Loading...
Loading...
Found 156 Skills
Use when a startup is approached by a prospective partner and someone has to decide should we sign this partner, at what partner tier (referral / reseller / OEM / SI-consulting / strategic alliance), with what joint GTM commitment, and at what revshare. Classifies partner tier from independent-demand evidence vs. preferential-terms hunting, designs a 90-day joint GTM plan, models revshare against direct-sale margin, and surfaces kill criteria for unwinding under-performing partnerships. For Head of Partnerships, Head of BD, and Founder-CEOs doing reseller agreement, OEM deal, or strategic alliance review — not technical sale enablement, not channel cost economics, not M&A.
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports. 中文触发词:漏洞赏金、安全测试、渗透测试、漏洞挖掘、信息收集、子域名枚举、XSS测试、SQL注入、SSRF、安全审计、漏洞报告
Brainstorm feature ideas for a new product in initial discovery from PM, Designer, and Engineer perspectives. Use when starting product discovery for a new product, exploring features for a startup idea, or doing initial ideation.
Read-only crypto wallet insights via the Zerion CLI: portfolio value, token holdings, DeFi positions, transaction history, PnL, and watchlist management. Use whenever the user asks 'what's in this wallet', 'how is X doing', portfolio/PnL/positions/transactions for any address, ENS name, local wallet, or watched address. Supports x402 / MPP pay-per-call. Pair with `zerion-trading` for execution after analysis.
Master orchestrator for a full SEO audit suite powered by the Ahrefs MCP. Use this skill when running a comprehensive SEO audit, scoping a quarterly health check, doing pre-acquisition SEO due diligence, or post-migration verification. Triggers on full SEO audit, comprehensive SEO review, SEO health check, audit my site, SEO due diligence, audit suite, comprehensive audit, end-to-end SEO. Also triggers when a stakeholder wants the complete picture rather than a single-dimension audit.
Keeps HubSpot current without the owner opening it: creates and updates contacts and deals from email and calendar context, logs notes and calls, and flags stale records. The "stop doing data entry" skill. Use when the user asks to update the CRM, log a call, clean up HubSpot, or add context to a deal.
Use when doing upstream market-research methodology — sizing a market as TAM/SAM/SOM computed BOTH top-down and bottoms-up (never a single unsourced number), planning a survey sample size with finite-population correction and per-segment minimums, or scoring candidate market segments against Kotler's measurable/substantial/accessible/differentiable/actionable criteria. Outputs always show the method and the assumptions. For market-research analysts and product-marketing at the sizing/survey/segmentation moment. Distinct from marketing-skill (campaign analytics, attribution, demand-gen) — this is the evidence-building methodology, not live-campaign optimization.
Analyze competitors with strengths, weaknesses, and differentiation opportunities. Identifies direct competitors and maps the competitive landscape. Use when doing competitive research, preparing a competitive brief, or finding differentiation opportunities.
Comprehensive sales and revenue operations skill. Use when building a sales team, doing founder-led sales, hiring first sales reps, navigating enterprise deals, implementing product-led sales, designing sales compensation plans, defining ICP, mapping buyer personas, or optimizing the revenue engine (RevOps). Activates for: sales strategy, rev ops, revenue operations, sales enablement, sales compensation, ICP, ideal customer profile, buyer persona, sales process, deal execution, lead scoring, lead routing, lead lifecycle, MQL, SQL, pipeline management, CRM automation, sales qualification, BANT, MEDDIC, founder sales, enterprise sales, product-led sales, startup sales, SDR, AE, quota, ramp, commission plan.
Doctor Strange — forward mental simulation via parallel universe subagents. Walks through how a future event might unfold step by step, like a human mentally rehearsing a scenario. Stores simulations as persistent memory for later recall. TRIGGER when: user explicitly asks to simulate / rehearse / play out a scenario; user says "推演", "模拟", "预演", "imagine", "what if", "run through", "play this out", "what could go wrong"; user faces a high-stakes upcoming decision and is uncertain how it will unfold. DO NOT TRIGGER when: user wants factual lookup or research; user wants analysis of a past event (use regular memory); user wants a simple recommendation without simulation; user is debugging code or doing technical work unrelated to decision-making. Three modes: SIMULATE (run a new forward simulation), RECALL (surface past simulations as soft priors), MANAGE (list/void/re-run stored simulations).
Refactor Flutter/Dart code to improve maintainability, readability, and performance. This skill applies Dart 3 features like records, patterns, and sealed classes, implements proper state management with Riverpod or BLoC, and uses Freezed for immutable models. It addresses monolithic widgets, missing const constructors, improper BuildContext usage, and deep nesting. Apply when you notice widgets doing too much, performance issues from unnecessary rebuilds, or legacy Dart 2 patterns.
Knowledge and utilities for creating animated GIFs optimized for Slack. Provides constraints, validation tools, and animation concepts. Use when users request animated GIFs for Slack like "make me a GIF of X doing Y for Slack."