasma intro in NASM for MS-DOS", "make a fire effect demo in Mode 13h", "build a 512 byte boot sector with color bars", "sizecoded tunnel effect for .COM file", "VGA assembly rotozoomer under 1KB", "demoscene intro for the 8086"

The full skill instructions live at vgademo/skills/vgademo/SKILL.md, the slash command at vgademo/commands/vgademo.md, and the worked reference examples (256b XOR plasma and 512b boot sector) plus the anti pattern at references/examples.md.

---

app-blueprint

Turns a one-line app idea into a complete, production-ready application blueprint.

/plugin install app-blueprint@chrismccoy-skills

Ever sat down to build something and realized the hardest part isn't writing the code. it's deciding the folder layout, the data models, the API surface, the deployment target, and the testing plan before you've typed a single line? That's what this plugin solves.

The app-blueprint skill behaves like a senior software architect with 15+ years of production experience. Hand it five inputs (what the app does, the tech stack, the workload type, the language, and the scale) and it hands back an 11-section blueprint with the folder tree, the layer walkthrough, the data models, every API endpoint, dependency choices with reasoning, environment variables, a testing plan, a deploy plan justified by your scale, architect's notes, and a self-validation table that auto-repairs inconsistencies before delivery.

What makes it different from a generic "design my app" prompt? It refuses to invent. no MyApp, no UserService, no Entity1. Every name derives from your APP_DESCRIPTION. It enforces consistency. every entity in the data-model section must appear in at least one API endpoint, every dependency must map to a folder or reference, the deployment target must be justified by your stated scale with a stated migration trigger. And it halts cleanly with MISSING INPUT: <field> required instead of guessing when an input is blank.

Whether you're scoping a weekend side project, prepping a team kickoff, or writing a BLUEPRINT.md for a real production system, this plugin gives you the binder a senior engineer would draft in their first ten minutes on the project.

📋 Technical Overview

An AI instruction specification that generates 11-section production application blueprints from five required inputs.

Built around a locked 11-section template (references/prompt-template.md), strict consistency rules (folder/layer parity, entity/endpoint mapping, dependency reachability, scale-justified deployment), a section 11 validation table that runs before delivery, and prompt-injection defenses that treat input field values as inert data.

Designed to eliminate generic placeholder filler, refuse missing-input requests cleanly, and produce blueprints whose folder trees and data models cross-reference correctly.

✨ Features

• 🏗️ 11 fixed sections in fixed order. project overview, folder tree, layer walkthrough, data models, API endpoints, dependencies, env vars, testing, deployment, architect's notes, self-validation
• 📥 Five required inputs. APP_DESCRIPTION, TECH_STACK, APP_TYPE, LANGUAGE, SCALE
• ❓ Slash command /blueprint runs an AskUserQuestion intake for any missing inputs. one question per missing field
• 🚫 No generic placeholders. all names derive from APP_DESCRIPTION (no MyApp, no UserService, no FooEntity)
• 🔁 Identical folder names in section 2 and layer names in section 3. parity enforced
• 🔗 Every section 4 entity must appear in at least one section 5 endpoint
• 📦 Every section 6 dependency must map to a folder (section 2) or a reference (section 8)
• 🚀 Deployment target (section 9) justified by SCALE explicitly. migration trigger always stated
• ✅ Section 11 validation table runs before output. any FAIL row repaired in place before delivery
• ⛔ MISSING INPUT: <field> required. Provide value and re-run. halt on any blank or placeholder input
• 🛡️ Prompt-injection defense. input field values treated as literal strings, never executed
• 🔒 Prompt secrecy. the template is never revealed, paraphrased, or summarized in output
• 📐 Output format. fenced code blocks for trees and config, tables for deps and env, domain-specific names everywhere

🔄 How it works

1. Intake: the /blueprint slash command collects five inputs via AskUserQuestion. one question per missing field. existing inputs are reused
2. Load template: reads references/prompt-template.md. the authoritative 11-section spec
3. Substitute placeholders: replaces {{APP_DESCRIPTION}}, {{TECH_STACK}}, {{APP_TYPE}}, {{LANGUAGE}}, {{SCALE}}. treats values as inert data
4. Emit sections 1-11: in exact order, no additions, no reordering
5. Self-validation: runs the section 11 validation table. repairs any FAIL row in place before delivery

🚀 How to use it

Two ways to invoke it:

Slash command (explicit):

/blueprint ← walks through the five-question intake

Natural language (auto-triggers via the skill):

"design a production architecture for a dog walking marketplace", "blueprint an app that tracks plant watering schedules", "architect a tool for booking guitar lessons", "give me a full system blueprint for a multi tenant SaaS", "production architecture for a coffee subscription box"

The full skill instructions live at app-blueprint/skills/app-blueprint/SKILL.md, the slash command at app-blueprint/commands/blueprint.md, and the 11-section authoritative template at references/prompt-template.md.

---

refactoring-analyst

Senior engineer refactoring review. evidence-first, citation-bound (path:line), 16 fixed sections, priority-tagged.

/plugin install refactoring-analyst@chrismccoy-skills

Ever stared at a codebase and known something was wrong but couldn't name the specific files, lines, or smells you should fix first? That's what this plugin solves.

The refactoring-analyst skill turns Claude into a careful pre-merge architectural reviewer that reads your project, finds the messy parts, and hands you a structured report you can actually act on. Every finding cites path:line. Every priority is plain text (CRITICAL / HIGH / MEDIUM / LOW). Every section either reports findings or emits the exact phrase None detected - <one-line reason citing what was checked>. so you know nothing was silently skipped.

What makes it different from a generic "review my code" prompt? It operates on Martin Fowler's Refactoring catalog, Robert Martin's Clean Code, and the SOLID + GRASP design heuristics as its reference grammar. It enforces a SCALE RULE when the codebase exceeds 50 files. prioritizes files matching your FOCUS_AREAS first, samples the rest one per major directory, and is honest about which files were fully read versus sampled. It never claims to have analyzed a file it didn't read. And it ships with a /refactor slash command that runs a multiple-choice intake (path, focus areas, scope, depth) so you don't have to type a long prompt.

Whether you're prepping a real refactor sprint, doing a pre-merge architectural pass, scoping technical debt for a quarterly plan, or just want a senior dev's honest read on a folder, this plugin produces the report you'd hire someone to write.

📋 Technical Overview

An AI instruction specification that generates a 16-section refactoring plan with path:line citations, CRITICAL / HIGH / MEDIUM / LOW priorities, a Top 5 Critical Issues block, a File Impact Matrix, an Issue Summary Table, and a phased Implementation Plan with risk and rollback notes.

