Loading...
Loading...
Found 23 Skills
Guide for using Netlify Image CDN for image optimization and transformation. Use when serving optimized images, creating responsive image markup, setting up user-uploaded image pipelines, or configuring image transformations. Covers the /.netlify/images endpoint, query parameters, remote image allowlisting, clean URL rewrites, and composing uploads with Functions + Blobs.
Manage Zerion agent tokens and security policies — the primitives for autonomous trading and signing. Create / list / use / revoke agent tokens; create / list / show / delete policies (chain locks, allowlists, transfer/approval gates, expiry). Use whenever the user asks to set up an agent token, configure a policy, or enable autonomous trading. Required by `zerion-trading` and `zerion-sign`.
Evaluate third-party agent skills for security risks before adoption or update. Use when: (1) Installing or updating a skill from skills.sh, ClawHub, or any public registry, (2) Auditing skills for security risks or reviewing PRs that add/update skill dependencies, (3) Building a team/org allowlist of approved skills, (4) Investigating suspicious skill behavior or answering "is this skill safe?" / "should we adopt this skill?"
Mint (purchase) an Art Blocks token using the artblocks-mcp tools. Use when a user wants to mint, purchase, or buy an Art Blocks NFT, or needs to understand minting mechanics, minter types, pricing, allowlists, Dutch auctions, or build_purchase_transaction.
Audit and harden OpenClaw deployments and interpret `openclaw security audit` findings. Use when the user wants to secure OpenClaw, review gateway exposure/auth/reverse proxies/Tailscale Serve or Funnel, check DM/group access (pairing, allowlists, mention gating, `session.dmScope`), minimise tool permissions and sandboxing, review plugins/skills/secrets/transcripts/log retention, or lock down Docker/macOS/laptop/EC2 installs. Not for generic OS, Docker, or cloud hardening unrelated to OpenClaw.
Postgres-backed observability and policy store for the skill system. Provides tables for policy profiles (effect allowlists), skill execution runs, and step-level events. Use when setting up the skill system database or querying execution history.
Safely inspect .env files by showing key names and clearly non-sensitive values while redacting anything that looks like a secret. Best-effort heuristic redaction (keyword block + token-pattern blocklist + Shannon-entropy check + value allowlist) — not a cryptographic guarantee. Use when you need to understand a project's environment configuration without exposing credentials.
Use when reviewing permission prompt frequency, optimizing the allow-list, or resetting the audit log. Triggers on "audit permissions", "permission report", "allow list", "reduce prompts", "what's getting prompted".
Security scanner for vibe-coded projects. AUTO-INVOKE this skill before any git commit, git push, or when user says "commit", "push", "ship it", "deploy", "is this safe?", "check for security issues", or "goodvibesonly". Also invoke after generating code that handles user input, authentication, database queries, or file operations.
Add or change allowed commands in AI agent permission configs (OpenCode, Claude Code)
Add support for a new CLI command. Use when implementing a handler or adding to SIMPLE_SAFE.