Top Claude Skills for DevOps Engineers (2026 Guide)

Claude Code can already write a Dockerfile. The hard part is getting it to write the Dockerfile your production cluster deserves: non-root, multi-stage, scanned, and deployed through a pipeline that will not page you at 3am. That is what skills are for. Here are the ten best Claude skills for DevOps and platform engineers right now: what each one does, who it suits, and how to install them without handing your cloud credentials to a stranger.

84%
of developers are using or plan to use AI tools in their workflow
Stack Overflow Developer Survey
First party
HashiCorp now ships its own official Terraform skills for Claude Code
hashicorp/agent-skills, 2026
36.8%
of catalogued skills had at least one security flaw, so read before you install
Snyk ToxicSkills research, 2026
~1 in 9
catalogued skills contained hardcoded or exposed secrets: a real risk on a credential-heavy DevOps workstation
Snyk ToxicSkills research, 2026

What Claude skills are (and what they are not)

A skill is a folder with a SKILL.mdfile inside it. That file teaches Claude how to do one job well: structure a Terraform module, harden a Kubernetes manifest, or design an alerting strategy that does not cry wolf. The clever part is progressive disclosure. Claude only loads the skill's name and one-line description until your task actually matches it. So you can install thirty skills and pay almost no context cost until the moment one is needed.

People confuse skills with two neighbouring things, so it is worth being exact. Skills teach. MCP servers connect. Slash commands trigger. A skill is knowledge and procedure. An MCP server is a live connection to an external system: your cluster, your cloud account, your GitHub org. It gives Claude real data and actions. A slash command is a prompt template you fire manually. For DevOps work you will usually pair the two: a skill for the patterns, a connection (the gh CLI, kubectl, a cloud MCP server) for the live state.

How to install any of these (one pattern, not ten)

Every skill below installs the same way, so here is the pattern once. The modern route is plugin marketplaces. Inside Claude Code:

# Add the marketplace, then install the skill
/plugin marketplace add <github-owner/repo>
/plugin install <skill-name>

You can also install by hand. Clone or copy the skill folder into .claude/skills/ in your project for one repo, or ~/.claude/skills/ to make it available everywhere, then reload Claude Code. That is the whole mechanism. For the rest of this guide we focus on what each skill is good for, not on repeating install steps.

The 10 best Claude skills for DevOps engineers

Ranked by a blend of trust (first-party beats anonymous), usefulness for real infrastructure work, and how actively maintained the skill is in mid-2026. Star counts on monorepos are repo-wide, not per-skill, and we have flagged licensing honestly. "No SPDX license declared" means it is not formally open source, so treat it accordingly.

1. HashiCorp agent-skills: Terraform from the source

Official · first party · MPL-2.0

Source: hashicorp/agent-skills · Stars: ~700 · Licence: MPL-2.0 · Updated: July 2026 · Best for: Terraform written the way HashiCorp writes it

HashiCorp publishes its own skill collection for Claude Code, and for Terraform work it is the obvious starting point. The set covers Terraform code generation, module generation, provider development and Packer image building, each installable as a separate plugin (for example terraform-code-generation@hashicorp). What you are really installing is HashiCorp's own style guide, testing conventions and CI/CD integration patterns, encoded so Claude stops writing plausible-but-wrong HCL. If your infrastructure lives in Terraform, start here.

2. kubernetes-patterns: manifests you would actually apply

Community · MIT · very popular monorepo

Source: affaan-m/everything-claude-code · Stars: ~228k (repo-wide) · Licence: MIT · Updated: July 2026 · Best for: Production-grade manifests, probes, RBAC and kubectl debugging

From the most-starred Claude skills monorepo in the ecosystem, this skill gives Claude production-grade Kubernetes defaults: Deployment, Service and Ingress manifests with resource requests and limits, liveness and readiness probes, RBAC, ConfigMap and Secret handling, HPA autoscaling and kubectl debug workflows. It activates on any Kubernetes, Helm or kubectl trigger phrase. The difference between raw Claude and Claude with this skill is the difference between a manifest that runs and a manifest you would let near production.

3. docker-patterns: containers with the sharp edges filed off

Community · MIT · very popular monorepo

Source: affaan-m/everything-claude-code · Stars: ~228k (repo-wide) · Licence: MIT · Updated: July 2026 · Best for: Multi-stage Dockerfiles and container security defaults

The companion container skill from the same monorepo. It covers multi-stage Dockerfiles with separate dev and prod targets, Docker Compose for local development, multi-container networking and volume strategies, and the security defaults that audits look for: non-root users, read-only filesystems, image scanning. If your team's Dockerfiles are copy-pasted folklore from 2022, this quietly modernises every container Claude touches.

4. antonbabenko/terraform-skill: the operator's Terraform brain

Community · Apache-2.0 · credible author

Source: antonbabenko/terraform-skill · Stars: ~2.2k · Licence: Apache-2.0 · Updated: July 2026 · Best for: Real-world Terraform patterns, testing and OpenTofu

Anton Babenko maintains terraform-best-practices.com and some of the most-used community modules in the registry, and this skill distils those patterns into version-controlled AI instructions: module structure, testing with Terratest, CI/CD integration, OpenTofu compatibility and the production anti-patterns to avoid. It is complementary to the HashiCorp skill rather than a rival: HashiCorp covers style, this covers the operational scar tissue. Pick one as your default; running both mostly duplicates context.