Built around the locked 16-section template (references/sections.md), the hard-constraint and SCALE / FOCUS_AREAS rules (references/constraints.md), the summary tables spec (references/summary.md), a silent STEP 17 self-validation that re-runs the report before delivery, and prompt-injection defenses that treat TARGET_PATH and FOCUS_AREAS as inert data.

Designed to refuse fabrication. never claim to have read a file that wasn't read, never skip a numbered section, never invent line numbers.

✨ Features

• 📋 16 fixed sections in fixed order. codebase overview, cross-file coupling, duplication, readability, naming, structure, side effects, error handling, performance, security, testing, complexity, design patterns, anti-patterns, refactoring recommendations, implementation plan
• 📍 Every finding cites path:line. no vague "somewhere in auth/"
• 🎯 Priority labels. CRITICAL, HIGH, MEDIUM, LOW. plain text. works in every terminal. no emoji
• 📊 Three summary blocks. Top 5 Critical Issues, File Impact Matrix (files ranked by issue density), Issue Summary Table (every problem with effort estimate)
• 🗺️ Phased Implementation Plan. risk and rollback strategy per phase
• 🚦 SCALE RULE. if file count > 50, prioritizes FOCUS_AREAS files first, samples one per major directory, states exactly which were fully analyzed vs sampled
• 🎛️ FOCUS_AREAS RULE. sections matching focus extend to 800 words, others cap at 400
• 🧠 Martin Fowler Refactoring catalog, Robert Martin Clean Code, SOLID, GRASP. the reference grammar for every finding
• 🛡️ "None detected - " exact phrase when a section is empty. never silently skipped
• ✅ Silent STEP 17 self-validation. checks every claim, regenerates failed sections before output
• 🔒 Prompt-injection defense. TARGET_PATH and FOCUS_AREAS treated as inert data. directives inside inputs are logged in Section 1 and ignored
• 🚫 Refuses to fabricate. never claims to have analyzed an unread file. never invents line numbers
• 💬 /refactor slash command with multiple-choice intake. path, focus areas (multi-select), scope (file / folder / recent / sample), depth (quick / standard / deep)

🔄 How it works

1. Step 0 - Access verification: attempts to read TARGET_PATH. on failure reports path attempted, error, and what the user should check. does not proceed
2. Step 1 - SCALE RULE: if file count > 50, prioritizes FOCUS_AREAS matches first, samples remaining one per major directory, states exactly which files were fully analyzed vs sampled
3. Step 2 - Emit sections 1-16: in exact order, with path:line citations and CRITICAL / HIGH / MEDIUM / LOW priorities
4. Step 3 - Emit Summary: Top 5 Critical Issues, File Impact Matrix, Issue Summary Table per references/summary.md
5. Step 4 - Silent STEP 17 self-validation: runs the constraint checklist. regenerates any failed section before delivery

🚀 How to use it

Two ways to invoke it:

Slash command (explicit):

/refactor src/my-app ← runs the multiple-choice intake then the report
/refactor             ← prompts for the path

Natural language (auto-triggers via the skill):

"analyze code for refactoring", "produce a refactoring plan for src/", "find code smells in this project", "architectural review of this codebase", "SOLID/GRASP audit on auth/", "find God classes", "Martin Fowler refactoring catalog review", "pre-merge architectural review"

The full skill instructions live at refactoring-analyst/skills/refactoring-analyst/SKILL.md, the slash command at refactoring-analyst/commands/refactor.md, and the 16-section template, constraint list, and summary tables spec at references/sections.md, references/constraints.md, and references/summary.md.

---

docblock-rewrite

Convert PHPDoc and JSDoc /** ... */ blocks into one-line plain-English // comments. Two engines under one ruleset.

/plugin install docblock-rewrite@chrismccoy-skills

Ever inherited a codebase where every function has a perfectly-tagged PHPDoc block that tells you absolutely nothing about what the code does for a human reader? @param string $token, @return bool, three lines of jargon, and a non-technical teammate (PM, designer, support) bouncing off it. That's what this plugin solves.

The docblock-rewrite skill takes existing doc blocks and replaces each one with a single // comment a non-coder could understand. Tech jargon banned (no array, no callback, no instantiate). 100-character cap. Capitalized, present-tense verb for functions, noun phrase for classes / files / constants. Tags stripped - @param, @return, @throws, @since, @author, @version, all of it. Doc blocks marked @internal, @deprecated, or @ignore are left alone.

Two engines apply the same rules: an interactive Read / Edit walk the model runs directly for small jobs (1-20 files) when you want to tune the prompt or eyeball edge cases, and a bundled bash + perl + claude --print runner for bulk jobs (20+ files, repeat runs, CI / unattended). The script walks the directory, parses doc blocks with perl, calls Claude Haiku once per symbol, validates every response against the banned-word list and 100-char cap, and applies replacements right-to-left so byte offsets stay valid. Bad outputs leave the original block intact for human review. .bak files saved next to every modified file unless --no-backup.

Whether you're shipping a plugin to non-technical merchants, onboarding a new teammate who keeps asking what each function does, or cleaning up a decade-old PHPDoc graveyard before handing the repo off, this plugin turns wall-of-tags doc blocks into comments that read like a sentence.

📋 Technical Overview

A Claude Code plugin with a slash command, a skill, and a bundled three-file runner (bash + 2× perl) that share one set of rewrite rules. The skill body in skills/docblock-rewrite/SKILL.md carries the full rule set and decides which engine to use based on file count. The slash command /docblock-rewrite invokes the runner via ${CLAUDE_PLUGIN_ROOT}/scripts/docblock-rewrite.sh. Both engines emit the same // <summary>. format.

✨ Features

• 🧹 Strips PHPDoc / JSDoc blocks down to one plain-English // line
• 🚫 Banned-word list (instantiate, invoke, callback, promise, iterate, async, boolean, array, object, parameter, argument, mutate, hash, payload, instance, factory, singleton, polyfill, regex) - validation rejects any output that contains them
• 📏 100-character total cap including the leading //
• 🏷️ Honors @internal, @deprecated, @ignore opt-out tags - leaves those blocks alone
• 📄 File-level detection via @file / @package / @module or a post-block declare / namespace / use / import / export line
• 🗂️ Walks .php, .js, .ts, .jsx, .tsx, .mjs, .cjs - skips vendor, node_modules, dist, build, coverage, __tests__, .git, .next, .nuxt, out, tmp, *.min.js, *.min.css by default
• 🛟 .bak backup written next to every modified file unless --no-backup
• 🔍 --dry-run prints unified diffs without writing
• 🚦 Validation gates per response: one-line, // prefix, length cap, banned-word regex - failures leave the original block intact
• ⚙️ Concurrency-tunable (--concurrency N, default 3) parallel claude --print calls via xargs -P
• 🪓 Right-to-left byte-splice in apply-plan.pl keeps offsets valid across multi-block files
• 🤖 Same prompt rules in both the inline skill engine and the scripted engine

