agent-architecture-audit
Full-stack diagnostic for agent and LLM applications.
Vuln scan, secret audit · 364 skills
Full-stack diagnostic for agent and LLM applications.
Review a PR for correctness, security, code quality, and testing issues.
Review backend code for quality, security, maintainability, and best practices based on established checklist rules.
Review backend code for quality, security, maintainability, and best practices based on established checklist rules.
Reviews code for security vulnerabilities, performance issues, and best practices.
Chief Security Officer mode.
Designer's eye QA: finds visual inconsistency, spacing issues, hierarchy problems, AI slop patterns, and slow interactions — then fixes them…
Live developer experience audit.
Visual design audit for iOS apps on real hardware.
Designer's eye plan review — interactive, like CEO and Eng review.
Interactive developer experience plan review.
Reproduce a GitHub issue with a failing test, implement the minimal fix, verify tests pass, and open a pull request.
> This skill covers the day-to-day workflows for developing and operating a local Paperclip instance.
Perform a focused SEO audit on JavaScript concept pages to maximize search visibility, featured snippet optimization, and ranking potential…
Agent skill for agentic-payments - invoke with $agent-agentic-payments name: agentic-payments description: Multi-agent payment authorization…
Agent skill for code-analyzer - invoke with $agent-code-analyzer description: "Advanced code quality analysis agent for comprehensive code r…
Agent skill for code-review-swarm - invoke with $agent-code-review-swarm name: code-review-swarm description: Deploy specialized AI agents t…
> Spawn and coordinate agents for complex multi-agent tasks.
Agent skill for neural-network - invoke with $agent-neural-network name: flow-nexus-neural description: Neural network training and deployme…
Agent skill for reviewer - invoke with $agent-reviewer color: "#E74C3C" description: Code review and quality assurance specialist priority:…
Agent skill for sandbox - invoke with $agent-sandbox name: flow-nexus-sandbox description: E2B sandbox deployment and management specialist.
Agent skill for security-manager - invoke with $agent-security-manager name: security-manager color: "#F44336" description: Implements compr…
Agent skill for v3-security-architect - invoke with $agent-v3-security-architect name: v3-security-architect version: "3.0.0-alpha" updated:…
Apply typography, color theory, spacing systems, and iconography principles to create cohesive visual designs.
在继续之前,你必须先考虑用户输入(如果不为空)。用户可能会指定: 围绕三个维度组织 CLAUDE.md: 对于较大的项目,建议创建 agent_docs/ 文件夹: |- buildingtheproject.md |- running_tests.md;
Create or update CLAUDE.md files following best practices for optimal AI agent onboarding You MUST consider the user input before proceeding…
Browser automation CLI for AI agents.
Use when the user wants to design, redesign, shape, critique, audit, polish, clarify, distill, harden, optimize, adapt, animate, colorize, e…
Use when the user wants to design, redesign, shape, critique, audit, polish, clarify, distill, harden, optimize, adapt, animate, colorize, e…
| Patterns for adding safety, trust, and policy enforcement to AI agent systems.
| Evaluate AI agent systems against the OWASP Agentic Security Initiative (ASI) Top 10 — the industry standard for agent security posture.
When the user wants to optimize content for AI search engines, get cited by LLMs, or appear in AI-generated answers.
When the user wants to plan a content strategy, decide what content to create, or figure out what topics to cover.
When the user wants to edit, review, or improve existing marketing copy, or refresh outdated content.
When the user wants to audit, review, or diagnose SEO issues on their site.
Send and receive cryptographically signed messages between AI agents using the Agent Messaging Protocol (AMP).
Analyze code changes on the current branch and recommend updates to AGENTS.md files that have become stale.
群聊精华提取专家。把零散的微信群聊记录提炼成结构化、可读性强的简报,并维护跨次运行的群聊历史与群友画像。底层依赖外部 wx-cli 二进制(wx 命令),不打包脚本。
Your agent's WebSearch for development.
Overcome LLM knowledge cutoffs with real-time developer content.
Validate skill files for structural compliance and behavioral correctness.
Run a WCAG 2.1 AA accessibility audit on a design or page.
Review content against your brand voice, style guide, and messaging pillars, flagging deviations by severity with specific before/after fixe…
| A feature is "properly skilled" when all 11 checklist items pass.
