diff --git a/.claude/TODO.md b/.claude/TODO.md
index 29654f0..8307a54 100644
--- a/.claude/TODO.md
+++ b/.claude/TODO.md
@@ -2,6 +2,18 @@
 
 > Changelog of structural decisions lives in [CHANGELOG.md](CHANGELOG.md).
 
+## Radar (evaluate / test later — not yet committed to a profile)
+
+- [ ] **Hindsight** (vectorize-io) — agent memory system: agents that learn and
+      adapt over time (mental models, experience understanding), beyond plain
+      conversation-history recall. Python + TypeScript, MIT.
+      Install paths: Docker (`ghcr.io/vectorize-io/hindsight:latest`),
+      pip (`hindsight-client`), npm (`@vectorize-io/hindsight-client`); also
+      supports embedded Python use without a server.
+      Same category as OpenViking — evaluate as an alternative/complement memory
+      backend for the cli-bundle agents (esp. Claude Code / MiranteGov /
+      Municipium). Upstream: https://github.com/vectorize-io/hindsight
+
 ## Blockers (must resolve before real-VPS install)
 
 - [x] **openclaw/02-openclaw.sh** — upstream is `npm i -g openclaw`. Replaced.
diff --git a/README.md b/README.md
index ec7d0dc..1dec3af 100644
--- a/README.md
+++ b/README.md
@@ -186,6 +186,17 @@ supports it; printed manual hint otherwise.
 |------------------|----------|-------------------|----------------------------|----------------------|----------------------|
 | superpowers      | headless | manual `/plugins` | manual (not documented)    | manual `/add-plugin` | manual fetch URL     |
 | **OpenSpec**     | universal (npm global, `/opsx:*` slash commands from any CLI) — invoked via `openspec init` per project |
+| **agent-skills** | non-interactive CLI install across claude-code / codex / cursor / opencode — curated, security-validated skill registry |
+
+### agent-skills (Tech Leads Club)
+
+[agent-skills](https://github.com/tech-leads-club/agent-skills) is a curated,
+security-validated skill registry. `INSTALL_AGENT_SKILLS=true` installs a
+default set tuned for web/mobile product work (Next.js + React Native, NestJS +
+Nx monorepo, accessibility + security) globally to every installed CLI that
+supports it. Override the skill list with `AGENT_SKILLS_LIST` and the target
+CLIs with `AGENT_SKILLS_AGENTS` in `.env`. Browse the catalog with
+`npx @tech-leads-club/agent-skills list`.
 
 Plus the **official Anthropic marketplace** (Claude-only, bundles pre-configured MCP + skills + slash commands):
 
diff --git a/lib/plugins.sh b/lib/plugins.sh
index 6f19855..99b680d 100644
--- a/lib/plugins.sh
+++ b/lib/plugins.sh
@@ -56,6 +56,32 @@ install_openspec() {
   openspec --version 2>/dev/null || true
 }
 
+# Install Tech Leads Club agent-skills — a curated, security-validated skill
+# registry. Runs the CLI non-interactively (`install --skill … --agent …`).
+# $1 = space-separated skill names, $2 = space-separated agent identifiers.
+# Skills are installed globally (user home) so every project sees them.
+# Upstream: https://github.com/tech-leads-club/agent-skills
+install_agent_skills() {
+  local skills="$1"
+  local agents="$2"
+  if ! command -v npx >/dev/null 2>&1; then
+    echo "ERROR: npx not on PATH — agent-skills requires Node.js >= 22."
+    return 1
+  fi
+  if [[ -z "$skills" || -z "$agents" ]]; then
+    echo "WARN: no skills or agents resolved — skipping agent-skills."
+    return 0
+  fi
+  echo "==> Installing agent-skills (global) → agents: $agents"
+  echo "    skills: $skills"
+  # Intentional word-splitting: each name becomes a separate --skill/--agent arg.
+  # shellcheck disable=SC2086
+  npx --yes @tech-leads-club/agent-skills install \
+    --global \
+    --skill $skills \
+    --agent $agents
+}
+
 # Tell the operator exactly what to type into a non-headless CLI.
 print_manual_install_hint() {
   local cli="$1"
diff --git a/profiles/cli-bundle/.env.example b/profiles/cli-bundle/.env.example
index bc1865d..534bb01 100644
--- a/profiles/cli-bundle/.env.example
+++ b/profiles/cli-bundle/.env.example
@@ -118,6 +118,21 @@ OPENSPEC_VERSION=latest
 # Telemetry off (industry standard). Set to 1 to opt in.
 OPENSPEC_TELEMETRY=0
 
+# --- agent-skills (Tech Leads Club curated, security-validated registry) ---
+# Installs skills across the AI CLIs that support them (claude-code, codex,
+# cursor, opencode). Skills are installed globally (user home), so every
+# project sees them. Upstream: https://github.com/tech-leads-club/agent-skills
+INSTALL_AGENT_SKILLS=false
+# Which installed CLIs to target (space-separated subset of:
+#   claude-code codex cursor opencode). Only those actually installed are used.
+AGENT_SKILLS_AGENTS=claude-code codex cursor opencode
+# Skills to install. Leave empty to use the curated default set baked into
+# 09-plugins.sh (tuned for the MiranteGov/Municipium stack: Next.js +
+# React Native, NestJS + Nx monorepo, GovTech accessibility + security).
+# Set a space-separated list to override. Run `npx @tech-leads-club/agent-skills list`
+# to browse the full catalog.
+AGENT_SKILLS_LIST=
+
 # --- Official Anthropic marketplace plugins (Claude-only) ---
 # Bundle pre-configured MCP + skills + slash commands. Richer than the raw
 # MCP registrations in 06-mcp.sh — either can be used (or both).
diff --git a/profiles/cli-bundle/09-plugins.sh b/profiles/cli-bundle/09-plugins.sh
index 487f50d..f6d2753 100644
--- a/profiles/cli-bundle/09-plugins.sh
+++ b/profiles/cli-bundle/09-plugins.sh
@@ -71,6 +71,41 @@ EOF
   fi
 fi
 
