Loading...
Loading...
Found 156 Skills
Who is this wallet and what have they been doing? Identity labels, balance, PnL summary, recent transactions, perp positions, and counterparties.
Session orientation and awareness — retro summaries, handoffs, git state, focus. Use when starting a session, after /jump, lost your place, switching context, or when user asks "now", "where are we", "what are we doing", "status", "recap". Do NOT trigger for "standup" or "morning check" (use /standup), or session mining "dig", "past sessions" (use /dig).
Run browser encrypted JS in Node.js (environment patching). env_core.js provides function disguise/prototype chain/Proxy engine, Claude writes stubs on demand in run.js according to the diagnosis report. TRIGGER when: user says "environment patching", "module extraction", "run in Node", "webpack module extraction", "environment simulation", "run JS in Node", or needs to run independently without browser after finding the encryption entry. DO NOT TRIGGER when: only debugging in browser, doing AST deobfuscation, or writing ordinary Node.js code.
Search, filter, and format entries from BibTeX or BibLaTeX .bib files for research workflows. Use when a user wants to find papers, search a bibliography, filter a library, or look up references by topic, author, year, venue, DOI, arXiv ID, keywords, annotation, abstract, or entry type. Handles Zotero-exported libraries. Supports compact search expressions such as author:, year-gte, type:, and has:, combined filters, research-oriented output fields, raw BibTeX export, and LaTeX/Typst citation snippet generation.
Check the consistency and authenticity risks of citations and references in NSFC proposal text (read-only): Verify the existence of bibkey, format issues such as BibTeX fields and DOI, and generate structured input for the host AI to evaluate item-by-item whether the text expression actually cites the literature; by default, only an audit report is output, and the proposal or .bib file is not directly modified (unless the user explicitly requests it).
SaaS financial health advisor. Use when a user shares revenue or customer numbers, or mentions ARR, MRR, churn, LTV, CAC, NRR, or asks how their SaaS business is doing.
Use when normalizing BibTeX, RIS, CSL JSON, citation keys, DOI/arXiv/PMID metadata, references, unused citations, missing citations, or bibliography quality for papers and SOTA work.
Use when a startup is approached by a prospective partner and someone has to decide should we sign this partner, at what partner tier (referral / reseller / OEM / SI-consulting / strategic alliance), with what joint GTM commitment, and at what revshare. Classifies partner tier from independent-demand evidence vs. preferential-terms hunting, designs a 90-day joint GTM plan, models revshare against direct-sale margin, and surfaces kill criteria for unwinding under-performing partnerships. For Head of Partnerships, Head of BD, and Founder-CEOs doing reseller agreement, OEM deal, or strategic alliance review — not technical sale enablement, not channel cost economics, not M&A.
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports. 中文触发词:漏洞赏金、安全测试、渗透测试、漏洞挖掘、信息收集、子域名枚举、XSS测试、SQL注入、SSRF、安全审计、漏洞报告
Analyse competitor moves and surface strategic implications for your product. Use when asked to track competitor signals, analyse a competitor announcement, understand what a competitor is doing strategically, or produce a competitive intelligence report. Produces a categorised signal analysis with threat ratings, roadmap implications, and recommended responses.
Analyze an influencer's recent content and return a brand safety report flagging political controversy, offensive language, sensitive topics, or past scandal indicators. This skill should be used when screening a creator for brand safety, vetting influencer content for risks, checking if a creator is brand-safe, auditing an influencer's content history for red flags, running a brand safety check on a creator, evaluating creator risk before a partnership, flagging controversial creator content, reviewing an influencer for offensive language or sensitive topics, or doing a pre-campaign safety review. For holistic creator evaluation including performance metrics, see creator-vetting-scorecard. For writing campaign briefs with content guidelines and safety clauses, see campaign-brief-generator.
Best practices for doing quick exploratory data analysis with minimal code and a Pandas .plot like API using HoloViews hvPlot.