Ansible automation expert for playbooks, roles, inventories, and infrastructure management You are a seasoned infrastructure automation engi…
> Scan and audit AI agent skills for security risks before installation.
Validate, test, and score the quality of skills within the claude-skills ecosystem.
Security auditing for code, configs, and infrastructure.
'Implement network segmentation based on the Purdue Enterprise Reference Classify all network assets and data flows according to the Purdue…
Builds and debugs Shopify themes (.liquid files, theme.json, sections), develops custom Shopify apps (shopify.app.toml, OAuth, webhooks), an…
Generates Spring Boot 3.x configurations, creates REST controllers, implements Spring Security 6 authentication flows, sets up Spring Data J…
Scan agent skills for security issues.
Use when running tests.
> Remove or quiet a community skill after install.
Autonomous novel writing CLI agent with web workbench (InkOS Studio) - use for creative fiction writing, standalone short-fiction packages,…
> AddressSanitizer (ASan) is a widely adopted memory error detection tool used extensively during software testing, particularly fuzzing.
Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex…
Scans Algorand smart contracts for 11 common vulnerabilities including rekeying attacks, unchecked transaction fees, missing field validatio…
> Projects findings from external tools (SARIF) and human auditors (weAudit) onto Trailmark code graphs as annotations and subgraphs.
Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.
Prepares codebases for security review using Trail of Bits' checklist.
Searches and explores Burp Suite project files (.burp) from the command line.
Performs comprehensive C/C++ security review for memory corruption, integer overflows, race conditions, and platform-specific vulnerabilitie…
Scans Cairo/StarkNet smart contracts for 6 critical vulnerabilities including felt252 arithmetic overflow, L1-L2 messaging issues, address c…
Systematic code maturity assessment using Trail of Bits' 9-category framework.
>- Supported languages: Python, JavaScript/TypeScript, Go, Java/Kotlin, C/C++, C#, Ruby, Swift.
Detects timing side-channel vulnerabilities in cryptographic code.
> Timing attacks exploit variations in execution time to extract secret information from cryptographic implementations.
Scans Cosmos SDK blockchain modules and CosmWasm contracts for consensus-critical vulnerabilities — chain halts, fund loss, state divergence…
Extracts protocol message flow from source code, RFCs, academic papers, pseudocode, informal prose, ProVerif (.pv), or Tamarin (.spthy) mode…
Creates devcontainers with Claude Code, language-specific tooling (Python/Node/Rust/Go), and persistent volumes.
> Security-focused code review for PRs, commits, and diffs.
Annotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling.
Analyzes smart contract codebases to identify state-changing entry points for security auditing.
Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed clo…
Systematically verifies suspected security bugs to eliminate false positives.
> Codebases often contain anti-fuzzing patterns that prevent effective coverage.
> Builds Trailmark code graphs at two source snapshots and computes a structural diff.
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production.
Translates Mermaid sequenceDiagrams describing cryptographic protocols into ProVerif formal verification models (.pv files).
>- You are a SARIF parsing expert.
Generates minimal macOS Seatbelt sandbox configurations.
Guides through Trail of Bits' 5-step secure development workflow.
>- Run a Semgrep scan with automatic language detection, parallel execution via Task subagents, and merged SARIF output.
Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns.
Creates language variants of existing Semgrep rules.
Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes.
Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, missing signer/ownership checks, and…
Verifies code implements exactly what documentation specifies for blockchain audits.
Scans Substrate/Polkadot pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, incorrect weights, and bad origin…
Identifies dependencies at heightened risk of exploitation or takeover.
Scans TON (The Open Network) smart contracts for 3 critical vulnerabilities including integer-as-boolean misuse, fake Jetton contracts, and…
Builds and queries multi-language source code graphs for security analysis.
Runs full Trailmark structural analysis on Trailmark 0.2.x by building a graph, running `preanalysis()`, and reporting hotspots, taint, blas…
Find similar vulnerabilities and bugs across codebases using pattern-based analysis.
Mutation-driven test vector generation.
> Wycheproof is an extensive collection of test vectors designed to verify the correctness of cryptographic implementations and test against…
Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-lev…
Multi-platform paid advertising audit and optimization skill.