5. cc-devops-skills: 31 skills, every config format you own

Community · Apache-2.0

Source: akin-ozer/cc-devops-skills · Stars: ~270 · Licence: Apache-2.0 · Updated: July 2026 · Best for: Generator + validator pairs across the whole toolchain

The most comprehensive all-in-one DevOps pack currently available: 31 skills in generator and validator pairs covering Ansible, Azure Pipelines, Bash, Dockerfiles, GitHub Actions, GitLab CI, Helm, Jenkins, Kubernetes YAML, Prometheus and PromQL, Terraform, Terragrunt, Fluent Bit, Loki and Makefiles, plus a dedicated k8s-debug troubleshooter. The pairing is the point: each generator scaffolds a production-ready config, and its validator lint-checks, security-scans and dry-runs the result. That validator half is exactly what catches AI-generated config drift before it reaches a cluster.

6. sre-engineer: reliability as a practice, not a vibe

Community · MIT · popular monorepo

Source: Jeffallan/claude-skills · Stars: ~10.5k (repo-wide) · Licence: MIT · Updated: July 2026 · Best for: SLOs, error budgets, incident response and runbooks

This one moves you from "we monitor things" to a formal reliability practice. It defines SLIs and SLOs, writes error budget policies, designs incident response procedures, builds capacity models and generates Prometheus alerting configs, and it covers chaos engineering, toil reduction and on-call runbook generation. If you have been meaning to introduce SLOs for two years, installing this and asking Claude to draft them for one service is the fastest honest start.

7. monitoring-expert: the full observability triad

Community · MIT · popular monorepo

Source: Jeffallan/claude-skills · Stars: ~10.5k (repo-wide) · Licence: MIT · Updated: July 2026 · Best for: Prometheus, Grafana, logging and tracing in one skill

From the same monorepo as sre-engineer, this skill covers metrics, logs and traces in one place: Prometheus and Grafana stack configuration, structured logging pipelines, dashboards and alerting rules, and distributed tracing instrumentation. It also handles load testing with k6 or Artillery, profiling and capacity forecasting. Pair it with sre-engineer: one decides what reliability means, the other wires up the evidence.

8. deployment-patterns: releases that do not need a war room

Community · MIT · very popular monorepo

Source: affaan-m/everything-claude-code · Stars: ~228k (repo-wide) · Licence: MIT · Updated: July 2026 · Best for: CI/CD, blue-green and canary release strategies

The glue skill for shipping: CI/CD pipeline setup, Dockerisation, blue-green, canary and rolling deployment strategies, health check and readiness probe configuration, environment-specific settings and production readiness checklists. It works alongside the Kubernetes and Terraform skills when you are building a complete release pipeline rather than a single config file.

9. github-ops: repo hygiene on autopilot

Community · MIT · very popular monorepo

Source: affaan-m/everything-claude-code · Stars: ~228k (repo-wide) · Licence: MIT · Updated: July 2026 · Best for: Repo health, PR hygiene and CI status via the gh CLI

This skill manages the operational layer of GitHub through the gh CLI: issue triage, PR merge readiness, CI status checks, release management, stale-branch cleanup and security monitoring. It earns its place for DevOps engineers who own repo health and pipeline hygiene across multiple teams, where the work is real but nobody budgets time for it.

10. aws-cost-optimization: the FinOps sweep

Community · unlicensed · audit before use

Source: ahmedasmar/devops-claude-skills · Stars: ~190 · Licence: No SPDX license declared · Updated: July 2026 · Best for: FinOps sweeps across EC2, RDS, EBS, S3 and Cost Explorer

Six automated analysis scripts targeting EC2, RDS, EBS, S3, CloudWatch and Cost Explorer: unused resources, Reserved Instance opportunities, cost anomalies, Spot evaluation and a monthly report template. Users report it surfacing real savings on the first run. One honest caveat earns it last place despite the usefulness: the repo declares no licence and has a small community, so read every script before running it against your AWS account. It is also the entry where the security section below matters most.

Worth watching (and what we left off)

A few skills nearly made the cut. microservices-architect (same Jeffallan monorepo, MIT) designs bounded-context decomposition and event-driven communication patterns, but skews toward architects rather than practising DevOps engineers. k8s-troubleshooter (ahmedasmar/devops-claude-skills) is a genuinely useful cluster-health playbook that overlaps heavily with the Kubernetes skills already listed. And vercel-labs/agent-skills ships first-party deployment and optimisation skills that are excellent if your stack is Vercel-hosted, but too narrow for a general DevOps list.

A word on security before you install anything

Skills are code, and this warning carries extra weight for this audience. A SKILL.mdcan contain prompt-injection instructions, and any script a skill bundles runs with your agent's permissions: on a DevOps workstation that can mean AWS credentials, kubeconfigs and Vault tokens. Snyk's 2026 ToxicSkills research catalogued thousands of skills and found 36.8% had at least one security flaw and 13.4% had a critical-level issue, with roughly one in nine containing hardcoded or exposed secrets and 91% of confirmed malicious skills using prompt injection.

