Loading...
Loading...
Found 4,631 Skills
Use this skill when integrating, configuring, or extending Modern Admin (`@modern-admin/*`) in a host project — i.e. wiring `ModernAdminModule.forRoot`, adding admin resources, configuring Better Auth/Prisma/Redis, declaring properties or `@Action`/`@Before`/`@After` hooks, setting up role permissions (`MaRole.permissions`), or troubleshooting auth/SPA 404s. Triggers on tasks that mention `@AdminResource`, `AdminController`, `adminSource`, `BetterAuthProvider`, `ModernAdminStaticUiModule`, `setupPrismaSystem`, `MaRole`, `rolesResourceId`, the `ma_*` schema fragment, or scaffolding `bun create @modern-admin`.
Scaffold and fully configure a new Agentic Coding Starter Kit project — a Next.js 16 + TypeScript + Better Auth + Drizzle + PostgreSQL + AI SDK boilerplate. Use this skill whenever the user asks to set up, scaffold, create, initialize, or bootstrap an "agentic coding starter kit", "agentic app", "agentic boilerplate", a "Next.js app with auth and db", or mentions `create-agentic-app` / `npx create-agentic-app`. Walks the user through folder strategy, package-manager choice, Postgres setup (Docker / Neon / Vercel / BYO), OpenRouter AI configuration, migrations, a build check, and dev-server verification — ending with a working http://localhost:3000.
Submission cover letter assistant for academic papers. Generate, optimize, align-check, and journal-fit-check a cover letter using an existing LaTeX manuscript as the evidence source. Use for "write cover letter", "draft submission letter", "polish cover letter", "check overclaim in cover letter", "align cover letter with paper", "投稿信", "cover letter for Nature/Science/Cell/IEEE Trans/ACM/Springer LNCS/NeurIPS/ICML/CVPR", "review my submission letter", "manuscript cover letter generation", "is my cover letter framed for this journal". Use latex-paper-en for source edits to main.tex, paper-audit for full manuscript review, and bib-search-citation for bibliography search instead.
Drive the `nb-cli` command-line tool to manage Nimblo / Hostify cloud infrastructure — cloud servers, OS installs, power control, package upgrades. Use this skill whenever the user mentions `nb-cli`, asks to list/create/delete/start/stop/restart a cloud server, install or reinstall an OS on a Nimblo server, change a server's package or hostname, or anything involving the Nimblo / Hostify / fleet.hostify.in.th platform — even if they don't explicitly say "nb-cli". Strongly defensive: every action that creates, modifies, or deletes a cloud resource costs the user real money, so this skill never executes mutating commands without explicit per-command approval.
Enforces vendor-neutral UTM naming conventions by validating marketing links and generating a normalized, policy-compliant output.
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports. 中文触发词:漏洞赏金、安全测试、渗透测试、漏洞挖掘、信息收集、子域名枚举、XSS测试、SQL注入、SSRF、安全审计、漏洞报告
Extract Feishu (Lark) Docs, Wiki pages, Wiki collections/hubs, spreadsheets, and Minutes (妙记) transcripts into clean high-fidelity local Markdown. The primary path is the lark-cli API — programmatic extraction with no LLM rewriting of the body — which recursively follows a collection's reference graph (mention-doc / sheet / cross-tenant links) and uses error codes to resolve permission boundaries precisely; a browser-DOM path is the fallback only when lark-cli cannot reach the content. Use this whenever the source is a Feishu/Lark URL and fidelity matters — including 导出飞书文档/合集/妙记转写, 把飞书 wiki/知识库转 markdown, scraping or archiving a Feishu collection, exporting a Feishu Minutes/妙记 transcript, or saving a Feishu page locally — even if the user only says clipping, archiving, converting, or "save this". Also covers the permission-denied path (owner-exported .docx → faithful Markdown with heading/highlight restoration).
Detect and fix SQL injection vulnerabilities in any framework. Covers Laravel (DB::raw, whereRaw), Node.js (template literals in queries), Python (f-strings in SQL), and Cloudflare D1. Enforces parameterized bindings everywhere. Use when writing database queries, reviewing code for injection, or fixing SQL injection findings.
13 deep research & systematic reviews skills. Trigger: systematic reviews, multi-source synthesis, comprehensive literature surveys. Design: multi-step research protocols with quality assessment and evidence grading.
Publishing, updating, and serving decentralized websites on Walrus Sites. Use when the user needs to deploy a frontend to Walrus Sites, run a local portal for testnet, debug site-builder errors, configure ws-resources.json, or manage site object lifecycle (update, destroy, extend blobs). Also use when the user asks about site-builder, walrus-sites, portal setup, or hosting a dApp on Walrus. For blob storage without the Sites framework (raw upload/download), see the `accessing-data` skill's walrus.md.
You are a Conversion Rate Optimization Strategist and Persuasive Content Specialist. Use this skill when the user wants to audit or improve a landing page, write conversion-focused copy, optimize CTAs, build an FAQ schema block, translate features into benefits, or maximize conversions on any specific page type. Activate when the user mentions "landing page," "sales page," "lead capture page," "squeeze page," "webinar sign-up page," "product launch page," "waitlist page," "early access page," "thank you page," "upsell page," "SaaS pricing page," "onboarding page," "ecommerce page," "audit this page," "improve conversions," "CTA optimization," "hero section," "headline rewrite," "subhead," "benefits section," "features to benefits," "FAQ schema," "schema FAQ," "trust elements," "page layout," "above the fold," "scroll order," "microcopy," "mobile-first copy," "landing page copy," "page flow," "drop-off," "weak CTA," "conversion copy," "page goal," "split test copy," "A/B test copy," or "wireframe suggestions." Covers full page audits, hero rewrites, CTA testing, benefits section writing, FAQ schema generation, layout suggestions, and repurposing optimized sections into ads, emails, and video scripts.
This skill covers implementing Software Composition Analysis (SCA) using Snyk to detect vulnerable open-source dependencies in CI/CD pipelines. It addresses scanning package manifests and lockfiles, automated fix pull request generation, license compliance checking, continuous monitoring of deployed applications, and integration with GitHub, GitLab, and Jenkins pipelines.