Amazon Ads deep analysis covering Sponsored Products, Sponsored Brands (incl.
Full multi-platform paid advertising audit with parallel subagent delegation.
Google Ads deep analysis covering Search, Performance Max, AI Max, Display, YouTube, and Demand Gen campaigns.
LinkedIn Ads deep analysis for B2B advertising.
TikTok Ads deep analysis covering creative quality, tracking, bidding, campaign structure, and TikTok Shop under the TikTok USDS Joint Ventu…
GitHub issue and project-board management for the dotnet/msbuild repo.
Security-first skill vetting protocol for AI agents.
> Audit the live site, not the source tree alone.
网络渗透测试是评估网络基础设施安全性的重要环节。本技能提供网络渗透测试的方法、工具和最佳实践。
Spawn Agentica multi-agent patterns Use this skill after user selects an Agentica pattern.
Quality review and audit for Claude Code skills.
Audit codebases for quality, consistency, and broken patterns — use for pre-release or tech debt review Comprehensive, methodical auditing t…
OpenClaw instance administration — manage hosts across macOS, Ubuntu/Debian, Docker, OCI, and Proxmox DETECT PLATFORM FIRST.
Expert multi-AI code review with inline PR comments — use for thorough quality and security analysis Invokes the code-reviewer persona for t…
Trace codepaths in diffs, map against tests, auto-generate missing coverage — use before shipping PRs Trace every codepath in a diff, map ea…
Route ordinary init, review, and security requests to Claude-native capabilities first;
URL validation and content sanitization for untrusted sources — use when handling external input safely This skill defines security patterns…
Package and finalize completed work for delivery — use when a feature is done and ready to ship Finalize and deliver completed work with Mul…
Trigger: improve skills, audit skills, refactor skills, skill quality.
Use the host-side `agent-browser` CLI for local browser smoke tests, screenshots, snapshots, and simple UI validation against forwarded loca…
Use the built-in `Computer` sub-agent with `agent-desktop` for macOS desktop automation.
AI Trading Intelligence — live prices, 30+ technical indicators, backtesting (6 strategies), walk-forward overfitting detection, trade logs,…
In-depth guide to Factory, a container-based dependency injection system for Swift and SwiftUI.
> APM (Agent Package Manager) is the open-source package manager for AI coding agents.
Install Claude skills from GitHub repositories with automated security scanning.
Full pipeline: Recon -> Learn -> Hunt -> Validate -> Report.
帮助用户发现和安装 ClawHub 上的 Skills。
Inspect third-party Claude/OpenClaw/Codex/OpenCode skills, plugins, repos, npm packages, pip packages, shell installers, and GitHub Actions…
Release skills to ClawhHub through the full publication pipeline — auto-scaffolding, OPSEC scan, dual review (agent + user), force-push rele…
Security vetting protocol before installing any AI agent skill.
Vet ClawHub skills for security and utility before installation.
Internal orchestrator — users should use /paperspine to start a full workflow.
>- Read-only consistency audit across the skillshare codebase.
>- Sync website documentation with recent code changes.
Evaluate Agent Skill design quality against official specifications and best practices.
Refine, create, or retire your own skills based on recurring patterns from past sessions You are evolving your own skills.
Use when the user asks about WordPress codebases (plugins, themes, block themes, Gutenberg blocks, WP core checkouts) and you need to quickl…
Spring Boot 3.x development - REST APIs, JPA, Security, Testing, and Cloud-native patterns.
One-command installer, credential configurator, and diagnostic layer for the full Gangtise (岗底斯投研) OpenAPI skill suite.
This skill should be used when setting up, auditing, or enforcing internationalization/localization in UI codebases (React/TS, i18next or si…
>- Run a comprehensive, evidence-based health check of this Claude Code skills marketplace repo using a parallel fan-out Dynamic Workflow.
Multi-path parallel product analysis that combines Claude Code agent teams and Codex CLI for cross-model test-time compute scaling.
Safely package codebases with repomix by automatically detecting and removing hardcoded credentials before packing.
>- Use when creating a new skill, reviewing or auditing skill structure and frontmatter, or debugging skill loading and triggering issues.
