Loading...
Loading...
Found 148 Skills
Use when designing cloud deployments, Dockerising applications, laying out AWS or GCP environments, choosing a deployment pattern, or moving a workload from a single VM to a resilient multi-AZ topology.
Upgrade any Pulumi provider to a newer version and reconcile the resulting diff. Use when users want to upgrade or update a provider (including editing package.json, requirements.txt, pyproject.toml, go.mod, or Pulumi.yaml to bump a provider SDK), check for breaking changes before or during an upgrade, fix resources that broke after a provider upgrade, or resolve unexpected replacements, creates, or deletes in a post-upgrade preview. Applies to all providers (aws, azure-native, gcp, kubernetes, aws-native, cloudflare, datadog, etc.) — not just Tier 1. Do NOT use for querying which stacks use what package versions; use skill `package-usage` for cross-stack audits. Do NOT use for general infrastructure tasks.
Input template configuration for Elastic integrations. Covers agent stream templates (agent/stream/*.yml.hbs) for all non-CEL input types: HTTPJSON, AWS S3, CloudWatch, Azure Blob, Azure EventHub, GCS, GCP Pub/Sub, TCP, UDP, HTTP Endpoint, Filestream, Logfile, Journald, Winlog, and WebSocket. For CEL input programs, use the cel-programs skill instead.
Design multi-cloud architectures using a decision framework to select and integrate services across AWS, Azure, and GCP. Use when building multi-cloud systems, avoiding vendor lock-in, or leveraging best-of-breed services from multiple providers.
Comprehensive plugin for SAP Datasphere development with 3 specialized agents, 5 slash commands, and validation hooks. Use when building data warehouses on SAP BTP, creating analytic models, configuring data flows and replication flows, setting up connections to SAP and third-party systems, managing spaces and users, implementing data access controls, using the datasphere CLI, creating data products for the marketplace, or monitoring data integration tasks. Covers Data Builder (graphical/SQL views, local/remote tables, transformation flows), Business Builder (business entities, consumption models), analytic models (dimensions, measures, hierarchies), 40+ connection types (SAP S/4HANA, BW/4HANA, HANA Cloud, AWS, Azure, GCP, Kafka, Generic HTTP), real-time replication, task chains, content transport, CLI automation, catalog governance, and data marketplace. Includes 2025 features: Generic HTTP connections, REST API tasks in task chains, SAP Business Data Cloud integration. Keywords: sap datasphere, data warehouse cloud, dwc, data builder, business builder, analytic model, graphical view, sql view, transformation flow, replication flow, data flow, task chain, remote table, local table, sap btp data warehouse, datasphere connection, datasphere space, data access control, elastic compute node, sap analytics cloud integration, datasphere cli, data products, data marketplace, catalog, governance
Use when assessing cloud infrastructure for security misconfigurations, IAM privilege escalation paths, S3 public exposure, open security group rules, or IaC security gaps. Covers AWS, Azure, and GCP posture assessment with MITRE ATT&CK mapping.
Guides identity and access management—workforce and machine identity lifecycle, RBAC/ABAC/PBAC entitlement design, access reviews and recertification, SSO/SAML/OIDC federation, privileged access (PAM/JIT), cloud IAM least privilege (AWS/GCP/Azure concepts), service accounts and secrets hygiene, and separation of duties. Use for IAM, identity governance, access review, RBAC, least privilege, SSO federation, PAM, privileged access, cloud IAM policy, service account, or SoD—not full cloud landing zone architecture (enterprise-cloud-architect), broad cloud security controls (cloud-security-engineer), day-2 break-glass ticket execution only (cloud-system-administrator), pentest (penetration-tester), or legal/HR policy drafting only.
This skill guides writing cloud-init configurations for VM provisioning. Use when creating user_data blocks in Terraform/OpenTofu, or cloud-init YAML for AWS, DigitalOcean, GCP, or Azure instances.
This skill outlines methodologies for performing authorized penetration testing against AWS, Azure, and GCP cloud environments. It covers understanding the shared responsibility model for testing scope, leveraging cloud-specific attack tools like Pacu and ScoutSuite, exploiting IAM misconfigurations, testing for SSRF to cloud metadata services, and reporting findings aligned to MITRE ATT&CK Cloud matrix.
Grafana Cloud infrastructure monitoring — Kubernetes monitoring, cloud provider integrations (AWS, Azure, GCP), host and container monitoring, infrastructure dashboards, and collector setup. Use when setting up Kubernetes monitoring, connecting cloud provider metrics, configuring node exporter or cAdvisor, setting up infrastructure dashboards, or using the k8s-monitoring Helm chart.
Use when the user asks to set up secret management infrastructure, integrate HashiCorp Vault, configure cloud secret stores (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager), implement secret rotation, or audit secret access patterns.
Guides FinOps analysis on AWS, GCP, and Azure—cost visibility and allocation, tagging and showback/chargeback models, rightsizing and waste removal, RI/Savings Plan/CUD recommendations, budgets and forecasts, anomaly detection, unit economics (cost per service/customer), and FinOps cadence with engineering accountability. Use when optimizing cloud spend, analyzing CUR/billing exports, building cost dashboards, explaining bill spikes, or improving allocation—not for GL mapping, capex, depreciation, or month-end ledger close (compute-accounting-manager), enterprise EA negotiation (enterprise-cloud-architect), hands-on resource provisioning (cloud-engineer), or hardware supply efficiency (data-center-compute-supply-efficiency).