Otto Skills Writing Guide

User Input: "Debug the API authentication error"
    ↓
┌─────────────────────────────────┐
│   Semantic Matching              │
│   - Embed user input             │
│   - Compare to skill descriptions│
│   - Rank by similarity           │
└─────────────────────────────────┘
    ↓
┌─────────────────────────────────┐
│   Skill Selection                │
│   "Systematic Debugging"         │
│   (similarity: 0.82)             │
└─────────────────────────────────┘
    ↓
┌─────────────────────────────────┐
│   Context Injection              │
│   - Load skill content           │
│   - Add to agent prompt          │
│   - Apply tool restrictions      │
└─────────────────────────────────┘
    ↓
Enhanced Agent Execution

skills/
├── category-name/
│   └── skill-name/
│       ├── SKILL.md           # Main skill file (required)
│       ├── templates/          # Optional templates
│       │   ├── template1.md
│       │   └── template2.md
│       ├── examples/           # Optional examples
│       │   └── example1.md
│       └── scripts/            # Optional helper scripts
│           └── helper.py

skills/
├── core/                    # Essential for all tasks
│   ├── task-planning/
│   └── context-gathering/
├── debugging/               # Troubleshooting
│   ├── systematic-debugging/
│   ├── performance-analysis/
│   └── security-testing/
├── communication/           # Writing and messaging
│   ├── email-writing/
│   ├── documentation/
│   └── meeting-facilitation/
├── data-analysis/           # Working with data
│   ├── report-generation/
│   ├── statistical-analysis/
│   └── visualization/
├── development/             # Software development
│   ├── code-review/
│   ├── test-writing/
│   └── refactoring/
└── project-management/      # Coordination
    ├── sprint-planning/
    ├── stakeholder-updates/
    └── risk-assessment/

---
# YAML Frontmatter (Metadata)
name: Skill Name
description: When to use - critical for matching
category: category-name
version: 1.0.0
author: Author Name
tags:
  - keyword1
  - keyword2
allowed-tools:  # Optional
  - tool_name1
  - tool_name2
---
 
# Skill Title
 
## Overview
Brief introduction to the skill
 
## When to Use
Specific triggers and scenarios
 
## Core Content
Main instructions, workflows, templates
 
## Best Practices
DO/DON'T guidelines
 
## Integration with Tools
How to use Otto's tools with this skill
 
## Examples
Concrete demonstrations
 
## Remember
Key takeaways

name: Systematic Debugging
name: Professional Email Writing
name: API Security Review

description: Use when debugging issues, investigating errors, troubleshooting problems, or analyzing bugs. Provides a structured 4-phase approach to root cause analysis.

description: For debugging

category: debugging

version: 1.0.0
version: 2.1.3

author: Otto Team
author: Jane Smith
author: Security Team <security@company.com>

tags:
  - debugging
  - troubleshooting
  - root-cause
  - investigation
  - error-analysis
  - bug-fixing

allowed-tools:
  - read_file
  - list_directory
  - ask_human

---
name: API Security Review
description: Use when reviewing API endpoints for security vulnerabilities, authentication issues, authorization problems, or security best practices. Provides comprehensive security checklist and common vulnerability patterns.
category: security
version: 1.2.0
author: Security Team <security@company.com>
tags:
  - security
  - api
  - authentication
  - authorization
  - vulnerabilities
  - OWASP
  - security-review
  - penetration-testing
allowed-tools:
  - read_file
  - list_directory
  - ask_human
---

# Skill Title (H1 - only once)
 
## Major Section (H2)
 
### Subsection (H3)
 
#### Detail Level (H4 - sparingly)

1. First step
2. Second step
3. Third step

- Important point
- Another point
- Yet another point

**Bold** for important terms
*Italic* for emphasis
`code` for tool names, variables, technical terms

```python
# For code examples
def example():
    return "formatted code"

#### Use Tables for Comparisons

```markdown
| Scenario | Action | Tool |
|----------|--------|------|
| Read file | Use read_file | `read_file` |
| Write file | Use write_file | `write_file` |

> **Important**: Always check for X before doing Y

## Overview
This skill provides [what it does]. Use this when [primary use case]. 
It helps by [key benefit].

## Overview
This skill provides a structured approach to debugging using a 4-phase methodology. 
Use this when investigating bugs, errors, or unexpected behavior. It prevents random 
trial-and-error by ensuring systematic root cause analysis.

