Loading...
Loading...
Found 91 Skills
Fast, accurate code search for AI agents using ~98% fewer tokens than grep+read. Indexes any local or remote repository in under a second (~250ms on CPU, no GPU or API key needed). Supports natural-language and symbol queries, semantic similar-code discovery, and MCP server integration for Claude Code, Codex, Cursor, and OpenCode. Python library available for programmatic use. Triggers on: semble, code search, semantic code search, semble search, token-efficient search, find code, code search mcp, agent code search, semble find-related, semble savings.
Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.
Finds all REFACTOR markers in codebase, validates associated ADRs exist, identifies stale markers (30+ days old), and detects orphaned markers (no ADR reference). Use during status checks, before feature completion, or for refactor health audits. Triggers on "check refactor status", "marker health", "what's the status", or PROACTIVELY before marking features complete. Works with Python (.py), TypeScript (.ts), and JavaScript (.js) files using grep patterns to locate markers and validate against ADR files in docs/adr/ directories.
Use codanna MCP tools for semantic code search, call graphs, and impact analysis before grep/find.
Use when querying, transforming, or editing structured data (JSON, YAML, TOML, XML, CSV). Prefer these tools over grep/sed/awk on structured formats.
Phase 1 of the feature workflow — Draft a design document for the new feature, serving as the sole input for subsequent implementation and acceptance. First gather evidence (read architecture docs, review relevant code, grep to prevent term conflicts, check archives), then write a complete first draft in one go (including YAML frontmatter + three-tier structure + test design), submit it to the user for overall review, and iterate until approval. After approval, extract {slug}-checklist.yaml from {slug}-design.md for use in the next two phases. Trigger scenarios: "Start designing the solution", "Write design doc", "Prepare to implement XX", with the prerequisite that you already know what to do, who it's for, and how to define success.
Iteratively gets a GitHub pull request's checks green. Detects the PR for the current branch or uses a provided PR number, waits for every check on the latest head SHA to appear and finish, investigates failing checks, fixes actionable code or test issues, pushes, and repeats. Escalates with a precise blocker when failures are external, flaky, or not safely fixable. Use when a PR still has unsuccessful checks after review fixes, including after greploop.
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports. 中文触发词:漏洞赏金、安全测试、渗透测试、漏洞挖掘、信息收集、子域名枚举、XSS测试、SQL注入、SSRF、安全审计、漏洞报告
Generate a concise overview of the current project — structure, purpose, recent activity, and open questions. Use when the user asks "what is this repo?", "give me an overview", or "what's going on in this project?".
Use when you need a deep-dive explanation of a specific file, function, or module in the codebase
Analyzes logs efficiently through targeted search and iterative refinement. Use when investigating errors, debugging incidents, or analyzing patterns in application logs.
Search through a personal material library with over 1800 real experiences and perspectives to add a human touch to content. Use this when users mention "personal experience", "real cases", "materials", or "human touch".