Loading...
Loading...
Found 181 Skills
Verify structure analysis output against source code. Check file:line references, component completeness, and Mermaid diagram validity. Runs as independent Critic in fork context. Use when: verify structure, check structure map, validate phase 1, re-verify-structure.
This skill should be used when the user asks to "validate a finding", "check if a vulnerability is real", "triage a security finding", "confirm a vulnerability", "determine if a finding is a true positive or false positive", or provides a security finding for review. It validates security vulnerability findings by tracing data flows, verifying exploit conditions, analyzing security controls, and optionally testing attack vectors against a live application.
Elite code review expert specializing in modern AI-powered code analysis, security vulnerabilities, performance optimization, and production reliability. Masters static analysis tools, security scanning, and configuration review with 2024/2025 best practices. Use PROACTIVELY for code quality assurance.
Use when Claude Code needs a second opinion, verification, or deeper research on technical matters. This includes researching how a library or API works, confirming implementation approaches, verifying technical assumptions, understanding complex code patterns, or getting alternative perspectives on architectural decisions. The agent leverages the Codex CLI to provide independent analysis and validation.
Route-aware gap analysis. For Brownfield - uses /speckit.analyze to compare specs against implementation. For Greenfield - validates spec completeness and asks about target tech stack for new implementation. This is Step 4 of 6 in the reverse engineering process.
Comprehensive research toolkit for discovering patterns, best practices, and technical knowledge across Web search, MCP servers, GitHub repositories, and documentation. Use when researching technologies, exploring codebases, finding examples, or gathering requirements for skill development.
Build PHPStan rules, collectors, and extensions that analyze PHP code for custom errors. Use when asked to create, modify, or explain PHPStan rules, collectors, or type extensions. Triggers on requests like "write a PHPStan rule to...", "create a PHPStan rule that...", "add a PHPStan rule for...", "write a collector for...", or when working on a phpstan extension package.
Detect and analyze heap spray attacks in memory dumps using Volatility3 plugins to identify NOP sled patterns, shellcode landing zones, and suspicious large allocations in process virtual address space.
Static code analysis and complexity metrics
Use when generating or updating technical documentation from code — API references, architecture docs, README files, component documentation, getting started guides, or configuration references
Classify a code quality concern into the right enforcement tool and act on it. Activate when the user wants to enforce a pattern, catch a mistake, add a check, create a rule, prevent a practice, guard against regressions, set up linting, improve their feedback loop, or asks "how do I make sure X."
Fortify integration. Manage data, records, and automate workflows. Use when the user wants to interact with Fortify data.