## When to Use
- [Specific scenario 1]
- [Specific scenario 2]
- [Specific scenario 3]
- [User phrase variant 1]
- [User phrase variant 2]

## When to Use
- Investigating bugs or errors
- Troubleshooting system issues
- Root cause analysis
- Post-incident investigation
- Performance problems
- Unexpected behavior

## The [N]-Phase Process
 
### Phase 1: [Phase Name]
**Goal:** [What this phase accomplishes]
 
1. **[Step name]**
   - Specific action
   - Details
   - Examples
 
2. **[Next step]**
   - Actions
   - Details

## Guidelines
 
### Structure
- Guideline 1
- Guideline 2
 
### Style
- Guideline 3
- Guideline 4

## Email Template
 
```markdown
Subject: [Clear specific subject]
 
Hi [Name],
 
[Purpose in first sentence]
 
[Details]
 
[Next steps]
 
Best,
[Your name]

---

#### Best Practices Section

**Purpose**: DO/DON'T guidelines

```markdown
## Best Practices

### DO:
- ✅ [Positive practice 1]
- ✅ [Positive practice 2]
- ✅ [Positive practice 3]

### DON'T:
- ❌ [Anti-pattern 1]
- ❌ [Anti-pattern 2]
- ❌ [Anti-pattern 3]

## Best Practices
 
### DO:
- ✅ Document everything as you investigate
- ✅ Test one hypothesis at a time
- ✅ Start with simple explanations
- ✅ Use version control for test changes
 
### DON'T:
- ❌ Skip phases (they build on each other)
- ❌ Make multiple changes at once
- ❌ Assume without testing
- ❌ Rush to conclusions

## Integration with Tools
 
When [doing task], use appropriate tools:
- `tool_name` - [When and how to use]
- `tool_name` - [When and how to use]
- `tool_name` - [When and how to use]

## Integration with Tools
 
When debugging, use appropriate tools:
- `read_file` - Check code, logs, configuration files
- `list_directory` - Find relevant files in the codebase
- `ask_human` - Get clarification from team members (only when truly stuck)

## Examples
 
### Example 1: [Scenario]
**Situation:** [Context]
 
**Approach:**
1. [Step taken]
2. [Next step]
3. [Final step]
 
**Outcome:** [Result]
 
### Example 2: [Another scenario]
...

## Examples
 
### Example 1: Authentication Error
 
**Situation:** Users unable to log in, getting "401 Unauthorized"
 
**Approach:**
1. **Phase 1**: Gathered error logs, recent deployments
2. **Phase 2**: Noticed pattern - only users with long sessions
3. **Phase 3**: Tested hypothesis - token expiration issue
4. **Phase 4**: Updated token refresh logic, added test
 
**Outcome:** Authentication restored, regression prevented

## Remember
 
Key principles:
1. [Main takeaway 1]
2. [Main takeaway 2]
3. [Main takeaway 3]
 
[Optional closing thought or quote]

## Remember
 
The systematic approach saves time by preventing:
- Random trial-and-error
- Fixing symptoms instead of root causes
- Breaking things further
- Repeating the same tests
 
Always complete all 4 phases, even if you think you found the issue early.

