Skip to main content

What are Skills?

Skills are structured guidance files that teach Claude how to perform specific tasks. Unlike traditional documentation, skills provide behavioral guidance - they explain the WHY and WHEN, not just the WHAT.
Skills should provide guidance Claude doesn’t already have, not duplicate reference material. Focus on judgment calls, decision criteria, and anti-patterns.

Skill Structure

skills/
  <skill-name>/
    SKILL.md          # Entry point with frontmatter
    references/       # Optional: detailed reference docs
    workflows/        # Optional: step-by-step guides
    scripts/          # Optional: utility scripts
    templates/        # Optional: output templates

Example Structures

skills/ask-questions-if-underspecified/
  SKILL.md          # All guidance in one file

skills/constant-time-analysis/
  SKILL.md
  references/
    compiled.md     # C/C++/Rust guidance
    javascript.md   # JavaScript-specific
    python.md       # Python-specific
    ruby.md         # Ruby-specific

skills/interpreting-culture-index/
  SKILL.md
  references/
    primary-traits.md
    secondary-traits.md
    motivators.md
    anti-patterns.md
  workflows/
    analyze-team.md
    detect-burnout.md
    interview-debrief.md
  scripts/
    extract_pdf.py
    pyproject.toml
  templates/
    individual-report.md
    team-report.md

Frontmatter Format

Every SKILL.md must begin with YAML frontmatter:
SKILL.md
---
name: skill-name
description: "Third-person description of what it does and when to use it"
allowed-tools:  # Optional: restrict to needed tools only
  - Read
  - Grep
  - Bash
---

Frontmatter Fields

name
string
required
Skill name in kebab-case. Maximum 64 characters. Must be unique within the plugin.
description
string
required
Third-person description that triggers correctly. Include specific use cases and keywords.Good: “Detects timing side-channels in cryptographic code. Use when auditing constant-time implementations.”Bad: “Helps with security analysis”
allowed-tools
array
Optional list of tool names to restrict Claude’s access. Only list tools the skill actually needs.Common tools: Read, Grep, Glob, Bash, Write, Edit

Writing Effective Descriptions

Your skill competes with 100+ others. The description determines when Claude invokes it.

Third-person voice

✅ “Analyzes timing side-channels”❌ “I help analyze timing”

Include triggers

✅ “Use when auditing Solidity contracts”❌ “Smart contract analysis tool”

Be specific

✅ “Detects reentrancy vulnerabilities”❌ “Helps with security”

State the domain

✅ “for cryptographic code”❌ “for code”

Required Sections

Every SKILL.md must include these sections:

When to Use

Specific scenarios where this skill applies: 
## When to Use

Use this skill when a request has multiple plausible interpretations or key 
details (objective, scope, constraints, environment, or safety) are unclear.

When NOT to Use

Scenarios where another approach is better: 
## When NOT to Use

Do not use this skill when the request is already clear, or when a quick, 
low-risk discovery read can answer the missing details.

Additional Requirements for Security Skills

Security and audit skills must also include: 
## Rationalizations to Reject

Common shortcuts or rationalizations that lead to missed findings:
- "This code looks safe because it uses a well-known library"
- "The test suite passes, so there are no issues"
- "The code review was approved, nothing to worry about"

Content Organization

1

Keep SKILL.md under 500 lines

If content exceeds 500 lines, split into references/ and workflows/ directories.
2

Use progressive disclosure

Put essential quick-start guidance in SKILL.md. Link to detailed references for advanced users.
3

One level deep

SKILL.md can link to files, but those files shouldn’t chain to more files.✅ Nested folders: references/guides/topic.md❌ Reference chains: SKILL.md → file1.md → file2.md

Progressive Disclosure Pattern

SKILL.md
## Quick Start

[Core instructions here - the 80% case]

## Advanced Patterns

For complex scenarios involving X, see [ADVANCED.md](references/ADVANCED.md)

## Language-Specific Guidance

- [Python](references/python.md)
- [JavaScript](references/javascript.md)
- [Rust](references/rust.md)

## API Reference

Complete method documentation: [API.md](references/API.md)

Using Python Scripts

Skills can include Python scripts with dependencies using PEP 723 inline metadata:
scripts/process.py
# /// script
# requires-python = ">=3.11"
# dependencies = ["requests>=2.28", "pydantic>=2.0"]
# ///

