Loading...
Loading...
Found 2,245 Skills
Guides DeFi protocol security review and rug-risk assessment from public chain data, verified source, and historical patterns—covering EVM and Solana-style deployments, liquidity and tokenomics, governance centralization, bridges, exploit pattern matching, and evidence-structured audit reports. Use when the user asks for a DeFi security audit, rug risk analysis, contract vulnerability triage, LP lock verification, governance or upgrade risk, or cross-chain bridge review from observable data only.
Points to Christoph Michel’s (cmichel.io) long-form guide on becoming a smart contract security auditor—EVM-centric learning path, CTFs, canonical DeFi contracts, finance basics, and an FAQ (tools, scoping, compensation). Use when the user asks how to start in Solidity/EVM auditing or cites this article—not as current salary data, job placement advice, or a substitute for hands-on practice and primary documentation.
Platform-agnostic OWASP secure coding practices with JavaScript/Node.js patterns and NetSuite SuiteScript examples. Covers Open Worldwide Application Security Project (OWASP) Top 10 (2021), output encoding, injection prevention, CSP headers, file security, API hardening, AI agent security, DRY security patterns, and 48+ security pitfalls with GOOD/BAD code templates.
Technical due diligence for M&A, investment, or acquisition. Reads a target company's codebase and generates a comprehensive tech DD report with architecture assessment, tech debt quantification, scalability analysis, security posture, team capability inference, build system quality, test coverage, deployment maturity, and open source license risks. Outputs tech-dd-report.md formatted like a real investment memo with risk ratings, remediation costs, and go/no-go recommendation.
Comprehensive container image security scanning and remediation. Analyzes Docker images for OS package vulnerabilities, application dependencies, and Dockerfile best practices. Use when: - User asks to scan a Docker image or container - User mentions "container security" or "image vulnerabilities" - User wants to secure a Dockerfile - User asks about base image security - Agent is working with Docker, Kubernetes, or container deployments
NestJS best practices and architecture patterns for building production-ready applications. This skill should be used when writing, reviewing, or refactoring NestJS code to ensure proper patterns for modules, dependency injection, security, and performance.
Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit authenticated user sessions during authorized security assessments.
Provides comprehensive code review guidance for React 19, Vue 3, Angular 17+, Svelte 5, Rust, TypeScript, Java, Python, Django, Go, C#/.NET, Kotlin, NestJS, C/C++, and more. Helps catch bugs, improve code quality, and give constructive feedback. Use when: reviewing pull requests, conducting PR reviews, code review, reviewing code changes, establishing review standards, mentoring developers, architecture reviews, security audits, checking code quality, finding bugs, giving feedback on code.
Perform a systematic security audit of a codebase, checking for OWASP Top 10 vulnerabilities, secrets exposure, and insecure patterns.
Code Review Expert: Perform in-depth code reviews using context-isolated subagents, covering security vulnerabilities, performance optimizations, and production reliability
Discover, query, and analyze Israeli government open data from data.gov.il (CKAN API). Use when user asks about Israeli government data, "data.gov.il", government datasets, CBS statistics, or needs data about Israeli transportation, education, health, geography, economy, or environment. Supports dataset search, tabular data queries, and analysis guidance. Pair with the MCP servers listed below for direct tool access from your agent. Do NOT use for classified government data or data requiring security clearance.
Guides AI ops leadership—LLM SRE, model/prompt releases, eval/incidents, cost/capacity, vendors, and cross-functional cadence. Use for AI platform ops, LLM SLAs, incidents, rollout governance, unit economics, red-team/eval gates, and team rituals—not memory (ai-memory-developer), context code (ai-context-engineer), security programs (cybersecurity), token roadmaps (ai-token-improvement-plan-engineer), solution architecture (applied-ai-architect-commercial-enterprise), skills portfolio (ai-skill-manager), or vertical AI product eng management (engineering-manager-vertical-ai-products). Prompt/eval team management and golden-set release policy: engineering-manager-agent-prompts-evals. Safeguard inference platform: ml-infrastructure-engineer-safeguards. Safeguard model research: ml-research-engineer-safeguards.