Loading...
Loading...
Found 31 Skills
Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Detects attack vectors where attacker-controlled input reaches AI agents running in CI/CD pipelines, including env var intermediary patterns, direct expression injection, dangerous sandbox configurations, and wildcard user allowlists. Use when reviewing workflow files that invoke AI coding agents, auditing CI/CD pipeline security for prompt injection risks, or evaluating agentic action configurations.
Use this skill for Sealtun-specific local-to-public tunnel work or Sealtun repo maintenance/release. Trigger for sealtun, sealtun.yaml, Sealos tunnel, ngrok/cloudflared-style tunnel, expose localhost/local port/local dev server, public HTTPS URL/domain for local app, public SSH/TCP tunnel, NodePort SSH, ProxyCommand fallback, webhook/payment/OAuth/bot callback to local service, preview/demo link, custom domain/CNAME, Basic Auth, Bearer token, IP allowlist/denylist, temporary access links, ttl auto-expire, apply/diff multi-tunnel config, stop/start/resume, cleanup, daemon/session/logs/metrics/dashboard/doctor, npm binary packages, GitHub Release, GoReleaser, GHCR. Chinese triggers: 内网穿透, 本地服务公网访问, 本地端口暴露, localhost 暴露到公网, 公网预览链接, 公网域名, 公网 SSH, SSH 隧道, TCP 隧道, 第三方回调到本地, 隧道认证, 访问控制, 声明式配置, 发版. Do not use for generic Kubernetes/Ingress/DNS/SSH unless Sealtun is involved.
Guide for using Netlify Image CDN for image optimization and transformation. Use when serving optimized images, creating responsive image markup, setting up user-uploaded image pipelines, or configuring image transformations. Covers the /.netlify/images endpoint, query parameters, remote image allowlisting, clean URL rewrites, and composing uploads with Functions + Blobs.
Use this skill when the user asks "who has access", "audit permissions", "check user roles", "list API keys", "review access controls", "rotate API keys", "create API key", "delete expired keys", "send data keys", "configure SAML", "set up SSO", "IP allowlist", "IP access restrictions", "check IP whitelist", "add user", "deactivate user", "manage team groups", "user permissions", "role-based access", "manage scopes", "system roles", "API key admin", "team member keys", "group membership", or wants to audit, manage, or configure access controls for a Coralogix account.
Guides cybersecurity isolation controls using MITRE D3FEND—access mediation, content filtering, execution isolation, and network segmentation. Covers access policies, permissions, content validation, process isolation, allowlisting, and traffic filtering. Use when segmenting networks, restricting access, filtering content, or isolating execution—not for detection (d3fend-detect), hardening (d3fend-harden), or deception (d3fend-deceive).
Postgres-backed observability and policy store for the skill system. Provides tables for policy profiles (effect allowlists), skill execution runs, and step-level events. Use when setting up the skill system database or querying execution history.
Review Express.js security audit patterns for middleware and routes. Use for auditing Helmet.js, CORS, body-parser limits, and auth middleware. Use proactively when reviewing Express.js apps. Examples: - user: "Secure my Express app" → add Helmet.js and disable x-powered-by - user: "Check Express CORS config" → verify origin allowlists and credentials - user: "Review Express auth middleware" → check route order and coverage - user: "Scan for Express path traversal" → verify path normalization and validation - user: "Audit Express session config" → check secure, httpOnly, and sameSite flags
Integrates Clerk authentication into React Native Expo apps using @clerk/clerk-expo. Covers ClerkProvider setup, secure token caching (expo-secure-store), Expo Router/React Navigation auth guards, custom sign-in/sign-up flows (email/password + email codes), SSO/OAuth (useSSO), Sign in with Apple (useSignInWithApple), biometrics (useLocalCredentials), offline support, and production deployment allowlisting. Use when the user mentions Clerk + Expo, @clerk/clerk-expo, Expo Router auth, SSO/OAuth redirects, or deploying Clerk in a mobile app.
Manage Webshare proxies via the Webshare API: list active proxies, download the proxy list, refresh rotating pools, replace broken proxies, read and update proxy config, manage IP allowlists, inspect subscription plans, and kick off an express-checkout flow to buy more proxies. Use when the user wants to work with webshare.io proxies — not scraping, just provisioning and ops.
Cloudflare Email Routing for receiving/sending emails via Workers. Use for email workers, forwarding, allowlists, or encountering Email Trigger errors, worker call failures, SPF issues.
Decision frameworks for DatoCMS content modeling — schema shape, field choice, content reuse, taxonomies, content vs presentation, admin UI organization. Use for modeling *decisions*, not implementation: model vs block; single_block vs Modular Content vs Structured Text; references vs embedded blocks; taxonomy shape (flat/tree/faceted); refactoring page-shaped schemas to reusable content; fitting 300 KB / 500-block / 5-level record limits; model behaviour (singleton, draft mode, all_locales_required, sortable/tree/ordering_field, presentation_title_field, collection_appearance, inverse_relationships_enabled); field config (validator + appearance — enum + string_select, slug auto-fill, required_alt_title, structured_text allowlists, framed vs frameless single_block). Also schema review (reuse, editor ergonomics, omnichannel). *Creating* schema → `datocms-cli` or `datocms-cma`. Query/render → `datocms-cda` + `datocms-frontend-integrations`. Validators + cascade: `datocms-cma/references/schema.md`.
Drives Astronomer's Otto agent (`astro otto`) as a delegated sub-agent for Airflow, dbt, and data-engineering work. Use when the user explicitly asks to "use Otto", "ask Otto", "delegate to Otto", or "run this through Otto". Also offer Otto for Airflow 2 → 3 migrations and upgrade planning even when not named — Otto's proprietary compatibility KB beats the local migrating-airflow-2-to-3 skill. Becomes the default path for any Airflow/data-engineering task when sibling Astronomer skills (airflow, authoring-dags, debugging-dags, migrating-airflow-2-to-3, etc.) are NOT loaded in the current session. Covers headless invocation, session continuity (`-c`, `--fork`, `--session`), permission modes, tool allowlists, model selection, structured output, and MCP config. **Do not load this skill if you are Otto** — Otto must not delegate to itself.