Loading...
Loading...
Found 5,525 Skills
Ghost Security - Software Composition Analysis (SCA) scanner. Scans dependency lockfiles for known vulnerabilities, identifies CVEs, and generates findings with severity levels and remediation guidance. Use when the user asks about dependency vulnerabilities, vulnerable packages, CVE checks, security audits of dependencies, or wants to scan lockfiles like package-lock.json, yarn.lock, go.sum, or Gemfile.lock.
Ghost Security — combined security report. Aggregates findings from all scan skills (scan-deps, scan-secrets, scan-code) into a single prioritized report focused on the highest risk, highest confidence issues. Use when the user requests a security overview, vulnerability summary, full security audit, or combined scan results.
Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF, and other OWASP categories. Use when the user asks for a code security audit, SAST scan, vulnerability scan of source code, or wants to find security flaws in a codebase.
This skill should be used when the user asks to "validate a finding", "check if a vulnerability is real", "triage a security finding", "confirm a vulnerability", "determine if a finding is a true positive or false positive", or provides a security finding for review. It validates security vulnerability findings by tracing data flows, verifying exploit conditions, analyzing security controls, and optionally testing attack vectors against a live application.
You must use this when conducting PRISMA-standard systematic reviews, protocol development, or Risk of Bias assessment.
Scan codebase for security vulnerabilities including secrets, insecure dependencies, and unsafe code patterns. Use when performing automated security scans.
Enforces the discipline of thinking about tests, features, and maintainability BEFORE writing implementation code. Use when starting new classes/methods, refactoring existing code, or when asked to "think about tests first", "design for testability", "what tests do I need", "test-first approach", or "TDD thinking". Promotes simple, maintainable designs by considering testability upfront. Works with any codebase requiring test coverage and quality standards.
Implements conditional visibility for Home Assistant dashboard cards using state, numeric_state, screen, user, time, and/or conditions via Conditional Card wrapper and per-card visibility property. Use when asked to "hide card when", "show only if", "user-specific dashboard", "mobile vs desktop cards", "conditional visibility", or "show card based on state/time/user".
Configures automated infrastructure monitoring with mobile alerts (ntfy.sh and Home Assistant) and implements auto-recovery for common failures. Use when setting up monitoring, configuring mobile notifications, enabling auto-recovery, or troubleshooting alert delivery. Triggers on "setup monitoring", "configure alerts", "mobile notifications", "enable auto-recovery", "monitoring not working", or "not getting alerts". Works with ntfy.sh push notifications, Docker container health checks, Bash monitoring scripts, and optional Home Assistant automation integration.
Creates minimalist, mobile-first Home Assistant dashboards using Mushroom cards (13+ types) including entity, light, climate, chips, and template cards with card-mod styling support. Use when building modern HA dashboards, creating compact mobile interfaces, styling entity cards, using chips for status indicators, or combining Mushroom with card-mod for custom CSS.
Hookdeck Event Gateway — webhook infrastructure that replaces your queue. Use when receiving webhooks and need guaranteed delivery, automatic retries, replay, rate limiting, filtering, or observability. Eliminates the need for your own message queue for webhook processing.
Receive and verify Chargebee webhooks. Use when setting up Chargebee webhook handlers, debugging Basic Auth verification, or handling subscription billing events.