This repository treats VS Code/Codex built-ins as upstream baseline and overlays repository-owned skills on top.
- Built-ins remain enabled.
.systemskills remain enabled.- Overlay candidates are additive.
- This repo does not disable or replace upstream skills to make overlays work.
The live inventory pipeline checks:
- installed top-level skills in
$CODEX_HOME/skills - installed
.systemskills - overlay candidates in
skill-candidates/ - official upstream baseline from
openai/skills - local Codex configuration in
%USERPROFILE%\\.codex - Codex app instruction surfaces via
AGENTS.md - VS Code instruction surfaces under
.vscode/ - GitHub Copilot instruction and prompt surfaces under
.github/ - curated source references already tracked by the repo
It also tags each skill row with:
ownershiplegitimacy_statuslegitimacy_reason
so official built-ins, repo-owned skills, and unowned local installs do not collapse into the same trust lane.
The machine-generated catalog is the current inventory reference:
references/skill-catalog.mdreferences/skill-vetting-report.md
When overlays are missing after a host/editor refresh:
- Open the NullClaw desktop app.
- Let the app complete:
- app open
- agent attach/start
- self-checks
- inventory refresh
- Review missing-overlay and missing-builtin drift in the inventory tables.
- Restore overlay candidates additively from
skill-candidates/. - Re-run admission and source-risk review before broad use.
These are refreshed by the generated catalog rather than maintained by hand:
- top-level built-ins
.systembuilt-ins- overlay candidates
- total expected additive inventory
- Do not restore unknown third-party content blindly.
- Do not treat public catalog presence as trusted provenance.
- Do not use overlay recovery to bypass quarantine or source-risk policy.
- Keep
references/skill-catalog.mdcurrent after any inventory-affecting change.