Loading...
Loading...
Found 765 Skills
Autonomously set up an OpenClaw bot on a fresh Yandex Cloud VM in Kazakhstan (kz1-a, Karaganda). Asks the user for exactly two things — a Telegram bot token and one of three LLM access options (Anthropic API key, OpenRouter API key, or OpenAI Codex OAuth via ChatGPT Plus/Pro subscription) — then handles VM creation, hardening, OpenClaw install, CEO AI OS workspace seeding, Telegram pairing, chat_id auto-detection, and bot-reply verification on its own. The only other actions the user performs are pressing /start in Telegram once and (if Codex) confirming a device code on auth.openai.com. Use when the user says install OpenClaw to Yandex Cloud, deploy OpenClaw to YC Kazakhstan, set up my CEO bot in YC KZ, I am at OpenClaw workshop and need my own bot, create a Yandex Cloud VM for OpenClaw, or any close paraphrase. Targets a ~15-minute end-to-end run for non-DevOps users (founders, CEOs, marketing leads). Supports two modes of accessing Yandex Cloud — Plan A (the user's own YC Kazakhstan account via OAuth) and Plan B (a workshop-key bundle provided by the workshop organizer, for participants without their own YC account). The mode is auto-detected from the inputs. For local-machine OpenClaw install, use openclaw/install.sh in this repo instead. Companion skill openclaw-guide is required; prepare-yc-workshop is the matching organizer-side skill that produces the bundles consumed in Plan B; openclaw-user-onboarding is auto-invoked after Step 5 to collect the five basic facts about the user (identity, focus, style, tools, anti-patterns) and write them into USER.md so the bot is useful from message one.
Operational guide for enabling TP, DP, and PP communication overlap in Megatron-Bridge, including config knobs, code anchors, pitfalls, and verification.
Use when about to claim work is complete, fixed, or passing, before committing or creating PRs - requires running verification commands and confirming output before making any success claims; evidence before assertions always
Guideline for designing, implementing, and verifying secure APIs following OWASP API Security Top 10 (2023) best practices. Use when the user wants to: (1) review API code or design for security vulnerabilities, (2) design a secure REST, GraphQL, or gRPC API architecture, (3) implement API authentication and authorization (OAuth2, JWT, API keys, mTLS), (4) configure rate limiting, input validation, or CORS, (5) audit API endpoints for BOLA, BFLA, or mass assignment vulnerabilities, (6) create API security checklists or verification plans, (7) fix API security bugs or harden existing APIs, (8) set up API security testing (OWASP ZAP, Schemathesis, Burp Suite), or (9) handle any API security concern including SSRF prevention, resource consumption limits, business flow protection, API inventory management, and secure third-party API consumption.
Operational guide for enabling Megatron FSDP in Megatron-Bridge, including config knobs, code anchors, pitfalls, and verification.
Operational guide for enabling hierarchical context parallelism in Megatron-Bridge, including config knobs, code anchors, pitfalls, and verification.
Install and verify cuPyNumeric for Python — requirements, commands, verification. Source builds are out of scope.
Simulate and detect software supply chain attacks including typosquatting detection via Levenshtein distance, dependency confusion testing against private registries, package hash verification with pip, and known vulnerability scanning with pip-audit.
Web browser automation & testing for AI agents — agent-browser CLI (Chrome/CDP, fill forms, click, scrape, screenshot, dev-server verification with page-load + console-error + UI-element checks) plus Playwright toolkit for local web apps (debugging UI behavior, browser logs, screenshots). Use when the user asks for web QA, dev-server verification after `npm run dev`, or any browser automation against a website. For desktop/Electron/Tauri apps, see `desktop-test-agent-tauri`.
Use when setting up, troubleshooting, managing, removing, or checking the health of an Auth0 custom authentication domain (e.g. login.example.com), OR when diagnosing an error (400/403/404/409/429) from the /custom-domains Management API — especially Free-tier 403s (credit card on file, not a plan upgrade), self-managed cert 403s, PATCH-type 400s, `operation_not_supported` on `relying_party_identifier`, and 409 domain-already-exists. Handles CNAME creation in the user's DNS provider (Cloudflare, AWS Route 53, Azure DNS automated; other registrars guided), verification polling, Multiple Custom Domains (MCD), default-domain selection, TLS policy, client-IP header, per-domain passkey relying party identifier, and domain metadata.
Multi-lane AI verification system. When the user says "run this through Urithiru", "Urithiru check", "full tower", or similar, fan the query out to 5-7 AI models simultaneously via OpenRouter, collect independent responses, and synthesize the best answer as the orchestrator. Antigravity is ALWAYS the orchestrator — the models are lanes (specialists), not the decision-maker.
Owner-scoped task decomposition with gates, rollback, verification commands, and smoke tests.