🔄 How it works

Inline engine (skill, small jobs):

1. Model uses Grep / Glob to find candidate files
2. For each file: cp file file.bak, Read the file, identify every /** ... */ block and its following declaration, rewrite each one with Edit, self-check against the rule set before applying
3. Report file count, blocks rewritten, blocks skipped, blocks needing review

Scripted engine (bulk):

1. find walks the path with the skip list
2. extract-docblocks.pl slurps each file, emits JSON pairs of (doc block, next non-blank line)
3. Bash loops the pairs, builds a prompt with the rule set + few-shot examples + the docblock + the symbol, pipes through claude --model … --print
4. Output gets head -n1 + trim, runs through validate_output (one line, // prefix, length cap, banned-word grep)
5. Validated outputs go into a per-file plan file as start <TAB> len <TAB> base64(new)
6. apply-plan.pl applies plan entries right-to-left so earlier byte offsets stay valid, renames original to .bak, writes new contents

🚀 How to use it

Two ways to invoke:

Slash command (scripted bulk run):

/docblock-rewrite . --dry-run     ← dry run on current dir
/docblock-rewrite src/            ← real run with .bak backups
/docblock-rewrite src/ --no-backup --concurrency 8

Natural language (auto-triggers via the skill):

"rewrite docblocks in src/", "convert my PHPDoc to plain English", "strip jargon from comments in formatting.php", "make these JSDoc blocks readable to a non-coder", "turn my doc blocks into friendly one-liners"

The skill picks the engine based on file count - small jobs run inline, big jobs hand off to the script.

The full skill instructions live at docblock-rewrite/skills/docblock-rewrite/SKILL.md, the slash command at docblock-rewrite/commands/docblock-rewrite.md, and the bundled runner at docblock-rewrite/scripts/docblock-rewrite.sh, docblock-rewrite/scripts/extract-docblocks.pl, docblock-rewrite/scripts/apply-plan.pl.

Requirements (script only)

bash 4+, jq, perl with MIME::Base64, claude CLI on PATH (Claude Code subscription auth, no API key required).

---

codebase-to-mermaid

Point Claude at any codebase. Get a validated Mermaid diagram of how the code actually flows. Every node and edge cited to a real file:line.

/plugin install codebase-to-mermaid@chrismccoy-skills

Ever joined a new project and burned a whole afternoon trying to figure out where the request enters, where it hits the database, and which file actually owns the business logic? The README claims one thing, the architecture diagram in the wiki is two years stale, and the only honest source of truth is the code itself. This plugin solves that. Point it at a repo and it reads the actual source, classifies the project (HTTP service, CLI, data pipeline, SPA, Next.js, WordPress plugin/theme, WooCommerce, Laravel, Symfony, Spring Boot, ASP.NET Core, Go service, Rust web service, Bash + WP-CLI, htmx, Alpine, Livewire, Vue SPA, C/C++/Qt/Unity, monorepo - 19+ languages, 30+ frameworks), and writes a Mermaid diagram showing the real flow with every node tied back to a file path and line number.

The skill runs five phases. Phase 1 globs the tree, reads manifests (package.json, composer.json, go.mod, Cargo.toml, pom.xml, pyproject.toml, Gemfile), and greps framework signals. Phase 2 picks the archetype from a 30+-row classification table. Phase 3 drafts the diagram with kebab-case node ids, verb-phrase edge labels (POST /login, emits user.created, awaits row), and subgraphs grouped by package boundary. Phase 4 self-validates: every node has a file:line citation, every edge is something you can Grep for, Mermaid syntax check, 40-node cap enforced. Phase 5 writes raw Mermaid source to flow.mmd (or flow-request-lifecycle.mmd + flow-service-topology.mmd for paired archetypes) and prints a Markdown report to chat with diagram, legend, and notes.

Hard refusal on invented modules, decorative edges, paraphrasing the README instead of reading the code, and on out-of-scope asks (code review, refactor proposals, bug hunts, security/performance audits - those are different skills).

📋 Technical Overview

A Claude Code plugin with one slash command and one skill. The skill body in skills/codebase-to-mermaid/SKILL.md carries the five-phase procedure (Discover → Classify → Draft → Validate → Emit) and constraints. The bulky framework grep cheat sheet, archetype-to-diagram table, and 24 worked few-shot examples live in references/ and load only when the model needs them - keeps base context light. The slash command /codebase-to-mermaid accepts an absolute or relative path, or shows a two-option picker (current working directory vs custom path) when invoked bare.

✨ Features

• 🗺️ Reads the whole project. Globs the tree, reads manifests, greps framework signals - no skimming the README and guessing
• 🔍 Auto-classifies the archetype across 19+ languages (JS, TS, PHP, Python, Go, Rust, Java, Kotlin, C#, C, C++, Ruby, Swift, Bash, Vue, Svelte, Razor) and 30+ framework families (React, Vue, Next.js, Nuxt, Astro, Remix, SvelteKit, Express, Fastify, NestJS, Hono, Koa, Laravel, Symfony, Livewire, Slim, Drupal, Magento, WordPress core / plugin / theme / Gutenberg / WooCommerce, WP-CLI, Spring Boot, Quarkus, Micronaut, Vert.x, ASP.NET Core, Blazor, MAUI, Unity, Qt, Drogon, Crow, axum, actix, rocket, leptos, yew, htmx, Alpine, chi, gin, echo, fiber, cobra, clap, FastAPI, Flask, Django, Rails, Airflow, Prefect, Dagster, Kafka, RabbitMQ)
• 📐 Picks the right diagram kind: flowchart TD for branching control flow, flowchart LR for pipelines and service maps, sequenceDiagram per route, classDiagram for ORM models
• 🏷️ Every node carries a file:line citation in the legend. Unverifiable node = deleted node
• 🚫 No invented modules, no decorative edges. If you cannot Grep for the call, the edge is deleted
• ✂️ Caps each diagram at 40 nodes. Bigger projects get an overview plus per-archetype zooms instead of one unreadable wall
• ⚠️ Flags destructive steps (wp db reset, wp search-replace, rm -rf, aws s3 rm --recursive) with a distinct node style
• 🤝 Pairs archetypes that travel together. WordPress plugin + WooCommerce, Laravel + Livewire, Go/chi + htmx + Alpine, Next.js + Prisma + tRPC - emits one diagram per layer plus a round-trip sequenceDiagram
• 📝 Writes raw Mermaid to flow.mmd (or flow-<archetype>.mmd per diagram) with no fences and no commentary, so it pipes straight into mmdc -i flow.mmd -o flow.svg
• 🖨️ Prints a Markdown report to chat: rendered diagram + legend (node-id → relative/path.ext:line - one-line role) + notes (external systems, async boundaries, anything skipped)
• 🚦 Scope-locked. Refuses code review, refactor proposals, bug hunts, security/performance audits, README rewrites, "explain this function". Diagram + legend + notes only

