Loading...
Loading...
Found 2,245 Skills
Comprehensive best practices, design patterns, and common pitfalls for ROS2 (Robot Operating System 2) development. Use this skill when building ROS2 nodes, packages, launch files, components, or debugging ROS2 systems. Trigger whenever the user mentions ROS2, colcon, rclpy, rclcpp, DDS, QoS, lifecycle nodes, managed nodes, ROS2 launch, ROS2 parameters, ROS2 actions, nav2, MoveIt2, micro-ROS, or any ROS2-era robotics middleware. Also trigger for ROS2 workspace setup, DDS tuning, intra-process communication, ROS2 security, or deploying ROS2 in production. Also trigger for colcon build issues, ament_cmake, ament_python, CMakeLists.txt for ROS2, package.xml dependencies, rosdep, workspace overlays, custom message generation, or ROS2 build troubleshooting. Covers Humble, Iron, Jazzy, and Rolling distributions.
Application security principles and OWASP Top 10. Covers injection prevention, authentication, authorization, data protection, secrets management, and security review practices.
Use this skill whenever writing, reviewing, or refactoring Terraform code that provisions Azure resources. The skill enforces Microsoft Cloud Security Benchmark (MCSB) controls, CIS Azure Foundations Benchmark v2.0 rules, Azure Well-Architected Framework Security Pillar recommendations, and all Terraform IaC best practices that prevent Microsoft Defender for Cloud security recommendations from being raised. Activate whenever the user mentions Azure, azurerm provider, ARM, Defender for Cloud, Terraform on Azure, AKS, App Service, Storage, Key Vault, SQL, PostgreSQL, MySQL, Redis, Service Bus, Event Hub, Cosmos DB, API Management, or any Azure PaaS in a Terraform context — even if they don't explicitly ask about security or MDC.
This skill should be used when the user asks about crypto prices, market data, K-line charts, funding rates, open interest, long/short ratios, whale orders, liquidation data, crypto news, newsflash, Twitter crypto tweets, trending coins, stock quotes, treasury holdings, or any crypto market query. Also use when user asks about configuring or checking AiCoin API key. Use when user says: 'BTC price', 'check price', 'show K-line', 'funding rate', 'open interest', 'whale orders', 'long/short ratio', 'crypto news', 'newsflash', 'trending coins', '查行情', '看价格', '大饼多少钱', 'K线', '资金费率', '多空比', '鲸鱼单', '新闻快讯', '热门币', 'liquidation map', '配置AiCoin key', 'AiCoin API key', 'AiCoin key安全吗'. Covers 200+ exchanges with real-time data. MUST run node scripts to fetch real data. NEVER generate fake prices or hallucinate market data. IMPORTANT — AiCoin API Key: When user asks about AiCoin API key (配置/检查/安全/能不能交易), run `node scripts/coin.mjs api_key_info` FIRST, show the security_notice to user. For exchange trading (buy/sell/balance), use aicoin-trading instead. For Freqtrade strategies/backtest, use aicoin-freqtrade. For Hyperliquid whale analytics, use aicoin-hyperliquid.
Эксперт по container registry. Используй для настройки ECR, Harbor, Docker Hub, image security и CI/CD интеграции.
Claude CLI sub-agent system for persona-based analysis. Use when piping large contexts to Anthropic models for security audits, architecture reviews, QA analysis, or any specialized analysis requiring a fresh model context.
Smart contract and secure API contract security analysis — invariant checking, access control, reentrancy, and integer overflow patterns. Implements Checks-Effects-Interactions pattern, formal invariant verification, and OpenSCV vulnerability taxonomy for Solidity/EVM and Rust/Solana contracts.
Docker best practices for VPS deployments in 2026. Use this skill when writing Dockerfiles, docker-compose.yml, or managing containers on a Linux VPS. Covers multi-stage builds, uv-based Python images, Xvfb/virtual display containers, volume management, security hardening, and service orchestration with Docker Compose v2. NEVER use legacy docker-compose v1 (hyphenated), old Python base images, or root containers.
SonarQube/SonarCloud integration for continuous code quality. Setup, configuration, quality gates, and CI/CD integration. USE WHEN: user mentions "SonarQube", "SonarCloud", "quality gates", asks about "code coverage", "technical debt", "code smells", "sonar-project.properties", "SonarScanner" DO NOT USE FOR: ESLint/Biome - use linting skills, OWASP security - use security skills, testing tools - use Vitest/Playwright skills
PostgreSQL relational database. Covers SQL queries, indexes, constraints, and performance. Use when working with PostgreSQL. USE WHEN: user mentions "postgres", "postgresql", "pg_", asks about "JSONB queries", "window functions", "recursive CTE", "row level security", "full text search", "partitioning", "pgBouncer", "replication" DO NOT USE FOR: MySQL syntax - use `mysql` instead, MongoDB - use `mongodb` instead, Oracle PL/SQL - use `plsql` instead, SQL Server T-SQL - use `tsql` instead
OWASP Top 10:2025 security vulnerabilities. Covers access control, injection, supply chain, cryptographic failures, and more. Use for security reviews. USE WHEN: user mentions "OWASP 2025", "Top 10", "security review", "vulnerability assessment", asks about "broken access control", "injection", "supply chain", "cryptographic failures", "exception handling" DO NOT USE FOR: general OWASP (2021) - use `owasp` instead, secrets - use `secrets-management`, dependencies - use `supply-chain`
WooYun business logic vulnerability methodology — 22,132 real cases across 6 domains (authentication bypass, authorization bypass, payment tampering, information disclosure, logic flaws, misconfiguration) and 33 vulnerability classes. It can be used for ANY security testing, auditing, or code review of web apps, APIs, or business systems, even without explicit "security" keywords. Triggers: penetration testing, security audit, vulnerability, bug bounty, payment security, IDOR, password reset, weak credentials, unauthorized access, race condition, parameter tampering, code review, penetration testing, security audit, vulnerability mining, payment security, privilege escalation, logic vulnerability, business security, SRC, code audit. It also triggers on implicit intent: "test this endpoint", "find bugs", "can I bypass this", "help me test this interface", "can this parameter be modified", "help me find bugs".