Loading...
Loading...
Found 2,247 Skills
ML supply chain security scanner. Scans model files, scores risk (0-100), maps to 5 global compliance frameworks (ISM-2072, EU AI Act, OWASP LLM, MITRE ATLAS, NIST AI RMF), and provides remediation steps. Zero-config, auto-installs scanners. Use when the user asks to scan a model, check if a model is safe, audit ML security posture, check compliance, inspect pickle/safetensors/pytorch files, or mentions model supply chain security. Also trigger on ISM-2072, EU AI Act, OWASP LLM06, model risk score, "is this model safe", "scan my models", "check compliance".
Expert knowledge for Azure Firmware Analysis development including troubleshooting, best practices, security, integrations & coding patterns, and deployment. Use when provisioning AFA workspaces, configuring RBAC access, uploading firmware via CLI/PowerShell/Python, or interpreting SBOM results, and other Azure Firmware Analysis related development tasks.
Expert knowledge for Azure DevTest Labs development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when managing DevTest Labs VMs, images/artifacts, ARM/CLI automation, RBAC/Key Vault security, or hub-spoke lab setups, and other Azure DevTest Labs related development tasks. Not for Azure Dev Box (use azure-dev-box), Azure Lab Services (use azure-lab-services), Azure Virtual Machines (use azure-virtual-machines), Azure Virtual Desktop (use azure-virtual-desktop).
Expert knowledge for Azure US Government development including decision making, architecture & design patterns, security, configuration, integrations & coding patterns, and deployment. Use when handling FedRAMP/DoD IL5 scope, SACA patterns, Gov CI/CD, Gov Marketplace, or sovereign APIs, and other Azure US Government related development tasks. Not for Azure Local (use azure-local), Azure Arc (use azure-arc), Azure Networking (use azure-networking), Azure Security (use azure-security).
Expert knowledge for Azure Automation development including troubleshooting, best practices, decision making, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when building Azure Automation runbooks/DSC, Hybrid Runbook Workers, Change Tracking, CI/CD, or cross-cloud integrations, and other Azure Automation related development tasks. Not for Azure Functions (use azure-functions), Azure Logic Apps (use azure-logic-apps), Azure Scheduler (use azure-scheduler), Azure Update Manager (use azure-update-manager).
Expert knowledge for Microsoft Foundry Tools (aka Azure AI services, Azure Cognitive Services) development including best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when using Content Understanding analyzers, Content Moderator APIs, Foundry containers, VNet/Key Vault security, or Entra auth, and other Microsoft Foundry Tools related development tasks. Not for Microsoft Foundry (use microsoft-foundry), Microsoft Foundry Classic (use microsoft-foundry-classic), Microsoft Foundry Local (use microsoft-foundry-local).
A comprehensive starting point for AI agents to work with Capacitor. Covers core concepts, CLI, app creation, plugins, framework integration, best practices, storage, security, testing, troubleshooting, upgrading, and Capawesome Cloud (live updates, native builds, app store publishing). Pair with the other Capacitor skills in this collection for deeper topic-specific guidance.
Verification loop for Laravel projects: env checks, linting, static analysis, tests with coverage, security scans, and deployment readiness.
Perform security operations on OpenClaw environments by calling Alibaba Cloud Security Center (SAS) and ECS APIs via the aliyun CLI. Supports asset queries, vulnerability detection, baseline checks, alert analysis, daily security report generation, and Cloud Assistant command execution. Use this skill when users need to query OpenClaw security status, handle security alerts, check vulnerability risks, execute emergency commands, or generate security reports.
Execute a complete tax-loss harvesting workflow from candidate identification through post-harvest monitoring. Use when the user asks about finding TLH candidates, gain/loss budgeting, replacement security selection, wash-sale compliance, or harvest execution planning. Also trigger when users mention 'unrealized losses in my portfolio', 'swap ETFs for tax purposes', 'harvest losses before year-end', 'substantially identical security', 'wash-sale window', 'NIIT offset', 'loss carryforward', or ask how much tax they can save by harvesting.
OSINT-based technology stack identification. Discovers company tech stacks using passive reconnaissance across 17 intelligence domains. Given a company name (and optional domain hint), infers frontend, backend, infrastructure, and security technologies using publicly available signals.
This skill should be used when the user asks about crypto prices, market data, K-line charts, funding rates, open interest, long/short ratios, whale orders, liquidation data, crypto news, newsflash, Twitter crypto tweets, trending coins, airdrops, drop radar, airdrop research, project analysis, exchange listings, stock quotes, treasury holdings, or any crypto market query. Also use when user asks about configuring or checking BBX API key. Use when user says: 'BTC price', 'check price', 'show K-line', 'funding rate', 'open interest', 'whale orders', 'long/short ratio', 'crypto news', 'newsflash', 'ETF', '监管', '政策', 'trending coins', 'airdrop', 'drop radar', '查行情', '看价格', '大饼多少钱', 'K线', '资金费率', '多空比', '鲸鱼单', '新闻', '快讯', '新闻快讯', '热门币', '空投', '空投项目', '空投机会', '空投研报', '项目分析', '项目详情', '上了哪些交易所', '推特', 'Twitter', 'liquidation map', '配置BBX key', 'BBX API key', 'BBX key安全吗'. Covers 200+ exchanges with real-time data. MUST run node scripts to fetch real data. NEVER generate fake prices or hallucinate market data. NEVER use web_search/web_fetch for airdrop, project, news, or Twitter data — always use airdrop.mjs, drop_radar.mjs, news.mjs, newsflash.mjs, or twitter.mjs scripts. IMPORTANT — BBX API Key: When user asks about BBX API key (配置/检查/安全/能不能交易), run `node scripts/coin.mjs api_key_info` FIRST, show the security_notice to user. For Hyperliquid whale analytics, use hyperliquid.