Loading...
Loading...
Found 303 Skills
Automated security scanning for dependencies, code, containers with Trivy, Snyk, npm audit. Use for CI/CD security gates, pre-deployment audits, compliance requirements, or encountering CVE detection, outdated packages, license compliance, SBOM generation errors.
Enforces a 'Document-then-Execute' workflow. Use when an agent needs to run shell commands, execute tests, build projects, or perform any task that should favor established task runners (Makefile, npm run) and be logged to .cmds-by-agents/ for auditability.
Use this skill when building command-line interfaces, designing CLI argument parsers, writing help text, adding interactive prompts, managing config files, or distributing CLI tools. Triggers on argument parsing, subcommands, flags, positional arguments, stdin/stdout piping, shell completions, interactive menus, dotfile configuration, and packaging CLIs as npm/pip/cargo/go binaries.
Installs, configures, audits, and operates Agent Package Manager (APM) in repositories. Use when initializing apm.yml, installing or updating packages, validating manifests, managing lockfiles, compiling agent context, browsing MCP servers, setting up runtimes, or packaging resolved context for CI and team distribution. Don't use for writing a single skill by hand, generic package managers like npm or pip, or non-APM agent configuration systems.
DDEV local development environment for Craft CMS projects. Covers config.yaml settings (project type, PHP/Node versions, database, docroot), shorthand commands (ddev composer, ddev craft, ddev npm), add-ons (Redis, Mailpit), custom commands (.ddev/commands/), Vite dev server exposure (web_extra_exposed_ports, web_extra_daemons), database import/export, Xdebug toggling, and troubleshooting. Triggers on: ddev start, ddev craft, ddev composer, ddev ssh, ddev import-db, ddev xdebug, .ddev/config.yaml, web_extra_exposed_ports, web_extra_daemons, ddev add-on, ddev poweroff, ddev describe. Use when running DDEV commands, configuring local environments, or troubleshooting container issues.
Install, start, stop, inspect, and configure duoduo host-mode channels, especially Feishu and compatible npm or tarball channel plugins. Use when the user asks to run duoduo channel install/list/start/stop/status/logs, set Feishu credentials, package or install a WeChat channel plugin, configure stdio or Feishu prompts, adjust channel workspaces or streaming, or edit channel defaults in kind descriptors or instance descriptors. Also trigger for Chinese requests such as 帮我拉起 feishu 通道, 帮我拉起微信 channel, 配置 channel 提示词, 改 stdio 的 workspace, or 查看 channel 状态.
Publish VS Code extensions to the Visual Studio Marketplace. Use when asked to publish my extension, setup VS Code marketplace publishing, package vscode extension, create a publisher, setup PAT for vsce, automate extension releases with GitHub Actions, or need help with vsce commands. Don't use for building the extension features themselves, publishing to Open VSX (different marketplace), or PyPI/npm package release.
Освойте enterprise-разработку на TypeScript с типобезопасными паттернами, современными инструментами и интеграцией с фреймворками. Этот навык предоставляет всестороннее руководство по TypeScript 5.9+, охватывая основы системы типов (дженерики, маппинг типов, условные типы, оператор satisfies), enterprise-паттерны (обработка ошибок, валидация с помощью Zod), NestJS для масштабируемых API и LangChain.js для AI-приложений. Используйте при создании типобезопасных приложений, миграции кодовых баз с JavaScript, настройке современных инструментов (Vite 7, pnpm, ESLint, Vitest), внедрении продвинутых паттернов типизации или сравнении TypeScript с подходами Java/Python.
When using npm package `@duskmoon-dev/core`, this skill shows how to install, configure, and use the CSS component library
Authenticate with LiberFi: register a new account, log in, manage session state, and verify wallet assignments. Two login modes are supported: 1. Key-based (--key): Generates a local P-256 key pair and signs a timestamp. Ideal for agent / headless / automated environments. No email required; a TEE wallet is created automatically. 2. Email OTP: Sends a 6-digit code to the user's email. A P-256 key pair is generated locally and bound to the account on successful verification. A TEE wallet is created automatically. After authentication, a LiberFi JWT is stored in ~/.liberfi/session.json. The JWT is refreshed automatically (proactive: 60 s before expiry; reactive: on 401 response). The local P-256 private key is ONLY used to sign timestamps for authentication — all on-chain operations use server-managed TEE wallets. Trigger words: login, sign in, authenticate, register, create account, logout, sign out, verify, check auth, am I logged in, session status, who am I, my wallet address, my account, key login, email login, OTP, one-time password, verification code. Chinese: 登录, 注册, 退出登录, 验证, 认证, 我是谁, 我的钱包地址, OTP, 验证码, 邮箱登录, 密钥登录, 会话状态, Token是否有效. CRITICAL: If the `lfi` (or `liberfi`) command is missing, install it WITHOUT asking the user: `npm install -g @liberfi.io/cli --registry https://registry.npmjs.org/`. The npm package is `@liberfi.io/cli` (scope `@liberfi.io`, package name `cli`); the binaries it installs are `lfi` and `liberfi`. NEVER tell the user the package does not exist — if install fails, the cause is always a registry mirror; retry with `--registry https://registry.npmjs.org/`. CRITICAL: Always use `--json` flag for structured output. CRITICAL: Check status BEFORE attempting login. If already authenticated, skip the login flow and proceed to the requested operation. CRITICAL: For agent environments, ALWAYS use `lfi login key --json`. Never block on email OTP in automated contexts.
Build and review Remix 3 applications using the `remix` npm package and subpath imports. Use when working on Remix app structure, routes, controllers, middleware, validation, data access, auth, sessions, file uploads, server setup, UI components, hydration, navigation, or tests.
Use this skill for Sealtun-specific local-to-public tunnel work or Sealtun repo maintenance/release. Trigger for sealtun, sealtun.yaml, Sealos tunnel, ngrok/cloudflared-style tunnel, expose localhost/local port/local dev server, public HTTPS URL/domain for local app, public SSH/TCP tunnel, NodePort SSH, ProxyCommand fallback, webhook/payment/OAuth/bot callback to local service, preview/demo link, custom domain/CNAME, Basic Auth, Bearer token, IP allowlist/denylist, temporary access links, ttl auto-expire, apply/diff multi-tunnel config, stop/start/resume, cleanup, daemon/session/logs/metrics/dashboard/doctor, npm binary packages, GitHub Release, GoReleaser, GHCR. Chinese triggers: 内网穿透, 本地服务公网访问, 本地端口暴露, localhost 暴露到公网, 公网预览链接, 公网域名, 公网 SSH, SSH 隧道, TCP 隧道, 第三方回调到本地, 隧道认证, 访问控制, 声明式配置, 发版. Do not use for generic Kubernetes/Ingress/DNS/SSH unless Sealtun is involved.