Use when [user phrases] [doing action], [variations], or [scenarios]. 
Provides [what skill offers] for [outcome/benefit].

description: Use when debugging issues, investigating errors, troubleshooting problems, or analyzing bugs. Provides a structured 4-phase approach to root cause analysis.

description: Use when composing emails to team members, clients, or stakeholders. Provides templates and guidelines for professional communication, email etiquette, and effective messaging.

description: Use when reviewing API endpoints for security vulnerabilities, authentication issues, authorization problems, or security best practices. Provides comprehensive security checklist and common vulnerability patterns.

description: For debugging

description: Use when debugging issues, investigating errors, troubleshooting problems, or analyzing bugs. Provides a structured 4-phase approach to root cause analysis.

description: Implements the PDCA cycle methodology for defect remediation utilizing root cause analysis taxonomies per ISO 9001 standards

description: Use when debugging issues or fixing bugs. Provides a systematic plan-do-check-act approach for root cause analysis and prevention.

description: Helps with various programming tasks and software development activities

description: Use when reviewing code for bugs, security issues, or style violations. Provides code review checklist covering functionality, security, performance, and maintainability.

description: Use when composing emails

description: Use when composing emails, writing messages, or sending communications to team members, clients, or stakeholders. Provides templates for professional correspondence.

# Test queries that SHOULD match
test_queries = [
    "Debug the API error",
    "Investigate authentication problem",
    "Troubleshoot the bug",
    "Analyze production issue"
]
 
# Your description
description = "Use when debugging issues, investigating errors, troubleshooting problems, or analyzing bugs"
 
# Does description contain words from queries?
for query in test_queries:
    # Check for shared keywords
    # If no overlap, description needs work

mkdir -p skills/development/code-review-checklist
cd skills/development/code-review-checklist
touch SKILL.md

---
name: Code Review Checklist
description: Use when reviewing code, checking pull requests, or analyzing code changes for bugs, security issues, style violations, or maintainability problems. Provides comprehensive review checklist covering functionality, security, performance, and code quality.
category: development
version: 1.0.0
author: Development Team
tags:
  - code-review
  - pull-request
  - quality
  - security
  - best-practices
  - bugs
allowed-tools:
  - read_file
  - list_directory
  - ask_human
---

# Code Review Checklist
 
## Overview
This skill provides a comprehensive checklist for reviewing code changes. Use this when reviewing pull requests, code changes, or investigating code quality issues. It ensures consistent, thorough reviews covering functionality, security, performance, and maintainability.
 
## When to Use
- Reviewing pull requests
- Code change analysis
- Pre-merge quality checks
- Security audits
- Refactoring reviews
- Mentoring junior developers
 
## Review Process
 
### 1. Understand the Context
 
Before reviewing code:
 
1. **Read the PR description**
   - What problem does it solve?
   - What approach was taken?
   - Are there any special considerations?
 
2. **Check the ticket/issue**
   - What were the requirements?
   - Are there edge cases mentioned?
   - Is there test data?
 
3. **Review related code**
   - What files are affected?
   - What are the dependencies?
   - Is there existing documentation?
 
### 2. Functionality Review
 
**Does the code work correctly?**
 
- [ ] Code solves the stated problem
- [ ] Handles edge cases appropriately
- [ ] Error handling is comprehensive
- [ ] No obvious bugs or logic errors
- [ ] Algorithm is correct and efficient
- [ ] Input validation is present
 
### 3. Security Review
 
**Is the code secure?**
 
- [ ] No SQL injection vulnerabilities
- [ ] No XSS vulnerabilities
- [ ] No hardcoded secrets or credentials
- [ ] User input is validated and sanitized
- [ ] Authentication/authorization checks present
- [ ] Sensitive data is encrypted
- [ ] No information leakage in errors
 
### 4. Performance Review
 
**Will this code perform well?**
 
- [ ] No N+1 query problems
- [ ] Appropriate use of indexes
- [ ] No unnecessary loops or recursion
- [ ] Database queries are optimized
- [ ] No memory leaks
- [ ] Caching used where appropriate
- [ ] Async operations where beneficial
 
### 5. Code Quality Review
 
**Is the code maintainable?**
 
- [ ] Code follows project style guide
- [ ] Variable names are clear and descriptive
- [ ] Functions are small and focused
- [ ] No code duplication
- [ ] Comments explain "why" not "what"
- [ ] Complex logic is documented
- [ ] No "magic numbers" or strings
 