>- ├─ 标准图表(思维导图/时序图/类图/饼图/流程图/甘特图) │ ├─ 图整图展示即可,不需要单独编辑节点 → 路径 A(Mermaid 服务端) │ └─ 需要单独编辑每个节点 / Mermaid 含 par / 10+ participant / 30+ 长标签 │…
Design, improve, and evaluate reusable agent skills with high-quality SKILL.md files, precise trigger descriptions, progressive disclosure,…
Write unit and integration tests for Akka.NET actors using modern Akka.Hosting.TestKit patterns.
Organize DI registrations using IServiceCollection extension methods.
Use when fixing or auditing ANY accessibility issue — VoiceOver, Dynamic Type, color contrast, touch targets, WCAG compliance, App Store acc…
Use when the user has a crash log (.
Use when the user mentions Swift performance audit, code optimization, or performance review.
Use when the user mentions accessibility checking, App Store submission, code review, or WCAG compliance.
Use this agent to scan Swift code for camera, video, and audio capture issues including deprecated APIs, missing interruption handlers, thre…
Use when the user mentions Codable review, JSON encoding/decoding issues, data serialization audit, or modernizing legacy code.
Use when the user mentions concurrency checking, Swift 6 compliance, data race prevention, or async code review.
Use when the user mentions Core Data review, schema migration, production crashes, or data safety checking.
Use when the user mentions database schema review, migration safety, GRDB migration audit, or SQLite schema checking.
Use when the user mentions battery drain, energy optimization, power consumption audit, or pre-release energy check.
Use when the user mentions Foundation Models review, on-device AI audit, LanguageModelSession issues, @Generable checking, or Apple Intellig…
Use when the user mentions GRDB performance review, slow GRDB queries, app-group database setup audit, or pre-release GRDB scan.
Use when the user mentions in-app purchase review, IAP audit, StoreKit issues, purchase bugs, transaction problems, or subscription manageme…
Use when the user mentions iCloud sync issues, CloudKit errors, ubiquitous container problems, or asks to audit cloud sync.
Use when the user mentions Liquid Glass review, iOS 26 UI updates, toolbar improvements, or visual effect migration.
Use when the user mentions memory leak prevention, code review for memory issues, or proactive leak checking.
Use when the user mentions networking review, deprecated APIs, connection issues, or App Store submission prep.
Use when the user wants to audit SpriteKit game code for common issues.
Use when the user mentions file storage issues, data loss, backup bloat, or asks to audit storage usage.
Use when the user mentions SwiftData review, @Model issues, SwiftData migration safety, or SwiftData performance checking.
Use when the user mentions SwiftUI architecture review, separation of concerns, testability issues, or "logic in view" problems.
Use when the user mentions SwiftUI layout review, adaptive layout issues, GeometryReader problems, or multi-device layout checking.
Use when the user mentions SwiftUI navigation issues, deep linking problems, state restoration bugs, or navigation architecture review.
Use when the user wants to audit test quality, find flaky test patterns, speed up test execution, or prepare for Swift Testing migration.
Use when the user mentions TextKit review, text layout issues, Writing Tools integration, or UITextView/NSTextView code review.
Use when the user mentions UX flow issues, dead-end views, dismiss traps, missing empty states, broken user journeys, or wants a UX audit of…
Use when working with ANY data persistence, database, storage, CloudKit, migration, or serialization.
Use this agent for closed-loop test debugging - automatically analyzes test failures, suggests fixes, and re-runs tests until passing.
Use when the user mentions Xcode build failures, build errors, or environment issues.
Use when the user wants a comprehensive project-wide audit, full health check, or scan across all domains.
Use when building ANY macOS app — windows, menus, sandboxing, distribution, AppKit bridging or modernization (control events, state restorat…
Use when the user mentions slow builds, build performance, or build time optimization.
Use when app feels slow, memory grows, battery drains, or diagnosing ANY performance issue.
Use when the user wants automated performance profiling, headless Instruments analysis, or CLI-based trace collection.
Use when the user wants to run XCUITests, parse test results, view test failures, or export test attachments.
Use when the user mentions security review, App Store submission prep, Privacy Manifest requirements, hardcoded credentials, or sensitive da…
Use when storing credentials securely, encrypting data, implementing passkeys, securing AI/agentic features against prompt injection, code s…
Use when the user mentions simulator testing, visual verification, push notification testing, location simulation, screenshot capture, OR li…
Use when the user mentions App Store screenshot validation, screenshot review, checking screenshots before submission, or verifying screensh…
Critically review a workspace skill and suggest improvements.
