Three skills that supercharge Claude Code: multi-model consultations, persistent company memory, and automated security analysis. All integrated through ~/.claude/CLAUDE.md with 7 mandatory rules that fire automatically.
| Skill | What It Does | Trigger |
|---|---|---|
| Council | Get second opinions from GPT, Gemini, and 200+ models via OpenRouter | "ask Gemini", "get a second opinion", auto on 2 failed bug fixes, auto on plan validation |
| Company Memory | Persistent knowledge base across all projects via Supermemory | Auto before planning any new build, "remember this", "what do we use for" |
| Security | Trail of Bits security analysis — code review, static analysis, supply chain auditing | "security review", auto when writing auth/crypto/SQL code |
The skills are interconnected through 7 rules in ~/.claude/CLAUDE.md:
New Build → Rule 3: Query company memory → Rule 4: Detect synergies
→ Rule 2: Validate plan with council (Gemini + Codex)
→ Rule 7: Security review on sensitive code → Council validates Critical/High fixes
→ Rule 5: Store new conventions → Rule 6: Store build summary
→ Rule 1: Auto-consult council after 2 failed bug fixes
Get second opinions from competing AI models without leaving Claude Code. One OpenRouter API key, every model.
# Extract the skill
unzip council.skill -d ~/.claude/skills/
# Add your OpenRouter API key to ~/.env
OPENROUTER_API_KEY=sk-or-your-key-hereGet a free key at openrouter.ai/keys.
This creates:
~/.claude/skills/council/
├── SKILL.md # Skill definition + workflows
├── references/
│ └── council_config.json # Model routing config
└── scripts/
└── council.py # OpenRouter API script
1. Auto-routed — Say "get a second opinion on this bug" and Claude picks the best model based on the task category (bug fix → Codex, frontend → Gemini, architecture → Claude, etc.)
2. Explicit — Name a model: "ask Gemini about this", "ask Codex", "what would GPT say"
3. Fan-out — "Get a few opinions" sends to all council models and returns each response
You don't need to remember full model IDs. These aliases auto-resolve to the current flagship:
| Alias | Resolves To |
|---|---|
gemini, google, bard |
Google's latest flagship (e.g., google/gemini-3.1-pro-preview) |
gpt, codex, openai, chatgpt |
OpenAI's latest flagship (e.g., openai/gpt-5.3-codex) |
claude, anthropic |
Anthropic's latest flagship |
Bug Fix Guardrail (Rule 1) — If Claude fails to fix the same bug twice, it automatically consults both Gemini and Codex before trying a 3rd time. No trigger phrase needed — it fires on its own.
Plan Validation (Rule 2) — When Claude drafts a plan in plan mode, it automatically validates the plan with both Gemini and Codex before presenting it to you. The plan is revised with the best feedback before you see it.
# Consult a model by alias
python council.py consult --model gemini --context "your question"
# Consult by category (auto-routes to best model)
python council.py consult --category bug_fix --context "describe the bug"
# Fan-out to all council models
python council.py consult --fan-out --context "your question"
# See available models on OpenRouter
python council.py models
python council.py models --provider google
# Auto-update flagship models to the latest available
python council.py update
# Show current config
python council.py configModel IDs go stale as providers release new versions. Run the update command to auto-discover the latest flagships:
python council.py updateThis queries OpenRouter's model catalog, finds the best model per provider, and updates council_config.json — including all defaults and the fan-out list.
When Claude auto-routes (no model specified), it classifies the task:
| Category | Routes To | Trigger Keywords |
|---|---|---|
bug_fix |
OpenAI Codex | bug, fix, error, crash, debug, broken |
frontend |
Gemini Pro | UI, UX, design, CSS, React, component |
architecture |
Claude Opus | architecture, system design, schema, scale |
refactor |
OpenAI Codex | refactor, clean up, optimize, simplify |
general |
Gemini Pro | (default fallback) |
quick_check |
Gemini Flash | quick, fast, simple, verify |
Config lives at references/council_config.json. You can customize:
- providers — Add/remove providers, update flagship model IDs, add aliases
- defaults — Map task categories to specific models
- fan_out — Which models to query for multi-opinion mode
- categories — Task categories with keyword triggers for auto-routing
Persistent company-wide knowledge base that ensures architectural consistency across all AI and automation projects. Powered by Supermemory.
# The skill is at ~/.claude/skills/supermemory/
# Add your Supermemory API key to ~/.env
SUPERMEMORY_API_KEY=sm_your-key-hereGet a key at console.supermemory.ai.
