Loading...
Loading...
Found 386 Skills
Orchestrates Tizen certification workflow. Coordinates TCT test execution, compliance verification, and certification documentation.
Review code changes in Tenzir projects. Use when auditing diffs or pull requests for bugs, security issues, missing tests, documentation drift, readability problems, performance regressions, user experience issues, or when deciding how to respond to GitHub review comments. Also use this skill whenever the user says "review", "look at this PR", "check my changes", "audit this diff", "what do you think of this code", or asks for feedback on any code they've written or changed — even if they don't explicitly say "code review."
Real-time security monitoring for Clawdbot. Detects intrusions, unusual API calls, credential usage patterns, and alerts on breaches.
OWASP security guidelines and Top 10 vulnerabilities USE WHEN: user mentions "OWASP", "security audit", "vulnerability scan", asks about "injection", "XSS", "CSRF", "access control", "authentication security" DO NOT USE FOR: OWASP Top 10:2025 specific - use `owasp-top-10` instead
Parallel 3-reviewer code review orchestration: launch Security, Business-Logic, and Architecture reviewers simultaneously, aggregate findings by severity, and produce a unified BLOCK/FIX/APPROVE verdict. Use when reviewing PRs with 5+ files, security-sensitive changes, new features needing broad coverage, or when user requests "parallel review", "comprehensive review", or "full review". Do NOT use for single-file fixes, documentation-only changes, or when systematic-code-review (sequential) is sufficient.
Agent skill for reviewer - invoke with $agent-reviewer
Security skill for threat modeling, secure defaults, and security-focused code review in generic software projects.
Security Check - Security review for skills before installation. Triggers: Before installing new skills, regular review of installed skills, or when security issues with a skill are suspected. Security Checks: - Dangerous Commands: rm -rf, sudo, curl|bash, etc. - Network Requests: Potential data leakage risks - File Writes: Writing to sensitive locations - Credentials: Risk of API key/password leakage - Resource Exhaustion: Infinite loops - Privilege Escalation: Privilege escalation attempts - External Dependencies: Suspicious dependencies Commands: - /安检 <skill-path> - Review skill security - /安检 scan <path> - Deep scan - /安检 list - List risks of installed skills - /安检 fix <skill> - Fix security issues - /security <skill-path> - English command Actions: - Auto-fix: Remove or replace dangerous code - Disable: Disable dangerous features - User Confirm: User chooses whether to proceed - Block: Block installation for severe risks Capabilities: Static code analysis, dangerous pattern recognition, risk assessment, auto-fix, user interactive decision making.
Validate, lint, audit, or fix .gitlab-ci.yml pipelines, stages, and jobs.
Scans code for security vulnerabilities — injection flaws, authentication gaps, XSS vectors, mass assignment, CSRF, insecure deserialization, sensitive data exposure, broken access control, and misconfigurations. Generates severity-scored findings with copy-pasteable fix prompts. Trigger phrases: "security scan", "security audit", "vulnerability check", "find security issues".
ローカル改修した `.agents/skills/<skill-name>/` を upstream リポジトリ (Fandhe-AI/agent-cli-skills 等) へ PR として投稿する。`skills-lock.json` の `source` を読み、`Fandhe-AI/` 以外への push は安全弁で中止。clone → 反映 → セキュリティチェック → ブランチ作成 → push → `gh pr create` を実行。マージ後は sync-skills-lock で hash 更新。「スキルを upstream に貢献」「外部リポジトリに PR」などで使用。
Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.