Loading...
Loading...
Found 550 Skills
Expert in extracting text from images using Tesseract, EasyOCR, PaddleOCR, Google Vision, AWS Textract, Claude Vision. Trigger: When extracting text from images, screenshots, scanned documents, or PDFs.
Use when testing a web application for security vulnerabilities, before deployment or during security review — guides through a structured 10-phase penetration testing methodology covering mapping, authentication, session management, access controls, injection, logic flaws, and server configuration.
Use when assessing or reviewing Kubernetes workloads running on Amazon EKS for best practice compliance, including pod configuration, security posture, observability, networking, storage, image security, and CI/CD practices. Requires kubectl and awscli access to the target cluster. Triggers on "assess my EKS workloads", "check k8s best practices", "assess container workloads", "evaluate pod security", "workload compliance check", "EKS workload assessment", "检查 K8s 工作负载", "评估容器最佳实践", "审计 EKS 应用", "检查 Pod 配置", "容器安全评估", "工作负载合规检查".
Scans code for security vulnerabilities — injection flaws, authentication gaps, XSS vectors, mass assignment, CSRF, insecure deserialization, sensitive data exposure, broken access control, and misconfigurations. Generates severity-scored findings with copy-pasteable fix prompts. Trigger phrases: "security scan", "security audit", "vulnerability check", "find security issues".
Use when assessing cloud infrastructure for security misconfigurations, IAM privilege escalation paths, S3 public exposure, open security group rules, or IaC security gaps. Covers AWS, Azure, and GCP posture assessment with MITRE ATT&CK mapping.
Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege escalation beyond what technical vulnerability scanners can detect.
Guides identity and access management—workforce and machine identity lifecycle, RBAC/ABAC/PBAC entitlement design, access reviews and recertification, SSO/SAML/OIDC federation, privileged access (PAM/JIT), cloud IAM least privilege (AWS/GCP/Azure concepts), service accounts and secrets hygiene, and separation of duties. Use for IAM, identity governance, access review, RBAC, least privilege, SSO federation, PAM, privileged access, cloud IAM policy, service account, or SoD—not full cloud landing zone architecture (enterprise-cloud-architect), broad cloud security controls (cloud-security-engineer), day-2 break-glass ticket execution only (cloud-system-administrator), pentest (penetration-tester), or legal/HR policy drafting only.
Performs a comprehensive security review of code changes in a GitHub PR or issue. Checks out the branch, analyzes changed files against a 9-category security checklist, and produces PASS/WARNING/FAIL verdicts. Use when reviewing pull requests for security vulnerabilities, hardcoded secrets, injection flaws, auth bypasses, or insecure configurations. Trigger keywords - security review, code review, appsec, vulnerability assessment, security audit, review PR security.
Full-stack PlantUML expert: create PUML from descriptions, convert images to PUML (vision reverse engineering), render locally (PNG/SVG/PDF) with no internet. macOS/Windows/Linux; auto-installs PlantUML+Java+Python. Covers all 27 chapters of the PlantUML Language Reference Guide v1.2025.0 (607 pages): Sequence, Use Case, Class, Object, Activity (legacy+new), Component, Deployment, State, Timing, JSON, YAML, nwdiag, Salt/Wireframe, Archimate, Gantt, MindMap, WBS, Maths, ER, Common Commands, Creole, Sprites, Skinparam, Preprocessing, Unicode, StdLib (C4/AWS/Azure/K8s/ArchiMate). Use for: draw a diagram, create PUML, convert image to PUML, render .puml, debug PUML, explain PlantUML syntax, any UML task.
Event Sourcing, CQRS, Saga patterns, event bus (Kafka, RabbitMQ, AWS EventBridge). Use when implementing event-driven architecture, distributed transactions, or event sourcing.
API Gateway patterns (Kong, Traefik, AWS API Gateway) — rate limiting, auth, routing, versioning. Use when implementing API gateway, reverse proxy, or API management.
Analyzes events through physics lens using fundamental laws (thermodynamics, conservation, relativity), quantitative modeling, systems dynamics, and energy principles to understand causation, constraints, and feasibility. Provides insights on energy systems, physical limits, technological feasibility, and complex systems behavior. Use when: Energy decisions, technology assessment, systems analysis, physical constraints, feasibility evaluation. Evaluates: Energy flows, conservation laws, efficiency limits, physical feasibility, scaling behavior, emergent properties.