import requests
from pydantic import BaseModel

# Your script here
Invoke with uv run for automatic dependency resolution:
SKILL.md
To extract data from the PDF:

```bash
uv run {baseDir}/scripts/extract_pdf.py input.pdf output.json


<Tip>
Include `pyproject.toml` in the `scripts/` directory for development tooling (ruff, mypy, etc.)
</Tip>

## Value-Add Guidelines

Skills should provide guidance Claude doesn't already have:

<CardGroup cols={2}>
  <Card title="Behavioral Guidance" icon="compass">
    Don't paste entire specs. Teach when and how to look things up.
  </Card>

  <Card title="Explain WHY" icon="lightbulb">
    Include trade-offs, decision criteria, and judgment calls.
  </Card>

  <Card title="Document Anti-patterns" icon="triangle-exclamation">
    Say why something is wrong, not just that it's wrong.
  </Card>

  <Card title="Provide Context" icon="book-open">
    Connect concepts to real-world security implications.
  </Card>
</CardGroup>

### Example: DWARF Expert Skill

The DWARF skill doesn't include the full DWARF specification. Instead, it:

- Teaches Claude how to use `dwarfdump`, `readelf`, and `pyelftools`
- Explains judgment about when each tool is appropriate
- Shows how to look up what's needed from the spec
- Provides decision criteria for analysis approaches

## Scope Boundaries

Prescriptiveness should match task risk:

<Tabs>
  <Tab title="Strict (High Risk)">
    **Use for fragile tasks:**
    - Security audits
    - Cryptographic implementations
    - Compliance checks
    - Data migration
    
    Provide rigid step-by-step enforcement with quality gates.
  </Tab>

  <Tab title="Flexible (Low Risk)">
    **Use for variable tasks:**
    - Code exploration
    - Documentation
    - Refactoring
    - Feature development
    
    Offer options and judgment calls. Trust Claude's reasoning.
  </Tab>
</Tabs>

## Real Examples

<AccordionGroup>
  <Accordion title="ask-questions-if-underspecified (Basic)">
    Clarifies requirements before implementing when requests have multiple interpretations.

    **When to Use:** When key details (objective, scope, constraints) are unclear.

    **Workflow:**
    1. Decide if the request is underspecified
    2. Ask must-have questions first
    3. Restate requirements before starting work
  </Accordion>
</AccordionGroup>

<AccordionGroup>
  <Accordion title="constant-time-analysis (Intermediate)">
    Main SKILL.md provides core workflow and links to language-specific guidance for C/C++/Rust, Python, JavaScript, and Ruby. Each reference file contains deep technical details for that language.
  </Accordion>

  <Accordion title="interpreting-culture-index (Advanced)">
    Interprets Culture Index surveys and behavioral profiles with comprehensive support for individual profiles, team composition, burnout detection, and hiring.

    **Includes:**
    - 9 reference files for trait details
    - 11 workflow files for specific use cases
    - Python package for PDF extraction
    - 6 template files for report generation
  </Accordion>
</AccordionGroup>

## Quality Checklist

Before submitting a skill:

<AccordionGroup>
  <Accordion title="Technical (CI validates)">
    - [ ] Valid YAML frontmatter with `name` and `description`
    - [ ] Name is kebab-case, ≤64 characters
    - [ ] All referenced files exist
    - [ ] No hardcoded paths (`/Users/...`, `/home/...`)
    - [ ] Uses `{baseDir}` for all plugin paths
  </Accordion>

  <Accordion title="Quality (reviewers check)">
    - [ ] Description triggers correctly (third-person, specific)
    - [ ] "When to use" and "When NOT to use" sections present
    - [ ] Examples are concrete (input → output)
    - [ ] Explains WHY, not just WHAT
    - [ ] No duplication of reference material
  </Accordion>

  <Accordion title="Content">
    - [ ] SKILL.md under 500 lines (split if larger)
    - [ ] Progressive disclosure pattern used
    - [ ] Clear workflow steps
    - [ ] Anti-patterns documented with explanations
  </Accordion>
</AccordionGroup>

## Best Practices

<CardGroup cols={2}>
  <Card title="Learn by Example" icon="graduation-cap">
    Study the reference skills:
    - Basic: `ask-questions-if-underspecified`
    - Intermediate: `constant-time-analysis`
    - Advanced: `culture-index`
  </Card>

  <Card title="Test Descriptions" icon="flask">
    Verify your description triggers correctly. Ask: "Would Claude invoke this for the right tasks?"
  </Card>

  <Card title="Minimize Dependencies" icon="minimize">
    Only include `allowed-tools` that are actually needed. Fewer restrictions = more flexibility.
  </Card>

  <Card title="Iterate Based on Use" icon="arrows-rotate">
    Skills improve with real-world usage. Update based on what works and what doesn't.
  </Card>
</CardGroup>

## Next Steps

<CardGroup cols={2}>
  <Card title="Commands" icon="terminal" href="/concepts/commands">
    Create slash commands that invoke skills
  </Card>

  <Card title="Agents" icon="robot" href="/concepts/agents">
    Build autonomous agents that use skills
  </Card>

  <Card title="Create Your First Skill" icon="code" href="/contributing/getting-started">
    Learn how to author skills
  </Card>
  
  <Card title="Skill Examples" icon="book" href="/contributing/examples">
    Browse real-world skill implementations
  </Card>
</CardGroup>