The ultimate skill suite for vibe coders.
110 agent skills that make your AI write production-ready, secure, best-practice code — right out of the box.
Website • What is Vibe Coding? • API Docs • Get API Key • Twitter/X
Vibe coding is a new way to build software — you describe what you want in plain English and an AI coding agent writes the code for you. Tools like Claude Code, Cursor, and GitHub Copilot have made it possible for anyone to ship real products without writing every line by hand.
But there's a catch: your AI agent doesn't know your stack's best practices. It hallucinates deprecated patterns, skips security, exposes secrets, and writes code that works in a demo but breaks in production. That's where skills come in.
YepAPI Skills is the skill suite built for vibe coders. One install gives your AI agent 110 curated skills covering everything from Next.js and React to Stripe payments, security hardening, SEO workflows, and production infrastructure. Your agent stops guessing and starts writing code the way senior engineers would.
What makes this different:
- Not docs, not prompts — skills. These are structured rules your AI agent loads automatically and follows in every response
- Works everywhere. Claude Code, Cursor, Gemini CLI, Copilot, Codex, Cline, Kiro, and 45+ more agents
- Built for vibe coders. You describe what you want, and the agent already knows the right patterns, security rules, and API endpoints
- 15 dedicated security skills. Your AI writes secure code by default — input validation, encryption, CSRF protection, and more
- YepAPI data superpowers. 14 skills that give your agent access to 30 SEO, SERP, scraping, YouTube, and AI endpoints
Learn more about vibe coding and how to get started at yepapi.com/vibe-coding.
npx skills add YepAPI/skillsThat's it. Your agent now has 110 skills loaded.
# Install all 110 skills
npx skills add YepAPI/skills --all
# Pick specific skills
npx skills add YepAPI/skills --skill seo-audit --skill nextjs --skill input-validation
# Install to a specific agent
npx skills add YepAPI/skills -a claude-code -a cursor
# Install globally (all projects)
npx skills add YepAPI/skills -g --allGive your AI agent access to real-world data — SEO metrics, keyword research, backlink analysis, web scraping, YouTube data, and AI visibility tracking. Requires a YepAPI API key ($5 free credit, no card required).
| Skill |
What It Does |
|---|---|
| SEO Audit | Crawl, audit, analyze backlinks, generate SEO report |
| SEO Analysis | Full-site SEO scoring, crawl health, Core Web Vitals |
| Competitor Research | Find competitors, compare keywords, identify gaps |
| Web Scraping | Smart scraping with JS rendering + stealth fallback |
| YouTube Research | Search, transcripts, channel data, comment analysis |
| Backlink Research | Backlink audit, referring domains, link intersections |
| Content Research | Trends, sentiment, competitor content analysis |
| Keyword Research | Keyword discovery, metrics, ideas, and gap analysis |
| Local SEO | Google Maps data, local business research |
| AI Visibility | What ChatGPT & Gemini say about your brand |
| Link Building | Outreach tracking, backlink monitoring, DR/DA scoring |
| Content Marketing | Blog engines, CMS integration, SEO-optimized content |
| Copywriting | AI-assisted copy generation, A/B headline testing |
| Social Media | Open Graph tags, share cards, social embed widgets |
Vibe coding is fast, but speed without security is a liability. These 15 skills make your AI agent write production-secure code automatically — no security expertise required. Every form gets validated, every password gets hashed, every query gets parameterized, and every secret stays out of your repo.
