Loading...
Loading...
Found 4,647 Skills
Subdomain takeover detection and exploitation playbook. Use when targets have dangling CNAME/NS/MX records pointing to deprovisioned cloud resources, expired third-party services, or unclaimed SaaS tenants that an attacker can register to serve content under the victim's domain.
Generates structured changelogs and release notes from git history and PR descriptions. Classifies changes into breaking, features, fixes, performance, and docs. Filters internal-only changes, detects breaking changes, and produces human-readable entries linked to source PRs. Triggers on: "generate changelog", "write release notes", "compose changelog", "what changed since", "changes since last release", "prepare release", "release notes for", "changelog for", "summarize changes", "diff since tag". Use this skill when preparing a release and needing to summarize changes for users.
Use the open-source free `coverlet` toolchain for .NET code coverage. Use when a repo needs line and branch coverage, collector versus MSBuild driver selection, or CI-safe coverage commands.
Spec-driven development pipeline with 6 phases: Explore, Requirements, Design, Task Plan, Implementation, Review. Enforces human approval gates between phases. Use when user wants structured feature development, spec-first approach, or says "I want to add feature X", "new feature", "implement", "build". Keywords: spec, requirements, design document, TDD plan, task plan, implementation, code review, pipeline, approval gates, WHEN/SHALL.
Senior UI/UX Engineer. Architect digital interfaces overriding default LLM biases. Enforces metric-based rules, strict component architecture, CSS hardware acceleration, and balanced design engineering.
Find and position a viable niche market for a one-person company by combining market mapping and customer segmentation. Use when Codex needs to explain niche concepts when needed, check founder-resource prerequisites, ask one question at a time, generate multiple niche options, and write user-confirmed positioning outputs into `opc-doc/`.
Enforce separation of concerns by separating the view from the application logic.
Inform the browser of critical resources before they are naturally discovered to speed up loading.
Apply Porter's Value Chain Analysis to identify competitive advantage sources within an organization's activities. Use this skill when the user needs to find where value is created or lost in their operations, analyze cost structure by activity, optimize internal processes, or identify outsourcing candidates — even if they say 'where do we make money' or 'which activities should we keep in-house'.
Educational map of risk exposure screening—typical risk indicator taxonomies, exposure value and percentage, address-level vs transaction-level engines, and common template families (entity label, multi-hop interaction, blacklist). Use when the user asks how commercial screening tools reason about labeled addresses, tainted flows, or deposit vs withdrawal checks—not for legal sanctions determinations or substituting a vendor’s live rules.
Guides EVM Solidity DeFi triage from public verified source or bytecode—access control, proxies, oracle usage, reentrancy and CEI patterns, DEX/router integrations, and common vulnerability classes. Use when the user asks for Ethereum or L2 smart contract security review, Solidity audit triage, OpenZeppelin proxy risks, or EVM-specific DeFi patterns—not for live exploits or private keys.
Configure Cedar policy enforcement and Ed25519 signed receipts for Claude Code tool calls. Use when setting up projects that need cryptographic audit trails, policy-gated tool execution, or compliance-ready evidence of agent actions.