Ygggarrytan/gstack
↗ GitHubUse Garry Tan's exact Claude Code setup: 23 opinionated tools that serve as CEO, Designer, Eng Manager, Release Manager, Doc Engineer, and QA
62,625
Stars
8,371
Forks
364
Watchers
302
Open Issues
Safety Rating A
The repository is a legitimate, high-profile open source project attributed to Garry Tan (President & CEO of Y Combinator) with 62K+ stars. The only security note is an intentionally committed Supabase publishable/anon key for opt-in telemetry, which the README transparently documents and justifies with RLS protections — this is a common pattern analogous to a Firebase API key and does not represent a meaningful secret exposure. No malicious code patterns, obfuscation, data exfiltration logic, or dependency vulnerabilities are apparent from the repository metadata and README content. The project is MIT licensed and the telemetry is explicitly opt-in with a clear opt-out mechanism.
ℹAI-assisted review, not a professional security audit.
AI Analysis
gstack is a collection of 23+ opinionated Claude Code slash-command skills that transform a single AI coding session into a structured virtual engineering team. Each skill plays a defined specialist role — CEO, Eng Manager, Senior Designer, Staff Engineer, QA Lead, Chief Security Officer, Release Engineer, etc. — and is designed to run in a sequential sprint workflow (Think → Plan → Build → Review → Test → Ship → Reflect). Skills are implemented as Markdown SKILL.md files with a TypeScript/Bun browse server for real browser automation via Playwright. The system supports Claude Code, OpenAI Codex CLI, Gemini CLI, Cursor, Factory Droid, and similar agent runtimes, and can be installed globally or vendored into a repo for team sharing.
Use Cases
- Running a full AI-assisted development sprint solo, from idea to shipped PR, using structured specialist roles
- Performing rigorous multi-dimensional code review (staff engineer, security officer, design reviewer) on every branch before shipping
- Automating QA with a real Playwright-controlled browser that finds, fixes, and regression-tests bugs
- Running parallel development sprints across 10-15 isolated Claude Code sessions via a conductor tool
- Generating and maintaining up-to-date technical documentation automatically on every release
- Conducting OWASP Top 10 + STRIDE security audits via the /cso skill
- Getting a second AI opinion on code via the /codex skill (cross-model analysis between Claude and OpenAI Codex)
Tags
Security Findings (2)
The README explicitly acknowledges that a Supabase publishable/anon key is committed to the repository for opt-in telemetry. The README states this is intentional (analogous to a Firebase public API key) and that row-level security policies deny all direct access, with telemetry flowing through validated edge functions. This is a low-severity finding for a public anon key with RLS, but it is worth noting for curator awareness.
No prompt injection attempts detected. The README does not contain embedded instructions designed to manipulate AI analysts.
Project Connections
gsd-build/get-shit-done
Both are structured AI coding workflow systems delivered as slash commands for Claude Code and similar agents, covering plan → build → review → ship lifecycle stages. GSD uses XML-structured plans and subagent orchestration; gstack uses role-based specialist skills.
Dimillian/CodexSkillManager
CodexSkillManager is a macOS app for managing and browsing skills in ~/.codex/skills and ~/.claude/skills — exactly the directories where gstack installs its skills. It would allow users to browse, inspect, and manage gstack skills via a GUI.
Shpigford/chops
Chops is a native macOS app for discovering, editing, and organizing AI coding agent skills across Claude Code, Cursor, Codex, and others — the same skill ecosystem gstack targets. Chops could serve as a GUI front-end for managing gstack's installed skills.
nyldn/claude-octopus
Claude Octopus similarly orchestrates multiple AI providers in parallel on coding tasks with specialized personas and slash commands for Claude Code, overlapping significantly with gstack's multi-specialist review and ship workflow.
uditgoenka/autoresearch
autoresearch is a Claude Code skill implementing an autonomous iterative improvement loop, which complements gstack's /qa, /review, and /ship workflow skills. Both are Claude Code skill packs that could be used alongside each other in the same .claude/skills directory.