Choose skills by scenario, quality, and trust signals.

Production-grade engineering skills for AI coding agents.

A curated list of awesome skills, hooks, slash-commands, agent orchestrators, applications, and plugins for Claude Code by Anthropic

The open source AI engineering platform for agents, LLMs, and ML models. MLflow enables teams of all sizes to debug, evaluate, monitor, and optimize production-quality AI applications while controlling costs and managing access to models and data.

Static Value-Flow Analysis Framework for Source Code

Interactive architecture diagrams for codebases

Node.js dependency tracing utility

AGENTS.md rules / skills for AI coding agents: Codex, Cursor & Claude Code. Inspired by Clean Code, Refactoring, DDD, Clean Architecture and DDIA programming books.

Next-gen phpDoc parser with support for intersection types and generics

PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.

Security risk analysis for Kubernetes resources

Radare2 and Frida better together.

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

Docker image that provides static analysis tools for PHP

An analysis tool for Python that blurs the line between testing and type systems.

SonarSource Static Analyzer for JavaScript and TypeScript

:coffee: SonarSource Static Analyzer for Java Code Quality and Security

Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.

A powerful C# Roslyn analyzer that uses static analysis to detect bugs, surface security issues, and enforce best practices—helping developers and AI write more reliable code.

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

An artifact of fully-specified annotations to power static-analysis checks, beginning with nullness analysis.

Python Type Checker / Language Server

Protect against malicious open source packages 🤖

A LLVM-based static analysis framework.

SPEC-First Agentic Development Kit for Claude Code — 24 AI agents + 52 skills with TDD/DDD quality gates, 16-language projects, 4-language docs. Go CLI, zero deps.

An Intelligent Python Code Quality Analyzer

An easy-to-learn/use static analysis framework for Java

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

PySonar2: a semantic indexer for Python with interprocedual type inference

A reactive Python kernel for Jupyter notebooks.

✔️ PHP Architecture Tester - Easy architecture testing for PHP

FlowDroid Static Data Flow Tracker

A high-quality PDF to Markdown tool based on large language model visual recognition. 一款基于大模型视觉识别的高质量PDF转Markdown工具

Code analyzer for C# and VB.NET projects

A code analyzer for Julia. No need for additional type annotations.

All-in-one devtool to automatically analyze, search and visualize project modules and dependencies from JavaScript, TypeScript (JSX/TSX) and Node.js (ES6, CommonJS)

T.J. Watson Libraries for Analysis, with front ends for Java, Android, and JavaScript, and many common static program analyses.

Code style checking for RSpec files.

A new version of Soot with a completely overhauled architecture

Symfony extension for PHPStan

Extra strict and opinionated rules for PHPStan

Cake a C23 front end and transpiler written in C

Doctrine extensions for PHPStan

SonarQube plugin for JetBrains IDEs providing code quality and security feedback directly in the IDE

A GitHub :octocat: app to automatically review Python code style over Pull Requests

SonarQube extension for Visual Studio Code providing code quality and security feedback directly in the editor

CodeCompass is a software comprehension tool for large scale software written in C/C++, C# and Python.

:ab: Tool to compare two revisions of a class API to check for BC breaks

Protect your secrets using Gitleaks-Action

A common base representation of python source code for pylint and other projects

🌟 A curated collection of free, high quality AI tools 🤖, APIs 🔗, datasets 📊, and learning resources 📚 covering machine learning 🧠, deep learning 🧩, generative AI 🎨, NLP 💬, and data science 📈. Designed to help developers 👩‍💻, researchers 🔬, and creators ✨ explore and build with AI faster ⚡.

Generate interactive call graphs for various languages

Tai-e assignments for static program analysis

My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.

A collection of my Semgrep rules to facilitate vulnerability research.

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

SiteOne Crawler is a cross-platform website crawler and analyzer for SEO, security, accessibility, and performance optimization—ideal for developers, DevOps, QA engineers, and consultants. Supports Windows, macOS, and Linux (x64 and arm64).

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated.

PHP Magic Number Detector

Security-focused static analysis for the Phoenix Framework