My agent skills for GitHub Copilot CLI and other coding agents. Small, composable, and easy to adapt.
Inspired by mattpocock/skills.
copilot plugin install dfrysinger/skillsSkills register under the plugin name dfrysinger-skills and become available to invoke from your agent session. Direct local installs from a path on disk are deprecated in Copilot CLI; installing from this GitHub repo is the supported path.
The daemon runs three per-user LaunchAgents under your login session:
com.${USER}.skills.sweep(daily 09:15) — autonomous skill creation into the LOCAL root only.com.${USER}.skills.curator(daily 09:30) — dry-run consolidation report; never mutates.com.${USER}.skills.selftest(manual) — preflight check.
Install + verify:
~/code/skills/skills/skill-review/scripts/daemon-install.sh install
~/code/skills/skills/skill-review/scripts/daemon-install.sh selftestOther commands: status, uninstall. Halt switch: any file at ~/.copilot/skill-state/skill-review/disable-daemon makes both autonomous jobs no-op until removed.
The daemon writes only to ~/.copilot/skills/ (local, no remote) and the state dir ~/.copilot/skill-state/. It never modifies this public repo, even on disk — verify-repo-unchanged.sh is the post-run guard.
Self-learning skill system — a port of Hermes Agent to Copilot CLI
A port of NousResearch/hermes-agent's autonomous self-learning machinery (MIT). Agents create skills from real work without being asked, and the library is routinely consolidated or pruned. Because Copilot CLI has no code-enforced post-turn fork like Hermes, the autonomous-creation trigger is reimplemented as an end-of-task subagent dispatch plus a daily scheduled sweep, both gated by a durable ledger. The two-root layout provides the containment Hermes gets from forking. Full attribution and the verbatim-vs-adapted breakdown: skills/skill-review/references/NOTICE.md.
- skill-review : Autonomous per-session reflection that creates/patches skills WITHOUT asking — a port of Hermes's
background_review.py(_SKILL_REVIEW_PROMPTlifted verbatim, wrapped in a binding Copilot execution contract). Writes only to the LOCAL root. - skill-curator : Periodic curator (Hermes
curator.py) that consolidates narrow sibling skills into umbrellas and archives unused ones on a 7-day cadence; agent-created skills are autonomous, hand-made skills are recommend-only. - skill-create / skill-manage : Copilot-native re-expression of Hermes's skill-management tool surface — create, patch, archive, restore, pin, promote, or extend a skill with enforced authoring standards and a validator.
To trigger an autonomous skill-creation pass on demand (instead of waiting for the daily 09:15 sweep), drop a scoped prompt like this into a fresh Copilot CLI session:
Dispatch skill-review subagent to scan my last 30 days of sessions for any procedure I had to explain to an agent more than twice that isn't already covered by a skill in
~/code/skills/skills/or~/.copilot/skills/.
The subagent runs the same prompt the daemon does, scoped to whatever pattern you describe. Phrase the ask in terms of recurring teaching patterns rather than specific error messages — the reviewer is tuned to dismiss one-off failures as noise, so framing like "find this bug class" tends to come back empty even when the pattern is real. Output lands in ~/.copilot/skills/ with a .agent-created marker and a ledger entry; the public repo stays pristine.
- dual-review : Run two independent reviewers (latest Claude Opus + latest GPT, non-mini/non-codex) in parallel against a diff, merge their findings without duplicates, fix everything in scope, and iterate until both return clean. Symmetric failure handling, hallucination guard, round-11 escape hatch. Includes a drop-in reviewer-prompt template under
references/.
- authenticated-browse : Open a headed Playwright Chromium window so you can complete SSO/MFA/device-trust login manually, then let the agent reuse that persistent profile headlessly to fetch text/HTML/links, screenshot pages, or evaluate JS on internal sites it otherwise can't reach. Per-profile lock; cookies stay on your machine.
- feature-development-loop : The default loop for essentially all non-trivial development work — design, rubber-duck the design, build, then prove it works with a real end-to-end run before review ("real" scales to the project: token-burning model/backend call for agent work, or exercising the running app/UI with screenshot inspection for app/web). Then run
dual-reviewas its own review-and-fix loop until both reviewers are clean — handed the design plus project context (AGENTS.md, README, roadmap, plan) — then one final E2E; only an E2E failure restarts the loop. Callsdual-review,rubber-duck, and (for UI capture)macos-background-app-control. - git-history-recovery : Recover lost or displaced Git work after an accidental reset/checkout/rebase/stash using reflog, dangling commits, and path-scoped restore.
- explaining-to-users : Explain technical work in plain language scoped to the user's actual context — context before the point, no unexplained jargon, no assumed codebase knowledge.
- github-api-integration : Class-level playbook for integrating against the GitHub REST + GraphQL APIs — query-complexity limits, OAuth-App vs GitHub-App scope behavior, SAML-SSO null-node redaction, pagination, rate limits, and turning raw API errors into actionable UX.
