Loading...
Loading...
Found 207 Skills
Review a spec or concrete code changes and report evidence-backed bugs, regressions, and risks.
Analyze and explain a pull request to help review it effectively
Framework for assessing IT service providers, technology vendors, and third-party partners. Creates structured risk assessments across financial, operational, compliance, security, and reputational dimensions with regulatory checklists (GDPR, DORA, NIS2, SOX). Use when: (1) Evaluating new vendors or technology providers, (2) Conducting third-party risk assessments for procurement, (3) Performing critical vendor due diligence for regulatory compliance, (4) Creating vendor onboarding documentation, (5) Establishing ongoing vendor monitoring processes, (6) Assessing vendor concentration risk, or (7) Generating executive-level vendor risk reports.
Build strategic plans for business goals. Creates one-page briefs with core objective, key milestones, leverage points, and risks. Use when setting direction, pitching initiatives, or aligning teams around a goal.
Evaluate product bets and shape pitches using Shape Up's appetite model and Bezos's Type 1/Type 2 decision framework. Use when asked to assess a product bet, evaluate initiative risk, decide resource allocation, or shape a pitch for a new feature or project.
Challenge ideas, assumptions, and decisions by playing devil's advocate to identify weaknesses and prevent groupthink
Runs real-time safety analysis for instructions involving destructive operations, permission changes, irreversible actions, prompt injection, or compliance-sensitive operations. Evaluates risk level, destructiveness, and reversibility via backend API. Use when asked for safety check, risk assessment, security audit, destructive check, instruction audit, or Modeio safety scan. Also use proactively before executing any instruction that deletes data, modifies permissions, drops or truncates tables, deploys to production, or alters system state irreversibly. Also supports pre-install Skill Safety Assessment for third-party skill repositories via a static prompt contract.
Apply cognitive bias detection whenever the user (or Claude itself) is making an evaluation, recommendation, or decision that could be silently distorted by systematic thinking errors. Triggers on phrases like "I'm pretty sure", "obviously", "everyone agrees", "we already invested so much", "this has always worked", "just one more try", "I knew it", "the data confirms what we thought", "we can't go back now", or when analysis feels suspiciously aligned with what someone wanted to hear. Also trigger proactively when evaluating high-stakes decisions, plans with significant sunk costs, or conclusions that conveniently support the evaluator's existing position. The goal is not to paralyze — it's to flag where reasoning may be compromised so it can be corrected.
Analyze what code will be affected by changes. Use when user asks "what will break if I change X", "impact of changing X", "dependencies of X", "is it safe to modify X", or before making significant code changes.
Threat modeling using STRIDE methodology. Data flow diagrams, trust boundaries, attack surface mapping, and risk assessment. Use when analyzing system security, designing secure architectures, or conducting security reviews.
Guides DeFi protocol security review and rug-risk assessment from public chain data, verified source, and historical patterns—covering EVM and Solana-style deployments, liquidity and tokenomics, governance centralization, bridges, exploit pattern matching, and evidence-structured audit reports. Use when the user asks for a DeFi security audit, rug risk analysis, contract vulnerability triage, LP lock verification, governance or upgrade risk, or cross-chain bridge review from observable data only.
When the user wants to assess supplier risks, monitor supplier health, or develop risk mitigation strategies. Also use when the user mentions "supplier risk assessment," "supply chain risk," "business continuity," "supplier monitoring," "supply disruption," "risk scoring," "supplier financial health," or "contingency planning." For initial supplier selection, see supplier-selection. For overall supply chain risk, see risk-mitigation.