### 6. Test Coverage Review
 
**Is the code adequately tested?**
 
- [ ] Unit tests cover main functionality
- [ ] Edge cases are tested
- [ ] Error conditions are tested
- [ ] Integration tests if needed
- [ ] Tests are clear and maintainable
- [ ] Test coverage is adequate (>80%)
- [ ] No flaky tests
 
### 7. Documentation Review
 
**Is the code documented?**
 
- [ ] Public APIs have documentation
- [ ] README updated if needed
- [ ] Inline comments for complex logic
- [ ] Examples provided if helpful
- [ ] Breaking changes documented
- [ ] Migration guide if needed
 
## Review Feedback Guidelines
 
### Providing Feedback
 
**Use constructive language**:
- ✅ "Consider using X here because..."
- ✅ "This could be improved by..."
- ✅ "Question: Why did you choose X over Y?"
- ❌ "This is wrong"
- ❌ "You should know better"
- ❌ "This is terrible"
 
**Categorize feedback**:
- **Critical** - Must be fixed (security, bugs)
- **Important** - Should be fixed (performance, maintainability)
- **Suggestion** - Nice to have (style preferences)
 
**Provide examples**:
```markdown
**Suggestion**: This loop could be more readable
 
Current:
```python
for i in range(len(items)):
    process(items[i])

for item in items:
    process(item)

## Best Practices

### DO:
- ✅ Review in multiple passes (functionality, then security, then style)
- ✅ Test the code locally if possible
- ✅ Ask questions when something is unclear
- ✅ Acknowledge good work ("Nice solution!")
- ✅ Focus on the code, not the person
- ✅ Provide specific, actionable feedback

### DON'T:
- ❌ Approve without actually reviewing
- ❌ Nitpick on style if auto-formatting exists
- ❌ Block on personal preferences
- ❌ Make it personal
- ❌ Overwhelm with too many comments
- ❌ Review when tired or rushed

## Integration with Tools

When reviewing code:
- `list_directory` - See what files were changed
- `read_file` - Read the changed files
- `ask_human` - Ask author for clarification if needed

## Common Issues to Watch For

### Security
- Hardcoded credentials
- Missing authentication checks
- SQL injection vectors
- XSS vulnerabilities

### Performance
- N+1 queries
- Missing database indexes
- Inefficient algorithms
- Memory leaks

### Quality
- Code duplication
- Overly complex functions
- Poor naming
- Missing error handling

## Remember

Code review is about:
1. **Catching bugs early** - Cheaper to fix now
2. **Knowledge sharing** - Everyone learns
3. **Maintaining quality** - Preventing technical debt
4. **Collaboration** - Building better software together

The goal is not perfection, but continuous improvement.

skills/development/code-review-checklist/SKILL.md

# Test matching
curl -X POST http://localhost:8000/api/skills/match \
  -H "Content-Type: application/json" \
  -d '{
    "query": "Review this pull request",
    "threshold": 0.6,
    "max_skills": 3
  }'

curl -X POST http://localhost:8000/chat \
  -H "Content-Type: application/json" \
  -d '{
    "human_input": "Review the code in src/api/auth.py",
    "creator_id": "user-123"
  }'

---
name: Data Analysis Report
description: Use when analyzing data, generating reports, creating visualizations, or interpreting datasets. Provides structured approach for data exploration, statistical analysis, and insight generation.
category: data-analysis
version: 1.0.0
author: Data Team
tags:
  - analysis
  - reporting
  - statistics
  - visualization
  - insights
---
 
# Data Analysis Report
 
## Overview
This skill provides a structured approach to data analysis and report generation. Use when analyzing datasets, generating insights, or creating data-driven reports.
 
## When to Use
- Analyzing datasets
- Generating reports
- Creating visualizations
- Statistical analysis
- Trend identification
- Performance metrics analysis
 
## Analysis Process
 
### Phase 1: Data Understanding
 
1. **Examine the data source**
   - What data is available?
   - What format is it in?
   - What time period does it cover?
 
2. **Identify key metrics**
   - What are we measuring?
   - What are the KPIs?
   - What dimensions matter?
 
3. **Check data quality**
   - Any missing values?
   - Any outliers or anomalies?
   - Is the data complete?
 
