AgentKits

ClaudeKit is the fastest path from idea to production - built on top of Claude Code - Production-ready AI subagents automate your development & marketing workflows. Build in hours, not weeks. 🤌claudekit.cc

ck:worktree is for the moment one Claude Code session becomes three it creates isolated git worktrees for feature, fix, and refactor branches, with json status and cleanup paths parallel agents are great until they share one dirty checkout

git worktrees are boring until your coding agent overwrites the wrong branch. ck:worktree wraps the safe loop: detect repo state, create isolated feature/fix/docs lanes, install deps, audit stale worktrees, prune safely. parallel agents need parallel sandboxes

I like ck:code-review because it attacks one of the most annoying failure modes in agentic coding: confident completion claims. A coding agent can produce a clean-looking diff, say “done”, and still miss: - spec requirements - broken edge cases - security holes - tests it never actually ran - code that works once but becomes pain to maintain The useful pattern here is not “AI reviews code”. That framing is too shallow. The useful pattern is adding a red-team gate before the agent is allowed to claim completion. ck:code-review checks spec compliance, code quality, and adversarial failure modes. That is the kind of boring harness work that makes agents more production-worthy. Not as flashy as “built an app in 30 seconds”. Much more useful if you ship real software. Good agents should not just generate. They should verify, attack their own assumptions, and only then report back. x.com/BestAgentKits/…

auth is one of those boring layers that only becomes interesting after it breaks production that is exactly why i like ck:better-auth as a Claude Code skill not because it magically makes auth simple because it forces the agent to treat auth as a system, not as a random pile of snippets copied from docs what the skill covers: - email/password - OAuth providers like Google and GitHub - email verification and password reset - 2FA, passkeys, magic links - sessions and rate limiting - organization / multi-tenant flows - database adapters for SQLite, Postgres, MySQL, MongoDB, Drizzle, Prisma, Kysely - schema generation and migrations - framework handlers for TypeScript apps that sounds mundane until you remember how auth usually gets built in a rushed SaaS project first you add login then you add social login then someone asks for teams then someone asks for 2FA then you realize your session model, database schema, protected routes, and migration story were never designed as one thing congrats, you have invented auth spaghetti ck:better-auth is useful because it packages the implementation path as context that is the real point of skills in Claude Code and the Agent Skills standard they are not just longer prompts they are reusable operating procedures with supporting references, checklists, scripts, and domain decisions that load only when relevant for concrete use cases, i would use this when: - starting a new TypeScript SaaS - adding OAuth to an existing app - deciding between passwordless, passkeys, and classic email/password - wiring Better Auth into Next.js, Hono, Remix, SvelteKit, etc - generating the auth schema and migration path - adding organization/RBAC later without letting the data model rot - reviewing whether an agent-generated auth flow missed rate limits, session handling, or verification flows the tradeoff is important though this does not remove the need to understand your threat model an auth skill can guide implementation, but it cannot decide your product risk tolerance, compliance constraints, tenant isolation model, or recovery policy for you if you are building a toy, this may feel heavy if you are building anything with real users, payments, teams, or private data, this is exactly the kind of boring guardrail you want before the code exists my broader take: the next wave of agent productivity will not come from asking models to be more clever it will come from giving them better rails skills are rails and auth is one of the places where rails matter a lot more than vibes x.com/BestAgentKits/…

security scanning for agent-built code is underrated because the failure mode is not exotic it is usually boring stuff moving faster than your review discipline hardcoded tokens unsafe query strings innerHTML in the wrong place shell commands touching user input .env files that should never be tracked that is why i like the shape of ck:security-scan in ClaudeKit it does not pretend to replace a real pentest, runtime security testing, infra review, or compliance audit it is a preflight gate run it before merge, before release, or after a large Claude Code session touched sensitive areas concrete use cases: - you used Claude Code to wire a new auth flow and want a quick secrets plus dangerous-pattern pass - an agent refactored database access and you want to catch obvious SQL injection shapes before review - a dependency update landed and you want npm audit or pip audit surfaced in the same security report - you are reviewing generated code and want Claude to reason over grep hits instead of treating every regex match as equally scary tradeoff: regex plus shell tools will miss plenty of real vulnerabilities Claude reasoning can reduce false positives, but it is not proof of safety so the right mental model is not security solved it is cheap guardrail before humans spend attention who should care? small product teams using Claude Code heavily solo builders shipping with agents maintainers accepting AI-generated PRs anyone who has ever thought i will clean this up before launch and then, obviously, did not agent speed is great but if the agent helps you leak a prod key faster, that is not acceleration that is just speedrunning a postmortem x.com/BestAgentKits/…