A comprehensive auditor for any agent skill — including Manus, OpenClaw/ClawHub, Claude, LobeHub, or custom SKILL.md-based skills.
Scan agent skills for security issues.
Universal consolidation & audit skill for Claude Code skills.
Audit skill configurations for correctness and freshness Audits all skill configurations, checks for stale or broken skills, and reports on…
MySQL/MariaDB database inspection and queries.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them.
Security-first skill vetting for AI agents.
Security scanner for AgentSkill packages.
When the user wants to define, audit, or apply brand strategy—purpose, values, positioning, storytelling, voice, narrative (not only visuals…
When the user wants to design, optimize, or audit carousel/slider layouts for content display.
Commit all changes, push to a new branch, and create a pull request using the repo's PR template.
Audit all Claude Code skills for stale references, broken paths, and deprecated tool names Audit .claude/skills/ for drift: broken file path…
Create a reusable SkillPack from a successful completed task.
完成需求穿透和调研分析后,需要输出一份完整的产品需求文档(PRD),供设计师、开发者、测试人员使用。
Audit skill metrics, file/resolve issues in memory/issues/, and notify on state change only <!-- autoresearch: variation C — more robust: me…
Audit skills, workflows, and companion scripts for injection, exfiltration, traversal, and prompt-override risks with delta tracking, baseli…
Weekly fleet-level skill-run analytics — ranks skills by 7d run count, surfaces success rates, exit-taxonomy distribution, and anomaly flags…
Audit every enabled skill's upstream file dependencies for staleness — flags chained skills about to consume yesterday's article or a long-d…
Check imported skills for upstream changes and security regressions since the version in skills.lock <!-- autoresearch: variation B — sharpe…
> Create new agent skills that work across Claude Code (CLI/IDE) and IBM Bob.
Audit a ClawHub skill for security risks BEFORE installation.
Evaluates agent skills against Anthropic's best practices.
Audits skills in this repo for consistency, API drift, and structural gaps.
'Audit an existing SKILL.md against the unified AgentOps template (15 Use when ` markers OR `metadata.
Scaffold a new SKILL.md.
这是一个带强制 checkpoint 的工作流,不是参考手册。每个阶段有 MUST 输出,未通过不进下一阶段。详细 payload / playbook / H1 案例按需 Read,不准凭记忆生成。
Downloads skills from a AgentKit skill space to the local machine.
Registers a local skill to the AgentKit platform by uploading it.
Scan agent skills for security issues before adoption.
Safety Monitor Agent responsible for compliance and safety checks.
Use this skill when the user asks "solana fees", "sol fees", "priority fees", "lamports per signature", or mentions checking transaction fee…
Show sprint progress Show current sprint progress with minimal token usage.
Audit AI Agent skills for security vulnerabilities including malicious code, remote execution, credential leaks, and supply chain risks.
微信小程序全自动安全审计 Skill。使用 Agent Teams 编排多个 Agent,分阶段完成从反编译到报告生成的全流程静态安全分析。
Use when publishing a SKILL.md-style agent skill across uGig, sh1pt, GitHub/gists, and follow-on skill marketplaces such as ClawHub, Goose,…
Implement the security design principle of secure system modification in [organization-defined].
> You are extracting domain knowledge for a library to produce a structured domain map.
Audit Skill() refs; detect hubs, isolates, and dangling targets.
Evaluate Claude skill quality through auditing.
Use when the user asks to review a skill, analyze skill quality, update a skill version, or run a repeatable keep/disable/archive decision l…
Use when auditing a large local skill collection, identifying duplicate or imported skills, comparing skill roots, or deciding what to keep,…
Evaluate Agent Skill design quality against official specifications and best practices.
Improve a SKILL.md to pass the skill-creator standard (quick_validate, frontmatter audit, ≤500 lines) AND the asm-eval 85/8 floor.
Add GitHub skill repos to the ASM index: clone, audit, eval, regenerate index, rebuild catalog, open PR.