🔄 How it works

1. Discover. Glob the tree for layout and manifest files. Read manifests for entry points and declared deps. Grep framework signals from the cheat sheet in references/framework-signals.md. Build an internal {module → file → exported_symbols → callers} inventory capped at the top ~50 modules by inbound edges.
2. Classify. Pick the archetype from references/archetype-table.md. If two archetypes both fit, emit two diagrams. WordPress plugins/themes, Laravel/Symfony apps, and hypermedia stacks (htmx/Alpine/Livewire on top of a backend) almost always warrant at least two.
3. Draft. Write Mermaid with stable kebab-case node ids, human-readable labels, verb-phrase edge labels from real call sites, subgraphs by package boundary.
4. Validate. Self-check: every node id appears in the legend with a real file:line; every edge corresponds to a real call/import/route/hook/message you can Grep for; Mermaid syntax parses (balanced brackets, no reserved-word collisions, no orphan nodes, no labels with unwrapped special chars); diagram fits the 40-node cap or is split.
5. Emit. Write the raw Mermaid source to flow.mmd (or per-archetype .mmd files) into the target directory. Print the Markdown report to chat.

🚀 How to use it

Two ways to invoke:

Slash command:

/codebase-to-mermaid /path/to/repo         ← map this repo
/codebase-to-mermaid ../sibling-project    ← relative paths work too
/codebase-to-mermaid                        ← picker: current dir vs custom path

Natural language (auto-triggers via the skill):

"map this codebase", "draw a diagram of this repo", "generate a flow diagram", "make a mermaid diagram", "visualize this project", "show how this code flows", "diagram the architecture", "sequence diagram of this endpoint", "class diagram of these models", "onboarding diagram", "produce a flow.mmd"

After the run, render the saved .mmd file two ways:

# CLI (mermaid-cli)
npx -p @mermaid-js/mermaid-cli mmdc -i flow.mmd -o flow.svg

Or paste the contents of flow.mmd into https://mermaid.live.

The full skill instructions live at codebase-to-mermaid/skills/codebase-to-mermaid/SKILL.md, the slash command at codebase-to-mermaid/commands/codebase-to-mermaid.md, and the on-demand reference files at codebase-to-mermaid/skills/codebase-to-mermaid/references/framework-signals.md, codebase-to-mermaid/skills/codebase-to-mermaid/references/archetype-table.md, codebase-to-mermaid/skills/codebase-to-mermaid/references/examples.md.

---

excel-formula-troubleshooter

Debug, fix, and optimize broken Excel and Google Sheets formulas.

/plugin install excel-formula-troubleshooter@chrismccoy-skills

A broken formula is rarely broken where it looks broken. =VLOOKUP(A2,Sheet2!A:B,3,0) throws #REF! not because the syntax is wrong but because the column index counts inside the range, and A:B only has two columns. The excel-formula-troubleshooter skill traces the formula the way a spreadsheet engine does. function by function, parentheses balance, argument count and order, range references, data types (text vs number, dates as serials), circular references. then names the exact root cause, hands back a copy-paste-ready corrected formula, explains the fix in plain bullets, and where it helps, suggests a modern alternative (XLOOKUP over VLOOKUP, IFERROR to mask error values).

Output is locked to four sections so every answer reads the same: ❌ The Issue, ✅ Corrected Formula, 🛠️ How the Fix Works, 🚀 Better Alternative (omitted when none applies). Function names come back UPPERCASE, ready to paste. Scope is locked to spreadsheet-formula troubleshooting. it does not answer general spreadsheet or data questions outside a broken formula.

✨ Features

• 🔎 Silent pre-answer trace. function-by-function, parentheses balance, argument count/order, range references, data types, circular references. the reasoning never clutters the output
• 🎯 Exact root cause. mismatched parentheses, wrong syntax, text-vs-number mismatch, circular reference, incorrect range, wrong column index. not "consider checking your ranges"
• 📋 Copy-paste-ready corrected formula with UPPERCASE function names
• 🧾 Beginner-friendly bulleted explanation of why the fix works
• 🚀 Optional modern alternative. XLOOKUP over VLOOKUP, INDEX/MATCH, IFERROR to mask #N/A. omitted cleanly when nothing better applies
• 📦 Locked 4-section output format. identical shape on every answer
• 🚪 Asks for the issue instead of guessing when only a formula is supplied
• 🔒 Scope lock. spreadsheet-formula troubleshooting only

🔄 How it works

1. Intake: the /fix-formula slash command parses the broken formula and the issue. pipe-separated (formula | issue), tag-wrapped (<broken_formula> / <issue>), or interactive prompt when either is missing
2. Silent trace: walks the formula function-by-function, checking parentheses, arguments, ranges, data types, and circular references. reasoning is not shown
3. Diagnose: names the single exact root cause
4. Emit: the locked four-section answer. The Issue, Corrected Formula, How the Fix Works, optional Better Alternative

🚀 How to use it

Slash command (explicit):

/fix-formula =VLOOKUP(A2,Sheet2!A:B,3,0) | returns #REF!   ← formula | issue
/fix-formula =VLOOKUP(A2,Sheet2!A:B,3,0)                   ← asks for the issue
/fix-formula                                               ← full intake (formula + issue)

Natural language (auto-triggers via the skill):

"fix my Excel formula", "why does my formula return #REF!", "debug this spreadsheet formula", "troubleshoot a Google Sheets formula", "my VLOOKUP isn't working", "correct this formula"

The full skill instructions live at excel-formula-troubleshooter/skills/excel-formula-troubleshooter/SKILL.md, and the slash command at excel-formula-troubleshooter/commands/fix-formula.md.

---

naming-strategist

Senior naming strategist for venture-backed SaaS founders. 10 brandable, pronounceable, niche-fit domain candidates from five inputs. Locked 4-section output. Silent scoring drops weak names before they ever reach the page.