Pre-Planning (Rule 3) — Before planning ANY new build, Claude automatically queries company memory for existing projects, tech stack decisions, and conventions. Ensures every new build aligns with what's already been built.
Synergy Detection (Rule 4) — After querying memory, Claude compares the new build against all known projects. Flags data flow opportunities, shared components, workflow chaining, and feature unlocking.
Convention Capture (Rule 5) — When you state a new convention or architectural decision, Claude immediately stores it in company memory. No manual action needed.
Post-Build Storage (Rule 6) — After completing a build, Claude asks to store a structured summary (tech stack, APIs exposed, data produced/consumed, entry points) so future builds can reference it.
# Search company memory
python ~/.claude/skills/supermemory/scripts/company_memory.py query --q "What framework do we use for web apps?"
# Get full company profile
python ~/.claude/skills/supermemory/scripts/company_memory.py profile
# Store new knowledge
python ~/.claude/skills/supermemory/scripts/company_memory.py store \
--content "We use Next.js 15 with App Router for all web projects" \
--container company \
--type stack
# List stored documents
python ~/.claude/skills/supermemory/scripts/company_memory.py list --container company
# Validate setup
python ~/.claude/skills/supermemory/scripts/company_memory.py doctor| Container | Purpose | When to use |
|---|---|---|
company |
Company-wide profile | Tech stack, team size, products, general context |
conventions |
Coding standards | Naming patterns, framework choices, style rules |
decisions |
Architectural decisions | Why we chose X over Y, ADRs |
project_{name} |
Per-project knowledge | After completing or reviewing a project |
Unified security analysis powered by Trail of Bits skills. One trigger, full coverage.
The security skill is a wrapper that orchestrates Trail of Bits plugins:
# The wrapper skill
~/.claude/skills/security/SKILL.md
# Trail of Bits plugins (installed as a marketplace)
~/.claude/plugins/marketplaces/skills/plugins/| Sub-Skill | Purpose | When It's Used |
|---|---|---|
| differential-review | Security-focused code review with risk classification | Default for any code change touching sensitive areas |
| audit-context-building | Deep architectural analysis using first-principles methodology | Exploring unfamiliar code before making security changes |
| static-analysis | CodeQL, Semgrep, and SARIF integration | When static analysis rules are available for the language |
| supply-chain-risk-auditor | Dependency exploitation and takeover risk assessment | Adding or updating dependencies |
Say any of these:
- "Run the security skill on this code"
- "Security review these changes"
- "Check for vulnerabilities"
- "Audit this code"
- "Is this secure?"
Auto-triggers when writing or modifying code that handles:
- Authentication or authorization
- Cryptography or hashing
- Raw user input parsing
- SQL/database queries
- File system access with user-controlled paths
- External API credentials or secrets
Does NOT trigger on trivial frontend changes, read-only display components, test mocks, or non-security config changes.
| Severity | Action Required |
|---|---|
| Critical | Council validation (Gemini + Codex) + immediate fix |
| High | Council validation + fix in same session |
| Medium | Fix recommended, no council needed |
| Low | Note in report, fix optional |
- Council: Validates Critical/High security fixes with Gemini + Codex before applying
- Supermemory: Cross-references findings against past company vulnerabilities
- security-guidance plugin: Remains as baseline OWASP hook — the security skill provides deeper analysis on top
Installed but not in the default workflow. Invoke explicitly:
- insecure-defaults — "Check for insecure defaults"
- seatbelt-sandboxer — "Sandbox this"
- sharp-edges — "Check for sharp edges"
All 7 rules are defined in ~/.claude/CLAUDE.md and fire automatically:
| Rule | Trigger | What Happens |
|---|---|---|
| 1. Bug Fix Guardrail | 2 failed fix attempts | Council fan-out to Gemini + Codex before 3rd attempt |
| 2. Plan Validation | Plan drafted in plan mode | Council fan-out validates plan before finalizing |
| 3. Pre-Planning | Any new build starts | Query company memory for context and alignment |
| 4. Synergy Detection | After Rule 3 | Compare against all known projects, flag integrations |
| 5. Convention Capture | User states a convention | Immediately store in company memory |
| 6. Post-Build Storage | Build completed | Ask to store structured project summary |
| 7. Security Review | Auth/crypto/SQL code touched | Trail of Bits review + council for Critical/High |
- Python 3.8+
- An OpenRouter API key (free to create, pay-per-use) — for Council
- A Supermemory API key — for Company Memory
- Claude Code CLI or VSCode extension