### Phase 2: Exploratory Analysis
 
1. **Calculate summary statistics**
   - Mean, median, mode
   - Min, max, range
   - Standard deviation
   - Percentiles
 
2. **Identify patterns**
   - Trends over time
   - Correlations
   - Seasonality
   - Anomalies
 
3. **Segment the data**
   - By category
   - By time period
   - By demographic
   - By behavior
 
### Phase 3: Deep Dive Analysis
 
1. **Test hypotheses**
   - Why did X happen?
   - Is Y related to Z?
   - What caused the change?
 
2. **Compare segments**
   - Which segments perform best?
   - How do they differ?
   - What drives the differences?
 
3. **Calculate derived metrics**
   - Growth rates
   - Conversion rates
   - Ratios and percentages
 
### Phase 4: Report Generation
 
1. **Structure the report**
   - Executive summary
   - Key findings
   - Detailed analysis
   - Recommendations
 
2. **Create visualizations**
   - Choose appropriate chart types
   - Clear labels and titles
   - Consistent styling
 
3. **Write insights**
   - What did we learn?
   - Why does it matter?
   - What should we do?
 
## Report Structure Template
 
```markdown
# [Report Title]
 
## Executive Summary
[2-3 sentences highlighting key findings]
 
## Key Findings
1. [Finding 1 with supporting data]
2. [Finding 2 with supporting data]
3. [Finding 3 with supporting data]
 
## Data Overview
- **Dataset**: [Source and description]
- **Time Period**: [Date range]
- **Sample Size**: [N observations]
- **Key Metrics**: [List of metrics]
 
## Analysis
 
### [Section 1: Topic]
[Detailed analysis with visualizations]
 
**Key Insight**: [Main takeaway]
 
### [Section 2: Topic]
[Detailed analysis with visualizations]
 
**Key Insight**: [Main takeaway]
 
## Recommendations
1. [Action 1] - [Expected impact]
2. [Action 2] - [Expected impact]
3. [Action 3] - [Expected impact]
 
## Methodology
[How the analysis was conducted]
 
## Appendix
[Additional details, full datasets, technical notes]

---

### Example 2: Meeting Facilitation Skill

```yaml
---
name: Meeting Facilitation
description: Use when preparing for meetings, facilitating discussions, running workshops, or coordinating team sessions. Provides agenda templates, facilitation techniques, and best practices for productive meetings.
category: project-management
version: 1.0.0
author: PM Team
tags:
  - meetings
  - facilitation
  - workshops
  - agenda
  - coordination
  - communication
---

# Meeting Facilitation

## Overview
This skill provides guidelines and templates for effective meeting facilitation. Use when planning, preparing for, or running team meetings, workshops, or discussions.

## When to Use
- Planning meetings
- Creating agendas
- Facilitating discussions
- Running workshops
- Team coordination sessions
- Stakeholder presentations

## Meeting Preparation

### 1. Define the Purpose

**Answer these questions**:
- Why are we meeting?
- What decision needs to be made?
- What outcome do we want?
- Is a meeting necessary? (Could it be an email?)

