Loading...
Loading...
Found 153 Skills
Performs a comprehensive security review of code changes in a GitHub PR or issue. Checks out the branch, analyzes changed files against a 9-category security checklist, and produces PASS/WARNING/FAIL verdicts. Use when reviewing pull requests for security vulnerabilities, hardcoded secrets, injection flaws, auth bypasses, or insecure configurations. Trigger keywords - security review, code review, appsec, vulnerability assessment, security audit, review PR security.
Use when creating a GitHub pull request or merge request from the current branch, especially when a project PR template may exist.
Use when babysitting a PR/MR until CI is green and every valid reviewer feedback is addressed — supports GitHub PR (gh) and GitLab MR (glab), triages comments into Valid / Discuss / Out-of-scope, addresses valid items with small commits and inline thread replies, escalates invisible findings (SonarQube/Snyk dashboards) and 3-round bot deadlocks, reports ready-to-merge (never auto-merges). Triggers — '監看 PR', 'babysit PR/MR', 'PR 顧到 merge', 'address review feedback', 'wait until CI green', '把 PR 顧到綠'. NOT for writing PR descriptions, NOT for diff code review (use pr-review), NOT for actually merging the PR (user does that).
Triage, review, and merge GitHub PRs, including AI-generated PRs. Use for batch triage, single PR merge, PR queue cleanup, closing stale PRs, or when user mentions "manage PRs", "merge PR", "triage PRs", "PR backlog".
Creates GitHub pull requests in draft mode following Conventional Commits format. Use when user requests "create PR", "make pull request", "open PR", or similar. Automatically pushes branch, analyzes changes, generates structured title/body with proper labels, and assigns to creator. Never modifies code or merges branches.
This skill should be used when reviewing pull requests, performing comprehensive code review, analyzing code changes before merge, or when the user asks for thorough/ultra-critical code review. Performs EXTREMELY CRITICAL 6-pass analysis identifying runtime failures, code consistency issues, architectural problems, environment compatibility risks, and verification strategies. Posts structured review as GitHub PR comment. Use when user asks to "review PR", "review this code", "review changes", "check this PR", "analyze PR", "post review", or for Phase 3 of devflow. Supports parallel review mode with multiplier (code-review-3, code-review 6X) for consensus-based reviews. This is an ultra-critical reviewer that does not let things slip and desires only perfection.
Create GitHub pull requests. Use when user asks to "create a pull request", "open a PR", "/create-pr", or requests creating pull requests.
Push branch and create GitHub pull request. Use when the user wants to open a PR, submit changes for review, or push and create a pull request.
Scope-aware GitHub PR review with user-friendly tone and trust tier validation
Submit an app to the asc app wall at asccli.app by opening a GitHub pull request. Use this skill when: (1) User wants to add their app to the app wall: "submit my app", "add to app wall", "list my app on asc" (2) User asks how to get their apps shown at asccli.app (3) User asks what apps.json is for or how the app wall community registry works (4) Explaining the GitHub PR flow for submitting to homepage/apps.json
Iteratively gets a GitHub pull request's checks green. Detects the PR for the current branch or uses a provided PR number, waits for every check on the latest head SHA to appear and finish, investigates failing checks, fixes actionable code or test issues, pushes, and repeats. Escalates with a precise blocker when failures are external, flaky, or not safely fixable. Use when a PR still has unsuccessful checks after review fixes, including after greploop.
Open Orbit briefing skill — selected by the Orbit pipeline when GitHub is the user's only connected connector, or when the user explicitly scopes their daily digest to GitHub. Pulls the past 24 hours of PRs, review requests, issues, CI runs, and merges from the user's authenticated GitHub connection and renders them in a layout that mirrors GitHub's native Notifications + PR-diff visual language. This skill should not be triggered manually — it is invoked by Orbit's daily-digest scheduler against live GitHub data.