Loading...
Loading...
Found 29 Skills
Java Web dead code cleanup and refactoring expert. It safely identifies and removes dead code, with testing and verification performed at every step. Trigger conditions: User requests for dead code cleanup, refactoring optimization, and unused code removal.
Comprehensive quality gate integrating linting, type checking, specification review, and security auditing.
Run gosec SAST scans on Go code. Detects SQL injection, hardcoded credentials, insecure TLS, command injection, and other Go security issues.
Python code security analysis, performance optimization, and maintainability assessment
Fortify integration. Manage data, records, and automate workflows. Use when the user wants to interact with Fortify data.
Audit and fix RGAA 4.1.2 accessibility issues in any web framework that outputs HTML: React, Vue, Svelte, Astro, Angular, Next.js, Nuxt, SvelteKit, plain HTML, Handlebars, ERB, Nunjucks, and similar. Activates proactively whenever a developer writes, modifies, generates, or refactors any component or template — even without explicit mention of accessibility. Triggers on: "create a component", "add a form", "refactor this header", "add a data table", "add a nav", "build a layout", "audit accessibility", "check a11y", "RGAA", "is this accessible", "make WCAG compliant", "fix accessibility issues", or any request to write/review .jsx/.tsx/.vue/.svelte/.astro/.html files. Covers static code only: images alt text, colors, tables, links, mandatory elements, information structure, forms, navigation landmarks.
Run ESLint with security plugins on JavaScript/TypeScript code. Detects eval usage, non-literal RegExp, prototype pollution, and other JS/TS security anti-patterns.
Generates PHPStan configurations for PHP projects. Creates phpstan.neon with appropriate level, extensions, paths, baseline support, and DDD-specific rules.
Security audit and vulnerability scanner for AI agent skills before installation. Use when: (1) evaluating a skill from an untrusted source, (2) auditing a skill directory or git repo URL for malicious code, (3) pre-install security gate for Claude Code plugins, OpenClaw skills, or Codex skills, (4) scanning Python scripts for dangerous patterns like os.system, eval, subprocess, network exfiltration, (5) detecting prompt injection in SKILL.md files, (6) checking dependency supply chain risks, (7) verifying file system access stays within skill boundaries. Triggers: "audit this skill", "is this skill safe", "scan skill for security", "check skill before install", "skill security check", "skill vulnerability scan".
Use this skill when working with the UI5 Linter (@ui5/linter) for static code analysis of SAPUI5/OpenUI5 applications and libraries. Covers setup, configuring linting rules, running the linter to detect deprecated APIs, global variable usage, CSP violations, and manifest issues. Supports autofix for deprecated API usage, global references, event handlers, and manifest properties. Includes CI/CD integration, pre-commit hooks, and UI5 2.x migration preparation.
Detect common code smells and anti-patterns providing feedback on quality issues a senior developer would catch during review. Use when user opens/views code files, asks for code review or quality assessment, mentions code quality/refactoring/improvements, when files contain code smell patterns, or during code review discussions.
Find and replace code patterns structurally using ast-grep. Use when you need to match code by its AST structure (not just text), such as finding all functions with specific signatures, replacing API patterns across files, or detecting code anti-patterns that regex cannot reliably match.