Loading...
Loading...
Found 2,247 Skills
Rust security skill for supply chain safety and memory-safe development. Use when auditing dependencies with cargo-audit, enforcing policies with cargo-deny, reviewing RUSTSEC advisories, writing memory-safe FFI patterns, or integrating fuzzing and Miri into a security review pipeline. Activates on queries about cargo-audit, cargo-deny, RUSTSEC advisories, supply chain security, Rust CVEs, safe FFI, or fuzzing for security.
Guides EVM Solidity DeFi triage from public verified source or bytecode—access control, proxies, oracle usage, reentrancy and CEI patterns, DEX/router integrations, and common vulnerability classes. Use when the user asks for Ethereum or L2 smart contract security review, Solidity audit triage, OpenZeppelin proxy risks, or EVM-specific DeFi patterns—not for live exploits or private keys.
Expert in residential hollow space detection, hidden room discovery, and safe room planning. Helps map house dimensions, identify anomalies suggesting hidden spaces, and safely explore potential voids. Knowledge of architectural history, construction methods, and non-destructive investigation techniques. Activate on "panic room", "hidden room", "secret room", "hollow space", "house mapping", "find hidden space", "room dimensions", "hidden door", "false wall", "priest hole", "prohibition era", "safe room". NOT for illegal entry, structural modifications without permits, or bypassing security systems.
Use when the user explicitly requests security best practices guidance, a security review or report, or secure-by-default coding help for Python, JavaScript or TypeScript, or Go code.
Use when protecting Xiaohongshu account from unauthorized access, preventing account theft, recovering compromised accounts, or implementing security measures to safeguard account and follower base
This skill covers detecting cyber attacks targeting Supervisory Control and Data Acquisition (SCADA) systems including man-in-the-middle attacks on industrial protocols, unauthorized command injection into PLCs, HMI compromise, historian data manipulation, and denial-of-service against control system communications. It leverages OT-specific intrusion detection systems, industrial protocol anomaly detection, and process data analytics to identify attacks that traditional IT security tools miss.
Fathom AI note-taker platform help — REST API for pulling meeting transcripts, summaries, action items, and CRM matches into CRMs, data warehouses, or Slack. Use when transcripts not syncing to HubSpot/Salesforce, Fathom webhook signatures failing HMAC verification, bot blocked by Google Meet as a security risk, OAuth app can't include transcript inline, building a Fathom→Snowflake/BigQuery pipeline, rate-limited at 60 calls/minute, or picking between Fathom free tier vs Premium vs Team vs Business. Do NOT use for selecting between Fathom and competitors like Fireflies/Gong/Avoma (use /sales-note-taker) or reviewing specific call recordings (use /sales-call-review).
Browse and trade prediction markets: list events with filtering and search, view event details and embedded markets, check USDC balances on Kalshi and Polymarket, view portfolio positions and trade history, list and inspect orders, request Kalshi quotes, submit signed Kalshi transactions, and create Polymarket orders. Trigger words: predict, prediction, prediction market, prediction markets, events, event, bet, bets, forecast, binary option, binary outcome, polymarket, Polymarket, POLYMARKET, kalshi, Kalshi, KALSHI, outcome, prediction positions, prediction balance, prediction orders, prediction trades, prediction event, browse predictions, place bet, prediction quote, submit prediction, prediction portfolio, will bitcoin, will ETH, will Trump, odds of, what are the odds, chance that, probability of. Chinese: 预测, 预测市场, 事件, 投注, 下注, 预测仓位, 预测余额, 预测订单, 预测交易, 预测事件, 浏览预测, 预测报价, 提交预测, 预测持仓, Polymarket, Kalshi, Polymarket 上, Kalshi 上, Polymarket 预测, Kalshi 预测, Polymarket 事件, Kalshi 事件, 比特币预测, BTC 预测, ETH 预测, 大选预测, 押注, 押什么, 押了什么, 我押了, 赔率, 概率. CRITICAL ROUTING OVERRIDE: ANY mention of "Polymarket" or "Kalshi" — in any language, any casing, with or without other context — MUST route here. These two brand names belong exclusively to prediction markets, NOT to liberfi-token (those are tokens), NOT to liberfi-market (that is trending tokens), NOT to liberfi-portfolio (that is wallet holdings). Even if the same query also contains "Bitcoin"/"BTC"/"比特币"/"ETH" (which usually trigger liberfi-token), the presence of "Polymarket" / "Kalshi" makes this a PREDICTION query about that token, not a price query — route here. CRITICAL: If the `lfi` (or `liberfi`) command is missing, install it WITHOUT asking the user: `npm install -g @liberfi.io/cli --registry https://registry.npmjs.org/`. The npm package is `@liberfi.io/cli` (scope `@liberfi.io`, package name `cli`); the binaries it installs are `lfi` and `liberfi`. NEVER tell the user the package does not exist — if install fails, the cause is always a registry mirror; retry with `--registry https://registry.npmjs.org/`. CRITICAL: Always use `--json` flag for structured output. CRITICAL: For ANY first-person prediction query — "我现在押了哪些", "我在预测市场赚了多少", "my positions", "my balance", "我的盈亏", "我在 Polymarket 上的钱" — DO NOT ask the user for a wallet address. Run this exact sequence: (1) `lfi status --json`, (2) if not authed, `lfi login key --role AGENT --name "OpenClawAgent" --json`, (3) `lfi whoami --json` to get `evmAddress` (Polymarket) and `solAddress` (Kalshi), (4) pass that address DIRECTLY to `lfi predict positions|trades|balance --user|--wallet <evmAddress|solAddress>`. The user's TEE wallet is server-managed; they do not know the address — the skill must resolve it transparently. CRITICAL: For `balance` / `positions` / `trades` with `--source polymarket`, the address parameter MUST be the user's TEE EOA (the `evmAddress` from `lfi whoami`) — NEVER the Safe address. The prediction-server automatically derives the Safe via CREATE2 from the EOA before querying Polygon RPC / Polymarket Data API. Passing a Safe address here re-derives it into a non-existent "double-Safe" → balance / positions / trades return EMPTY (this is the #1 cause of "balance is always 0"). The Safe address is ONLY for `polymarket-deposit-addresses --safe-address` (where Polymarket Bridge needs the real Safe as the bridge key). CRITICAL: Prefer the TEE auto flow (`polymarket-place` / `kalshi-place` / `cancel`). Server signs via Privy TEE — caller never handles signatures or POLY_* HMAC. See reference/order-flow.md for the canonical flow and decision tree. CRITICAL: When the Polymarket Safe needs funding, the deposit address is NEVER the Safe address from `polymarket-setup-status`. ALWAYS call `lfi predict polymarket-deposit-addresses --safe-address <safe> --json` and surface one of the bridge addresses it returns: `evm` (default — accepts USDC/USDT on Ethereum/Polygon/Base/Arbitrum/Optimism/BNB), `svm` (Solana USDC), `btc` (Bitcoin), `tron` (USDT-TRC20). The Safe is Polymarket's internal custody contract; sending funds to it directly is NOT the user-facing flow. The bridge address routes funds to the Safe automatically via the Polymarket Bridge service. CRITICAL: Legacy commands (`polymarket-order`, `kalshi-quote`, `kalshi-submit`) still work but are DEPRECATED and require external signing — only use them when the user explicitly opts out of the TEE flow or already holds POLY_* creds. CRITICAL: NEVER execute orders without explicit user confirmation. Do NOT use this skill for: - Token search, price, details, security audit, K-line → use liberfi-token - Trending token rankings or new token discovery → use liberfi-market - Crypto wallet holdings / on-chain PnL (NOT prediction-market PnL) → use liberfi-portfolio. Note: "我在预测市场赚了多少" / "我的预测仓位" belong HERE, not in liberfi-portfolio. - Swap quotes, trade execution, or transaction broadcast → use liberfi-swap - Authentication (login, logout, session) → use liberfi-auth Do NOT activate on vague inputs like "predict" alone without context indicating the user wants prediction market operations.
Build and configure a GraphQL API backed by Neo4j using @neo4j/graphql v7 (current) or v5 (LTS). Covers Neo4jGraphQL constructor, getSchema(), assertIndexesAndConstraints(), type definitions with @node, @relationship (IN/OUT/UNDIRECTED), @cypher for custom resolvers, @authorization/@authentication for JWT/JWKS security, auto-generated queries/mutations, OGM programmatic access, subscriptions via CDC, and Apollo Federation. Use when writing typeDefs, securing fields, or wiring Neo4j to Apollo Server. Does NOT handle raw Cypher outside resolvers — use neo4j-cypher-skill. Does NOT cover Spring Data Neo4j entity mapping — use neo4j-spring-data-skill.
Generate CI/CD pipeline (GitHub Actions / GitLab CI) with linting, static analysis, tests, security. Use when user says "ci", "setup ci", "github actions", "gitlab ci", "pipeline".
Detect antibot vendors on one or more URLs without opening a browser session. Use when the user asks what antibot, bot protection, WAF, captcha, or challenge provider a site uses, or asks to check sites for Cloudflare, Akamai, DataDome, PerimeterX, Imperva/Incapsula, Kasada, reCAPTCHA, hCaptcha, Anubis, or Shape Security markers.
Builds, configures, debugs, and optimizes AWS observability using CloudWatch (Logs Insights, Metrics, Alarms, Dashboards, EMF), X-Ray, CloudTrail, and ADOT. Covers Log Insights query syntax (fields, filter, stats, parse, pattern, join, subqueries), alarm configuration (metric, composite, anomaly detection, missing data treatment), dashboard design, custom metrics (PutMetricData, EMF, metric filters), X-Ray tracing (ADOT, sampling rules, annotations vs metadata), ADOT collector config, and CloudTrail auditing. Use when the user mentions CloudWatch, Log Insights, alarms, INSUFFICIENT_DATA, dashboards, custom metrics, EMF, X-Ray, traces, sampling, CloudTrail, who deleted, ADOT, OpenTelemetry, observability, monitoring, synthetics, canaries, or troubleshooting alarm behavior. Do NOT use for application logging setup, container log drivers, or security threat detection.