Loading...
Loading...
Found 2,247 Skills
Node.js/Bun backend reference skill: TypeScript-first, structured error handling, pino logging, Zod validation, async patterns, HTTP server conventions, database access, auth, queues, caching, testing, security, CLI tooling, and observability. Covers both Node.js and Bun runtimes. Use when the task touches server-side TypeScript/JavaScript code and should follow the project's backend conventions.
User-facing NemoClaw guidance for installing, configuring, operating, securing, monitoring, and troubleshooting NemoClaw sandboxes. Use when users ask about NemoClaw quickstarts, OpenClaw and OpenShell relationships, local inference, remote GPU deployment, sandbox lifecycle, network policy, security posture, agent skills, command reference, or issue triage instructions.
Guides structured security log analysis across authentication, network, endpoint, and cloud audit log sources. Auto-invoked when the user shares log data, asks about suspicious events, needs help interpreting Windows Event IDs or Linux auth logs, or is establishing baselines for anomaly detection. Produces log source taxonomy, anomaly identification, baseline recommendations, and correlation findings mapped to MITRE ATT&CK v16 techniques.
Collection of 130+ specialized Claude Code subagents for development tasks across languages, frameworks, infrastructure, and security
Guides security assessment of embedded and cyber-physical systems on hardware-in-the-loop (HIL) test benches—bench setup, ECU/ECM or PLC targets, bus interfaces (CAN/CAN-FD, LIN, automotive Ethernet, Modbus at high level), fault injection and stimulus design, simulated plant/environment integration, attack-surface monitoring on real hardware, reproducible test cases, lab safety interlocks, and evidence capture for firmware and vehicle security teams. Use for HIL security testing, ECU security assessment, CAN bus security, PLC HIL test, fault injection lab, embedded hardware security—not web/API pentest (web-pentester), network-only pentest (network-pentester), malware/binary RE only (reverse-engineer), SOC operations (soc-analyst), AI red team (ai-redteam), classified ISSO paperwork (information-systems-security-officer-classified-specialist), or pure software CI without hardware (build-validator).
Soroban smart contract development on Stellar (Rust SDK). Covers project setup, contract structure, storage types, authorization, cross-contract calls, events, error handling, testing (unit, integration, fuzz, property, mutation, fork, differential), security patterns and vulnerability classes, advanced architecture patterns (upgrades, factories, governance, DeFi primitives), and common pitfalls. Use when writing, testing, securing, or shipping Soroban contracts.
Analyze and transform messy, prototype, overgrown, slop-prone, or hard-to-maintain software repositories into maintainable product-shaped codebases while preserving existing product behavior. Use when the user asks to antislop a codebase, clean up a messy repo, run a maintainability migration, write a refactor plan, modernize structure, improve TypeScript/type boundaries, harden tests, reduce large files, clean architecture, coordinate subagent-driven refactors, or produce a final migration audit/report/microsite. Do not use for broader production-readiness specialties such as security audits, observability/logging programs, compliance hardening, SRE/runbook work, or reliability engineering unless the user explicitly scopes those as part of the maintainability refactor.
Alibaba Cloud PolarDB-X Distributed Database AI Assistant. Use for PolarDB-X cluster management, topology inspection, performance diagnostics, SQL optimization, data distribution analysis, elastic scaling diagnostics, connection/session analysis, security audit, backup/restore, parameter tuning, and other O&M operations. Triggers: "PolarDB-X", "distributed database", "pxc-", "DN/CN nodes", "data sharding", "PolarDB-X diagnostics", "PolarDB-X performance", "PolarDB-X slow SQL", "YaoChi Agent", "PolarDB-X topology", "PolarDB-X backup", "PolarDB-X security audit", "PolarDB-X scaling"
Manage multiple Alibaba Cloud accounts and batch-export Security Center (SAS) baseline and vulnerability reports via the aliyun CLI and Python scripts. Supports account list refresh, enable/disable, concurrent batch export of cloud platform configuration check (baselineCspm), system baseline risk (exportHcWarning), Linux/Windows/application/emergency vulnerability results across all managed accounts. Use this skill when users need to manage SAS multi-account settings, export baseline or vulnerability compliance data, or merge multi-account security reports into a single file.
Manage Harness Software Supply Chain Assurance (SSCA) via MCP. Configure automated SBOM generation with CycloneDX or SPDX formats, set up artifact signing and attestation with Cosign, define supply chain security policies using OPA, and track SLSA provenance levels. Use when asked to generate SBOMs, sign artifacts, enforce supply chain policies, track software provenance, or manage SLSA compliance. Do NOT use for OPA pipeline governance policies (use create-policy instead) or vulnerability scanning (use security-report instead). Trigger phrases: SBOM, software bill of materials, supply chain security, SLSA, artifact signing, cosign, provenance, attestation, CycloneDX, SPDX, supply chain policy.
Guideline for designing, implementing, and verifying secure APIs following OWASP API Security Top 10 (2023) best practices. Use when the user wants to: (1) review API code or design for security vulnerabilities, (2) design a secure REST, GraphQL, or gRPC API architecture, (3) implement API authentication and authorization (OAuth2, JWT, API keys, mTLS), (4) configure rate limiting, input validation, or CORS, (5) audit API endpoints for BOLA, BFLA, or mass assignment vulnerabilities, (6) create API security checklists or verification plans, (7) fix API security bugs or harden existing APIs, (8) set up API security testing (OWASP ZAP, Schemathesis, Burp Suite), or (9) handle any API security concern including SSRF prevention, resource consumption limits, business flow protection, API inventory management, and secure third-party API consumption.
Validate that a branch or pull request implementation matches introduced product, technical, security, and related specs. Use when reviewing or finishing a spec-driven change and resolving mismatches between checked-in specs and implementation.