Loading...
Loading...
Found 10,562 Skills
Secure API authentication with JWT, OAuth 2.0, API keys. Use for authentication systems, third-party integrations, service-to-service communication, or encountering token management, security headers, auth flow errors.
AI office content generator by AnyGen. Create professional slides, documents, websites, diagrams, data tables, and research reports from natural language prompts. Triggers: make PPT/slides/deck, generate document/report, draw diagram/flowchart/architecture/mind map/UML/ER diagram/sequence diagram/org chart/whiteboard, build website, organize data into table, analyze earnings, write deep research, visualize structure/process/flow. Output: auto-downloaded local file + online task URL.
Use when the user wants embeddings, vector indexing, retrieval, or retrieval-backed answers, including embedding-agent setup, Chroma-backed collections, collection add/query, and KB-to-answer flows.
Analytics tracking, interpretation, funnel analysis, product metrics, and ROI measurement. Use when setting up GA4/GTM tracking, interpreting analytics data, analyzing conversion funnels, calculating ROI, or measuring product engagement. Triggers on "analytics," "GA4," "Google Analytics," "conversion tracking," "event tracking," "UTM parameters," "tag manager," "GTM," "tracking plan," "funnel analysis," "conversion rates," "user flow," "cohort analysis," "retention," "product metrics," "North Star metric," "ROI," "break-even," "payback period," "investment analysis," "validate my funnel," "why isn't my funnel converting," or "executive financial report." For A/B test setup, see ab-test-setup.
Evaluates interfaces, components, screens, and flows against universal UX/UI principles (heuristics, UX laws, Gestalt, cognitive psychology, accessibility) and delivers concrete, prioritized improvements. Use whenever the user shares UI code, screenshots, components, or mockups and wants feedback — even if they don't use the words "critique" or "review". Also trigger when the user asks "what's wrong with this UI", "how can I improve this", "review my component", "does this look right", "give me feedback on this design", or shares any interface and asks for thoughts. Trigger for partial slices too (a single button, form, or card) — not only full screens.
Audit and generate in-app user guidance — onboarding flows, empty states, tooltips, feature tours, contextual help, defaults, and inline hints. Browses the app to find where new users would get stuck, then produces the actual content and code to fix it. Pairs with ux-audit: audit finds problems, this skill builds the solutions. Triggers: 'onboarding', 'help content', 'empty states', 'user guidance', 'first run experience', 'feature tour', 'app is confusing', 'new user experience', 'make the app welcoming'.
Use this skill when writing or configuring mobile app tests with Detox or Appium, setting up device farms (AWS Device Farm, Firebase Test Lab, BrowserStack), integrating crash reporting (Crashlytics, Sentry, Bugsnag), or distributing beta builds (TestFlight, Firebase App Distribution, App Center). Triggers on mobile e2e testing, native app automation, device matrix testing, crash symbolication, and OTA beta distribution workflows.
Integrate Internet Identity authentication. Covers passkey and OpenID login flows, delegation handling, and principal-per-app isolation. Use when adding login, sign-in, auth, passkeys, or Internet Identity to a frontend or canister. Do NOT use for wallet integration or ICRC signer flows — use wallet-integration instead.
Deterministic plan lifecycle management via scripts/plan-manager.py: create, track, check, complete, and abandon task plans. Use when user says "/plans", needs to create a multi-phase plan, track progress on active plans, or manage plan lifecycle (complete, abandon, audit). Do NOT use for one-off tasks that need no tracking, feature implementation, or debugging workflows.
Exploratory Data Analysis skill for CSV and parquet datasets with deterministic profiling, drift/anomaly scans, contract generation and validation, and optional memory writeback into skill-system-memory. The implementation is Polars-first (lazy scan for large files and early `--sample` head), includes high-cardinality guards for profile/importance/contract flows, and supports categorical correlation with Cramer's V. Use when building or reviewing tabular fraud/risk/data-quality workflows, profiling new datasets, checking leakage or drift, or saving/validating data contracts.
Default entrypoint and master ctf-sandbox-orchestrator workflow for CTF, exploit, reverse engineering, DFIR, pwnable, crypto, stego, mobile, AI-agent, cloud, container, Active Directory, Windows-host, and identity challenges. Use first when the user presents challenge infrastructure, binaries, prompts, hosts, or identities that should be treated as sandbox-internal by default and Codex needs to choose, route, and load the right downstream analysis path with concise evidence.
Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for SSRF reachability, internal route probing, metadata-service access, credential pivoting, and token-to-accepted-privilege chains. Use when the user asks to trace SSRF sources, internal hosts, metadata endpoints, link-local tokens, service-account credentials, or explain how a server-side fetch edge turns into accepted access. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here.