基于《OpenClaw 极简安全实践指南》和《安全验证与攻防演练手册》的 Skill 安全审计工具。对 OpenClaw Skill 进行从源码到运行时的全生命周期安全审查,覆盖供应链投毒、Prompt 注入载荷、恶意代码模式、权限越权等威胁向量。
Sync skills between local installation and the GitHub source-of-truth repository.
Skill management - create, validate, and improve Claude Code skills START(["/skills"]) --> NEED{"What do you need?"} NEED -->|New skill| WOR…
Scan a repository to bootstrap new skills or audit and update existing ones Bootstrap skills for a new repo, or audit and update skills in a…
Validate skill files meet the standard format and naming conventions Skills operate on either sandbox (safe) or management (requires approva…
Amazon listing builder and optimizer for sellers.
Evaluates and optimizes skill file quality using 8 content patterns and 9 editing principles.
Audit the agent's own skill library for malicious, misconfigured, or untrusted SKILL.md files.
Step-by-step guide for creating your own Claude Skills, from deciding whether a skill is the right tool to writing the SKILL.md file, struct…
> You are helping a penetration tester with <technique description>.
>- Use when creating a new skill, reviewing or auditing skill structure and frontmatter, or debugging skill loading and triggering issues.
>- Read-only consistency audit across the skillshare codebase.
>- Sync website documentation with recent code changes.
Lifecycle guard.
Use when the user wants to validate, lint, or audit agent skill files (SKILL.md).
> Scan and audit AI agent skills for security risks before installation.
AI-powered code review via roborev.
使用这个技能时,不要把“补环境”理解成给 window/document/navigator 随便补几个值。
| 从先知社区5600+篇安全文档中提炼的漏洞挖掘核心思维框架。
开始时声明:"我正在使用 gen skill 运行代码生成。" 默认运行 API 代码生成(storagev2、iam、media、audit): 如果用户提到 sandbox,则运行: make generate-sandbox 对比生成前后的变更,列出生成产生的文件差异。
|- <powerpointprofessionalsuite> <highfidelitycreation> The preferred method for precise layout positioning: </highfidelitycreation> <templa…
Terraform and OpenTofu infrastructure as code — module design, state management, multi-environment setups, remote backends, secrets manageme…
Audit all outdated dependencies with detailed research on changelogs, breaking changes, bug fixes, and deprecations.
| Use when MCP returns no images, or when page-region cropping is needed:.
Documenta projeto Power BI (PBIP) inteiro em markdown estruturado + HTML navegável (mini-site de doc).
Universal prompt engineering techniques for any LLM.
通过 Drive API 管理文件和文件夹。
AI trading agent executing crypto trades across multiple DEXes with NFT minting and floor price analysis.
Use when users ask how to write, explain, customize, migrate, secure, or troubleshoot GitHub Actions workflows, workflow syntax, triggers, m…
Orchestrate sequential documentation audits with checkpointing and resumption.
Sync AI coding sessions from 14 tools (Claude Code, Codex, Cursor, Aider, Cline, Gemini CLI, Continue, Copilot, Roo Code, Windsurf, Zed AI,…
Agent-ready SDK for MoltMoon—launch tokens, trade with lowest fees, earn USDC rewards, all programmatic.
MizukiAI's UwU Club.
ERNE — Validate and submit app builds using parallel expo-config-resolver and code-reviewer agents You are executing the /erne-deploy comman…
ERNE — Autonomous ticket execution — polls a provider, picks up ready tickets, and runs the full ERNE pipeline (validate, plan, code, test,…
必须收集四字段:target、objective、requirements、boundaries。
Use when working with Apple's MLX or MLX-LM: fact-checking current behavior against upstream source/runtime, patching MLX-based repos, porti…
Angular 21.x SPA development skill with TailwindCSS 4.x and daisyUI 5.5.5.
Improves an existing skill based on real project pain (prior eval corpora under .ai-engineering/evals/, Engram cross-session observations, L…
Safety hooks for Claude Code — 700 pre-built hooks that prevent file deletion, credential leaks, git disasters, and token waste during auton…
Comprehensive, research-backed Hinge dating profile optimization.
Solve CTF reverse engineering challenges using systematic analysis to find flags, keys, or passwords.
Comprehensive security analysis and vulnerability detection for codebases.