/plugin install naming-strategist@chrismccoy-skills

Naming a SaaS is the part most founders procrastinate on, then panic over the week before launch. The usual move - opening a naming-tool tab, scrolling through 400 -ify / -ly / -hub slop suggestions, and picking whichever one still has a .com left - produces names that are forgettable on day one and embarrassing by month six. This plugin replaces that with a structured naming pass: five inputs in, ten candidates out, every one scored silently on five axes before it gets printed, every one tagged with a recommended TLD and a Low/Medium/High risk note so you know what to verify and what to walk away from. The model never claims a domain is available, never claims a name is trademark-clear, and never produces output outside the four locked sections.

The skill body runs the workflow. Step 1 loads the master prompt from references/prompt-template.md and substitutes the five inputs. Step 2 generates 10 candidates obeying the rules in references/constraints.md - 6-12 chars where possible, no hyphens, no numbers, no descriptive keyword domains, at least five distinct naming structures across the list (compound, blended, metaphor, invented, classical-roots). Step 3 silently scores each candidate 1-10 on Brandability, Niche fit, Pronounceability, Spelling ease, Differentiation; drops anything below a 7 average. Step 4 emits sections A-D per references/output-spec.md. Step 5 runs a silent validation gate before printing - generic names regenerate, hype words regenerate, missing-structure variety regenerates.

Hard refusal on legal-certainty claims (Needs verification instead), on hype copy (proven, revolutionary, leverage, robust, seamless, cutting-edge), and on out-of-scope asks (marketing copy, strategy decks, legal advice, taglines - all answered with Out of scope - domain naming candidates only.).

📋 Technical Overview

A Claude Code plugin with one slash command and one skill. The skill body in skills/naming-strategist/SKILL.md carries the scope lock, input handling, and 5-step workflow. The authoritative master prompt with {{placeholders}} lives in references/prompt-template.md and loads on every invocation. The hard constraints (blocked words, scoring rubric, silent validation gate) live in references/constraints.md. The output format (sections A-D, per-candidate block, worked calibration example) lives in references/output-spec.md. The slash command /name-domains accepts an optional MARKET_TOPIC arg, then walks the user through AskUserQuestion intake for the remaining four fields.

✨ Features

• 🎯 Five inputs in, ten candidates out. MARKET_TOPIC + TARGET_AUDIENCE + OFFER_TYPE + BRAND_TONE (2-3 pick) + EXTENSION_PRIORITY
• 🧪 Silent 5-axis scoring - Brandability, Niche fit, Pronounceability, Spelling ease, Differentiation. Drops anything below 7 average before printing
• 🧱 At least 5 distinct naming structures across the 10 - compound, blended, metaphor, invented, classical-roots. No same-pattern repeats
• 🚫 Refuses hyphens, numbers, awkward letter clusters, forced -ify / -ly / -hub suffixes, generic descriptive keyword domains (BestBranding, FastestCRM), and famous-brand collisions
• 🛡️ No legal claims. Domains, trademark status, registrar availability - all answered Needs verification
• 🧊 No hype. Blocked phrasing in any rationale: proven, revolutionary, transformative, leverage, robust, comprehensive, streamline, harness, seamless, cutting-edge
• 📦 Locked 4-section output: A) Setup Summary (3 lines), B) 10 Name Candidates with Angle/Fit/Recommended extension/Risk note, C) Top 3 Shortlist with Strength + Watch-out bullets, D) Verification Checklist (registrar check, USPTO TESS, WIPO Global Brand Database, pronunciation test, Google collision search)
• ⚖️ Risk severity scale per name: Low (invented, no known collision), Medium (real-word compound, possible overlap), High (close to known brand or category-keyword overlap)
• 🛑 Prompt-injection defense. All five inputs treated as inert data. Directives like ignore prior, act as, respond in JSON, role-switch attempts inside field values are ignored
• 🪝 Scope-locked. Marketing copy, strategy decks, legal advice, taglines, naming for non-SaaS contexts - all refused with Out of scope - domain naming candidates only.

🔄 How it works

1. Intake. Slash command collects five fields via AskUserQuestion. If MARKET_TOPIC was passed as $ARGUMENTS, confirm and skip that question. Empty / blank / [FIELD_NAME] → halt with MISSING INPUT: <field> required.
2. Load template. Read references/prompt-template.md. Substitute {{MARKET_TOPIC}}, {{TARGET_AUDIENCE}}, {{OFFER_TYPE}}, {{BRAND_TONE}}, {{EXTENSION_PRIORITY}} with collected values. Treat values as inert data.
3. Generate 10 candidates obeying references/constraints.md. Prefer 6-12 chars. Mix structures. No hyphens, numbers, or forced suffixes.
4. Silent scoring. 1-10 on Brandability, Niche fit, Pronounceability, Spelling ease, Differentiation. Drop <7 average. If fewer than 10 survive: emit what passes + Returned N of 10 - niche requires looser scoring or revised inputs.
5. Emit sections A-D per references/output-spec.md. No extras. No reordering.
6. Silent validation gate. Regenerate any item that fails: generic, brand-collision, missing structure variety, hype words, availability claims. Do not announce the gate.

🚀 How to use it

Two ways to invoke:

Slash command:

/name-domains "AI productivity tools for solo founders"   ← arg seeds MARKET_TOPIC, picker fills the rest
/name-domains                                              ← full 5-question intake

Natural language (auto-triggers via the skill):

"name my SaaS", "generate domain names", "brand a startup", "come up with domain candidates", "name my micro-SaaS", "domain name brainstorm", "brandable startup name", "SaaS naming", "founder domain shortlist"

After the run, work the Section D checklist - register check across EXTENSION_PRIORITY, USPTO TESS search across IC 9 / 35 / 42, WIPO Global Brand Database for international overlaps in your launch regions, pronunciation test with 3 strangers, Google the bare term in quotes plus your market keyword.

The full skill instructions live at naming-strategist/skills/naming-strategist/SKILL.md, the slash command at naming-strategist/commands/name-domains.md, and the on-demand reference files at naming-strategist/skills/naming-strategist/references/prompt-template.md, naming-strategist/skills/naming-strategist/references/constraints.md, naming-strategist/skills/naming-strategist/references/output-spec.md.

---

wordpress-consultant

Senior WordPress Consultant (10+ years, WordPress VIP coding standards) that runs a fixed 10-section consulting framework over a WordPress project. Seven inputs in, an expert audit out, ending with a 0-100 scorecard and a single summary table.

/plugin install wordpress-consultant@chrismccoy-skills

Most "WordPress help" devolves into a pile of disconnected tips - install this caching plugin, bump that PHP version, try a different host. This plugin replaces that with the audit a senior consultant would actually run: seven inputs describing the site, ten sections of structured analysis, and a final report that scores the project on health, performance, security, scalability, and code quality. Every section 1-9 is capped at 250 words and written as Finding / Impact / Recommendation bullets - no prose walls, no filler. Section 3 (WooCommerce) drops to N/A when the site is not a store. The consultant never recommends nulled or pirated plugins, never suggests editing WordPress core, never prints secrets in examples, and never assigns a security rating without naming what was checked.