+# --- agent-skills (Tech Leads Club curated registry) ----------------------
+# Security-validated skills installed across the AI CLIs that support them.
+# Default skill set is curated for the MiranteGov / Municipium stack
+# (Next.js + React Native, NestJS + Nx monorepo, GovTech a11y + security).
+# Override AGENT_SKILLS_LIST / AGENT_SKILLS_AGENTS in .env to customize.
+if [[ "${INSTALL_AGENT_SKILLS:-false}" == "true" ]]; then
+  # Curated default set (GovTech web/mobile stack). Override in .env.
+  AGENT_SKILLS_DEFAULT="accessibility web-quality-audit react-best-practices \
+security-best-practices security-threat-model security-ownership-map \
+nestjs-modular-monolith react-native-expert gh-address-comments docs-writer \
+tactical-ddd modular-design-principles domain-analysis coupling-analysis \
+react-composition-patterns frontend-blueprint nx-workspace nx-generate \
+nx-run-tasks nx-ci-monitor gh-fix-ci mermaid-studio frontend-design \
+core-web-vitals perf-web-optimization sentry create-adr create-rfc \
+technical-design-doc-creator"
+  AGENT_SKILLS_LIST="${AGENT_SKILLS_LIST:-$AGENT_SKILLS_DEFAULT}"
+  # Only target agents that are actually installed.
+  resolved_agents=""
+  for pair in "claude-code:${INSTALL_CLAUDE:-true}" \
+              "codex:${INSTALL_CODEX:-false}" \
+              "cursor:${INSTALL_CURSOR:-false}" \
+              "opencode:${INSTALL_OPENCODE:-false}"; do
+    agent="${pair%%:*}"; enabled="${pair##*:}"
+    requested=" ${AGENT_SKILLS_AGENTS:-claude-code codex cursor opencode} "
+    if [[ "$enabled" == "true" && "$requested" == *" $agent "* ]]; then
+      resolved_agents="${resolved_agents:+$resolved_agents }$agent"
+    fi
+  done
+  if [[ -z "$resolved_agents" ]]; then
+    echo "WARN: INSTALL_AGENT_SKILLS=true but no matching CLI is installed — skipping."
+  else
+    install_agent_skills "$AGENT_SKILLS_LIST" "$resolved_agents"
+  fi
+fi
+
 # --- Official Anthropic marketplace plugins (Claude-only) -----------------
 # These bundle pre-configured MCP servers + skills + slash commands.
 # Richer than the raw MCP registrations in 06-mcp.sh; either can be used.
diff --git a/profiles/cli-bundle/README.md b/profiles/cli-bundle/README.md
index 95e0005..afb45e5 100644
--- a/profiles/cli-bundle/README.md
+++ b/profiles/cli-bundle/README.md
@@ -219,6 +219,39 @@ openspec init
 #   /opsx:plan
 ```
 
+### agent-skills (Tech Leads Club — registry curado)
+
+[agent-skills](https://github.com/tech-leads-club/agent-skills) é um registry
+de skills validadas por segurança, instaladas via CLI npm não-interativo
+(`agent-skills install --skill … --agent …`). Com `INSTALL_AGENT_SKILLS=true`,
+o `09-plugins.sh` instala globalmente (no `$HOME`) um conjunto curado para o
+stack dos produtos (Next.js + React Native, NestJS + Nx monorepo, e foco
+GovTech em acessibilidade + segurança) em todos os CLIs instalados que o
+suportam — `claude-code`, `codex`, `cursor`, `opencode`. Apenas os CLIs de
+fato instalados são alvo.
+
+```env
+INSTALL_AGENT_SKILLS=true
+AGENT_SKILLS_AGENTS=claude-code codex cursor opencode   # subconjunto
+AGENT_SKILLS_LIST=                                       # vazio = set curado
+```
+
+Conjunto curado padrão (29 skills): accessibility, web-quality-audit,
+react-best-practices, security-best-practices, security-threat-model,
+security-ownership-map, nestjs-modular-monolith, react-native-expert,
+gh-address-comments, docs-writer, tactical-ddd, modular-design-principles,
+domain-analysis, coupling-analysis, react-composition-patterns,
+frontend-blueprint, nx-workspace, nx-generate, nx-run-tasks, nx-ci-monitor,
+gh-fix-ci, mermaid-studio, frontend-design, core-web-vitals,
+perf-web-optimization, sentry, create-adr, create-rfc,
+technical-design-doc-creator.
+
+Para customizar, defina `AGENT_SKILLS_LIST` com uma lista separada por
+espaços. Veja o catálogo completo com:
+```bash
+npx @tech-leads-club/agent-skills list
+```
+
 ### Plugins oficiais da Anthropic (Claude only)
 
 Toggles separados pra cada plugin do marketplace `claude-plugins-official`: