Loading...
Loading...
Found 340 Skills
Develop secure smart contracts using OpenZeppelin Contracts libraries. Use when users need to integrate OpenZeppelin library components — including token standards (ERC20, ERC721, ERC1155), access control (Ownable, AccessControl, AccessManager), security primitives (Pausable, ReentrancyGuard), governance (Governor, timelocks), or accounts (multisig, account abstraction) — into existing or new contracts. Covers pattern discovery from library source, MCP generators, and library-first integration. Supports Solidity, Cairo, Stylus, and Stellar.
Solana hackathon resource advisor for Colosseum builders. Use when a builder asks which sponsor tools, SDKs, RPC providers, wallets, identity, payments, privacy, governance, NFT, game, mobile, DeFi, or developer resources to use for a hackathon project.
Guides advanced short-term actuarial mathematics aligned with SOA ASTAM and P&C/health-adjacent modeling—severity and frequency distributions, aggregate and compound loss models, Bühlmann and Bühlmann-Straub credibility, ratemaking and experience rating, short-term reserving at the math level, MLE and goodness-of-fit, and risk measures (VaR, TVaR). Tool-agnostic and concept-first. Use when the user mentions advanced short-term actuarial mathematics, ASTAM, severity model, frequency model, aggregate loss, compound distribution, Bühlmann credibility, experience rating, ratemaking, pure premium, negative binomial frequency, tail factor, TVaR, or short-term actuarial models—not life contingencies (life-health-insurance), Excel workpapers only (actuarial-analyst), appointed actuary sign-off (actuary, appointed-chief-actuary), assumption governance (assumption-setting), P&C legal/operations depth (property-casualty-insurance), or general ML (data-scientist, quantitative-researcher).
Guides secure software delivery and DevSecOps for cleared/classified or high-side programs—disconnected or air-gapped CI/CD, artifact promotion across classification boundaries (conceptual), SBOM/signing/ provenance, SAST/DAST/secrets/IaC/container gates, supply-chain controls, STIG/CIS deploy baselines, IaC for classified landing zones, cleared developer workstations, build/deploy audit logging, and ATO/RMF pipeline evidence (not SSP ownership). Use for classified DevSecOps, cleared pipeline, high-side CI/CD, air-gapped build, cross-domain release, classified software delivery, STIG pipeline, ATO evidence CI, SBOM classified, secure software factory—not portfolio cyber governance (classified-cyber-security-senior-manager), ISSO/SSP (information-systems-security-officer-classified-specialist), commercial-only DevSecOps (devsecops), general DevOps (devops), build-only validation (build-validator), pentest (penetration-tester), or enterprise GRC-only (compliance-specialist).
Guides CI/CD for agent skills repositories and skill packages—pipeline design (build, test, validate, package), GitHub Actions for PR checks and release promotion, environment gates, secrets hygiene (no secrets in repo), skill-creator integration (quick_validate.py, package_skill.py), .skill artifact strategy, rollback, and operational runbooks for skill releases. Use when the user mentions CI/CD, CI/CD engineer, pipeline design, GitHub Actions, skill validation CI, package skills, release pipeline, deploy skills, PR checks, continuous integration, or skill release workflow—not application-only CI without skill packaging (devops), pre-flight plan go/no-go (build-validator), IDP or golden paths (platform-engineer), org-wide SLO and error-budget programs without pipeline ownership (site-reliability-engineer), or portfolio catalog governance without pipeline YAML (ai-skill-manager).
Use when conducting user research (interviews, usability tests, surveys, A/B tests) or designing research studies. Covers discovery, validation, evaluative methods, research ops, governance, and measurement for software experiences.
Builds scalable design systems with tokens, theming, and component architecture. Use when creating design token hierarchies, theming systems, component variant patterns, or accessibility foundations. Use for design tokens, CVA variants, dark mode, multi-brand theming, Radix headless UI, Storybook documentation, and governance.
Write comprehensive commercial proposals for B2B technology consulting engagements. Integrate solution briefs, ROI/business cases, consulting pricing models (T&M, Fixed, Outcome-based, Retainer, Blended), team structure, governance, timeline, and terms. Output includes commercial-proposal.md and preliminary workplan-and-estimate.md that feeds into the PM suite's project-intake-and-charter skill. Use when creating proposals, writing SOWs, pricing engagements, or preparing commercial offers. Triggers on: proposal, commercial proposal, SOW, pricing, quote, engagement offer, commercial offer, statement of work.
DeFi attack pattern playbook. Use when analyzing flash loan attacks, price oracle manipulation, MEV sandwich attacks, governance exploits, bridge vulnerabilities, and token standard edge cases in decentralized finance protocols.
Audit MCP (Model Context Protocol) server configurations for security issues. Use this skill when: - Reviewing .mcp.json files for security risks - Checking MCP server args for hardcoded secrets or shell injection patterns - Validating that MCP servers use pinned versions (not @latest) - Detecting unpinned dependencies in MCP server configurations - Auditing which MCP servers a project registers and whether they're on an approved list - Checking for environment variable usage vs. hardcoded credentials in MCP configs - Any request like "is my MCP config secure?", "audit my MCP servers", or "check .mcp.json" keywords: [mcp, security, audit, secrets, shell-injection, supply-chain, governance]
Routes Snowflake-related operations to Cortex Code CLI for specialized Snowflake expertise. Use when user asks about Snowflake databases, data warehouses, SQL queries on Snowflake, Cortex AI features, Snowpark, dynamic tables, data governance in Snowflake, Snowflake security, or mentions "Cortex" explicitly. Do NOT use for general programming, local file operations, non-Snowflake databases, web development, or infrastructure tasks unrelated to Snowflake.
Customer feedback, NPS, CSAT, CES, Voice of Customer strategy across platforms — survey design, response rate optimization, closed-loop feedback, text analytics, benchmarking, program governance. Use when NPS scores are stagnant, survey response rates are low, feedback isn't driving action, unsure which CX metric to use, need to design a VoC program, comparing feedback tools (Medallia vs Qualtrics vs SurveyMonkey vs Typeform), or customers feel over-surveyed. Do NOT use for product review collection like Trustpilot or G2 (use /sales-customer-reviews) or in-app message surveys (use /sales-in-app-messaging).