### 2. Identify Participants

**Invite only who's needed**:
- Decision makers
- Subject matter experts
- Key stakeholders
- Anyone who needs to know

**Don't invite**:
- People who can read notes after
- "Just in case" attendees
- Large groups (max 8 for decisions)

### 3. Create the Agenda

**Agenda Template**:

```markdown
# [Meeting Title]

**Date**: [Date and time]
**Duration**: [Estimated length]
**Location**: [Room/Link]
**Attendees**: [Names and roles]

## Objective
[What we're trying to accomplish]

## Agenda

| Time | Topic | Owner | Type |
|------|-------|-------|------|
| 5min | Welcome & Context | [Name] | Info |
| 15min | [Topic 1] | [Name] | Discussion |
| 20min | [Topic 2] | [Name] | Decision |
| 10min | Next Steps | [Name] | Planning |

## Pre-Read Materials
- [Document 1] - [Purpose]
- [Document 2] - [Purpose]

## Expected Outcomes
- [ ] Decision on [topic]
- [ ] Plan for [next step]
- [ ] Action items assigned

# [Meeting Title] - Notes
 
**Date**: [Date]
**Attendees**: [Names]
 
## Decisions Made
1. [Decision 1] - [Context/rationale]
2. [Decision 2] - [Context/rationale]
 
## Action Items
| Action | Owner | Due Date | Status |
|--------|-------|----------|--------|
| [Action 1] | [Name] | [Date] | In Progress |
| [Action 2] | [Name] | [Date] | Not Started |
 
## Key Discussion Points
- [Point 1]
- [Point 2]
 
## Next Meeting
- **Date**: [Date]
- **Objective**: [Purpose]
 
## Parking Lot (For Future Discussion)
- [Topic 1]
- [Topic 2]

---

## Tool Integration

### Understanding Otto's Tools

Otto provides 13 built-in tools that skills can reference. See the [Built-in Tools Reference](/docs/integrations/tools) for full details.

| Tool | Purpose | When Skills Use It |
|------|---------|-------------------|
| `ask_human` | Get human input | Clarification, approval, coordination |
| `send_email` | Send email | External communication |
| `read_file` | Read file contents | Reviewing code, checking configuration, analyzing logs |
| `write_file` | Create/update files | Saving analysis, creating drafts, storing results |
| `list_directory` | List files | Finding relevant files, checking what exists |
| `attach_file` | Mark file for delivery | Sending files to users on task completion |
| `read_document` | Read PDF/DOCX | Analyzing uploaded documents |
| `convert_markdown_to_docx` | MD to Word | Generating formal reports, documentation |
| `memory_search` | Search memory | Recalling past decisions, context, and knowledge |
| `memory_save` | Save to memory | Storing important facts for future retrieval |
| `dispatch_subagent` | Delegate subtasks | Breaking work into parallel subtasks |
| `run_skill_script` | Run skill scripts | Executing scripts bundled with skills |
| `wait` | Pause execution | Waiting for external processes or rate limits |

### How to Reference Tools in Skills

#### Pattern 1: Integration Section

```markdown
## Integration with Tools

When [doing task], use appropriate tools:
- `tool_name` - [When to use] - [How to use]
- `tool_name` - [When to use] - [How to use]

## Integration with Tools
 
When debugging:
- `read_file` - Check code, logs, or configuration files for clues
- `list_directory` - Find relevant files in the project structure
- `ask_human` - Get clarification from the code author (only when stuck)

1. **Gather logs**
   - Use `read_file` to check application logs
   - Use `list_directory` to find log files

### Creating a Report
 
1. **Gather data**

2. **Write report**

3. **Convert to Word**

4. **Send to stakeholders**

allowed-tools:
  - read_file
  - list_directory
  - ask_human

---
name: Code Review Checklist
allowed-tools:
  - read_file
  - list_directory
  - ask_human
---

---
name: Documentation Writing
allowed-tools:
  - read_file
  - write_file
  - list_directory
  - convert_markdown_to_docx
---

---
name: Status Updates
allowed-tools:
  - ask_human
  - send_email
---

# Check YAML is valid
cd skills/category/skill-name
head -20 SKILL.md
 
# Should see valid frontmatter

# Force Otto to reload skills
curl -X POST http://localhost:8000/api/skills/reload

# Verify skill appears
curl http://localhost:8000/api/skills/ | jq '.[] | select(.name=="Your Skill Name")'

# Test semantic matching
curl -X POST http://localhost:8000/api/skills/match \
  -H "Content-Type: application/json" \
  -d '{
    "query": "Your test query",
    "threshold": 0.6,
    "max_skills": 5
  }'