- autonomous-github-actions : Guardrails for agent-initiated, externally-visible GitHub writes — filing issues, opening PRs, posting comments, pushing to repos the user does not own.
- secret-hygiene : Preventive playbook for keeping tokens / API keys / PATs / passwords / private keys out of both the chat transcript (which is sent to the cloud and persisted) and git. Covers the "never ask, never echo, never paste" rule for conversations, plus the layered defenses — gitignore,
.env.exampleonly, gitleaks pre-commit, GitHub push protection, pre-first-push visibility check — that stop credentials from reaching GitHub. Rotate-first if anything leaks. - mailbox : Hand off a file or message from one Copilot CLI session to another running in a different tmux pane, addressed by tmux session name. Durable file queue under
~/.copilot/mailbox/<recipient>/, best-efforttmux send-keyswakeup with verification poll, macOS notification fallback, and a resume-hook for the user'scascript. Pairs withhandofffor cross-session continuation. Requires macOS + tmux + thecaagent-naming convention from remote-agent-stack. - macos-background-app-control : Drive a macOS app for verification without stealing focus or moving the cursor — background window screenshots via
CGWindowListCreateImage, native-chrome control via Accessibility (AX), keystrokes/clicks viaCGEventPostToPid. Use when verifying a GUI end-to-end while the user is actively working on the same Mac.
Productivity (vendored from mattpocock/skills, MIT)
See skills/NOTICE.md for attribution.
- caveman : Ultra-compressed communication mode. Cuts token usage ~75% by dropping filler, articles, and pleasantries while keeping full technical accuracy. Triggers on "caveman mode", "be brief", etc.
- grill-me : Get relentlessly interviewed about a plan or design until every branch of the decision tree is resolved, with a recommended answer for each question.
- handoff : Compact the current conversation into a handoff document (written to OS temp dir) so another agent can pick up the work; includes a "suggested skills" section. Wired to
mailbox: when the user names a recipient session (e.g. "hand off to juliett"), the doc is auto-delivered via the mailbox queue with a tmux-wakeup so the recipient picks it up on their next turn. - write-a-skill : Create new skills with proper structure, progressive disclosure, description-trigger guidance, and bundled resources.
This system uses two skill roots with different authority:
- PUBLIC plugin repo (this repo, installed at
~/code/skills/) — curated, shareable skills loaded via.claude-plugin/plugin.json.skills[]. The autonomous self-learning daemon never writes here; promotion of a local skill into this repo is a deliberate user action viaskill-manage/scripts/promote-skill.sh. - LOCAL native root
~/.copilot/skills/<name>/— agent-managed, mutable. Loaded directly by Copilot CLI without a plugin entry. It is a local git repo with no remote (each daemon write is a reversible commit, but nothing is ever pushed). This is where the daemon-created and personal-only skills live.
Daemon dedup state (ledger + tombstones) lives outside both repos at ~/.copilot/skill-state/skill-review/ so it never leaks into the published plugin.
Public repo on-disk layout:
.claude-plugin/
plugin.json # explicit allowlist of skill directories
skills/
<name>/
SKILL.md # the skill's prompt / protocol
scripts/ # optional: deterministic helpers
references/ # optional: long-form notes / docs
templates/ # optional: starter files
NOTICE.md # attribution for vendored skills
Adding a new skill via this repo: drop a SKILL.md under skills/<name>/, list its directory in .claude-plugin/plugin.json .skills[], commit. Re-run copilot plugin update dfrysinger-skills on any machine to pull the change.
For a personal-only skill that should NOT be published, drop the directory under ~/.copilot/skills/<name>/ instead and run /skills reload. Promote later if you decide to share it.
Most of this system is hardcoded to my paths/identity by default but parametrized via env vars. To run it under a different user / repo / Copilot identity:
| Override | Default | Effect |
|---|---|---|
SKILLS_REPO_ROOT |
~/code/skills |
Public/curated plugin repo path |
SKILLS_LOCAL_ROOT |
~/.copilot/skills |
Local agent-managed skills root (must be a local-only git repo with no remote) |
SKILLS_STATE_DIR |
~/.copilot/skill-state/skill-review |
Daemon ledger + tombstones location |
SKILLS_LAUNCHD_PREFIX |
com.${USER}.skills |
LaunchAgent label prefix; rendered into __LABEL__ in skills/skill-review/assets/launchd/*.plist.tpl at install time |
SKILLS_COAUTHOR_TRAILER |
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> |
Trailer appended to commits made by archive/restore/promote scripts. Override for Codex / Claude Code / etc. |
Plus two manual edits a forker should make:
.claude-plugin/plugin.jsonnamefield — the published plugin slug. Mine isdfrysinger-skills; rename it to<your-handle>-skillsif you republish.~/.copilot/copilot-instructions.md— the trigger prose currently names me; reword to your preferences.
The launchd daemon is macOS-only (launchctl, security, osascript). Linux porters would need a systemd-user wrapper around skill-review/scripts/daemon-run.sh — out of scope here, but the script itself is portable.
MIT. See LICENSE.