36 curated skills. 1,300+ indexed. Auto-activated by project type.
Quality gates that block release on FAIL — not on opinion.
The skills system activates automatically. You declare what you're building — the engine matches a profile and loads the right domain expertise before the first line of architecture is written.
Build target is identified from your architecture — SaaS, mobile, data pipeline, enterprise, etc.
One of 11 project profiles is selected. Each profile maps to a curated set of domain skills.
Selected skills are injected into the agent's context at session start — domain expertise ready before any build decisions are made.
Each skill is invoked at the right moment — not all at once. Zero token bloat. Maximum domain precision.
The curated tier is what activates automatically. The extended catalog is what you reach for when you need something specialized.
Auto-loaded into your agent session based on project type. Structured with explicit role, what to look for, output format, and escalation rules.
Not loaded by default — they'd bloat context. Accessible on demand when you need a specific domain covered that's outside the curated set.
These are Scaffold-native. Written with explicit role definition, domain scope, output format, and escalation rules. Each is invoked at the right moment — never loaded all at once.
Invoked during the planning and architecture phase — before any implementation begins. Advisory output: CLEAR / CONCERNS / FLAG.
Technical feasibility review — architecture assumptions, scalability concerns, implementation risks.
UX and product design review — user journey, interface assumptions, clarity of value delivery.
Business viability review — market fit, competitive positioning, revenue model, go-to-market.
Deep research into a technical approach, library, or architectural pattern before committing.
Open-ended exploration to surface unconsidered directions before scope or architecture is defined.
Domain expert reviews during implementation and architecture phases. Advisory output: CLEAR / CONCERNS / FLAG. FLAG surfaces issues to the developer — it does not block.
Component architecture, rendering performance, accessibility, Core Web Vitals.
API design, data modeling, service boundaries, error handling patterns.
Offline-first patterns, push notifications, app store requirements, native UX conventions.
ML pipeline design, model evaluation strategy, data validation, training infrastructure.
Infrastructure, CI/CD, containerization, cloud deployment, monitoring setup.
Schema design, query optimization, indexing strategy, migration planning, N+1 prevention.
REST/GraphQL design, versioning strategy, contract design, backward compatibility.
System design, service topology, cross-cutting concerns, architectural trade-off analysis.
Testing strategy, coverage targets, E2E planning, regression risk assessment.
Threat modeling, secure code patterns, auth architecture, secrets management, vulnerability triage.
Data pipeline design, schema evolution, transformation testing, data contract governance.
Reliability engineering, SLO definition, incident response, observability, runbook design.
API documentation, developer guides, changelog quality, README clarity, onboarding effectiveness.
User flows, information architecture, interaction design patterns, usability heuristics.
Mandatory checks before feature completion or phase transition. Output: PASS / ADVISORY / FAIL. Only FAIL blocks release — and a human must explicitly acknowledge it.
OWASP top 10, auth vulnerabilities, secrets management, injection risks, secure defaults.
Package vulnerabilities, license compliance, outdated dependencies, supply chain risk.
Load time, query efficiency, caching strategy, bundle size, bottleneck identification.
WCAG 2.1 AA compliance, screen reader compatibility, keyboard navigation, color contrast.
Breaking change detection, versioning compliance, backward compatibility assessment.
GDPR compliance, PII handling, data retention policies, consent flows, data minimization.
IAM roles, network exposure, secrets rotation, container security, cloud misconfiguration.
Certificate pinning, secure local storage, biometric auth, runtime protection, deep link safety.
Live-site visual regression, layout fidelity, cross-browser rendering, responsive breakpoints.
Specialized knowledge for specific project domains. Auto-activated when the matching domain is detected in your architecture. Advisory output.
Cart flow design, inventory sync patterns, pricing matrix logic, checkout conversion.
Subscription lifecycle, usage metering, upgrade/downgrade flows, dunning, proration.
Model metrics, A/B evaluation, rollout strategy, drift detection, evaluation harness design.
Enterprise system integration patterns, data sync strategy, API governance, enterprise auth.
ETL patterns, transformation testing, schema evolution, data contract design.
Content modeling, editorial workflows, multi-tenancy patterns, headless API design.
WebSocket patterns, event ordering guarantees, consistency models, presence systems.
Landing page conversion optimization, analytics instrumentation, SEO fundamentals.
Not every issue should stop the build. Scaffold OS makes a formal distinction between advisory signals (for human judgment) and blocking gates (where failure requires human acknowledgment before proceeding).
These reviews surface information. The developer decides what to act on. No build is blocked by advisory output.
These are structural checks. FAIL does not just flag — it prevents release. A human must explicitly acknowledge the FAIL to proceed.
When your project type is detected, one of these profiles is selected. Each profile determines which domain skills activate for your session. Click to expand patterns.
SaaS product, web application, or REST/GraphQL API service.
20 skills activeiOS, Android, or cross-platform mobile application.
16 skills activeEnterprise platform built on or integrated with Salesforce, SAP, or ServiceNow.
18 skills activeLLM application, multi-agent architecture, or ML model pipeline.
15 skills activeDevOps platform, infrastructure-as-code, or cloud infrastructure project.
14 skills activeAnalytics engineering, data warehouse, or ETL/ELT pipeline project.
13 skills activeEcommerce store, marketplace, or commerce platform.
15 skills activeContent management system, headless CMS, or content-driven platform.
12 skills activeMarketing website, product landing page, or launch site.
8 skills activeWorkflow automation platform or multi-system integration project.
10 skills activeExisting codebase being reverse-engineered, retrofitted, or migrated.
9 skills activeBrowse all 1,300+ indexed skills organized by domain, filtered by tier — or see how skills integrate into the build protocol.