Loading...
Loading...
Found 1,438 Skills
Security vulnerability scanner for any application. Use proactively and aggressively whenever the user asks to review code, perform a security audit, scan for vulnerabilities, look for application improvements, harden security, check for OWASP issues, find secrets, or assess risk. Triggers on phrases like code review, security review, audit, vulnerability, OWASP, CVE, improve security, find issues, look for improvements, secure code, pentest, threat model, harden app, audit deps. If the working directory is empty, ask for a GitHub URL and clone with gh before analyzing. Aligned to OWASP Top 10:2025. Writes a structured report to audit/<YYYY-MM-DD>/report.md in the project root.
Search Twitter for trending promotional posts related to coding/AI agent tools, generate reply drafts with the pikiclaw GitHub card, and push the results to Feishu Doc along with bot notifications. Does NOT auto-post to Twitter.
Generate a pull request subject line and a concise description by analyzing the commits and diff on the current local git branch. Use this whenever the user is preparing a PR and wants help writing its title or body — phrases like "write a PR description", "summarize my changes for a PR", "what should the PR title be", "draft the PR for this branch", or "describe these commits". Trigger even if the user doesn't say the exact words "pull request" but is clearly wrapping up branch work and wants it summarized for review. This skill only reads git locally and prints the result for the user to copy — it never pushes or edits anything on GitHub.
When you want to clean and reformat content (usually from your terminal) for pasting into Slack, Notion, Twitter/X, LinkedIn, email, GitHub, or plain text. Strips ANSI codes, box-drawing chars, terminal prompt artifacts, and applies destination-specific formatting. Default input is the clipboard (read via `pbpaste`); default output is both the clipboard (`pbcopy`) and a chat preview. Triggers on "/paste", "/paste [destination]", "clean this for X," "format for slack/notion/twitter/linkedin/email/github," "render as markdown," "paste-ready," "strip formatting," "make this copy-pastable." Default destination is plain. Also scans for secrets (API keys, tokens, .env values) and warns before copying anything sensitive.
THE workflow for picking up and carrying ONE ticket/card forward, for an autonomous worker agent or for a human doing it locally. Resolves the repo's tracker from the AFK registry (~/.claude/afk.json; GitHub Projects or Linear), picks one ticket by priority, routes by status x label (interview / human walkthrough / execute), loads LEARNINGS.md as binding constraints, implements test-first, verifies end-to-end and simplifies the diff (the /go finish), then branches to a PR for the reviewer. Use when the user says "pick up <id>", "work on issue <id>", invokes /engineer, invokes /pickup, says "pickup", or at the very start of working any card.
Generate OpenAPI 3.2.0 specifications for third-party APIs (OpenAI, Anthropic, Google, Microsoft, Stripe, GitHub, Slack, AWS, and more)
Designs and implements state transition analysis systems for tracking time spent in different states. Use when analyzing workflows with state changes (Jira, GitHub PRs, deployments, support tickets, etc.). Covers state machine fundamentals, temporal calculations, bottleneck detection, and business metrics. Trigger keywords: "state analysis", "duration tracking", "workflow metrics", "bottleneck", "cycle time", "state transitions", "time in status", "how long", "state duration", "workflow performance", "state machine", "changelog analysis", "SLA tracking", "process metrics".
Comprehensive news aggregator that fetches, filters, and deeply analyzes real-time content from 8 major sources: Hacker News, GitHub Trending, Product Hunt, 36Kr, Tencent News, WallStreetCN, V2EX, and Weibo. Best for 'daily scans', 'tech news briefings', 'finance updates', and 'deep interpretations' of hot topics.
Review PRs, MRs, and Gerrit changes with focus on security, maintainability, and architectural fit. Leverages github, gitlab, or gerrit skills based on repository context. Use when asked to review my code, check this PR, review a pull request, look at a merge request, review a patchset, or provide code review feedback.
Process Obsidian daily notes: classify raw URLs and loose ideas, fetch content (X tweets, GitHub repos, web pages), run deep research on ideas, create structured vault notes, replace raw items with wikilinks. Orchestrates doc-obsidian, res-x, and res-deep skills. Use when: processing daily note links, digesting saved URLs into notes, turning ideas into research, daily note cleanup. Triggers: daily digest, process daily, daily links, triage daily, digest daily note.
Control a remote SSH server project from a local git repo with persistent project memory. Use when the user develops locally but runs remotely, wants the agent to understand remote repo mappings across sessions, needs safe local/remote git sync via GitHub, wants to inspect remote state, submit jobs, start interactive sessions, monitor logs, or recover project context at the start of a new coding session.
Conference / internal tech-talk deck — GitHub-dark, JetBrains Mono, terminal code blocks, agenda + Q&A pages. Use for engineering presentations, internal sharing sessions, conference talks, and code-heavy walkthroughs.