New articles:
- the-security-guide.md: "The Shorthand Guide to Securing Your Agent" (595 lines)
Attack vectors, sandboxing, sanitization, OWASP Top 10, observability
- the-openclaw-guide.md: "The Hidden Danger of OpenClaw" (470 lines)
Security analysis of OpenClaw, MiniClaw thesis, industry evidence
External link sanitization (22 files across EN, zh-CN, zh-TW, ja-JP, .cursor):
- Removed third-party GitHub links from skills and guides
- Replaced with inline descriptions to prevent transitive prompt injection
- Kept official org links (Anthropic, Google, Supabase, Mixedbread)
- Swap loadHistory/appendTurn order to prevent user message appearing
twice in the prompt (once in history, once as USER MESSAGE)
- Calculate actual loaded skill count via fs.existsSync instead of
counting requested skill names (banner now reflects reality)
- Add err.stack to test harness error output for better debugging
- Add do-catch error handling to SwiftUI streaming example in
foundation-models-on-device
- Add Auto Layout constraints to UIKit glass effect example in
liquid-glass-design
- Promote build settings prerequisite from code comment to visible
blockquote warning in swift-concurrency-6-2
- Add required name/description properties and @Generable to RecipeSearchTool
- Fix missing argument label in session.respond(to:) call
- Remove non-existent .scrollExtensionMode API, replace with correct guidance
- Change PhotoProcessor from struct to class for cache mutation support
- Fix method name mismatch in @concurrent example caller
Add skill covering Swift 6.2 Approachable Concurrency model including
single-threaded defaults, @concurrent for explicit background offloading,
isolated conformances, and MainActor default inference mode.
Add skill covering Apple's FoundationModels framework for on-device
language model integration, including @Generable guided generation,
tool calling, and snapshot streaming patterns.
Add origin field to all skill files to track their source repository.
This enables users to identify where distributed skills originated from.
Fixesaffaan-m/everything-claude-code#246
This script scans the current working directory and generates architectural codemap documentation in the specified output directory. It classifies files into areas such as frontend, backend, database, integrations, and workers, and creates markdown files for each area along with an index.
Changes based on CodeRabbit review feedback:
1. Remove entire .cursor/ directory — it was an identical copy of the
main skills/commands/agents/rules, causing maintenance drift.
Users of Cursor can reference the canonical files directly.
2. Use explicit `is not None` checks instead of truthiness for
parsed['input'] and parsed['output']. Empty strings or empty
dicts are valid values that should be preserved.
The observe.sh script receives "pre" or "post" as $1 from the hook
config, but the Python code was looking for a "hook_type" field in
the stdin JSON. Claude Code does NOT include "hook_type" in the
JSON payload passed to hooks, so it always defaulted to "unknown",
causing all observations to be recorded as "tool_complete" —
PreToolUse events were never distinguished from PostToolUse.
Fix: capture $1 as HOOK_PHASE and pass it to Python via env var.
This also fixes TIMESTAMP export in the .cursor copy where inline
`VAR=val cmd` syntax didn't propagate to the python subprocess.
Add automated visa document translation skill that:
- Supports multiple OCR methods (macOS Vision, EasyOCR, Tesseract)
- Translates documents to professional English
- Generates bilingual PDFs (original + translation)
- Handles various document types (bank statements, employment certificates, etc.)
- Perfect for visa applications to Australia, USA, Canada, UK, EU
Tested with retirement certificates and other official documents.
The post-edit-format hook was hardcoded to use Prettier. Projects using
Biome had their code reformatted with Prettier defaults (e.g. double
quotes overwriting single quotes).
Now the hook walks up from the edited file to find the project root,
then checks for config files:
- biome.json / biome.jsonc → runs Biome
- .prettierrc / prettier.config.* → runs Prettier
- Neither found → skips formatting silently