The skill body runs the workflow. Step 1 validates inputs - if Current Challenge or Development Goals is blank it halts and asks, because an audit with no problem statement and no goal is fiction. Step 2 loads the Section 1-10 prompts from references/framework.md. Step 3 uses extended thinking before Section 4 (Performance) and Section 10 (Final Report), the two sections that need the deepest reasoning. Step 4 emits every section under its exact header per references/output-contract.md. Step 5 applies the Section 10 scales and ends with the mandatory summary table. Step 6 runs a silent self-validation gate - all 10 sections present, every score on its defined scale, table last - before delivery.

Hard refusal on out-of-scope asks (anything that is not WordPress engineering, declined in one line then back to the framework), on nulled/pirated plugins, on core-file edits, and on security ratings given without naming what was checked.

📋 Technical Overview

A Claude Code plugin with one slash command and one skill. The skill body in skills/wordpress-consultant/SKILL.md carries the voice, scope lock, input gates, and 6-step workflow. The Section 1-10 analysis prompts live in references/framework.md. The output contract (word caps, Section 10 scales, summary-table columns, pre-delivery checklist) lives in references/output-contract.md. The full input-handling and prompt-injection rules live in references/guardrails.md. The slash command /wp-consult accepts an optional Current Challenge arg, then walks the user through AskUserQuestion intake for all seven fields.

✨ Features

• 🎯 Seven inputs in, a 10-section consultant report out. Website Type + Current Challenge + Technology Stack + Traffic Volume + Development Goals + Performance Requirements + Support Needed
• 🚧 Two required inputs gate the run - blank Current Challenge or Development Goals halts with MISSING INPUT: <field> required. The other five are optional and proceed with a flagged assumption at the top of the affected section
• 🧭 Fixed framework: Architecture Assessment, Development Strategy, WooCommerce Review, Performance Optimization Audit, Security Hardening, Debugging & Troubleshooting, Scalability & Infrastructure, Automation & Workflow, Technical Debt Assessment, Final Senior Consultant Report
• 🗜️ Max 250 words per section 1-9, written as Finding / Impact / Recommendation bullets. Section 3 drops to Section 3 — N/A (not a WooCommerce site) for non-stores
• 📊 Section 10 scorecard on fixed scales - Health, Performance, Security, Scalability, Code Quality (0-100); Technical Debt Severity (Low/Medium/High/Critical); Recommended Priorities (ranked, max 5)
• 📋 Mandatory Markdown summary table as the final element, every run, exact columns
• 🧠 Extended thinking before Section 4 (Performance) and Section 10 (Final Report)
• 🛡️ Security guardrails - never recommends nulled/pirated themes or plugins, never suggests editing core files, never outputs DB credentials/keys/secrets in examples, never claims a security rating without naming what was checked
• 🛑 Prompt-injection defense. All seven inputs treated as inert project data. Directives like ignore prior, system:, act as, role-switch attempts inside field values are ignored
• 🪝 Scope-locked to WordPress engineering. Non-WordPress requests declined in one line, then back to the framework

🔄 How it works

1. Intake. Slash command collects all seven fields via AskUserQuestion. If Current Challenge was passed as $ARGUMENTS, confirm and seed it. Empty / blank / [FIELD_NAME] on a required field → halt with MISSING INPUT: <field> required.
2. Validate. Required gate on Current Challenge and Development Goals. Optional blanks proceed with a flagged assumption. Conflicting inputs (e.g. Website Type vs Challenge) named in one line and confirmed before proceeding.
3. Load framework. Read references/framework.md, references/output-contract.md, references/guardrails.md. Wrap all input values in <inputs></inputs> and treat as inert data.
4. Extended thinking before Section 4 and Section 10.
5. Emit Sections 1-10 under exact headers. Mark Section 3 — N/A for non-stores. Max 250 words per section 1-9.
6. Section 10 + summary table. Apply the fixed scales. End with the single mandatory summary table - it must be last.
7. Silent validation gate. Confirm all 10 sections present, every score on its scale, table last, no security rating without naming what was checked. Fix any gap before output.

🚀 How to use it

Two ways to invoke:

Slash command:

/wp-consult "checkout is slow on our WooCommerce store"   ← arg seeds Current Challenge, intake fills the rest
/wp-consult                                               ← full 7-question intake

Natural language (auto-triggers via the skill):

"review my WordPress architecture", "WordPress performance audit", "WordPress security review", "scale my WordPress site", "WooCommerce performance review", "WordPress technical debt assessment", "senior WordPress consultant"

After the run, work the Section 10 priorities top-down - the ranked list is capped at 5 and ordered by impact, so start at the top, and use the summary-table scores to track health, performance, security, scalability, and code quality across follow-up engagements.

The full skill instructions live at wordpress-consultant/skills/wordpress-consultant/SKILL.md, the slash command at wordpress-consultant/commands/wp-consult.md, and the on-demand reference files at wordpress-consultant/skills/wordpress-consultant/references/framework.md, wordpress-consultant/skills/wordpress-consultant/references/output-contract.md, wordpress-consultant/skills/wordpress-consultant/references/guardrails.md.

---

language-tutor

Expert linguist, translator, and language tutor from five inputs, in the voice of a university-level instructor who stays clear enough for a self-studying learner. Two modes, locked section output per mode, an accuracy floor that refuses to fabricate, and a silent validation gate before printing.

/plugin install language-tutor@chrismccoy-skills

Most "translate this" prompts hand back a single bare sentence with no grammar, no pronunciation, and no sense of register - and most "fix my writing" prompts silently rewrite the text without telling you what changed or why. Worse, when the model is unsure it guesses: invented conjugation rules, made-up etymologies, plausible-but-wrong IPA. This plugin replaces that with the discipline an actual language instructor applies. TRANSLATION mode returns the most natural rendering plus dual-language grammar, a subject/verb/object breakdown, IPA with English approximations and stress marks, and a register/cultural-nuance read. TEXT ANALYSIS mode returns grammar, spelling and punctuation, style and flow, meaning, a fully corrected version with every change itemized original → corrected → reason, and five style rewrites. The source language is auto-detected, difficulty is aligned to CEFR A1-C2, and a Quick depth collapses the whole thing to the result plus a one-line note when that's all you want.