| Skill |
What It Prevents |
|---|---|
| Input Validation | Injection attacks, malformed data, unexpected fields |
| Auth Security | Plaintext passwords, brute force, weak reset flows |
| Session Security | Session hijacking, fixation, cookie theft |
| API Security | Open CORS, missing rate limits, payload bombs |
| CSRF Protection | Cross-site request forgery on forms and mutations |
| XSS Prevention | Script injection, unsafe innerHTML, missing CSP |
| SQL Injection | String-concatenated queries, unparameterized SQL |
| Secrets Management | Committed .env files, leaked API keys, hardcoded secrets |
| Dependency Security | Supply chain attacks, vulnerable packages, unpinned deps |
| Data Encryption | Unencrypted PII, plain HTTP, weak hashing |
| Security Headers | Clickjacking, MIME sniffing, missing HSTS |
| Error Security | Leaked stack traces, DB errors exposed to clients |
| RBAC Authorization | Missing permission checks, privilege escalation |
| Upload Security | Malicious file uploads, extension spoofing, path traversal |
| GDPR Compliance | Missing data deletion, no consent tracking, PII leaks |
Your AI stops hallucinating deprecated APIs. No more getServerSideProps in Next.js 15, no class components in React, no any in TypeScript.
| Skill |
What It Does |
|---|---|
| Next.js 15 | App Router, Server Components, no Pages Router hallucinations |
| React | Modern hooks, composition, Suspense — no class components |
| TypeScript | Strict mode, discriminated unions, no any |
| Tailwind CSS | Utility-first, responsive, cn() merge helper |
| shadcn/ui | Radix primitives, copy-paste components, theming |
| Supabase | RLS enforcement, auth, edge functions, type generation |
| Prisma | Schema design, migrations, query optimization |
| Drizzle ORM | Type-safe queries, push/migrate workflow, relations |
| Stripe | Checkout, webhooks, subscriptions, idempotency |
| Authentication | Better Auth / Auth.js / Clerk patterns |
| API Design | REST conventions, Zod validation, error formats |
| Express & Fastify | Middleware, routing, validation, plugin patterns |
| Monorepo | Turborepo, shared packages, build caching |
| Skill |
What It Does |
|---|---|
| A/B Testing | Experiment setup, variant splitting, significance |
| Funnel Analytics | Conversion funnels, drop-off analysis, event tracking |
| Data Visualization | D3/Recharts/Nivo patterns for complex datasets |
| Spreadsheet Export | CSV/Excel/PDF generation from app data |
| Real-Time Data | WebSockets, SSE, polling, reconnection patterns |
| Search Engine | Full-text search with Meilisearch/Typesense/Algolia |
| Data Pipelines | ETL patterns, cron jobs, queue-based processing |
Everything you need to build and monetize a SaaS product — billing, admin panels, metrics, multi-tenancy, e-commerce, and team management.
| Skill |
What It Does |
|---|---|
| Financial Planning | Revenue dashboards, MRR/ARR, burn rate calculators |
| Pricing Pages | Tier comparisons, feature gates, billing UI |
| Invoice Generator | PDF invoices, tax calculations, multi-currency |
| Subscription Billing | Stripe subscriptions, plan management, usage metering |
| Admin Panel | CRUD generators, user management, role-based access |
| Onboarding Flow | Multi-step wizards, progress tracking, activation |
| SaaS Metrics | Churn, LTV, CAC, cohort analysis dashboards |
| Multi-Tenancy | Tenant isolation, subdomain routing, data partitioning |
| E-Commerce | Cart, checkout, inventory, order lifecycle |
| Marketplace | Multi-vendor, Stripe Connect, escrow, commissions |
| Team Management | Invitations, roles, seat billing, org switcher |
| User Profiles | Settings pages, avatars, activity history, account deletion |
| Skill |
What It Does |
|---|---|
| AI Chatbot | Chat UI, streaming responses, RAG patterns |
| AI Agents | Tool-use, multi-step reasoning, orchestration |
| OpenAI Integration | GPT API, function calling, structured outputs |
| Webhook Handler | Receive, verify, retry webhooks from any service |
| OAuth Providers | Google/GitHub/Discord OAuth flows, token refresh |
| Cron Jobs | Scheduled tasks with Vercel Cron, Inngest, node-cron |
Production-grade UI patterns — not just components, but the right way to build dashboards, handle drag-and-drop, manage modals, and optimize images.
