Loading...
Loading...
Found 303 Skills
Security-first PR review checklist for this repo. Use when reviewing diffs/PRs, especially changes involving auth, networking, sensitive data, or dependency/lockfile updates. Focus on secret/PII leakage risk, supply-chain risk (npm + node_modules inspection), cross-platform architecture (extension/mobile/desktop/web), and React performance (hooks + re-render hotspots). Avoid UI style nitpicks. PR Review.
Generate MSBuild binary logs (binlogs) for build diagnostics and analysis. Only activate in MSBuild/.NET build context. USE FOR: adding /bl:{} to any dotnet build, test, pack, publish, or restore command to capture a full build execution trace, prerequisite for binlog-failure-analysis and build-perf-diagnostics skills, enabling post-build investigation of errors or performance. Requires MSBuild 17.8+ / .NET 8 SDK+ for {} placeholder; PowerShell needs -bl:{{}}. DO NOT USE FOR: non-MSBuild build systems (npm, Maven, CMake), analyzing an existing binlog (use binlog-failure-analysis instead). INVOKES: shell commands (dotnet build /bl:{}).
Deploys agent skill collections from any GitHub repository with a /skills folder to one or more distribution surfaces: GitHub releases, Claude Code marketplace, VS Code plugin marketplace, and Copilot CLI plugin marketplace. Handles pre-flight validation, conventional commit analysis, version bumping across surface configs, and surface-specific publishing with dry-run support. Use when releasing, publishing, or deploying a skills collection to any supported marketplace or creating a GitHub release for a skills repository. Don't use for deploying non-skill packages, npm modules, Docker images, or Azure resources.
Alibaba Cloud Bailian Knowledge Base Retrieval Tool. Use Alibaba Cloud Bailian SDK to query and retrieve knowledge base content. Use when: User needs to query knowledge base, retrieve document content, or answer questions based on knowledge base. Prerequisites: (1) Install npm packages (2) Configure Alibaba Cloud credentials (via Alibaba Cloud CLI or environment variables). (3) Need to activate Bailian service.
MUST USE for anything related to mise, development tool versions, or dev environment setup. Triggers: (1) User mentions mise, mise.toml, .tool-versions, or mise commands like 'mise use', 'mise install', 'mise run'. (2) User wants to install, switch, pin, upgrade, or check versions of dev tools — node, python, go, ruby, java, rust, etc. — at project or global level, even without mentioning mise (e.g. 'set up node 22', 'what python version', 'upgrade go', 'check for outdated tools', 'configure dev environment'). (3) User wants to manage per-project environment variables via config files (e.g. 'add DATABASE_URL env var', 'set up env vars for different environments'). (4) User wants to define or run project tasks via mise (e.g. 'create a build task', 'run tests with mise'). Do NOT trigger for: Dockerfiles, package.json scripts, Makefiles, nvm/pyenv/rbenv commands, pip/npm package installation, git tags, CI/CD config, or deployment.
Use when building Elixir applications that need to evaluate JavaScript or TypeScript code, load ES modules, import npm/jsr packages, call JS functions from Elixir, or use V8 snapshots. Triggers on Denox, deno_core, Rustler NIF JS runtime, TypeScript transpilation in Elixir.
Guideline for designing, implementing, and verifying secure TypeScript and JavaScript applications following OWASP Top 10 best practices. Use when the user wants to: (1) review TypeScript or JavaScript code for security vulnerabilities, (2) design a secure Node.js, Deno, or browser application architecture, (3) implement security features (authentication, authorization, cryptography, input validation), (4) audit npm/yarn/pnpm dependencies for known vulnerabilities, (5) create security checklists or verification plans, (6) fix security bugs or harden existing TypeScript or JavaScript code, (7) set up security testing and static analysis (ESLint security plugins, Semgrep, Snyk), or (8) handle any TypeScript/JavaScript security concern including injection prevention, prototype pollution, XSS protection, SSRF prevention, secrets management, and secure deployment.
Refactor high-complexity React components in Dify frontend. Use when `pnpm analyze-component --json` shows complexity > 50 or lineCount > 300, when the user asks for code splitting, hook extraction, or complexity reduction, or when `pnpm analyze-component` warns to refactor before testing; avoid for simple/well-structured components, third-party wrappers, or when the user explicitly wants testing without refactoring.
Full-stack web development with Next.js and Turborepo. Stack: Next.js 14+ (App Router, RSC, Server Actions, PPR, SSR, SSG, ISR), Turborepo (monorepo, pipelines, remote caching), RemixIcon (3100+ icons). Capabilities: server components, API routes, middleware, caching strategies, build optimization, monorepo management. Actions: create, build, deploy, optimize Next.js apps, setup monorepo, configure caching. Keywords: Next.js, App Router, Server Components, RSC, Server Actions, SSR, SSG, ISR, PPR, Turborepo, monorepo, remote cache, build pipeline, parallel execution, workspace, pnpm, icons. Use when: building Next.js apps, implementing SSR/SSG, setting up monorepos, optimizing build performance, configuring caching strategies, managing shared dependencies.
Audit frontend codebases for security vulnerabilities and bad practices. Use when performing security reviews, auditing code for XSS/CSRF/DOM vulnerabilities, checking Content Security Policy configurations, validating input handling, reviewing file upload security, or examining Node.js/NPM dependencies. Target frameworks include web platform (vanilla HTML/CSS/JS), React, Astro, Twig templates, Node.js, and Bun. Based on OWASP security guidelines.
Modern Node.js development with Bun, Vite, Vue 3, Pinia, and TypeScript. Covers JavaScript/TypeScript projects, high-performance tooling, and modern frameworks. Use when user mentions Node.js, Bun, Vite, Vue, Pinia, npm, pnpm, JavaScript runtime, or building frontend/backend JS applications.
Apply preferred toolchain and technology stack defaults: pnpm, Next.js, TypeScript, Convex, Vercel, Tailwind, shadcn/ui, Zustand, TanStack, Vitest. Use when setting up new projects, choosing dependencies, discussing stack decisions, or evaluating alternatives.