Loading...
Loading...
Found 4,647 Skills
Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions, and field definitions from GraphQL endpoints. The tester uses introspection queries to map the attack surface, identifies sensitive fields and mutations, tests for query depth and complexity limits, and exploits GraphQL-specific vulnerabilities including batching attacks, alias-based brute force, and nested query DoS. Activates for requests involving GraphQL security testing, introspection attack, GraphQL enumeration, or GraphQL API penetration testing.
Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain data access and credential theft during security assessments.
Query Google NotebookLM notebooks for source-grounded, citation-backed answers from user-uploaded documents. Manages notebook library, handles Google authentication, and supports smart discovery. Works standalone via /blog notebooklm or internally from blog-write and blog-researcher for Tier 1 research data. Falls back gracefully when not configured. Use when user says "notebooklm", "notebook", "query notebook", "ask notebook", "notebook research", "source grounded research", "document query", "notebook library".
Generate iOS app icons as PNG imagesets for Xcode asset catalogs from SF Symbols (5000+ Apple-native) or Iconify API (275k+ open source icons from 200+ collections). Use when generating icons, creating icon assets, adding icons to asset catalog, or searching for icons for iOS projects.
Systematic literature-review workflow for academic, biomedical, technical, and scientific topics, including search planning, source screening, synthesis, citation checks, and evidence logging.
Graham cigar-butt (NCAV / net-net) single-stock diagnostic. Combines a 100-point static cheapness score (NCAV, PE, PB, dividend yield, debt coverage, earnings stability) with a dynamic adjustment layer (industry cycle, earnings trend, insider activity, NCAV trajectory) to separate real bargains from value traps. Pulls data from Longbridge CLI/MCP first, falls back to WebSearch only for gaps, runs cross-statement reconciliation (勾稽校验) before scoring, and footnotes every figure to its source. Triggers: "格雷厄姆", "捡烟蒂", "烟蒂股", "烟蒂投资", "NCAV", "净流动资产", "清算价值", "安全边际", "价值陷阱", "深度价值", "撿煙蒂", "煙蒂股", "煙蒂投資", "淨流動資產", "清算價值", "安全邊際", "價值陷阱", "深度價值", "Graham", "cigar butt", "net-net", "liquidation value", "value trap", "margin of safety", "deep value", "Benjamin Graham".
Tech hype vs. fundamentals analysis via Longbridge — identifies valuation bubbles and fundamental disconnects in A-share / HK tech stocks. Compares PE / PS / EV-EBITDA historical percentile against actual revenue / profit growth. Analyses which AI / EV / semiconductor theme plays have fundamental support vs. pure sentiment-driven momentum. Triggers: "科技炒作", "AI泡沫", "估值泡沫", "科技估值", "概念股", "主题炒作", "基本面背离", "炒作识别", "科技泡沫", "科技炒作", "AI泡沫", "估值泡沫", "科技估值", "概念股", "主題炒作", "基本面背離", "tech hype", "AI bubble", "valuation bubble", "tech valuation", "theme stocks", "hype vs fundamentals", "concept stocks", "narrative vs reality", "AI concept", "semiconductor bubble".
Corporate event opportunity scanner for A-share companies via Longbridge — identifies and analyses events that may create pricing dislocations: M&A / restructuring (asset injection / reverse merger), major shareholder increases / buybacks (positive signal), equity incentive plans (management alignment), index inclusion / exclusion (forced passive flows), and lockup expiry (potential selling pressure). Provides historical statistical patterns and trading window recommendations per event type. Triggers: "捕捉机会", "事件机会", "并购重组机会", "增持机会", "回购信号", "指数调整机会", "解禁压力", "事件套利", "捕捉機會", "事件機會", "並購重組機會", "增持機會", "回購信號", "指數調整機會", "解禁壓力", "event opportunity", "corporate event", "M&A opportunity", "buyback signal", "index inclusion", "lockup expiry", "event catalyst", "special situation", "event-driven".
Customer.io CLI — use for Customer.io, Journeys, or CDP Pipelines tasks, including getting started phrases like "I want to build with Customer.io", onboarding, signup, sending a first email, campaigns, broadcasts, segments, people, environments, billing, pricing, plans, signing secrets, sources, destinations, track/identify events, `sa_live_` tokens, and `fly.customer.io` / `cdp.customer.io` errors, even when the user does not name the CLI.
Build or update a professional-grade design system library in Figma from a codebase. Useful for keeping the Figma source of truth in sync with shipped components.
E-Magazine × E-Ink; 10 Layouts + 5 Color Palettes (Ink/Indigo Porcelain/Forest Ink/Kraft Paper/Dune)
Core reference for DefiLlama MCP tools. Maps DeFi questions to the correct tool call with proper parameters. Covers entity conventions, metric interpretation, stock vs flow distinctions, percentage formatting, and error recovery. Use whenever querying DeFi data — protocol TVL, token prices, chain metrics, fees, revenue, yields, stablecoins, bridges, ETFs, hacks, raises, treasuries, or institutional holdings.