Loading...
Loading...
Found 386 Skills
Review code changes in Tenzir projects. Use when auditing diffs or pull requests for bugs, security issues, missing tests, documentation drift, readability problems, performance regressions, user experience issues, or when deciding how to respond to GitHub review comments. Also use this skill whenever the user says "review", "look at this PR", "check my changes", "audit this diff", "what do you think of this code", or asks for feedback on any code they've written or changed — even if they don't explicitly say "code review."
Audits codebases for common security vulnerabilities that AI coding assistants introduce in "vibe-coded" applications. Checks for exposed API keys, broken access control (Supabase RLS, Firebase rules), missing auth validation, client-side trust issues, insecure payment flows, and more. Use this skill whenever the user asks about security, wants a code review, mentions "vibe coding", or when you're writing or reviewing code that handles authentication, payments, database access, API keys, secrets, or user data — even if they don't explicitly mention security. Also trigger when the user says things like "is this safe?", "check my code", "audit this", "review for vulnerabilities", or "can someone hack this?".
Enable and configure Kibana audit logging for saved object access, logins, and space operations. Use when setting up Kibana audit, filtering events, or correlating Kibana and ES audit logs.
This skill should be used when the user asks to 'find a token on TRON', 'search TRC-20 token', 'token info on TRON', 'who holds this TRON token', 'is this TRON token safe', 'top TRON tokens', 'trending tokens on TRON', 'token market cap on TRON', 'holder distribution', 'verify TRON contract', or mentions searching for TRC-20 tokens, checking token metadata, holder analysis, contract verification, or discovering trending tokens on the TRON network. For live prices and K-line charts, use tron-market. For swap execution, use tron-swap.
Automated code review for security, performance, and maintainability. Use when asked for code review, security audit, quality check, PR review, or to find issues in code.
Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for live container runtime analysis, mounted secrets, sidecars, namespaces, init containers, entrypoint drift, and route-to-container resolution. Use when the user asks why a live container differs from manifests, where a mounted secret is consumed, how a sidecar or init container changes runtime state, or which route resolves to which live container. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here.
Multi-perspective code review strategy covering architecture, security, performance, and quality. Follow when reviewing code or analyzing changes.
Run a security and reliability health check on a Portaly Vibe payment integration before deployment. Trigger when the user mentions Portaly health check, payment security audit, pre-deploy check, sentry scan, callback verification audit, integration safety check, or wants to verify their Portaly payment integration is safe to go live.
Deep security scanning for .NET applications across 6 layers: vulnerable packages, secrets detection, OWASP code patterns, auth configuration, CORS policy, and data protection. Produces severity-rated findings with specific remediation steps. Load this skill when: "security scan", "security audit", "check for vulnerabilities", "find secrets", "OWASP", "auth review", "CORS check", "security review", "penetration test prep", "CVE check", "vulnerability scan", "hardcoded password", "data protection", "security posture".
Review the diff between the current branch and main as a senior developer. Analyzes architecture, coding standards, security, performance, and correctness. Use when user says 'review my code', 'pre-PR review', 'review diff', 'code review before PR', 'check my changes', or 'senior review'. Do NOT use for only running tests (use a test skill), only linting (use a lint skill), or full PR preparation (use create-pr).
ローカル改修した `.agents/skills/<skill-name>/` を upstream リポジトリ (Fandhe-AI/agent-cli-skills 等) へ PR として投稿する。`skills-lock.json` の `source` を読み、`Fandhe-AI/` 以外への push は安全弁で中止。clone → 反映 → セキュリティチェック → ブランチ作成 → push → `gh pr create` を実行。マージ後は sync-skills-lock で hash 更新。「スキルを upstream に貢献」「外部リポジトリに PR」などで使用。
Launch both thermo-nuclear review subagents in parallel, then synthesize their findings. Use for thermos, double thermo review, or combined bug/security and code-quality branch audits.