# Create a task that should match your skill
curl -X POST http://localhost:8000/api/task \
  -H "Content-Type: application/json" \
  -d '{
    "description": "Your test task description",
    "creator_id": "test-user"
  }'

curl -X GET "http://localhost:8000/api/skills/debug/similarity/your%20test%20query"

curl -X POST http://localhost:8000/api/skills/match \
  -H "Content-Type: application/json" \
  -d '{
    "query": "Words directly from your description",
    "threshold": 0.5
  }'

import yaml
 
with open('skills/category/skill/SKILL.md') as f:
    content = f.read()
    # Extract frontmatter between ---
    parts = content.split('---')
    frontmatter = parts[1]
    
try:
    data = yaml.safe_load(frontmatter)
    print("Valid YAML:", data)
except yaml.YAMLError as e:
    print("Invalid YAML:", e)

description: Use when working with data

description: Use when analyzing CSV datasets for statistical trends, generating data reports, or creating visualizations for quarterly business reviews

# Version A (current)
description: Use when debugging issues or investigating errors
 
# Version B (more keywords)
description: Use when debugging issues, investigating errors, troubleshooting problems, analyzing bugs, or finding root causes of failures
 
# Version C (more context)
description: Use when debugging software issues, investigating production errors, troubleshooting application problems, or performing root cause analysis on bugs and failures. Provides systematic 4-phase approach.

- Check the code
- Make improvements
- Consider quality

- Read the changed files using `read_file`
- Check for security vulnerabilities: SQL injection, XSS, hardcoded credentials
- Verify error handling covers all edge cases

When reviewing code you should check for bugs and also look at performance and make sure security is good and tests exist and documentation is updated and style is consistent...

## Review Checklist
 
### 1. Functionality
- [ ] Code solves the problem
- [ ] Handles edge cases
- [ ] Error handling is present
 
### 2. Security
- [ ] No SQL injection vulnerabilities
- [ ] No hardcoded credentials
- [ ] Input validation present
 
### 3. Performance
- [ ] No N+1 queries
- [ ] Efficient algorithms
- [ ] Proper indexing

Use descriptive variable names

Use descriptive variable names:
- ✅ `user_email` not `e`
- ✅ `total_price` not `tp`
- ✅ `is_authenticated` not `auth`

## Debug Process
1. Find bug
2. Fix it
3. Test

## Debug Process
 
The debugging process begins with a comprehensive analysis of all available data sources including but not limited to application logs (which should be examined at the DEBUG, INFO, WARN, and ERROR levels), system logs (particularly focusing on kernel messages, system daemon output, and hardware status indicators), database query logs (with particular attention to slow query logs and deadlock detection logs), network traces (capturing both inbound and outbound traffic at the packet level), and user reports (which should be carefully analyzed for patterns and commonalities)...

## Debug Process
 
### Phase 1: Gather Information
1. **Collect logs**
   - Application logs (all levels)
   - System logs (errors and warnings)
   - Database logs (slow queries)
   
2. **Reproduce the issue**
   - Document exact steps
   - Note environment details
   - Identify conditions that trigger it

name: Software Development Complete Guide
description: Everything about software development

# Separate skills:
name: Code Review Checklist
name: Test-Driven Development
name: Refactoring Patterns

skills/
├── debugging/           # All debugging-related
│   ├── systematic-debugging/
│   ├── performance-profiling/
│   └── memory-leak-detection/
├── testing/             # All testing-related
│   ├── unit-testing/
│   ├── integration-testing/
│   └── test-data-generation/

# In skill A
## Email Best Practices
[Full email writing guide]
 
# In skill B
## Email Best Practices
[Same full email writing guide]

# In skill A
## Communication
For email best practices, see the "Professional Email Writing" skill.
 
# In skill B (dedicated skill)
# Professional Email Writing
[Full guide here]

version: 1.0.0  # Initial release
version: 1.0.1  # Fixed typo, added example
version: 1.1.0  # Added new section
version: 2.0.0  # Major restructure

## Changelog
 
### 2.0.0 (2025-11-04)
- Restructured into 4-phase approach
- Added integration with tools section
- Updated examples
 
### 1.1.0 (2025-10-15)
- Added best practices section
- Added security checklist
 
### 1.0.0 (2025-10-01)
- Initial release

description: Helps with debugging

description: Use when debugging software issues, investigating production errors, troubleshooting application problems, or performing root cause analysis on bugs and system failures. Provides structured 4-phase debugging methodology.

