---
name: discover-skill
description: Looks up a skill by name, keyword, or domain in the curated catalog (skill-sources.json). Returns the source repo, tier of trust, install methods supported, and any guardrails (overlap warnings, deprecations). Use when the orchestrator detects a missing skill and needs to know where to fetch it from.
when_to_use: |
  Called by `orchestrate` after the local inventory phase identifies a missing component.
  Can also be invoked directly: "discover skill for shadcn", "qual repo tem skill de RLS?",
  "find a security audit skill".
disable-model-invocation: false
allowed-tools: Read Bash(jq *)
---

# Discover skill

Query: $ARGUMENTS (a skill name, keyword, or domain)

## Workflow

1. Read the catalog: `Read ${CLAUDE_SKILL_DIR}/references/skill-sources.json`.
2. Read the routing rules: `Read ${CLAUDE_SKILL_DIR}/references/routing-rules.json` (used to enrich match with stack hints).
3. Match strategy (in order):
   - **Exact match** on `id` or `highlight_skills[*]`.
   - **Keyword match** on `trigger_keywords[*]` or `categories[*]`.
   - **Domain match** on `domain` field.
   - **Fuzzy match** on description tokens (last resort).
4. For each match, return a structured row with:
   - `tier` (tier_1 → tier_4)
   - `repo URL`
   - `license`
   - `install_methods` (with the primary one flagged)
   - `version_check` endpoint (for the orchestrator's version-check phase)
   - `warnings` if any (overlap, experimental, deprecated)
   - `recommended_action` from the catalog
5. **Ranking:** sort by tier first (tier_1 > tier_2 > tier_3 > tier_4), then by stack-match (catalog entries with `stack_match` containing the user's stack get +5 priority), then by stars.

## Output format

Return a markdown table:

```
| Skill match | Tier | Source | License | Install method (primary) | Notes |
|---|---|---|---|---|---|
| skill-creator | 1 | anthropics/skills | Apache-2.0 | /plugin install example-skills@anthropic-agent-skills | Official |
| frontend-design | 1 | anthropics/skills | Apache-2.0 | (same) | Official |
| shadcn/ui | 3 | shadcn-ui/ui | MIT | sparse-clone of apps/www/registry/default | Stack match: shadcn |
```

Then append a one-line **recommendation**:
> "Recommend: install `<top-pick>` via `<primary install method>`. Confirmation required before any action."

## Guardrails

- **Never** auto-install. This skill only **discovers** and **reports**.
- For tier_4 entries, **always** include the warning text from the catalog.
- For the `out_of_scope` section (e.g. OpenClaw), do NOT include in matches — reference only if the user explicitly asks about OpenClaw.
- If no match found across all strategies, return `{matches: [], suggestion: "Try discovery aggregators: <list URLs from catalog.discovery_aggregators>"}` and stop.

## Examples

Query: `shadcn`
→ Match: `shadcn/ui` (tier_3, stack_match, primary install: sparse-clone).

Query: `security audit RLS`
→ Match: `trailofbits/skills` (tier_3, trigger_keywords: security, RLS), and from routing-rules.json the recommended subagent pairing (`security-auditor` + `postgres-pro`).

Query: `random unknown thing xyz`
→ No match. Return discovery aggregators list.