What Claude skills are (and what they are not)
A skill is a folder with a SKILL.mdfile inside it. That file teaches Claude how to do one job well: structure a Terraform module, harden a Kubernetes manifest, or design an alerting strategy that does not cry wolf. The clever part is progressive disclosure. Claude only loads the skill's name and one-line description until your task actually matches it. So you can install thirty skills and pay almost no context cost until the moment one is needed.
People confuse skills with two neighbouring things, so it is worth being exact. Skills teach. MCP servers connect. Slash commands trigger. A skill is knowledge and procedure. An MCP server is a live connection to an external system: your cluster, your cloud account, your GitHub org. It gives Claude real data and actions. A slash command is a prompt template you fire manually. For DevOps work you will usually pair the two: a skill for the patterns, a connection (the gh CLI, kubectl, a cloud MCP server) for the live state.
How to install any of these (one pattern, not ten)
Every skill below installs the same way, so here is the pattern once. The modern route is plugin marketplaces. Inside Claude Code:
# Add the marketplace, then install the skill
/plugin marketplace add <github-owner/repo>
/plugin install <skill-name>You can also install by hand. Clone or copy the skill folder into .claude/skills/ in your project for one repo, or ~/.claude/skills/ to make it available everywhere, then reload Claude Code. That is the whole mechanism. For the rest of this guide we focus on what each skill is good for, not on repeating install steps.
The 10 best Claude skills for DevOps engineers
Ranked by a blend of trust (first-party beats anonymous), usefulness for real infrastructure work, and how actively maintained the skill is in mid-2026. Star counts on monorepos are repo-wide, not per-skill, and we have flagged licensing honestly. "No SPDX license declared" means it is not formally open source, so treat it accordingly.
1. HashiCorp agent-skills: Terraform from the source
Source: hashicorp/agent-skills · Stars: ~700 · Licence: MPL-2.0 · Updated: July 2026 · Best for: Terraform written the way HashiCorp writes it
HashiCorp publishes its own skill collection for Claude Code, and for Terraform work it is the obvious starting point. The set covers Terraform code generation, module generation, provider development and Packer image building, each installable as a separate plugin (for example terraform-code-generation@hashicorp). What you are really installing is HashiCorp's own style guide, testing conventions and CI/CD integration patterns, encoded so Claude stops writing plausible-but-wrong HCL. If your infrastructure lives in Terraform, start here.
2. kubernetes-patterns: manifests you would actually apply
Source: affaan-m/everything-claude-code · Stars: ~228k (repo-wide) · Licence: MIT · Updated: July 2026 · Best for: Production-grade manifests, probes, RBAC and kubectl debugging
From the most-starred Claude skills monorepo in the ecosystem, this skill gives Claude production-grade Kubernetes defaults: Deployment, Service and Ingress manifests with resource requests and limits, liveness and readiness probes, RBAC, ConfigMap and Secret handling, HPA autoscaling and kubectl debug workflows. It activates on any Kubernetes, Helm or kubectl trigger phrase. The difference between raw Claude and Claude with this skill is the difference between a manifest that runs and a manifest you would let near production.
3. docker-patterns: containers with the sharp edges filed off
Source: affaan-m/everything-claude-code · Stars: ~228k (repo-wide) · Licence: MIT · Updated: July 2026 · Best for: Multi-stage Dockerfiles and container security defaults
The companion container skill from the same monorepo. It covers multi-stage Dockerfiles with separate dev and prod targets, Docker Compose for local development, multi-container networking and volume strategies, and the security defaults that audits look for: non-root users, read-only filesystems, image scanning. If your team's Dockerfiles are copy-pasted folklore from 2022, this quietly modernises every container Claude touches.
4. antonbabenko/terraform-skill: the operator's Terraform brain
Source: antonbabenko/terraform-skill · Stars: ~2.2k · Licence: Apache-2.0 · Updated: July 2026 · Best for: Real-world Terraform patterns, testing and OpenTofu
Anton Babenko maintains terraform-best-practices.com and some of the most-used community modules in the registry, and this skill distils those patterns into version-controlled AI instructions: module structure, testing with Terratest, CI/CD integration, OpenTofu compatibility and the production anti-patterns to avoid. It is complementary to the HashiCorp skill rather than a rival: HashiCorp covers style, this covers the operational scar tissue. Pick one as your default; running both mostly duplicates context.
5. cc-devops-skills: 31 skills, every config format you own
Source: akin-ozer/cc-devops-skills · Stars: ~270 · Licence: Apache-2.0 · Updated: July 2026 · Best for: Generator + validator pairs across the whole toolchain
The most comprehensive all-in-one DevOps pack currently available: 31 skills in generator and validator pairs covering Ansible, Azure Pipelines, Bash, Dockerfiles, GitHub Actions, GitLab CI, Helm, Jenkins, Kubernetes YAML, Prometheus and PromQL, Terraform, Terragrunt, Fluent Bit, Loki and Makefiles, plus a dedicated k8s-debug troubleshooter. The pairing is the point: each generator scaffolds a production-ready config, and its validator lint-checks, security-scans and dry-runs the result. That validator half is exactly what catches AI-generated config drift before it reaches a cluster.
6. sre-engineer: reliability as a practice, not a vibe
Source: Jeffallan/claude-skills · Stars: ~10.5k (repo-wide) · Licence: MIT · Updated: July 2026 · Best for: SLOs, error budgets, incident response and runbooks
This one moves you from "we monitor things" to a formal reliability practice. It defines SLIs and SLOs, writes error budget policies, designs incident response procedures, builds capacity models and generates Prometheus alerting configs, and it covers chaos engineering, toil reduction and on-call runbook generation. If you have been meaning to introduce SLOs for two years, installing this and asking Claude to draft them for one service is the fastest honest start.
