Loading...
Loading...
Found 1,410 Skills
Parses Software Bill of Materials (SBOM) in CycloneDX and SPDX JSON formats to identify supply chain vulnerabilities by correlating components against the NVD CVE database via the NVD 2.0 API. Builds dependency graphs, calculates risk scores, identifies transitive vulnerability paths, and generates compliance reports. Activates for requests involving SBOM analysis, software composition analysis, supply chain security assessment, dependency vulnerability scanning, CycloneDX/SPDX parsing, or CVE correlation.
Buttons, inputs, pills, badges, calendars, and other interactive components form a visual family — they share the same border-radius, colour logic, shadow scale, border style, and spacing rhythm. Inconsistency between them breaks the sense of a coherent product. Use when building or reviewing a component library, design system, or any set of UI components.
NestJS reference skill: modules, controllers, providers, DTOs with class-validator, TypeORM/Prisma, guards, interceptors, pipes, queues (BullMQ), WebSockets, microservices, testing, OpenAPI, and CLI scaffolding. Use when the task touches NestJS application code and should follow the project's module-based architecture.
Use this when user provides a Yii2 codebase for analysis or migration planning. Provides 6-phase workflow: scan, capability extraction, dependency analysis, requirements extraction, semantic indexing, and migration roadmap. Apply when user mentions Yii2, PHP legacy modernization, or framework migration to NestJS
Amazon PPC campaign builder and optimizer for sellers. Two modes: (A) Build — design a complete campaign structure from scratch with keyword groupings, bid calculations, and negative keyword lists, (B) Optimize — audit existing campaigns using search term reports, identify keyword funnel opportunities, calculate bid adjustments, and generate a week-by-week action plan. Integrates with amazon-keyword-research for keyword input. No API key required. Use when: (1) setting up Amazon PPC campaigns for a new product, (2) auditing existing campaign performance and ACoS, (3) optimizing keyword bids and negative keywords, (4) building Auto/Manual/Exact campaign structures, (5) analyzing search term reports for opportunities, (6) calculating break-even ACoS and target ACoS, (7) scaling profitable campaigns to Sponsored Brands or Display.
Ultra-lightweight channel for refactor processes - used when changes are clearly too small to go through the full scan → design → apply three-stage workflow. AI directly identifies 1-3 low-risk optimization points, confirms with the user once, modifies in-place using classic methods, and validates itself by running tests. No scan checklist, no design documentation, no multi-step human verification required. Trigger scenarios: User says "quick refactor", "small refactor", "simply optimize XX function", "modify directly", "skip the extra steps", and the scope of changes is clearly localized to a single function / single component with test coverage for self-validation.
Onboard a new repository or a repository with scattered documents into the CodeStable system. Two paths are automatically determined: the empty repository path (no spec-type documents or codestable/ directory in the repository) builds the skeleton from scratch; the migration path (the repository already has scattered documents or partial codestable/ structure) first generates an audit report + migration mapping plan, which is finalized after user confirmation one by one. This skill only does two things: "build the skeleton" and "organize existing documents". Once the skeleton is built, all sub-workflows can run directly. Trigger scenarios: Users say "Use CodeStable in this project", "Build CodeStable structure", "Initialize CodeStable", "Migrate to CodeStable".
Scans code for performance and scalability issues — N+1 queries, missing indexes, unbounded queries, memory inefficiencies, caching gaps, algorithmic complexity, concurrency bugs, and frontend performance problems. Generates severity-scored findings with copy-pasteable fix prompts. Trigger phrases: "performance audit", "performance check", "N+1 detection", "query optimization", "slow code", "performance review".
Scans code for security vulnerabilities — injection flaws, authentication gaps, XSS vectors, mass assignment, CSRF, insecure deserialization, sensitive data exposure, broken access control, and misconfigurations. Generates severity-scored findings with copy-pasteable fix prompts. Trigger phrases: "security scan", "security audit", "vulnerability check", "find security issues".
Explain code as a scannable blog post
Spec-driven E2E test creation: plan what to test through structured discovery phases, then scaffold a local Shiplight test project and write YAML tests by walking through the app in a browser.
This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD pipelines. It addresses configuring baseline, full, and API scans against running applications, interpreting ZAP findings, tuning scan policies, and establishing DAST quality gates in GitHub Actions and GitLab CI.