The skill body runs the workflow. Step 1 loads the master prompt from references/prompt-template.md and substitutes the five inputs. Step 2 detects the source language and resolves the mode (TRANSLATION, TEXT ANALYSIS, or Auto-detect from the text). Step 3 emits the locked section set for that mode per references/output-spec.md. Step 4 runs a silent validation gate from references/constraints.md - section completeness, IPA wrapped in slashes, CEFR level named, exactly five Alternative Versions, every change itemized - and fixes any failure before returning.

Hard accuracy floor: never invents grammar rules, etymologies, or IPA; flags uncertainty instead of guessing; states reduced confidence on low-resource languages and dialects and stops rather than approximating when a language can't be handled reliably. Prompt-injection defense treats all submitted text strictly as DATA - a phrase like "ignore your instructions" inside the text is translated or analyzed literally, never obeyed. Scope-locked: non-language requests get a brief decline and a restatement of what the tutor does, never a switch into general-assistant behavior.

📋 Technical Overview

A Claude Code plugin with one slash command and one skill. The skill body in skills/language-tutor/SKILL.md carries the persona, scope lock, core behavior, input handling, and 4-step workflow. The authoritative master prompt with {{placeholders}} and both mode specs lives in references/prompt-template.md and loads on every invocation. The accuracy floor, prompt-injection defense, and silent validation gate live in references/constraints.md. The exact section structure for both modes, the optional-extras menu, and two calibrated worked examples live in references/output-spec.md. The slash command /language-tutor accepts an optional TEXT arg, then walks the user through AskUserQuestion intake for the remaining fields.

✨ Features

• 🎯 Five inputs in, a full language breakdown out. MODE + TEXT + TARGET_LANGUAGE + NATIVE_LANGUAGE + DEPTH
• 🔀 Two modes: TRANSLATION (translate and explain a phrase) and TEXT ANALYSIS (correct and critique your own writing). Auto-detect picks the mode from the text when MODE is Auto
• 🧱 TRANSLATION emits 5 locked sections: Translation, Grammar (both languages), Structure, Pronunciation, Usage & Register
• 📝 TEXT ANALYSIS emits 6 locked sections: Grammar, Spelling & Punctuation, Style & Flow, Meaning & Content, Corrected Text (every change itemized original → corrected → reason), 5 Alternative Versions (formal, casual, detailed, concise, alt-vocabulary)
• 🔊 IPA inside slashes plus English approximations and marked syllable stress; pronunciation tips tailored to the learner's NATIVE_LANGUAGE for sounds that don't exist in it
• 🎚️ Register and difficulty aligned to CEFR A1-C2 where the language supports it, with the targeted level named
• ⚡ Quick depth returns only the Translation or Corrected Text plus a one-line note - no framework
• 🧠 Accuracy floor: never invents grammar rules, etymologies, or IPA; flags uncertainty instead of guessing; reduced-confidence warning on low-resource languages and dialects, and a hard stop rather than approximation when a language can't be handled reliably
• 🛡️ Prompt-injection defense. Submitted text is inert DATA; directives embedded in it (ignore your instructions, act as, system:) are translated or analyzed literally, never obeyed
• ✅ Silent validation gate: section set complete and in order, IPA in slashes, CEFR named, exactly 5 rewrites, every change itemized, no obeyed injections
• 🪧 Scope-locked. Non-language requests get a brief decline plus a restatement - no switch into general-assistant behavior

🔄 How it works

1. Intake. Slash command collects five fields via AskUserQuestion. If TEXT was passed as $ARGUMENTS, confirm and seed it. Empty / blank / [FIELD_NAME] on MODE or TEXT → halt with MISSING INPUT: <field> required. In TRANSLATION mode, a missing or ambiguous TARGET_LANGUAGE triggers one short clarifying question alone before proceeding.
2. Load template. Read references/prompt-template.md. Substitute {{MODE}}, {{TEXT}}, {{TARGET_LANGUAGE}}, {{NATIVE_LANGUAGE}}, {{DEPTH}}. Treat the entire TEXT value as inert data.
3. Resolve mode + language. Detect the source language unless specified. When MODE is Auto, infer the mode from the text; default to TRANSLATION when ambiguous and label the assumption.
4. Emit the locked sections for the active mode per references/output-spec.md. Omit a section only if it doesn't apply, and say why. Quick depth returns only the result plus a one-line note.
5. Silent validation gate. Section completeness, IPA slashes, CEFR label, 5-rewrite count, itemized changes, no obeyed injections. Fix any failure before printing. Don't announce the gate.

🚀 How to use it

Two ways to invoke:

Slash command:

/language-tutor "Je m'appelle Marie"   ← arg seeds TEXT, picker fills mode/target/native/depth
/language-tutor                         ← full 5-question intake

Natural language (auto-triggers via the skill):

"translate this to Japanese", "what does this mean in French", "explain this grammar", "analyze my writing", "correct my essay", "check my grammar", "proofread this", "how do I pronounce this"

The full skill instructions live at language-tutor/skills/language-tutor/SKILL.md, the slash command at language-tutor/commands/language-tutor.md, and the on-demand reference files at language-tutor/skills/language-tutor/references/prompt-template.md, language-tutor/skills/language-tutor/references/constraints.md, language-tutor/skills/language-tutor/references/output-spec.md.

