Loading...
Loading...
Found 2,615 Skills
Use this skill whenever writing, reviewing, or refactoring Terraform code that provisions Azure resources. The skill enforces Microsoft Cloud Security Benchmark (MCSB) controls, CIS Azure Foundations Benchmark v2.0 rules, Azure Well-Architected Framework Security Pillar recommendations, and all Terraform IaC best practices that prevent Microsoft Defender for Cloud security recommendations from being raised. Activate whenever the user mentions Azure, azurerm provider, ARM, Defender for Cloud, Terraform on Azure, AKS, App Service, Storage, Key Vault, SQL, PostgreSQL, MySQL, Redis, Service Bus, Event Hub, Cosmos DB, API Management, or any Azure PaaS in a Terraform context — even if they don't explicitly ask about security or MDC.
Analyzes system and application logs to detect anomalies and security threats in blue-team operations.
Claude CLI sub-agent system for persona-based analysis. Use when piping large contexts to Anthropic models for security audits, architecture reviews, QA analysis, or any specialized analysis requiring a fresh model context.
Structured code review approach covering security, quality, performance, and consistency.
Docker best practices for VPS deployments in 2026. Use this skill when writing Dockerfiles, docker-compose.yml, or managing containers on a Linux VPS. Covers multi-stage builds, uv-based Python images, Xvfb/virtual display containers, volume management, security hardening, and service orchestration with Docker Compose v2. NEVER use legacy docker-compose v1 (hyphenated), old Python base images, or root containers.
Use when user needs security incident response, operational incident management, evidence collection, forensic analysis, or coordinated response for outages and breaches.
Full API lifecycle management through Postman. Sync OpenAPI specs to collections, generate typed client code, run API tests, create mock servers, publish documentation, audit security against OWASP Top 10, and discover APIs across workspaces. Requires the Postman MCP Server. Use this skill when the user mentions Postman, API collections, syncing specs, generating SDKs, running API tests, creating mocks, API documentation, or API security audits. Triggers on tasks involving API development workflows, collection management, or any Postman-related operations.
Эксперт ISO 27001. Используй для ISMS, security controls и compliance implementation.
Эксперт по S3 политикам. Используй для IAM policies, bucket permissions, cross-account access и security best practices.
Go API development guidelines using the standard library (1.22+) with best practices for RESTful API design, error handling, and security
Spring Boot 3 Java framework with enterprise patterns. Covers REST controllers, services, repositories, JPA entities, MapStruct mappers, Lombok, JWT security, Flyway migrations, and global exception handling. USE WHEN: user mentions "Spring Boot", "REST API", "enterprise Java", asks about "controller patterns", "service layer", "repository", "DTO mapping", "JWT auth", "Flyway", "MapStruct" DO NOT USE FOR: Spring Data JPA (use `spring-data-jpa`), Spring Security (use `spring-security`), Spring WebFlux (use `spring-webflux`), Spring WebSocket (use `spring-websocket`)
Comprehensive guide for setting up and configuring CodeQL code scanning via GitHub Actions workflows and the CodeQL CLI. This skill should be used when users need help with code scanning configuration, CodeQL workflow files, CodeQL CLI commands, SARIF output, security analysis setup, or troubleshooting CodeQL analysis.