caution: only use this skill with gpt-5.5/fable-5/opus-4.8 models 😁

ck:stitch is interesting because it targets a very specific failure mode in AI coding workflows: the gap between "make it look good" and "here is a design spec the coding agent can actually implement" most AI UI workflows collapse three different jobs into one prompt: - taste direction - visual exploration - implementation spec that sounds convenient, but it usually creates mushy handoff the agent can write code, yes. but if the design input is vague, the output becomes a negotiation with vibes: "make it cleaner" "more premium" "less SaaS slop" "the spacing feels off" useful feedback, terrible spec ck:stitch is a practical bridge for that it wraps Google Stitch inside a ClaudeKit skill so the workflow becomes: rough UI prompt → Stitch design → HTML/Tailwind export + DESIGN.md → frontend implementation agent that matters because DESIGN.md is the boring artifact that makes the rest of the loop less chaotic not glamorous, but very useful concrete places where i would use this: - quickly exploring dashboard layouts before coding - turning a product idea into a visual direction for a frontend agent - creating handoff artifacts for Claude Code instead of pasting screenshots and vibes - prototyping internal tools where polished enough beats perfect Figma - giving agents a shared design reference across sessions tradeoffs are real though Stitch is not a full frontend system. the skill notes the limits clearly: no direct React export, static layouts, responsiveness still needs engineering, and animations still live in code so i would not use it as "AI replaces designer" that framing is usually how people end up with expensive mid i would use it as "AI removes one fuzzy handoff layer" who should care: builders shipping small products, Claude Code users, indie teams without a dedicated designer, and anyone tired of asking an agent to implement taste from a paragraph the model is not the whole workflow anymore the artifact chain matters: prompt, design, spec, code, review ck:stitch is one more piece in that chain x.com/BestAgentKits/…

ck:bootstrap is interesting because it treats project setup as an operating system problem, not a boilerplate problem. Most new repos fail because the first week is a pile of implicit decisions: what stack are we actually choosing? what did we research? where is the plan? what is safe to cut? how do we test the first version? where does the next person onboard? That mess is exactly where agents get dangerous. Ask Claude Code to build too early and it can produce a lot of code before the project has rails. Looks productive. Usually expensive later. ck:bootstrap puts rails before motion. It runs a structured path from idea to running project: research tech stack visual and design decisions planning implementation through ck:plan and ck:cook testing review docs onboarding The important part is the handoff between skills. Bootstrap should not be the skill that writes everything directly. That would become another giant prompt pretending to be a process. Instead, it routes the work: ck:bootstrap frames the project ck:plan turns it into an execution plan ck:cook implements from the plan ck:journal records what happened That is much closer to how real engineering teams work. Concrete use cases: starting a SaaS dashboard where auth, billing, database, and UI decisions interact spinning up a prototype that may become a real product turning a client idea into a repo with docs and onboarding from day one making Claude Code useful for new projects without letting it freestyle the architecture giving parallel agents a shared plan instead of asking them to collide in the same repo Tradeoffs: It is overkill for a throwaway script. It will feel slower than instant scaffolding if all you want is a demo in 15 minutes. It also requires you to accept that the boring early decisions matter. Some builders hate that because chaos feels fast. But if the repo has a chance to survive more than a weekend, this is the correct kind of friction. The bigger pattern: good Agent Skills are not just commands. They encode operating loops. That is the difference between Claude generating files and Claude helping run a project without turning the repo into archaeological waste. x.com/BestAgentKits/…

new skill in claudekit engineer: ck:bootstrap it turns a raw project idea into a repeatable setup loop: research → stack → design → plan → build → test → docs. use it when the dangerous part is not coding, but starting the project without a sane operating system.

ck:stitch is for the awkward gap between "make me a nice UI" and actual frontend code it generates a Google Stitch design, exports HTML/Tailwind + DESIGN.md, then hands a real spec to your coding agent less vibe guessing, more design-to-code handoff

most agent workflows die in the gap between "make a plan" and "ship the PR" ck:vibe is an attempt to turn that gap into a pipeline: plan, cook/fix, review, ship, then watch CI not magic just fewer places for half-done work to hide

ck:security-scan is the boring gate i want before any agent-built code ships it checks secrets, deps, and risky OWASP-style patterns with shell tools plus Claude reasoning not a pentest, just a cheap preflight before you embarrass yourself

most ai coding failures are not model failures they are context packaging failures ck:repomix turns a repo or focused module into xml/markdown/json/plain context, with token counts and secret checks before you hand it to Claude Code boring tool. huge leverage

auth is where vibe coding gets expensive ck:better-auth turns Better Auth setup into a guided Claude Code skill: email/password, OAuth, 2FA, passkeys, sessions, orgs, db adapters, migrations, rate limits less spaghetti, more control

ck:code-review turns code review into a real gate, not a vibes-based checkbox. It checks spec compliance, code quality, and red-team failure modes before claiming done. Useful when agents are too confident and humans are tired of cleaning up confident garbage.

most backend bugs are not “model mistakes” they are missing guardrails: auth, input validation, DB boundaries, tests, deploy checks ck:backend-development gives Claude Code a production API checklist instead of another vague “build backend” prompt boring skill, useful skill

most coding agents waste context before writing code ck:scout fixes the first mistake: not knowing where things live it fans out small scouts across the repo, returns the relevant files, then the main agent works with a map instead of vibes scout first, code second

agents keep getting worse at media work when every format becomes a separate tool ck:ai-multimodal turns images, audio, video, docs, tts, music, and generation into one Claude Code skill Gemini/OpenRouter/MiniMax behind one repeatable workflow

ck:use-mcp is the skill i wanted every MCP-heavy Claude Code setup to have it gives you 2 paths: - Gemini auto-routes the right tool - direct scripts run deterministic calls less tool-schema soup in context, more controlled execution

we built ck:mcp-builder for a boring reason: most MCP servers should not be 1:1 API wrappers design workflow tools, concise outputs, and errors that teach agents what to try next less endpoint plumbing, more agent leverage