Loading...
Loading...
Found 2,247 Skills
Use when you need to design, review, or improve security in Micronaut applications — including micronaut-security authentication, @Secured and intercept-url-map rules, JWT/session strategies, SecurityService checks, CORS, CSRF awareness for browser apps, rejection handlers, and sensitive-data-safe logging. This should trigger for requests such as Add Micronaut security support; Review Micronaut security configuration; Improve API authorization in Micronaut; Add JWT security in Micronaut; Harden Micronaut route authorization rules. Part of cursor-rules-java project
Guides edge and tactical autonomous systems—perception-planning-control under latency and safety constraints; behavior trees/state machines vs learned policies; human-on-the-loop; geofencing, no-strike rules, mission abort; sim and field testing; ROS2/middleware patterns; sensor fusion; degraded modes; autonomy audit logging. Use for UAS/autonomous stacks, safety rules, HITL, sim-to-field validation, fail-safe—not LLM products (ai-engineer), LLM red team (ai-redteam), safeguard serving (ml-infrastructure-engineer-safeguards), governance only (ai-risk-governance), MCU firmware without autonomy (embedded-real-time-software-engineer), plant PLC/DCS (control-software-developer), HIL security bench (hardware-in-the-loop-security-tester).
Guides product infrastructure security—securing the runtime, data plane, and control plane that ships with the product: multi-tenant isolation, service-to-service auth, customer data boundaries, secure defaults in APIs and workers, abuse-resistant rate limits, product-scoped secrets and encryption, and security design reviews for product infra changes. Use when threat-modeling product features, designing tenant isolation, hardening service mesh or internal APIs, reviewing product IaC/modules for data leaks, defining secure baselines for microservices the product team owns, or partnering on incidents affecting customer workloads—not for corporate IdP/SIEM (information-security-engineer), CI pipeline gates only (devsecops), SOC operations (defensive-security-analyst), authorized pentest execution (offensive-security-analyst), general IDP golden paths (platform-engineer), company-wide GRC (cybersecurity), or applied AI solution architecture for LLM features (applied-ai-architect-commercial-enterprise).
Use when an RFP, RFI, RFQ, security questionnaire, vendor questionnaire, or proposal request arrives and the team needs a structured response — parsing multi-section buyer-dictated requirements (MANDATORY vs WEIGHTED vs NICE-TO-HAVE), building a Shipley-method proof-point matrix mapping each requirement to a verifiable proof point, articulating 3-5 win-themes that ladder up across requirements, and producing a Shipley-derived winrate estimate that informs a bid / no-bid / partner-bid recommendation. For Bid Managers, Proposal Leads, Directors of Sales, and Sales Engineers at the response-strategy moment. Surfaces GAP requirements explicitly — never invents claims. NOT free-form proposal narrative authoring, NOT contract redline, NOT marketing collateral.
Audit and harden a repository test suite so tests carry their weight. Use when the user asks whether tests are useful, flaky, duplicated, slow, under-covering critical behavior, missing contract/regression coverage, or when a codebase needs a test strategy before major refactors, releases, security work, or production hardening.
Deploy and orchestrate 38 MCP servers for offensive security tools (Nmap, Nuclei, Ghidra, SQLMap, etc.) via Docker
Analyze and understand malware distribution tactics, security software bypass techniques, and threat detection for cybersecurity research
Recognize and warn against malicious software distribution repositories masquerading as legitimate security tools
Perform language and framework specific security best-practice reviews and suggest improvements. Use when the user explicitly requests security best practices guidance, a security review or report, or secure-by-default coding help. Supports Python, JavaScript/TypeScript, and Go. Do NOT use for general code review, debugging, threat modeling (use security-threat-model), or non-security tasks.
Integrate Novu's in-app notification inbox into web applications. Supports React, Next.js, and vanilla JavaScript. Includes the Inbox component (bell icon + notification feed), composable components (Bell, Notifications, InboxContent, Preferences), headless hooks, branded theming, custom render props, multi-tenancy via contexts, tabs, localization, and HMAC security. Use when adding an in-app notification center, bell icon, notification feed, real-time notification updates, or building a personalized and branded notification experience.
Use when a code hotfix, rollback alternative, production/security/legal fix, launch blocker, or hard external deadline claims expedited review or relaxed process. TRIGGER on "emergency change", "hotfix", "prod incident", "major security hole", "must ship today", "hard deadline", "bypass review", or "fast-track this PR" for qualification only. DO NOT TRIGGER for ordinary urgency, soft deadlines, Friday timing, manager pressure, time-zone delay, or review unless emergency status is disputed.
Queries Huawei Cloud identity and access management resources (IAM) via read-only Python SDK. Covers users, groups, policies, agencies, AK/SK, MFA devices, login/password/ACL policies, security compliance, and account quotas. No write operations. Use this skill when the user needs to query IAM identity info, check policies/permissions, view agency details, or inspect AK/SK/MFA status. Triggers: IAM, 用户, 用户组, 策略, 委托, 权限, AK/SK, MFA, 密码策略, 安全合规, 身份查询, 身份认证, identity, policy, agency.