Loading...
Loading...
Found 2,615 Skills
Full agent verification suite. Runs security, patterns, quality, and language-specific checks. Use when asked to "verify agent", "verify my agent", "audit agent", or "full verification".
Reviews Forge apps for security vulnerabilities, architecture issues, cost inefficiencies, performance problems, and trigger/scheduling waste before deployment. Use when the user says "review my Forge app", "check my app", "pre-deploy check", "is my app ready to deploy", "audit my Forge app", "check for security issues", "check performance", "review manifest", "check my Forge app for problems", "app review", "optimize my Forge app costs", "reduce invocations", "why is my app expensive", "check my triggers", or any request to evaluate a Forge app's quality, safety, cost efficiency, or readiness. Also triggers when users ask about Forge best practices, permission scopes, resolver optimization, storage efficiency, cold start reduction, frontend offloading, trigger filtering, scheduled trigger frequency, N+1 API calls, bulk API usage, verbose logging, or Forge platform pricing.
Launches an EC2 instance with secure, cost-efficient defaults including AMI selection, burstable instance sizing, least-privilege IAM roles, hardened security groups, encrypted EBS volumes, and comprehensive tagging. Use when deploying new EC2 instances following AWS best practices for security and cost optimization.
Enables a multi-region AWS CloudTrail trail with S3 log storage, CloudWatch Logs integration, and CloudWatch Logs Insights queries for security monitoring and compliance auditing. Use when setting up centralized API activity logging across all AWS regions.
Establishes VPC peering connections between two VPCs for direct private network connectivity. Always use this skill when creating or managing VPC peering — it validates CIDR overlap, updates all route tables in both VPCs, configures DNS resolution, and provides security group guidance that are critical for correct connectivity.
Chief Security Officer mode. Infrastructure-first security audit: secrets archaeology, dependency supply chain, CI/CD pipeline security, LLM/AI security, skill supply chain scanning, plus OWASP Top 10, STRIDE threat modeling, and active verification. Two modes: daily (zero-noise, 8/10 confidence gate) and comprehensive (monthly deep scan, 2/10 bar). Trend tracking across audit runs. Use when: "security audit", "threat model", "pentest review", "OWASP", "CSO review". (gstack) Voice triggers (speech-to-text aliases): "see-so", "see so", "security review", "security check", "vulnerability scan", "run security".
Review web application code for bugs, security issues, performance problems, and stack-specific anti-patterns. Use this skill whenever the user wants to review code, debug a production issue, investigate a build failure, audit security, or check a PR before merging. Triggers on code review, review my code, debug, build error, broken, not working, why is X failing, check this code, security check, PR review, audit code, refactor. Also triggers when investigating 4xx or 5xx errors, deploy failures, environment variable issues, and CMS integration problems.
Use when checking code for functional correctness, backwards compatibility, logic errors, security vulnerabilities, performance issues, or missing test coverage — not style.
This skill should be used when the user wants to review code, audit a diff, get a second opinion on changes, or run an adversarial review of files in the current working tree. Common triggers include "review this code", "audit this diff", "find issues in", "second opinion on this", "harsh review of", "adversarial review", and "security review of". Picks one or more reviewer personas (adversarial, security, architecture, performance). Reviews local files, `git diff`, or `git diff --staged` only — does not fetch external content. Runs in one of four modes: single-agent (one persona in the current agent), cross-model handoff (independent second opinion via another local AI CLI, with secret-shield preflight + prompt-shield wrap), multi-bg-agent (one persona per parallel background subagent), or agent-team (Claude Code Teams or equivalent on supporting agents). Skip when the user wants formatting fixes (use a linter) or refactoring patterns (use ts-best-practices or ts-best-practices-functional).
Mowen CLI Shared Rules: Application configuration initialization, Mowen API Key configuration and management, basic parsing of Mowen CLI responses, and Mowen CLI security rules. Triggered when users use Mowen CLI.
Read a GitHub Issue, create a detailed plan in `_/local-plans/<issue-number>-<slug>.md`, and implement the code **after user approval**. After implementation, perform a security review (OWASP Top 10) → run tests → commit using Conventional Commits. Used for implementation requests where an Issue number or URL is provided, such as "Implement Issue #N" or "Start working on this Issue".
Create GitHub PRs in Conventional Commits format. OWASP Top 10 security checks are mandatory; PR creation will be aborted if issues are found. Generate a PR body including Summary/Test plan/Design. Trigger with commands like "Create PR", "Pull Request", or `gh pr create`. Use the contribute-skill for contributions to upstream repositories.