Loading...
Loading...
Found 182 Skills
Use when the user needs to run GitNexus CLI commands like analyze/index a repo, check status, clean the index, generate a wiki, or list indexed repos. Examples: "Index this repo", "Reanalyze the codebase", "Generate a wiki"
4-phase code review methodology: UNDERSTAND changes, VERIFY claims against code, ASSESS security/performance/architecture risks, DOCUMENT findings with severity classification. Use when reviewing pull requests, auditing code before release, evaluating external contributions, or pre-merge verification. Use for "review PR", "code review", "audit code", "check this PR", or "review my changes". Do NOT use for writing new code or implementing features.
Multi-language code quality gate with auto-detection and language-specific linters. Use when user asks to "run quality checks", "quality gate", "lint all", "check everything", "pre-commit checks", or "is this code ready to commit". Use for verifying code quality across polyglot repos. Do NOT use for single-language linting (use code-linting) or comprehensive code review (use systematic-code-review).
Guides efficient Haskell aligned with GHC practice -- laziness and strictness, purity, fusion, newtypes, pragmas, Core reading, and space-leak avoidance. Use when writing or reviewing Haskell, optimizing or profiling, debugging strictness or memory, or when the user mentions GHC, thunks, foldl vs foldl', list fusion, SPECIALIZE, or UNPACK.
Security Check - Security review for skills before installation. Triggers: Before installing new skills, regular review of installed skills, or when security issues with a skill are suspected. Security Checks: - Dangerous Commands: rm -rf, sudo, curl|bash, etc. - Network Requests: Potential data leakage risks - File Writes: Writing to sensitive locations - Credentials: Risk of API key/password leakage - Resource Exhaustion: Infinite loops - Privilege Escalation: Privilege escalation attempts - External Dependencies: Suspicious dependencies Commands: - /安检 <skill-path> - Review skill security - /安检 scan <path> - Deep scan - /安检 list - List risks of installed skills - /安检 fix <skill> - Fix security issues - /security <skill-path> - English command Actions: - Auto-fix: Remove or replace dangerous code - Disable: Disable dangerous features - User Confirm: User chooses whether to proceed - Block: Block installation for severe risks Capabilities: Static code analysis, dangerous pattern recognition, risk assessment, auto-fix, user interactive decision making.
Comprehensive codebase reading engine. Systematically reads actual source code line by line through a 6-phase protocol — scoping, structural mapping, execution tracing, deep reading, pattern synthesis, and structured reporting. Source code is the source of truth. Use when needing to truly understand how code works, not just what documentation claims.
Semgrep integration. Manage Rules, Scans. Use when the user wants to interact with Semgrep data.
Security audit and vulnerability scanner for AI agent skills before installation. Use when: (1) evaluating a skill from an untrusted source, (2) auditing a skill directory or git repo URL for malicious code, (3) pre-install security gate for Claude Code plugins, OpenClaw skills, or Codex skills, (4) scanning Python scripts for dangerous patterns like os.system, eval, subprocess, network exfiltration, (5) detecting prompt injection in SKILL.md files, (6) checking dependency supply chain risks, (7) verifying file system access stays within skill boundaries. Triggers: "audit this skill", "is this skill safe", "scan skill for security", "check skill before install", "skill security check", "skill vulnerability scan".
Execute Gemini CLI for AI-powered code analysis and generation. Use when you need to leverage Google's Gemini models for complex reasoning tasks.
Static analysis security vulnerability scanner for Ruby on Rails applications. Use when analyzing Rails code for security issues, running security audits, reviewing code for vulnerabilities, setting up security scanning in CI/CD, managing security warnings, or investigating specific vulnerability types (SQL injection, XSS, command injection, etc.). Also use when configuring Brakeman, reducing false positives, or integrating with automated workflows.
Analyze codebase for GoF design patterns - detection, suggestions, evaluation with stack-aware adaptations
Use this agent when you need to gather comprehensive documentation and best practices for frameworks, libraries, or dependencies in your project. This includes fetching official documentation, exploring source code, identifying version-specific constraints, and understanding implementation patterns. <example>Context: The user needs to understand how to properly implement a new feature using a specific library. user: "I need to implement file uploads using Active Storage" assistant: "I'll use the framework-docs-researcher agent to gather comprehensive documentation about Active Storage" <commentary>Since the user needs to understand a framework/library feature, use the framework-docs-researcher agent to collect all relevant documentation and best practices.</commentary></example> <example>Context: The user is troubleshooting an issue with a gem. user: "Why is the turbo-rails gem not working as expected?" assistant: "Let me use the framework-docs-researcher agent to investigate the turbo-rails documentation...