Loading...
Loading...
Found 2,245 Skills
This skill should be used when the user asks to "build a Capacitor app", "add Capacitor to a web project", "use Capacitor plugins", "configure Capacitor for iOS or Android", or needs guidance on Capacitor best practices, security, storage, deep links, or the development workflow.
Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated and manual testing techniques.
Master smart contract security best practices, vulnerability prevention, and secure Solidity development patterns.
Explicit anti-rationalization enforcement for maximum-rigor task execution. Loads all anti-rationalization patterns, gate enforcement, and pressure resistance as a composable modifier on any task. Use when executing critical production changes, security-sensitive code, complex multi-file refactors, or any task where shortcuts could cause harm. Use for "with rigor", "carefully", "maximum verification", or "no shortcuts". Do NOT use for trivial lookups, documentation-only edits, or simple typo fixes where full gate enforcement would be disproportionate overhead.
4-phase code review methodology: UNDERSTAND changes, VERIFY claims against code, ASSESS security/performance/architecture risks, DOCUMENT findings with severity classification. Use when reviewing pull requests, auditing code before release, evaluating external contributions, or pre-merge verification. Use for "review PR", "code review", "audit code", "check this PR", or "review my changes". Do NOT use for writing new code or implementing features.
Apply when handling credit card data, implementing secureProxyUrl flows, or working with payment security and proxy code. Covers PCI DSS compliance, Secure Proxy card tokenization, sensitive data handling rules, X-PROVIDER-Forward-To header usage, and custom token creation. Use for any payment connector that processes credit, debit, or co-branded card payments to prevent data breaches and PCI violations.
Expert knowledge for Azure Lab Services development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when configuring lab plans, VM templates/schedules, VNet-integrated labs, GPU/nested virtualization, or Canvas/Teams integration, and other Azure Lab Services related development tasks. Not for Azure DevTest Labs (use azure-devtest-labs), Azure Virtual Machines (use azure-virtual-machines), Azure Virtual Desktop (use azure-virtual-desktop).
Use when you need to design, review, or improve REST APIs with Spring Boot — including HTTP methods, resource URIs, status codes, DTOs, versioning, deprecation and sunset headers, content negotiation (JSON and vendor media types), ISO-8601 instants in DTOs, pagination/sorting/filtering, Bean Validation at the boundary, idempotency, ETag concurrency, HTTP caching, error handling, security, API documentation, controller advice, and problem details for errors. Part of the skills-for-java project
Systematic retrieval expert covering all areas of Chinese law. ## Core Features - Supports user identity recognition (ordinary person/law student/lawyer/judge/prosecutor) - Provides differentiated services based on different identities - Complete legal source retrieval (laws/administrative regulations/judicial interpretations/guiding cases/typical cases) - Original legal article citation and cross-reference sorting ## Core Trigger Conditions (Trigger if any is met) **High Priority (Must Trigger)**: - Explicit request to find legal articles/regulations/judicial interpretations/regulatory documents - Request to determine legality/illegality ("Is it illegal?""Is it legal?""Am I liable?") - Request to find compensation standards/compensation amounts/liability determination/procedural requirements - Asking "Based on which law?""What does the law stipulate?""What is the legal basis?" **Medium Priority (Trigger based on context)**: - "What to do?""How to defend rights?""Can I sue?" - "What procedures are needed?""What conditions are required?" - "What else can I claim?""Where can I file a complaint?" ## Application Scenarios - Labor disputes: illegal termination, economic compensation, work-related injuries, social security, job transfer, etc. - Contract disputes: deposit, liquidated damages, breach of contract liability, sales contracts, etc. - Tort liability: traffic accidents, personal injury, medical accidents, environmental pollution, etc. - Marriage and family: divorce property, child custody, estate inheritance, etc. - Administrative/criminal/corporate finance, etc. ## Non-Triggering Scenarios - Only asking about legal concepts/terminology explanations (not retrieval-related) - Only requesting lawyer/legal service recommendations - Only discussing legal news/case stories (not involving specific regulations) - Only asking about legal examination/study questions **Note**: Even if the user does not explicitly request a "retrieval report", this skill will be triggered as long as the issue involves searching, organizing, interpreting, or applying legal norms.
Use this skill when the user wants to check if their system is affected by the axios npm supply chain attack (March 31, 2026), scan for malicious axios versions (1.14.1, 0.30.4), check for malware artifacts, or audit package manager security settings (pnpm, npm, bun, yarn) for protections against supply chain attacks. Trigger on phrases like "axios vulnerability", "axios supply chain", "check if affected by axios", "scan for axios malware", or "package manager security audit".
Apply when scoping, reviewing, or documenting cross-cutting VTEX commerce architecture across storefront, IO, headless, marketplace, payments, or any other VTEX module. Grounds work in the Well-Architected Commerce framework—Technical Foundation (reliability, trust, integrity; security, infrastructure, compliance), Future-proof (innovation, simplicity, efficiency; scalable and adaptable solutions), and Operational Excellence (accuracy, accountability, data-driven improvement; process and customer experience). Routes implementation detail to product tracks (IO caching and paths, Master Data strategy, marketplace integrations). Use for solution design, architecture reviews, and RFP-level technical structure.
Review Express.js security audit patterns for middleware and routes. Use for auditing Helmet.js, CORS, body-parser limits, and auth middleware. Use proactively when reviewing Express.js apps. Examples: - user: "Secure my Express app" → add Helmet.js and disable x-powered-by - user: "Check Express CORS config" → verify origin allowlists and credentials - user: "Review Express auth middleware" → check route order and coverage - user: "Scan for Express path traversal" → verify path normalization and validation - user: "Audit Express session config" → check secure, httpOnly, and sameSite flags