Loading...
Loading...
Found 1,291 Skills
Review Next.js security audit patterns for App Router and Server Actions. Use for auditing NEXT_PUBLIC_* exposure, Server Action auth, and middleware matchers. Use proactively when reviewing Next.js apps. Examples: - user: "Scan Next.js env vars" → find leaked secrets with NEXT_PUBLIC_ prefix - user: "Audit Server Actions" → check for missing auth and input validation - user: "Review Next.js middleware" → verify matcher coverage for protected routes - user: "Check Next.js API routes" → verify auth in app/api and pages/api - user: "Secure Next.js headers" → audit next.config.js for security headers
Develop, test, build, and deploy Godot 4.x games. Use when working with Godot Engine, GDScript, GdUnit4 testing, PlayGodot automation, or exporting games to web/desktop. Covers CI/CD pipelines and deployment to Vercel/GitHub Pages/itch.io.
Analyze an influencer's audience demographics to determine whether their followers match your target customer, with a clear pass/fail verdict. This skill should be used when evaluating audience fit, checking influencer demographics, analyzing audience data, reviewing an audience breakdown, assessing demographic alignment, vetting an influencer's audience, determining if a creator's followers match your target demo, reviewing a platform export or stats screenshot, pasting influencer stats, grading audience quality, deciding whether an influencer's audience is a good fit, checking if this creator is worth it, running an audience report, comparing creator audiences, or evaluating audience overlap with target demo. For overall creator vetting beyond demographics, see creator-vetting-scorecard. For finding new creators, see creator-discovery.
Specialized guide for migrating Godot 3.x projects to Godot 4 (GDScript 2.0), covering syntax changes, Tweens, and exports.
Use when a Google Sheets URL (docs.google.com/spreadsheets/d/) or raw spreadsheet ID is present, or when the user says "read the sheet", "fetch spreadsheet", "convert sheet", "doc sheet", "import from Google Sheet", "get data from sheet", "đọc sheet", "doc sheet", "lay du lieu tu sheet", "lay data tu google sheet", or wants to export, document, or convert Google Sheet data into markdown, a table, a report, or documentation. Do NOT trigger for: Excel (.xlsx), CSV, Google Docs (docs.google.com/document), databases, or how-to questions about Google Sheets.
Audit and harden OpenClaw deployments and interpret `openclaw security audit` findings. Use when the user wants to secure OpenClaw, review gateway exposure/auth/reverse proxies/Tailscale Serve or Funnel, check DM/group access (pairing, allowlists, mention gating, `session.dmScope`), minimise tool permissions and sandboxing, review plugins/skills/secrets/transcripts/log retention, or lock down Docker/macOS/laptop/EC2 installs. Not for generic OS, Docker, or cloud hardening unrelated to OpenClaw.
Expert knowledge for Azure Cache for Redis development including troubleshooting, best practices, decision making, architecture & design patterns, security, configuration, integrations & coding patterns, and deployment. Use when configuring geo-replication, persistence, VNet/Private Link, CLI/PowerShell automation, or Blob import/export, and other Azure Cache for Redis related development tasks. Not for Azure Managed Redis (use azure-managed-redis), Azure HPC Cache (use azure-hpc-cache), Azure Blob Storage (use azure-blob-storage), Azure Table Storage (use azure-table-storage).
Lobstr.io platform help — no-code web scraping platform with 50+ ready-made scrapers for Google Maps, LinkedIn Sales Navigator, Twitter, YouTube, and more. Features cookie-based login sync, scheduled automation, multi-threading, and a full API with Python SDK and MCP Server. Use when configuring a Lobstr scraper, exporting data to Google Sheets or S3, setting up scheduled scraping, working with the Lobstr API or Python SDK, or managing credits. Do NOT use for general prospect list strategy (use /sales-prospect-list), cross-platform enrichment strategy (use /sales-enrich), or integration strategy (use /sales-integration).
Mailmo platform help — Email Finder, Email Verifier, catch-all detection, LinkedIn Chrome extension, bulk verification, CSV export. Use when asking 'how do I do X in Mailmo', finding emails with Mailmo, verifying emails with Mailmo, using the Mailmo Chrome extension, or doing bulk verification in Mailmo. Do NOT use for building prospect lists (use /sales-prospect-list), cross-platform deliverability (use /sales-deliverability), enriching contacts across multiple tools (use /sales-enrich), or sending cold emails (Mailmo is a finder/verifier, not a sending tool — use /sales-cadence for outreach strategy).
API authorization and BOLA testing playbook. Use when APIs expose object identifiers, nested resources, hidden writable fields, or weak function-level authorization.
Configure OpenTelemetry distributed tracing, metrics, and logging in ASP.NET Core using the .NET OpenTelemetry SDK. Use when adding observability, setting up OTLP exporters, creating custom metrics/spans, or troubleshooting distributed trace correlation.
Wave platform help — AI note-taker with mobile-first recording (iOS, Android, Mac, Windows, Apple Watch, Chrome, web), 76-language transcription, Voice ID speaker labeling, REST API with semantic search and webhooks, MCP server. Use when recording meetings on your phone and transcripts aren't accurate, setting up Wave API to pull session transcripts into your CRM, configuring Wave webhooks for real-time session notifications, phone call recording stops when another call comes in, Wave meeting bot not joining Zoom or Google Meet, comparing Wave pricing vs Fathom or Otter for a small team, searching across all your Wave recordings with the API, or exporting Wave summaries to Notion or Google Docs. Do NOT use for choosing between multiple note-takers (use /sales-note-taker) or reviewing a call for coaching (use /sales-call-review).