7. monitoring-expert: the full observability triad
Source: Jeffallan/claude-skills · Stars: ~10.5k (repo-wide) · Licence: MIT · Updated: July 2026 · Best for: Prometheus, Grafana, logging and tracing in one skill
From the same monorepo as sre-engineer, this skill covers metrics, logs and traces in one place: Prometheus and Grafana stack configuration, structured logging pipelines, dashboards and alerting rules, and distributed tracing instrumentation. It also handles load testing with k6 or Artillery, profiling and capacity forecasting. Pair it with sre-engineer: one decides what reliability means, the other wires up the evidence.
8. deployment-patterns: releases that do not need a war room
Source: affaan-m/everything-claude-code · Stars: ~228k (repo-wide) · Licence: MIT · Updated: July 2026 · Best for: CI/CD, blue-green and canary release strategies
The glue skill for shipping: CI/CD pipeline setup, Dockerisation, blue-green, canary and rolling deployment strategies, health check and readiness probe configuration, environment-specific settings and production readiness checklists. It works alongside the Kubernetes and Terraform skills when you are building a complete release pipeline rather than a single config file.
9. github-ops: repo hygiene on autopilot
Source: affaan-m/everything-claude-code · Stars: ~228k (repo-wide) · Licence: MIT · Updated: July 2026 · Best for: Repo health, PR hygiene and CI status via the gh CLI
This skill manages the operational layer of GitHub through the gh CLI: issue triage, PR merge readiness, CI status checks, release management, stale-branch cleanup and security monitoring. It earns its place for DevOps engineers who own repo health and pipeline hygiene across multiple teams, where the work is real but nobody budgets time for it.
10. aws-cost-optimization: the FinOps sweep
Source: ahmedasmar/devops-claude-skills · Stars: ~190 · Licence: No SPDX license declared · Updated: July 2026 · Best for: FinOps sweeps across EC2, RDS, EBS, S3 and Cost Explorer
Six automated analysis scripts targeting EC2, RDS, EBS, S3, CloudWatch and Cost Explorer: unused resources, Reserved Instance opportunities, cost anomalies, Spot evaluation and a monthly report template. Users report it surfacing real savings on the first run. One honest caveat earns it last place despite the usefulness: the repo declares no licence and has a small community, so read every script before running it against your AWS account. It is also the entry where the security section below matters most.
Worth watching (and what we left off)
A few skills nearly made the cut. microservices-architect (same Jeffallan monorepo, MIT) designs bounded-context decomposition and event-driven communication patterns, but skews toward architects rather than practising DevOps engineers. k8s-troubleshooter (ahmedasmar/devops-claude-skills) is a genuinely useful cluster-health playbook that overlaps heavily with the Kubernetes skills already listed. And vercel-labs/agent-skills ships first-party deployment and optimisation skills that are excellent if your stack is Vercel-hosted, but too narrow for a general DevOps list.
A word on security before you install anything
Skills are code, and this warning carries extra weight for this audience. A SKILL.mdcan contain prompt-injection instructions, and any script a skill bundles runs with your agent's permissions: on a DevOps workstation that can mean AWS credentials, kubeconfigs and Vault tokens. Snyk's 2026 ToxicSkills research catalogued thousands of skills and found 36.8% had at least one security flaw and 13.4% had a critical-level issue, with roughly one in nine containing hardcoded or exposed secrets and 91% of confirmed malicious skills using prompt injection.
Read the SKILL.md and any bundled scripts yourself. Do not blind-install. Prefer first-party and high-credibility authors (HashiCorp, Anthropic, Vercel, Anton Babenko). Check the licence and recent commit activity, and be especially wary of unlicensed, low-star repos and skills that fetch external content at runtime. Reduce blast radius: run cloud-touching skills against a sandbox account first, and disable MCP servers and integrations you are not actively using, because a skill can only reach what you have left switched on.
How to actually use these together
You do not need all ten. Anthropic's own guidance suggests meaningful skill sets top out around eight to twelve before context costs bite. The strongest loadout for most DevOps engineers is six skills covering the whole pipeline:
- One Terraform skill: HashiCorp's official set or Anton Babenko's, not both.
- kubernetes-patterns + docker-patterns so containers and clusters get production defaults.
- deployment-patterns to wire the release pipeline around them.
- sre-engineer + monitoring-expert so what you ship is measured, alerted and recoverable.
Add cc-devops-skills when you want validators for every config format you own, and the FinOps skill for a quarterly cost sweep from a sandboxed account. That is the playbook: provision, containerise, ship, observe.
The short version
Skills are the difference between an AI that produces plausible YAML and one that produces infrastructure you can defend in a post-incident review. If you install nothing else today, install one Terraform skill and the Kubernetes and Docker patterns, and read their SKILL.md files first. Validate everything AI-generated with terraform plan and a dry run before it touches a cluster. The ecosystem moves fast; the principle does not. Constrain the model with good skills and you get fewer surprises and fewer pages. If your team also owns the frontend, our companion guide covers the top Claude skills for UI/UX engineers.
Sources
- Stack Overflow. Developer Survey: AI. survey.stackoverflow.co/2025/ai
- Snyk (2026). ToxicSkills: malicious AI agent skills. snyk.io/blog/toxicskills-malicious-ai-agent-skills-clawhub
- Anthropic. Claude Code skills documentation. code.claude.com/docs/en/skills
- Repositories referenced above: hashicorp/agent-skills, affaan-m/everything-claude-code, antonbabenko/terraform-skill, akin-ozer/cc-devops-skills, Jeffallan/claude-skills and ahmedasmar/devops-claude-skills. Star counts and dates verified July 2026.