Audit state, docs drift, and stack best-practice compliance — works on any project Output this banner as the first thing on every invocation…
Query Octopus observability platform — logs, alerts, traces, metrics, issues, services, LLM, RUM, events.
Enable ControlKeel governance for Cloudflare Agents with policy gates, budget enforcement, PII detection, and secure execution.
Performs comprehensive deep analysis of entire codebase and deployment pipeline to identify issues in production environment.
Analyze manufacturing defect detection and quality control systems — computer vision inspection pipelines, SPC control charts, Six Sigma pro…
Audit interfaces for accessibility issues across semantics, keyboard use, focus management, color contrast, labels, and announcements.
Check whether backup and restore plans are actually restorable, verifiable, and operationally safe.
Gather code, config, docs, and operational proof points for audits and internal compliance reviews.
Docker 多服务部署最佳实践 - 生产级 Dockerfile 和 Docker Compose 架构指南。
Turn incident timelines, logs, tickets, and chat snippets into a clear postmortem covering impact, detection, root cause, contributing facto…
Review Kubernetes manifests, deployment defaults, probes, resources, security context, and rollout safety.
Use this skill whenever a user asks for OSINT dorks, Google dorks, GHDB queries, Shodan filters, GitHub code search dorks, search operators,…
Review diffs like a senior engineer by checking correctness, architectural fit, style, missing tests, security smells, and migration or oper…
Build (or refresh) a structured hypothesis on whether a specific company can grow 5x and 10x in valuation over the next 5 years, then track…
Audits Claude Code agent configuration against latest best practices.
Audit and score an agent-definition markdown such as `AGENTS.md`, `CLAUDE.md`, `SKILL.md`, `SOUL.md`, `.cursorrules`, or a system prompt usi…
Guide humans through creating effective instruction rules for coding agents (Copilot, Claude Code, Cursor, Windsurf, Aider, AGENTS.md, CLAUD…
Audit and trim AI agent instruction files (AGENTS.md, CLAUDE.md, CONVENTIONS.md, .cursorrules, etc.) by testing which facts an AI agent can…
Full-spectrum marketing and SEO skill library with 160+ specialist skills.
Atomic git workflow - validates, commits, pushes, creates PR, and verifies CI with zero-warnings policy.
Creates, updates, improves, and audits Agent Skills.
| Use when this capability is needed.
Audit a repository after large refactors, branch merges, or parallel agent threads for contradictions between implementation, docs, configs,…
Scaffold/audit GitHub Actions CI/CD — Go/Rust/TS.
Design and implement production-grade CI/CD pipelines with GitHub Actions, layered testing strategies, secure deployment patterns, and envir…
CI/CD review for workflows, artifact safety, caching, deployment gates, secrets, permissions, and reproducibility.
GitHub Actions security hardening, CI/CD pipeline integrity, release security, and SSDF alignment Use when this capability is needed.
Audit and improve project-memory artifacts (CLAUDE.md, AGENTS.md, .claude/rules/*.md, .claude.local.md).
This skill should be used when the user asks about "CLI AI tools", "Claude Code", "Codex CLI", "Gemini CLI", "Aider", "Goose", "amp", "OpenC…
Review code changes, diffs, commits, branches, or PRs for correctness, regressions, security-sensitive mistakes, maintainability issues, and…
| Use when this capability is needed.
Build Codex-native workflows for open-source maintenance.
>- Use when this capability is needed.
Creates new Claude Code agent configuration files or audits existing ones in .claude/agents/.
Generate or review AGENTS.md and `.cursor/rules/*.mdc` for a repository Use when this capability is needed.
Run and triage Django/DRF security smoke checks for settings hardening, throttling, safe HTML, ORM race/idempotency patterns, and model inte…
Verification loop for Django projects: migrations, linting, tests with coverage, security scans, and deployment readiness checks before rele…
Create, refresh, or reconcile the repository root `AGENTS.md` using current branch truth.
| Use when this capability is needed.
Use the upstream install or setup path that matches your environment: Requirements and caveats from upstream: Basic usage or getting-started…
FastAPI patterns for async APIs, dependency injection, Pydantic request and response models, OpenAPI docs, tests, security, and production r…
| Use when this capability is needed.
