Loading...
Loading...
Found 2,968 Skills
Code Review Expert: Perform in-depth code reviews using context-isolated subagents, covering security vulnerabilities, performance optimizations, and production reliability
Systematic GitHub Actions workflow authoring skill for AI coding agents. Analyzes repositories to determine project type, language ecosystem, and deployment targets, then generates production-grade CI/CD workflows with proper security hardening, caching, and optimization. Handles greenfield projects (no workflows exist), brownfield updates (modify, optimize, secure existing workflows), and workflow audits with workflow-specific guidance for each. Use when the user requests GitHub Actions workflows: CI pipelines, CD deployments, release automation, scheduled jobs, or any .github/workflows YAML authoring. Also use when existing workflows need auditing, optimizing, securing, or restructuring. Triggers on phrases like "set up CI", "add CI/CD", "GitHub Actions workflow", "release automation", "deploy on tag", "publish to npm/PyPI", "schedule a job", "cron workflow", "matrix build", "workflow.yml", "actions/checkout", "permissions", "harden this pipeline", "pin actions to SHA", "OIDC", "least privilege", "supply-chain", "audit my workflows", "speed up CI", or "cache dependencies". Triggers when creating or editing files under `.github/workflows/`, `action.yml`/`action.yaml` (composite or Docker actions), or `.github/dependabot.yml`. Triggers when the user mentions migrating from GitLab CI, CircleCI, Travis, Jenkins, Drone, or Buildkite to GitHub Actions. Do NOT use for non-GitHub CI systems (GitLab CI, CircleCI, Jenkins) unless the user is migrating TO GitHub Actions. Do NOT use for general bash scripting, Makefiles, or local-only build configuration.
Alibaba Cloud MongoDB full lifecycle management: create/query/scale/delete standalone, replica set, sharded cluster instances. Covers node management, security (whitelist/security group), public & SRV address, password reset, renewal, billing conversion, cloud disk reconfiguration, maintenance window, backup, version upgrade, HA switchover, account & tag management. Triggers: "MongoDB", "create MongoDB", "dds instance", "list instances", "MongoDB scaling", "add Mongos/Shard node", "MongoDB whitelist", "reset password", "allocate public address", "SRV address", "MongoDB renewal", "billing type conversion", "cloud disk reconfiguration", "delete MongoDB instance", "maintenance window", "restart MongoDB", "MongoDB backup", "upgrade MongoDB version", "HA switchover", "MongoDB tags", "MongoDB account"
Guardian is an AI-powered penetration testing automation CLI that leverages multiple AI providers (OpenAI, Claude, Gemini) and 19+ security tools to orchestrate intelligent, step-by-step penetration testing workflows with comprehensive evidence capture.
Generate audit reports and compliance trails using Harness audit trail data via MCP v2 tools. Track user actions, resource changes, authentication events, and access patterns across accounts, organizations, and projects. Use when asked to audit activity, generate compliance reports, investigate security incidents, review user actions, check change logs, or produce SOC2/GDPR/HIPAA audit evidence. Trigger phrases: audit report, audit trail, compliance audit, user activity log, change log, access audit, security investigation, who changed what, audit events.
Configure code scanning in Harness pipelines using STO security scanners. Helps identify where to inject SAST/SCA scanning steps into existing pipelines, recommends appropriate scanners, and configures them with proper connector references. Use when asked to add code scanning, configure security scans, set up SAST/SCA, integrate vulnerability scanning, or add security checks to a pipeline. Trigger phrases: add code scanner, configure repo scan, set up SAST, add security scan, configure vulnerability scanning, integrate scanner.
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports. 中文触发词:漏洞赏金、安全测试、渗透测试、漏洞挖掘、信息收集、子域名枚举、XSS测试、SQL注入、SSRF、安全审计、漏洞报告
Provides comprehensive code review covering 6 focused aspects - architecture & design, code quality, security & dependencies, performance & scalability, testing coverage, and documentation & API design. Use this skill for deep analysis with actionable feedback after significant code changes.
Expert knowledge for Azure VPN Gateway development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when configuring S2S/P2S VPNs, BGP routing, IPsec/IKE policies, Entra ID/MFA auth, or ExpressRoute VPNs, and other Azure VPN Gateway related development tasks. Not for Azure Virtual Network (use azure-virtual-network), Azure Virtual WAN (use azure-virtual-wan), Azure ExpressRoute (use azure-expressroute), Azure NAT Gateway (use azure-nat-gateway).
Review pull requests for code quality, security issues, and best practices. Use when reviewing PRs, checking code changes, or analyzing diffs before merge.
Build with Firestore NoSQL database - real-time sync, offline support, and scalable document storage. Use when: creating collections, querying documents, setting up security rules, handling real-time listeners, or troubleshooting permission-denied, quota exceeded, invalid query, or offline persistence errors. Prevents 10 documented errors.
This skill should be used when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Use for Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.