Laravel Boost v2.4.0 Adds Security Audits and a Laravel Best Practices Skill

Laravel Boost v2.4.0 adds a security audit to the add-skill command, introduces a new laravel-best-practices skill, and adds an ignore option to the skills update command.

• Security audit added to add-skill command
• New laravel-best-practices skill
• New ignore option for the skills update command
• Herd MCP integration removed in favor of Herd CLI
• Core guideline optimized for token efficiency

#What's New

#Security Audit on add-skill

The add-skill command now runs a security audit before installing a skill, giving developers a chance to review potential issues before the skill is added to their project.

PR: #616

#New laravel-best-practices Skill

A new skill is available that encodes Laravel best practices guidance, which Claude can draw on when helping with Laravel projects.

PR: #628

#Ignore Skills Update Command

A new ignore option for the skills update command lets you skip updates for specific skills, giving more control over which skills get updated when running the update command.

PR: #702

#Herd MCP Integration Removed

The Herd MCP integration has been removed in favor of using the Herd CLI directly.

PR: #666

#Core Guideline Token Optimization

The core guideline has been updated to reduce token usage, keeping prompt overhead lower during AI-assisted sessions.

PR: #668

#Miscellaneous Fixes and Improvements

• Added an oauth field to the OpenCode Nightwatch MCP config (#703)
• Improved the folio-routing skill description and removed a redundant core guideline reference (#674)
• Fixed a typo in the Livewire skill description (#695)

References

• Full Changelog
• v2.4.0 Release