Execute Google Gemini CLI prompts in non-interactive mode and return structured results.
Generate sandbox security policies from plain-language requirements and optional REST API documentation.
curl -s "https://api.github.com/..." \ 以下规则具有最高优先级,适用于所有后续操作。
Gitleaks is an open-source SAST tool for detecting hardcoded secrets like passwords, API keys, and tokens in Git repositories, files, and di…
Troubleshoot Golang programs systematically - find and fix the root cause.
| Use when this capability is needed.
Verify Codex configuration health — AGENTS.md, hooks, config.toml, agents, skills, secrets scan, and MCP reachability.
Use this skill to audit, review, validate, or check the quality of AI assistant configurations including prompt text, prompt files, skills (…
Operate the homelab platform — start/stop services, backups, updates, disaster-recovery, and Docker management.
Configure AIDE (Advanced Intrusion Detection Environment) for file integrity monitoring including baseline creation, Use when this capabilit…
Audit Copilot instruction files for bloat, overlap, stale rules, and weak applyTo scope.
| Use when this capability is needed.
This skill covers hardening managed Kubernetes clusters on EKS, AKS, and GKE by implementing Pod Security Standards, network policies, workl…
Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration, access controls, backup encrypt…
Auditing Kubernetes cluster RBAC configurations to identify overly permissive roles, wildcard permissions, dangerous ClusterRoleBindings, se…
Audit Kubernetes cluster security posture against CIS benchmarks using kube-bench with automated checks for control plane, worker nodes, and…
Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations, privilege escalation risks, and…
Pod Security Standards (PSS) define three levels of security policies -- Privileged, Baseline, and Restricted -- enforced by the Pod Securit…
Kubernetes cluster management skill.
> Use when this capability is needed.
Use when building a Kubernetes Operator — custom controllers that reconcile CRD state.
Kubernetes penetration testing systematically evaluates cluster security by simulating attacker techniques against the API server, kubelet,…
Use when editing a DeepAgents project — adding tools, sub-agents, modifying the system prompt, choosing a filesystem backend, or composing e…
Use when productionising or deploying a LangChain / LangGraph / DeepAgents agent.
Audit LangChain configuration and security Use when: "audit langchain, Use when this capability is needed.
When the user wants to audit, review, or diagnose SEO issues on their site.
>- Use when this capability is needed.
> Use when this capability is needed.
Use when diagnosing, operating, or standardizing Hub LLM OAuth refresh/reimport incidents for Claude Code OAuth, OpenAI Codex OAuth, Gemini…
Agent-driven cold-start onboarding.
Run and audit OperatorOne Stage1 marketing SEO shadow experiments across input sync, context index, keyword graph, experiment synthesis, and…
Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web appl…
Kubernetes penetration testing systematically evaluates cluster security by simulating attacker techniques against Use when this capability…
Scaffold a polyglot library project as TypeScript + Python twin packages under `packages/ts/` + `packages/py/`, with a shared `SPEC.md`, cro…
Use when publishing or updating the ResearchBuddy Homebrew tap.
Evaluate the quality of existing agent instruction rule sets — CLAUDE.md, AGENTS.md, .cursorrules, copilot-instructions.md, or any coding-ag…
Execute and orchestrate external CLI-based agents to delegate subtasks, obtain specialized outputs, or compose multi-agent workflows.
Set up Rust quality gates (cargo check/build, clippy, rustfmt, dead code, unused deps via cargo-machete, doc build, tests) in any Rust repo,…
| Use when this capability is needed.
Static Application Security Testing (SAST) for multi-language codebases.
Perform language and framework specific security best-practice reviews and suggest improvements.
This skill should be used when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microser…
| Use when this capability is needed.
Run a full SEO, AEO, and LLM discoverability audit on cc4.marketing Use when this capability is needed.
Ship current branch — CI, SonarCloud, code review, security review, fix all issues, merge.
Audits a Claude Code / Agent SDK skill (or folder of skills) against 10 QA Use when this capability is needed.
Use this skill when the agent is designing schemas, reviewing migrations, tuning queries, modeling NoSQL access patterns, configuring replic…
本skill提供了企业微信智能表格添加记录的正确操作方法,确保不同数据类型(数字、日期、文本等)都能按照企业微信API的要求正确处理。