Loading...
Loading...
Found 1,254 Skills
Execute a micro-level NestJS code quality audit. Validates code against live GitHub standards for testing, architecture, DTO validation, error handling, and code implementation. Produces a detailed violations report with prioritized action plan. Use when the user asks to check NestJS code quality, validate best practices, or review backend code standards. Triggers on: 'nestjs best practices', 'backend code quality', 'code review', 'nestjs standards', 'dto validation', 'error handling review'.
Review uncommitted or recently changed files for privacy-by-design rule violations (based on privacy laws like GDPR and LGPD) before committing.
Design and implement end-to-end client onboarding workflows from prospect intake through funded account, covering KYC verification, document collection, e-signature, and custodian submission. Use when the user asks about building a digital onboarding flow, integrating identity verification or CIP checks, reducing NIGO rejection rates, opening complex account types like trusts or entities, connecting to custodian APIs, designing suitability questionnaires, or comparing advisor-assisted vs self-service models. Also trigger when users mention 'new account opening', 'onboarding bottleneck', 'KYC integration', 'beneficial ownership', 'OFAC screening', 'account funding', or 'onboarding automation'.
Guide regulatory filing obligations and deadlines for investment advisers, broker-dealers, and large traders. Use when the user asks about Form PF filing thresholds, 13F institutional holdings reports, 13H large trader filings, Form ADV amendment timing, FOCUS report preparation, blue sheet requests, CAT reporting infrastructure, or FINRA short interest and TRACE reporting. Also trigger when users mention 'filing deadline calendar', 'do we need to file Form PF', 'crossed the $100M 13F threshold', 'annual updating amendment', 'CAT clock synchronization', 'how to respond to a blue sheet request', 'FOCUS report errors', or ask which regulatory filings a firm must make and when.
Assess investment suitability obligations under FINRA Rules 2111 and 2090 across all three suitability prongs. Use when the user asks about reasonable-basis, customer-specific, or quantitative suitability, product-specific concerns for complex products, leveraged ETFs, variable annuities, or alternatives, household-level suitability, hold recommendations, or the institutional suitability exemption. Also trigger when users mention 'is this investment suitable', 'turnover ratio is too high', 'cost-to-equity ratio', 'churning metrics', 'suitability questionnaire design', 'complex product due diligence', 'customer refused to provide their risk tolerance', or ask whether a recommendation fits a customer's profile.
Identify, disclose, and mitigate conflicts of interest in advisory and brokerage relationships under Reg BI and fiduciary duty. Use when the user asks about compensation-based conflicts, proprietary product incentives, revenue sharing disclosure, principal trading consent, soft dollar arrangements, pay-to-play restrictions, gifts and entertainment limits, personal trading policies, or code of ethics requirements. Also trigger when users mention 'is this a conflict', 'recommending our own funds', 'higher payout on annuities', 'outside business activity conflicts', 'allocation fairness across accounts', 'political contribution to a pension board member', or ask how to disclose or eliminate a conflict.
Process and manage account transfers between and within financial institutions. Use when handling full or partial ACAT transfers between broker-dealers, troubleshooting ACAT rejection codes or FINRA Rule 11870 timeline issues, setting up non-ACAT transfers like mutual fund direct transfers or DTC free deliveries, processing internal journal entries to move assets between accounts, handling retirement account rollovers or Roth conversions with proper tax reporting, managing estate transfers with cost basis step-up and date-of-death valuations, reconciling assets after transfer completion including residual credits and fractional shares, coordinating multi-account household transfers across different account types, or building transfer tracking dashboards and client communication workflows.
Use this skill when running PixiJS v8 outside a standard browser: Web Workers, OffscreenCanvas, Node/SSR, or CSP-restricted contexts. Covers DOMAdapter.set, BrowserAdapter, WebWorkerAdapter, custom Adapter interface, pixi.js/unsafe-eval for strict CSP. Triggers on: DOMAdapter, BrowserAdapter, WebWorkerAdapter, Web Worker, OffscreenCanvas, Node, headless, SSR, CSP, unsafe-eval, Adapter.
Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning, dependency scanning, and secret detection.
Use when you need comprehensive security scanning across applications, infrastructure, and dependencies with LLM-based analysis
Chief Security Officer mode. Infrastructure-first security audit: secrets archaeology, dependency supply chain, CI/CD pipeline security, LLM/AI security, skill supply chain scanning, plus OWASP Top 10, STRIDE threat modeling, and active verification. Two modes: daily (zero-noise, 8/10 confidence gate) and comprehensive (monthly deep scan, 2/10 bar). Trend tracking across audit runs. Use when: "security audit", "threat model", "pentest review", "OWASP", "CSO review". (gstack) Voice triggers (speech-to-text aliases): "see-so", "see so", "security review", "security check", "vulnerability scan", "run security".
Piwik Pro integration. Manage data, records, and automate workflows. Use when the user wants to interact with Piwik Pro data.