Superpowers (Hardened)

A security-hardened fork of obra/superpowers — a complete software development workflow for AI coding agents built on composable skills.

What's Different

This fork applies the following security changes on top of upstream:

Removed authority-escalation markup patterns from injected context
Added stricter hook and path validation
Added scope and data-handling constraints for subagent review prompts
Excluded brainstorming browser server components and other non-essential attack surface

For details on how Superpowers works (workflow, philosophy, skills library, contributing), see the upstream README.

Installation

Installation differs by platform. All commands below point to this fork (garrettsiegel/superpowers).

GitHub Copilot (VS Code, JetBrains, GitHub.com)

Tell Copilot:

Fetch and follow instructions from https://raw.githubusercontent.com/garrettsiegel/superpowers/refs/heads/main/.copilot/INSTALL.md

Or install locally:

git clone https://github.com/garrettsiegel/superpowers.git ~/.copilot/superpowers
~/.copilot/superpowers/.copilot/install.sh /path/to/your/repo

Detailed docs: .copilot/INSTALL.md

Claude Code

/plugin marketplace add garrettsiegel/superpowers
/plugin install superpowers@superpowers

Cursor

/add-plugin superpowers

Then search for "superpowers" and select this fork if prompted.

Codex

Fetch and follow instructions from https://raw.githubusercontent.com/garrettsiegel/superpowers/refs/heads/main/.codex/INSTALL.md

OpenCode

Fetch and follow instructions from https://raw.githubusercontent.com/garrettsiegel/superpowers/refs/heads/main/.opencode/INSTALL.md

Gemini CLI

gemini extensions install https://github.com/garrettsiegel/superpowers

Verify

Start a new session and ask for something that should trigger a skill (e.g., "help me plan this feature"). The agent should invoke the relevant skill automatically, or load the skill file on platforms without a native Skill tool.

Updating

Pull the latest from this fork. Symlink-based installs pick up changes automatically.

cd ~/.copilot/superpowers && git pull   # Copilot / Codex

For plugin-based platforms:

/plugin update superpowers              # Claude Code
gemini extensions update superpowers    # Gemini CLI

Upstream

Upstream repo: obra/superpowers
Upstream community / Discord: discord.gg/Jd8Vphy9jq
Blog post: Superpowers for Claude Code

License

MIT — see LICENSE for details.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
.claude-plugin		.claude-plugin
.codex		.codex
.copilot		.copilot
.cursor-plugin		.cursor-plugin
.github		.github
.opencode		.opencode
agents		agents
bin		bin
commands		commands
hooks		hooks
lib		lib
skills		skills
.gitignore		.gitignore
GEMINI.md		GEMINI.md
LICENSE		LICENSE
README.md		README.md
gemini-extension.json		gemini-extension.json
package-lock.json		package-lock.json
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Superpowers (Hardened)

What's Different

Installation

GitHub Copilot (VS Code, JetBrains, GitHub.com)

Claude Code

Cursor

Codex

OpenCode

Gemini CLI

Verify

Updating

Upstream

License

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

Superpowers (Hardened)

What's Different

Installation

GitHub Copilot (VS Code, JetBrains, GitHub.com)

Claude Code

Cursor

Codex

OpenCode

Gemini CLI

Verify

Updating

Upstream

License

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages