Loading...
Loading...
Found 3,730 Skills
Triage failed CI runs on a GitHub-Actions–driven repo — classify regression vs flake vs infra, maintain a single rolling `main-red` issue when main is broken, and point humans at the suspect commit. Use when a workflow fails on `main`, or when a human asks "is main red?", "why did CI fail on main?", "triage this workflow run", "classify this failure". Paired with the consumer repo's `<repo>-pr-lifecycle` skill (PR-side CI triage) and the `web-testing` skill (invoked for `e2e` failures).
Guides information security engineering—implementing and operating security controls, identity and access systems, encryption and secrets management, security tool integrations (SIEM, EDR, SOAR), cloud guardrails, hardening baselines, and remediation engineering for vulnerabilities. Use when building SSO/RBAC/PAM patterns, configuring KMS or certificate lifecycle, deploying WAF/DLP or EDR connectors, writing security-as-code policies (OPA, SCPs, CIS benchmarks), integrating logging to SIEM, automating security workflows, or validating control fixes—not for SOC triage (soc-analyst), pentesting (penetration-tester, network-pentester, web-pentester), red team (red-team-specialist), CI gates only (devsecops), platform provisioning without security ownership (infrastructure-engineer), CISO/exec program (chief-information-security-officer), security program strategy (cybersecurity), GRC program and audit prep (compliance-specialist), or product tenancy isolation (product-infrastructure-security-engineer).
Guides digital forensics for security incidents—evidence acquisition and chain of custody, disk/memory/mobile/cloud artifact analysis, log and network forensics, timeline correlation, malware artifact triage, and investigation reports for legal/IR and expert-witness preparation outlines (not legal advice). Use when preserving and analyzing forensic artifacts, building super-timelines, documenting acquisition worksheets, triaging malware samples, or preparing forensic findings for counsel—not live incident command (incident-responder), SOC alert queue triage (soc-analyst), authorized penetration testing (penetration-tester), deep binary RE (reverse-engineer), LLM red team (ai-redteam), enterprise ISMS programs (information-security-engineer), audit control mapping (compliance-engineer), or cloud guardrail implementation (cloud-security-engineer).
Guide for migrating an existing web app, PWA, or SPA into a store-ready Capacitor iOS and Android app. Use this skill when users want to wrap or convert a web app into a mobile app, avoid thin WebView app store rejection, add native-feeling UX, handle permissions, offline behavior, account deletion, billing, testing, and Capgo live updates.
Use when tasks are complex and require full microservices collaboration: The main agent acts as a pure Orchestrator, strictly prohibited from writing code personally, and is responsible for accurately assigning responsibilities such as positioning, planning, coding, testing, and review to corresponding sub-agents (explorer, planner, worker, verifier, reviewer, fixer). This Skill enforces microservices workflow discipline, requiring full Chinese communication, minimal routing output, and minimized context transfer.
Guideline for designing, implementing, and verifying secure Python applications following OWASP Top 10 best practices. Use when the user wants to: (1) review Python code for security vulnerabilities, (2) design a secure Python application architecture, (3) implement security features (authentication, authorization, cryptography, input validation), (4) audit Python dependencies for known vulnerabilities, (5) create security checklists or verification plans, (6) fix security bugs or harden existing Python code, (7) set up security testing and static analysis (bandit, safety, semgrep), or (8) handle any Python security concern including injection prevention, secure deserialization, SSRF protection, secrets management, and secure deployment.
Audits AI-implemented work for honest completion. Runs independent-evaluator checks against task artifacts, transcripts, tests, CI evidence, requirement-to-test mapping, status front matter, and quality gates; flags skipped tests, weakened assertions, mock-only confidence, snapshot drift, happy-path-only coverage, flaky retries, and status/evidence mismatches. Use when validating completed Compozy tasks, AI-authored PRs, or codex-loop iterations. Do not use for real-user QA, persona/journey testing, exploratory charters, or product usability sessions; use qa-execution for those.
Framework for demonstrating AI capabilities in legal contexts. Provides detailed personas across tenant law, business contracts, startup disputes, employment claims, and consumer protection with progressive complexity scenarios. Use when: (1) Demonstrating AI-powered legal triage or intake systems, (2) Showcasing responsible AI-assisted client interactions, (3) Training staff on appropriate AI use in legal contexts, (4) Creating realistic scenarios for legal tech presentations, (5) Developing educational materials about AI in legal services, or (6) Testing AI-powered legal information systems in controlled environments.
Helps users discover and install capabilities from the open agent skills ecosystem. Use when users ask "how do I do X" for specialized tasks, request "find a skill for X", want to extend agent capabilities, or need help with specific domains (testing, design, deployment, etc.).
Autonomous NeMo-RL research agent workflow for directed hypothesis testing and open-ended discovery. Guides agents through the full experiment lifecycle: understanding recipes and environments, wiring RL or NeMo-gym runs, launching reproducible baselines and iterations, analyzing results, preserving human oversight, and using git plus TSV logs as the research ledger. Do NOT use for: bug fixes, code review, documentation, refactoring, dependency updates, or single-file changes.
Use when building blockchain applications or smart contracts across EVM (Solidity), Solana (Anchor/Rust), Cosmos (CosmWasm), and TON, including security/audit workflows, fuzz/invariant testing, upgrades, custody/signing, and backend integration (RPC, indexers, webhooks).
Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks