Loading...
Loading...
Found 359 Skills
Enter this sub-process when conducting code optimization — handle tasks where 'behavior remains unchanged, structure changes' (structure / performance / readability). Shift single-module internal optimization from 'AI random refactoring' to 'first scan to generate a checklist, confirm each item with the user, execute step-by-step according to the method library, and require manual approval for each step'. Trigger scenarios: Users mention phrases like 'optimize it / refactor / rewrite / split it / poor performance / code is too long' without any accompanying behavior changes. Do not handle new requirements (route to feature), bugs (route to issue), or cross-module architecture restructuring (route to architecture + decisions).
A new-hire onboarding plan as a single page — first week schedule, buddy + manager intro, learning track, equipment checklist, and "you're set when…" outcomes. Use when the brief mentions "onboarding", "new hire", "first week plan", or "入职".
Use when preparing your agent for production — IAM scoping, inbound auth (JWT, SigV4), secrets management, cold start optimization, session lifecycle, rate limiting, input validation, and quota guidance. Triggers on: "production checklist", "harden agent", "production ready", "secure agent", "inbound auth", "going live", "cold start optimization", "session lifecycle", "StopRuntimeSession", "quota", "throttling", "maxVms", "rate limit", "security audit of outbound API calls", "gateway target audit for production", "restrict who can call", "lock down endpoint", "only our app can call". Not for Cedar tool-restriction policies — use agents-connect. Not for quality measurement — use agents-optimize. Not for outbound credential storage or API key wiring — use agents-connect. Not for A2A agent-to-agent auth — use agents-build. Cold start observation and diagnosis (not optimization) routes to agents-debug.
Deep financial statement analysis for listed companies via Longbridge — cross-statement reconciliation (IS↔BS↔CF), DuPont decomposition (ROE = net margin × asset turnover × equity multiplier), earnings-quality scoring (accrual ratio), and 10-item financial fraud red-flag checklist. Builds on raw data from longbridge-financial-report. Triggers: "三表勾稽", "杜邦分析", "杜邦拆解", "盈利质量", "应计利润", "财务造假", "财报深度", "财务红旗", "三表分析", "財務深度", "三表勾稽", "杜邦分析", "盈利質量", "應計利潤", "財務造假", "財報深度", "財務紅旗", "DuPont analysis", "accrual ratio", "earnings quality", "financial fraud red flags", "cross-statement reconciliation", "three-statement analysis".
Turn Steam store-page, wishlist, demo, Next Fest, and launch-window ambiguity into one packet-first Steam launch brief. Use when an indie dev, small studio, founder-marketer, or publisher helper needs to decide whether the next move is a page-promise audit, wishlist-signal check, demo-readiness gate, event-timing workback, or launch-ops runbook — especially when they say "help my Steam page", "wishlists are weak", "is our demo ready", "should we do Next Fest", or "give me a Steam launch checklist". Route broad non-game GTM work to `marketing-automation` and player-feedback/build-performance issues to the game specialist skills.
Guideline for designing, implementing, and verifying secure Python applications following OWASP Top 10 best practices. Use when the user wants to: (1) review Python code for security vulnerabilities, (2) design a secure Python application architecture, (3) implement security features (authentication, authorization, cryptography, input validation), (4) audit Python dependencies for known vulnerabilities, (5) create security checklists or verification plans, (6) fix security bugs or harden existing Python code, (7) set up security testing and static analysis (bandit, safety, semgrep), or (8) handle any Python security concern including injection prevention, secure deserialization, SSRF protection, secrets management, and secure deployment.
Use when planning A/B tests in LaunchDarkly, Optimizely, or similar platforms. Sizes the experiment (sample size, MDE, runtime), drafts hypothesis + success metrics + guardrails, and produces a launch checklist + rollback plan.
Prepares codebases for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures accessibility, and generates documentation (flowcharts, user stories, inline comments).
Quick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling
Comprehensive checklist for conducting thorough code reviews covering functionality, security, performance, and maintainability
Build, plan, review, and document pyRevit extensions. Use when Codex needs the pyRevit development workflow, templates, prompts, checklists, or scripts for creating or updating pyRevit commands in this repo. Pair with a version-specific Revit skill (e.g., 2023/2024/2025) for API constraints.
Use when reviewing or scoring AI-generated business/application code quality in any language, especially when a numeric score, risk level, or must-fix checklist is requested, or when C++ code must comply with OpenHarmony C++ and security standards