Loading...
Loading...
Found 2,247 Skills
Guides product infrastructure security—securing the runtime, data plane, and control plane that ships with the product: multi-tenant isolation, service-to-service auth, customer data boundaries, secure defaults in APIs and workers, abuse-resistant rate limits, product-scoped secrets and encryption, and security design reviews for product infra changes. Use when threat-modeling product features, designing tenant isolation, hardening service mesh or internal APIs, reviewing product IaC/modules for data leaks, defining secure baselines for microservices the product team owns, or partnering on incidents affecting customer workloads—not for corporate IdP/SIEM (information-security-engineer), CI pipeline gates only (devsecops), SOC operations (defensive-security-analyst), authorized pentest execution (offensive-security-analyst), general IDP golden paths (platform-engineer), company-wide GRC (cybersecurity), or applied AI solution architecture for LLM features (applied-ai-architect-commercial-enterprise).
This skill should be used when the user asks for a cryptographer, cryptography review, help to choose a cipher (AES-GCM, ChaCha20-Poly1305, ECDH, RSA tradeoffs), key management, PKI design, TLS configuration, protocol security or handshake review, authenticated encryption, digital signature scheme design, post-quantum migration at architecture level, ProVerif or Tamarin modeling concepts, nonce reuse or IV misuse analysis, HKDF vs password hashing (Argon2), HSM or KMS usage patterns, secure randomness, side-channel and constant-time requirements, or cryptographic agility and algorithm deprecation—not general OWASP web app review only (information-security-engineer), secure coding checklists without crypto depth, Solidity or smart contract audits, blockchain wallet tracing, legal export classification, or shipping custom production crypto without design and review gates.
Guides embedded real-time firmware—MCU tradeoffs, bare-metal vs RTOS (FreeRTOS/Zephyr patterns), task priorities/deadlines/jitter, ISR deferred work, stack/heap policy, WCET/timing analysis, concurrency and priority inversion, drivers/HAL, JTAG/SWD/trace, power modes, MISRA C awareness, safety-aware automotive/medical/industrial patterns without certification claims. Use for embedded firmware, RTOS scheduling, drivers/HAL, IRQ design, memory policy, WCET, bring-up, low-power—not HIL security (hardware-in-the-loop-security-tester), backend apps (senior-software-engineer), SCADA/OT (scada-ics-cyber-security-specialist), server perf (performance-engineer), RTL-only without firmware, CI gates (build-validator), tiering only (mission-critical).
Configure an AI agent to send OpenTelemetry traces to Coval. Use when a user wants to add Coval tracing, instrument an agent for simulations or conversation monitoring, make traces show up in Coval, handle SIP/PSTN/WebSocket trace correlation, or replace the one-command wizard with a security-reviewable manual setup.
Analyze and understand malware distribution tactics, cracked software risks, and security threat detection patterns
Use when working on TypeScript code and needing to choose the smallest focused TypeScript skill for coding standards, boundaries, composition, configs, async control, error handling, observability, security, or testing.
Invoke a Rubber Duck Reviewer subagent to independently critique plans and implementations before proceeding. Use when the agent is about to implement a non-trivial plan (multi-file changes, architectural decisions, security-sensitive logic, database schema changes), after completing a self-contained unit of work (module, endpoint, feature), when stuck or facing repeated failures (same test fails 2+ times, unexpected results), or when the agent wants independent validation of assumptions and design decisions. Triggers on any non-trivial implementation task where independent critique would catch blind spots before they become costly mistakes.
Redis security guidance covering authentication (requirepass and ACL users), TLS, ACL-based least-privilege access control, restricting network exposure via bind and protected-mode, firewall rules, and disabling dangerous commands. Use when deploying Redis to production, defining ACL users for an application, configuring TLS connections, locking down a Redis instance behind a firewall, or auditing a Redis deployment for security hardening.
Comprehensive security and correctness audit of a branch's changes. Use for thermo nuclear, thermonuclear, or deep review requests, or branch/PR diff audits focused on bugs, breaking changes, security issues, devex regressions, and feature-gate leaks.
Guides development of Fastify Node.js backend servers and REST APIs using TypeScript or JavaScript. Use when building, configuring, or debugging a Fastify application — including defining routes, implementing plugins, setting up JSON Schema validation, handling errors, optimising performance, managing authentication, configuring CORS and security headers, integrating databases, working with WebSockets, and deploying to production. Covers the full Fastify request lifecycle (hooks, serialization, logging with Pino) and TypeScript integration via strip types. Trigger terms: Fastify, Node.js server, REST API, API routes, backend framework, fastify.config, server.ts, app.ts.
Ziniao CLI Shared Basics: Application configuration initialization, unified apiKey authentication, error handling, output format, and security rules. Triggered when users need to configure for the first time (`ziniao-cli config init`), encounter authentication/permission issues, or use ziniao-cli for the first time.
Build complete Salesforce Lightning Experience applications from natural language descriptions. Use this skill when a user requests a "complete app", "Lightning app", "business solution", "management system", or describes a scenario requiring multiple interconnected Salesforce components (objects, fields, pages, tabs, security). Orchestrates all required metadata types in proper dependency order to produce a deployable application.