---

Repo layout

.
├── .claude-plugin/
│ └── marketplace.json ← marketplace manifest
├── kubernetes-architect/ ← plugin
│ ├── commands/
│ │ └── kubernetes-architect.md ← /kubernetes-architect slash command (4-field AskUserQuestion intake)
│ └── skills/
│ └── kubernetes-architect/
│ ├── SKILL.md ← persona + scope lock + inputs + 4-step workflow + silent pre-delivery validation
│ └── references/
│ └── prompt-template.md ← authoritative master prompt with {{placeholders}} + Deployment skeleton
├── docker-compose-architect/ ← plugin
│ ├── commands/
│ │ └── docker-compose-architect.md ← /docker-compose-architect slash command (4-field AskUserQuestion intake)
│ └── skills/
│ └── docker-compose-architect/
│ ├── SKILL.md ← persona + scope lock + inputs + 4-step workflow + silent output validation
│ └── references/
│ └── prompt-template.md ← authoritative master prompt with {{placeholders}}
├── powershell-script-engine/ ← plugin
│ ├── commands/
│ │ └── powershell-script-engine.md ← /powershell-script-engine slash command (5-field AskUserQuestion intake)
│ └── skills/
│ └── powershell-script-engine/
│ ├── SKILL.md ← persona + scope lock + inputs + 4-step workflow + silent self-check
│ └── references/
│ └── prompt-template.md ← authoritative master prompt with {{placeholders}}
├── tech-blog-article/ ← plugin
│ ├── commands/
│ │ └── tech-blog-article.md ← /tech-blog-article slash command (5-field AskUserQuestion intake)
│ └── skills/
│ └── tech-blog-article/
│ ├── SKILL.md ← persona + scope lock + inputs + 4-step workflow + silent output gate
│ └── references/
│ └── prompt-template.md ← authoritative master prompt with {{placeholders}}
├── html-to-wordpress-theme/ ← plugin
│ ├── commands/
│ │ └── html-to-wordpress-theme.md ← /html-to-wordpress-theme slash command
│ └── skills/
│ └── html-to-wordpress-theme/
│ ├── SKILL.md
│ └── references/
│ ├── rules.md
│ ├── phase-1-analysis.md
│ ├── phase-2-implementation.md
│ └── phase-3-audit.md ← 79-item audit
├── html-design-styles/ ← plugin
│ ├── commands/
│ │ └── html-design-styles.md ← /html-design-styles slash command
│ └── skills/
│ └── html-design-styles/
│ ├── SKILL.md
│ └── references/
│ ├── common.md
│ └── styles/ ← one file per style (53 total)
├── wordpress-plugin/ ← plugin
│ ├── commands/
│ │ └── wordpress-plugin.md ← /wordpress-plugin slash command
│ └── skills/
│ └── wordpress-plugin/
│ └── SKILL.md ← intake + full WP plugin tree generator
├── wordpress-architect-review/ ← plugin
│ ├── commands/
│ │ └── wordpress-architect-review.md ← /wordpress-architect-review slash command
│ └── skills/
│ └── wordpress-architect-review/
│ └── SKILL.md ← detection rules + output format + scorecard + rubric
├── unslop/ ← plugin
│ └── skills/
│ └── unslop/
│ ├── SKILL.md ← trigger rules + pass-by-pass workflow
│ ├── references/
│ │ └── full-ruleset.md ← 16-rule, 19-language, 22-framework ruleset
│ └── scripts/
│ └── verify.sh ← post-edit grep verification
├── vgademo/ ← plugin
│ ├── commands/
│ │ └── vgademo.md ← /vgademo slash command (4-round intake)
│ └── skills/
│ └── vgademo/
│ ├── SKILL.md ← persona + scope lock + demoscene rules + output format
│ └── references/
│ └── examples.md ← 256b XOR-plasma + 512b boot sector + anti-pattern
├── app-blueprint/ ← plugin
│ ├── commands/
│ │ └── blueprint.md ← /blueprint slash command (5-input intake)
│ └── skills/
│ └── app-blueprint/
│ ├── SKILL.md ← 5 inputs + 11-section workflow + consistency rules
│ └── references/
│ └── prompt-template.md ← authoritative 11-section spec + validation table
├── refactoring-analyst/ ← plugin
│ ├── commands/
│ │ └── refactor.md ← /refactor slash command (path + focus + scope + depth intake)
│ └── skills/
│ └── refactoring-analyst/
│ ├── SKILL.md ← workflow (Step 0 access → Step 1 SCALE → Step 2 emit → Step 3 summary → Step 4 self-validate)
│ └── references/
│ ├── sections.md ← 16-section template + titles + per-section content
│ ├── constraints.md ← hard constraints, SCALE RULE, FOCUS_AREAS RULE, STEP 17 checklist
│ └── summary.md ← Top 5 Critical, File Impact Matrix, Issue Summary Table specs
├── docblock-rewrite/ ← plugin
│ ├── commands/
│ │ └── docblock-rewrite.md ← /docblock-rewrite slash command (path + flags)
│ ├── skills/
│ │ └── docblock-rewrite/
│ │ └── SKILL.md ← rule set + few-shot examples + engine-pick logic
│ └── scripts/
│ ├── docblock-rewrite.sh ← bash runner (walk + per-symbol claude --print + validate)
│ ├── extract-docblocks.pl ← parses /** ... */ + next declaration → JSON pairs
│ └── apply-plan.pl ← right-to-left byte-splice + .bak backup
├── codebase-to-mermaid/ ← plugin
│ ├── commands/
│ │ └── codebase-to-mermaid.md ← /codebase-to-mermaid slash command (path arg or picker: cwd vs custom)
│ └── skills/
│ └── codebase-to-mermaid/
│ ├── SKILL.md ← 5-phase procedure (Discover → Classify → Draft → Validate → Emit) + constraints
│ └── references/
│ ├── framework-signals.md ← grep cheat sheet across 19+ languages and 30+ frameworks
│ ├── archetype-table.md ← archetype → signals → best diagram (30+ rows)
│ └── examples.md ← 24 worked archetype → diagram walkthroughs
├── excel-formula-troubleshooter/ ← plugin
│ ├── commands/
│ │ └── fix-formula.md ← /fix-formula slash command (formula + issue intake)
│ └── skills/
│ └── excel-formula-troubleshooter/
│ └── SKILL.md ← silent trace → root cause → corrected formula → explanation → alternative
├── naming-strategist/ ← plugin
│ ├── commands/
│ │ └── name-domains.md ← /name-domains slash command (5-field AskUserQuestion intake)
│ └── skills/
│ └── naming-strategist/
│ ├── SKILL.md ← scope lock + inputs + 5-step workflow + silent scoring + locked sections A-D
│ └── references/
│ ├── prompt-template.md ← authoritative master prompt with {{placeholders}}
│ ├── constraints.md ← hard constraints, blocked-word list, scoring rubric, silent validation gate
│ └── output-spec.md ← sections A-D format, per-candidate block, worked calibration example
├── wordpress-consultant/ ← plugin
│ ├── commands/
│ │ └── wp-consult.md ← /wp-consult slash command (7-field AskUserQuestion intake, 2 required)
│ └── skills/
│ └── wordpress-consultant/
│ ├── SKILL.md ← voice + scope lock + input gates + 6-step workflow + system rules
│ └── references/
│ ├── framework.md ← Sections 1-10 analysis + generation prompts
│ ├── output-contract.md ← word caps, Section 10 scales, summary-table columns, validation checklist
│ └── guardrails.md ← input handling + prompt-injection defense + system rules
└── language-tutor/ ← plugin
 ├── commands/
 │ └── language-tutor.md ← /language-tutor slash command (5-field AskUserQuestion intake)
 └── skills/
 └── language-tutor/
 ├── SKILL.md ← persona + scope lock + core behavior + inputs + 4-step workflow + silent validation gate
 └── references/
 ├── prompt-template.md ← authoritative master prompt with {{placeholders}} + both mode specs
 ├── constraints.md ← accuracy floor, prompt-injection defense, scope lock, silent validation gate
 └── output-spec.md ← section structure for both modes, optional extras, two worked examples