Loading...
Loading...
Found 1,813 Skills
Guidelines for identifying and resolving missing Google Cloud authentication and Application Default Credentials (ADC). Use this skill if `gcloud`, `bq`, `dataform`, or Python libraries return authentication errors.
Provides comprehensive code review guidance for React 19, Vue 3, Angular 17+, Svelte 5, Rust, TypeScript, Java, Python, Django, Go, C#/.NET, Kotlin, NestJS, C/C++, and more. Helps catch bugs, improve code quality, and give constructive feedback. Use when: reviewing pull requests, conducting PR reviews, code review, reviewing code changes, establishing review standards, mentoring developers, architecture reviews, security audits, checking code quality, finding bugs, giving feedback on code.
External NeMo-RL end-to-end validation workflow for Megatron-Bridge model/provider changes, including downstream compatibility checks, external RL lifecycle behavior, Megatron policy setup, HF import/export, checkpoint/resume, non-colocated vLLM refit, delta weight transfer, optional LoRA/generation variants, and questions such as "does this model work in NeMo-RL", "run NeMo-RL e2e", or "external RL loop validation". Covers running NeMo-RL Megatron policy jobs from a Bridge checkout, choosing GRPO/SFT/checkpoint/non-colocated refit variants, setting PYTHONPATH so NeMo-RL imports the local Bridge tree, and reporting pass/fail evidence.
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports. 中文触发词:漏洞赏金、安全测试、渗透测试、漏洞挖掘、信息收集、子域名枚举、XSS测试、SQL注入、SSRF、安全审计、漏洞报告
MiniQMT Xuntou Quantitative Trading Interface, based on the XtQuant Python library, supports market data acquisition (K-line, tick data, financial data, etc.) and trading operations (order placement, order cancellation, querying assets/orders/positions) for A-shares, futures, and options. It is used when users need to obtain real-time/historical market data from MiniQMT, conduct quantitative trading, or perform backtesting.
Detect and fix SQL injection vulnerabilities in any framework. Covers Laravel (DB::raw, whereRaw), Node.js (template literals in queries), Python (f-strings in SQL), and Cloudflare D1. Enforces parameterized bindings everywhere. Use when writing database queries, reviewing code for injection, or fixing SQL injection findings.
Build AI scientist systems using ToolUniverse Python SDK for scientific research. Use when users need to access 1000++ scientific tools through Python code, create scientific workflows, perform drug discovery, protein analysis, genomics analysis, literature research, or any computational biology task. Triggers include requests to use scientific tools programmatically, build research pipelines, analyze biological data, search literature, predict drug properties, or create AI-powered scientific workflows.
Query, audit, and optimize Google Ads campaigns. Supports two modes: (1) API mode for bulk operations with google-ads Python SDK, (2) Browser automation mode for users without API access - just attach a browser tab to ads.google.com. Use when asked to check ad performance, pause campaigns/keywords, find wasted spend, audit conversion tracking, or optimize Google Ads accounts.
Skill for creating custom lint rules by leveraging the existing linter ecosystems of various programming languages. This is a linter designed for AI Agents rather than humans, and its error messages function as correction instruction prompts for AI. Create custom rules in the `lints/` directory using standard methods for each language, including Rust (dylint), TypeScript/JavaScript (ESLint), Python (pylint), Go (golangci-lint), etc. Use this skill in the following scenarios: (1) When you want AI to enforce project-specific coding rules; (2) When you want to create lint rules that output AI-readable correction instructions when violations occur; (3) When you want to enforce naming conventions, structural patterns, and consistency rules through AI-driven linting. Triggers: "Create a linter rule", "Add a lint rule", "Enforce this pattern", "AI linter", "Custom lint", "Code rules", "Naming rules", "Structural rules", "create a linter rule", "add a lint rule", "enforce this pattern", "AI linter".
Install missing language runtimes and dev tools via mise. Use when (1) a command fails due to missing runtime (e.g. node not found, python3 not found, go command not found), (2) user asks to install/setup a language runtime or SDK (node, python, go, rust, java, ruby, etc.), (3) user mentions version management for languages, or (4) setting up a new development environment.
通过 Python(alibabacloud_sls20201230)调用阿里云 SLS:ListProject(列出 Project)、ListLogStores(列出日志库)、GetLogsV2(查询日志)。 适用于「列出 Project」「列出 LogStore」「查询 SLS 日志」「搜索与分析日志」等场景。 API 契约见 reference/*.yml;可运行示例见 scripts/;依赖见 scripts/requirements.txt。
Analyze lakehouse data interactively using Fabric Livy sessions and PySpark/Spark SQL for advanced analytics, DataFrames, cross-lakehouse joins, Delta time-travel, and unstructured/JSON data. Use when the user explicitly asks for PySpark, Spark DataFrames, Livy sessions, or Python-based analysis — NOT for simple SQL queries. Triggers: "PySpark", "Spark SQL", "analyze with PySpark", "Spark DataFrame", "Livy session", "lakehouse with Python", "PySpark analysis", "PySpark data quality", "Delta time-travel with Spark".