Before you install

Read the SKILL.md and any bundled scripts yourself. Do not blind-install. Prefer first-party and high-credibility authors (HashiCorp, Anthropic, Vercel, Anton Babenko). Check the licence and recent commit activity, and be especially wary of unlicensed, low-star repos and skills that fetch external content at runtime. Reduce blast radius: run cloud-touching skills against a sandbox account first, and disable MCP servers and integrations you are not actively using, because a skill can only reach what you have left switched on.

How to actually use these together

You do not need all ten. Anthropic's own guidance suggests meaningful skill sets top out around eight to twelve before context costs bite. The strongest loadout for most DevOps engineers is six skills covering the whole pipeline:

  1. One Terraform skill: HashiCorp's official set or Anton Babenko's, not both.
  2. kubernetes-patterns + docker-patterns so containers and clusters get production defaults.
  3. deployment-patterns to wire the release pipeline around them.
  4. sre-engineer + monitoring-expert so what you ship is measured, alerted and recoverable.

Add cc-devops-skills when you want validators for every config format you own, and the FinOps skill for a quarterly cost sweep from a sandboxed account. That is the playbook: provision, containerise, ship, observe.

The short version

Skills are the difference between an AI that produces plausible YAML and one that produces infrastructure you can defend in a post-incident review. If you install nothing else today, install one Terraform skill and the Kubernetes and Docker patterns, and read their SKILL.md files first. Validate everything AI-generated with terraform plan and a dry run before it touches a cluster. The ecosystem moves fast; the principle does not. Constrain the model with good skills and you get fewer surprises and fewer pages. If your team also owns the frontend, our companion guide covers the top Claude skills for UI/UX engineers.

Sources

  1. Stack Overflow. Developer Survey: AI. survey.stackoverflow.co/2025/ai
  2. Snyk (2026). ToxicSkills: malicious AI agent skills. snyk.io/blog/toxicskills-malicious-ai-agent-skills-clawhub
  3. Anthropic. Claude Code skills documentation. code.claude.com/docs/en/skills
  4. Repositories referenced above: hashicorp/agent-skills, affaan-m/everything-claude-code, antonbabenko/terraform-skill, akin-ozer/cc-devops-skills, Jeffallan/claude-skills and ahmedasmar/devops-claude-skills. Star counts and dates verified July 2026.

Claude Skills for DevOps Engineers: Frequently Asked Questions

A Claude skill is a folder containing a SKILL.md file (plus any optional scripts or reference docs) that teaches Claude Code how to do a specific job, for example generate production-grade Terraform or debug a failing Kubernetes pod. Claude only loads a skill's name and description until your task matches it, so you can install dozens of skills without filling up the context window. The same SKILL.md format also works in Codex, Cursor and Gemini CLI.

Skills teach, MCP connects. A skill is bundled knowledge and procedure: how to structure a Terraform module, what a sane liveness probe looks like. An MCP server is a live connection to an external system such as your Kubernetes cluster, AWS account or GitHub org, giving Claude real data and actions. In practice DevOps engineers combine both: a Terraform skill for the patterns, plus the gh CLI or a cloud MCP server for the live state.

A practical six-skill loadout covers the full pipeline: the kubernetes-patterns, docker-patterns and deployment-patterns trio from everything-claude-code, ONE Terraform skill (HashiCorp's official plugin set or Anton Babenko's terraform-skill, not both), plus sre-engineer and monitoring-expert for reliability and observability. That covers infrastructure, containers, releases and monitoring without context bloat.

Treat them as untrusted code, and be stricter than most developers need to be: a DevOps workstation typically holds AWS credentials, kubeconfigs and Vault tokens, so the blast radius is bigger. Snyk's 2026 ToxicSkills research found 36.8% of catalogued skills had at least one security flaw, 13.4% had a critical-level issue, and roughly one in nine contained hardcoded or exposed secrets. Read every SKILL.md and bundled script before installing, prefer first-party or high-credibility authors, and be wary of unlicensed, low-star repos.

The modern way is through plugin marketplaces: run "/plugin marketplace add <github-repo>" inside Claude Code, then "/plugin install <skill-name>". You can also install manually by cloning the skill folder into ".claude/skills/" in your project (or "~/.claude/skills/" for global use). Restart or reload Claude Code and the skill becomes available.

Anton Babenko's terraform-skill explicitly covers OpenTofu compatibility alongside Terraform, and most generated HCL is valid in both. HashiCorp's official agent-skills target Terraform itself. Whichever you use, always run terraform plan (or tofu plan) and validate generated manifests before applying: AI-generated infrastructure code can drift from your locked provider versions.

Want your team using Claude Code properly?

We run hands-on Claude Code trainingfor engineering teams: skills, agentic workflows, and how to ship AI-assisted infrastructure safely. Book a free 45-minute call and we'll map the fastest path for your team.

Book a free call →