| Skill |
What It Does |
|---|---|
| Landing Pages | High-converting layouts, hero sections, CTAs |
| Dashboard Design | KPI cards, data tables, sidebar nav, responsive grids |
| Charts | Recharts/Chart.js data visualization patterns |
| Animations | Framer Motion, transitions, scroll animations |
| Dark Mode | Theme switching, CSS variables, system preference |
| Drag and Drop | Sortable lists, kanban boards, file drop zones |
| Maps & Geolocation | Mapbox/Leaflet, geocoding, store locators |
| Image Optimization | Upload, resize, compress, CDN, blur placeholders |
| Rich Text Editor | Tiptap/Plate, slash commands, collaborative editing |
| Command Palette | Cmd+K search, fuzzy matching, keyboard navigation |
| Infinite Scroll | Cursor pagination, virtual lists, scroll restoration |
| Toast Notifications | Sonner toasts, auto-dismiss, promise toasts, stacking |
| Modals & Dialogs | Accessible dialogs, confirmation patterns, drawers |
| Advanced Tables | Column resize, row select, inline edit, virtualization |
| Comments & Discussions | Threaded comments, mentions, reactions, moderation |
| Skill |
What It Does |
|---|---|
| Technical SEO | Sitemaps, robots.txt, structured data, meta tags |
| Analytics | Web analytics, event tracking, dashboards |
| Content Strategy | Content calendar, keyword-driven planning, briefs |
| Email Marketing | Newsletter systems, drip campaigns, templates |
| Blog Engine | MDX blogs, RSS feeds, sitemaps, structured data |
| Notification System | Push notifications, in-app alerts, digest emails |
| Skill |
What It Does |
|---|---|
| Rate Limiting | Token bucket, sliding window, Redis-backed limits |
| Caching Strategy | Redis, CDN, stale-while-revalidate, invalidation |
| Logging & Monitoring | Structured logs, Sentry, Axiom/Datadog setup |
| Background Jobs | Queue workers with BullMQ, Inngest, Trigger.dev |
| Feature Flags | LaunchDarkly/Flagsmith, gradual rollouts, A/B toggles |
| Skill |
What It Does |
|---|---|
| i18n | next-intl, locale routing, pluralization, RTL support |
| E2E Testing | Playwright, page objects, CI integration, visual regression |
| API Documentation | OpenAPI/Swagger from Zod schemas, interactive docs |
| CLI Tools | Commander.js, interactive prompts, spinners, npm publish |
| Skill |
What It Does |
|---|---|
| TDD | Test-first, red-green-refactor, integration over unit |
| Error Handling | Structured errors, boundaries, graceful degradation |
| Git Workflow | Conventional commits, branch naming, PR templates |
| Code Review | PR checklist, diff analysis, security review |
| Performance | Core Web Vitals, lazy loading, bundle analysis |
| Accessibility | WCAG 2.1 AA, semantic HTML, keyboard navigation |
| Database | Schema normalization, indexing, migrations |
| Deployment | Vercel/Railway/Fly.io, env vars, health checks |
| State Management | Zustand/Jotai, React Query, URL state |
| Forms | React Hook Form, Zod validation, multi-step flows |
| Resend/React Email, transactional templates | |
| Mobile-First | Responsive, touch targets, PWA patterns |
| File Uploads | Presigned URLs, multipart, S3/R2/Supabase Storage |
The 14 YepAPI-powered skills give your AI agent access to 30 real-world data endpoints — SEO metrics, keyword research, backlink analysis, web scraping, YouTube data, and AI visibility tracking.
Sign up at yepapi.com/dashboard/api-keys — $5 free credit, no card required.
Skills are markdown files (.md) that AI coding agents load as context. When you install YepAPI Skills, each agent gets the rules and patterns it needs — automatically, in the format it understands.
- Claude Code reads
SKILL.mdfiles from your project - Cursor loads them as project rules
- Gemini CLI picks them up as context
- All 40+ supported agents follow the open skills standard
No plugins. No extensions. Just markdown files that make your AI smarter.
MIT