Loading...
Loading...
Found 831 Skills
Comprehensive security audit and vulnerability detection for JavaScript/TypeScript applications following OWASP Top 10. Use when (1) Users say 'audit security', 'check for vulnerabilities', 'security review', 'implement authentication', 'secure this code', (2) Adding authentication, API endpoints, file uploads, or handling user input, (3) Working with secrets, credentials, or sensitive data, (4) Implementing payment features or blockchain integrations, (5) Conducting pre-deployment security checks. Audits for: hardcoded secrets, injection vulnerabilities, XSS/CSRF, broken access control, insecure authentication, rate limiting, dependency vulnerabilities, sensitive data exposure.
Robust URL-to-Markdown extraction for OpenClaw workflows. Use this when the user needs to "extract/summarize/convert a webpage to Markdown" (especially for WeChat official accounts at mp.weixin.qq.com) and web_fetch or browser access is blocked or returns messy content. It first uses a low-cost probe via web_fetch, then falls back to the official MinerU API (through the local mineru-extract skill), and returns a traceable result contract with source links.
CRITICAL skill for executing multiple runSubagent calls in a SINGLE function_calls block for true parallelism. Essential for efficient multi-task workflows, subagent coordination, and maximizing throughput.
Comprehensive context management strategies for cost optimization and infinite-length conversations. Covers server-side clearing (tool results, thinking blocks), client-side SDK compaction (automatic summarization), and memory tool integration. Use when managing long conversations, optimizing token costs, preventing context overflow, or enabling continuous agentic workflows.
Generate a stakeholder update tailored to audience and cadence. Use when writing a weekly or monthly status for leadership, announcing a launch, escalating a risk or blocker, or translating the same progress into exec-brief, engineering-detail, or customer-facing versions.
Convert Mermaid code blocks in Markdown files to PNG images using the mermaid.ink API.
Advanced Content Security Policy bypass techniques. Use when XSS or data exfiltration is blocked by CSP and you need to find policy weaknesses, trusted endpoint abuse, nonce leakage, or exfiltration channels that CSP cannot block.
Convert HTML and Markdown content into Portable Text blocks for Sanity. Use when migrating content from legacy CMSs, importing HTML or Markdown into Sanity, building content pipelines that ingest external content, converting rich text between formats, or programmatically creating Portable Text documents. Covers @portabletext/markdown (markdownToPortableText), @portabletext/block-tools (htmlToBlocks), custom deserializers, and the Portable Text specification for manual block construction.
Queries Huawei Cloud computing resources (ECS/BMS/IMS/AS), Covers ECS instances, flavors, keypairs, quotas, server groups, block devices, NICs, VNC console, BMS bare metal servers/flavors/quotas, IMS images/OS versions/members/quotas, and AS scaling groups/configs/policies/activity logs/lifecycle hooks/warm pools/quotas. No write operations. Use this skill when the user needs to query ECS instance details, list flavors, check BMS availability, browse images, or view auto-scaling group/policy status. Triggers: 弹性云服务器, ECS, 裸金属, BMS, 镜像, IMS, 弹性伸缩, AS, 伸缩组, 伸缩策略, 规格查询, flavor, instance, image, scaling.
Syntax highlight code blocks with Shiki. Supports server-side rendering in RSC and automatic light/dark theme switching.
Build production-ready Web3 applications, smart contracts, and decentralized systems. Implements DeFi protocols, NFT platforms, DAOs, and enterprise blockchain integrations. Use PROACTIVELY for smart contracts, Web3 apps, DeFi protocols, or blockchain infrastructure.
Query blockchain data across 40+ chains, create AI agents for crypto analytics, and build automated data pipelines. Use when working with blockchain data, crypto wallets, DeFi protocols, NFTs, token transfers, or on-chain analytics. Requires the Flipside CLI (https://docs.flipsidecrypto.xyz/get-started/cli).