# My Skill
 
Here's some information about the skill and how to use it and some best practices and examples and...

# My Skill
 
## When to Use
- Scenario 1
- Scenario 2
 
## Process
 
### Step 1
Instructions...
 
### Step 2
Instructions...
 
## Best Practices
- DO this
- DON'T do that

# Code Review
 
Here's how to review code...
[No "When to Use" section]

# Code Review
 
## When to Use
- Reviewing pull requests
- Code change analysis
- Pre-merge quality checks
- Security audits

1. Check the code
2. Look for problems
3. Fix issues

1. **Check functionality**
   - Read the changed files using `read_file`
   - Verify the code solves the stated problem
   - Test edge cases: empty input, null values, max limits
 
2. **Look for security issues**
   - Check for SQL injection: raw queries with user input
   - Check for XSS: unescaped user content in HTML
   - Check for hardcoded credentials: search for "password", "api_key"
 
3. **Fix critical issues**
   - Comment on the PR with specific line numbers
   - Provide example fix: "Change X to Y"
   - Mark as "Request Changes" if critical issues found

allowed-tools:
  - read_file

# No allowed-tools field

# For read-only code review
allowed-tools:
  - read_file
  - list_directory
  - ask_human

# My Skill
 
[3000 lines of detailed content]

# Debugging (Core)
[300 lines - main workflow]
 
# Debugging (Security)
[300 lines - security focus]
 
# Debugging (Performance)
[300 lines - performance focus]

# Main skill
[300 lines - core content]
 
## Templates
See [templates/checklist.md](/docs/features/templates/checklist) for detailed checklist.

## Process
Follow the 4-phase methodology for systematic analysis.

## Process
 
### Example: Authentication Bug
 
**Phase 1**: Gathered error logs, noticed "401 Unauthorized" errors
**Phase 2**: Pattern - only affects users with >24h sessions
**Phase 3**: Tested token expiration hypothesis - confirmed
**Phase 4**: Updated token refresh logic, added test
 
**Outcome**: Bug fixed, regression prevented

ls -la skills/category/skill-name/SKILL.md

import yaml
with open('SKILL.md') as f:
    content = f.read()
    parts = content.split('---')
    if len(parts) < 3:
        print("Error: Frontmatter malformed")
    else:
        try:
            yaml.safe_load(parts[1])
            print("YAML valid")
        except Exception as e:
            print(f"YAML error: {e}")

file SKILL.md
# Should say: UTF-8 Unicode text

docker logs otto-backend | grep -i "skill"

# Check what scores your skill gets
curl -X GET "http://localhost:8000/api/skills/debug/similarity/your%20test%20query"

description: Use when working with code

description: Use when reviewing pull requests for code quality, checking for bugs, security vulnerabilities, or performance issues in changed files. Not for writing new code.

❌ "Check the code"
✅ "Use `read_file('src/api/auth.py')` to read the authentication code"

When reviewing:
- Use `read_file` to check each changed file
- Use `ask_human` if logic is unclear

# In your project repo
mkdir -p skills/your-category/your-skill
# Create SKILL.md
git add skills/
git commit -m "Add skill: your-skill"
git push

git pull
# Otto auto-discovers on next task

mkdir -p ~/.otto/skills/your-category/your-skill
# Create SKILL.md

# Package skill
tar -czf my-skill.tar.gz ~/.otto/skills/your-category/your-skill/
 
# Share file (email, Slack, etc.)

cd ~/.otto/skills/
tar -xzf my-skill.tar.gz

# Skill Name
 
## Description
What this skill does
 
## Installation
How to install
 
## Usage
Example queries that match
 
## Author
Contact information
 
## License
MIT/Apache/etc.

MIT License

Copyright (c) 2025 Your Name

Permission is hereby granted...

## Example Usage
 
**Query**: "Review this pull request"
 
**Expected behavior**:
- Skill matched
- Runs code review checklist
- Provides structured feedback

## Versions
 
### 2.0.0 (2025-11-04)
- Major restructure
- Added security checklist
 
### 1.0.0 (2025-10-01)
- Initial release