Loading...
Loading...
Found 383 Skills
Custom Connectors for Power Platform. Use when: building custom connectors, OpenAPI definitions, OAuth authentication, API Key auth, triggers (polling/webhook), connector policies, Azure APIM integration, DLP considerations.
Use when connecting your agent to external APIs, tools, or services via Gateway, or restricting tool access with Cedar policies. Handles gateway setup, target types, outbound auth (OAuth, API key, IAM), credentials, and Cedar policy authoring. Triggers on: "connect to API", "add gateway", "connect to MCP server", "Lambda tools", "OpenAPI", "gateway target", "Cedar policy", "restrict tools", "policy engine", "gateway auth error", "store API key", "outbound credential", "env var API key", "API key None after deploy", "credential not available after deploy", "should this be a gateway target", "give my agent tools", "add tools to agent". Not for inbound auth (who can call your agent) — use agents-harden. Not for debugging agent behavior — use agents-debug. Not for VPC networking errors (agent can't reach APIs due to VPC) — use agents-build. Not for creating or hosting a new MCP server project — use agents-get-started.
Install and bootstrap a Coder (coder/coder) deployment end-to-end from the CLI without the web UI. Covers quick-start (one machine, auto-tunnel URL) and production (real domain, TLS, wildcard, OIDC, external provisioner). Drives GitHub device-code on fresh deployments to sign the first admin in without a browser, falls back to email/password for scripted runs, pushes a starter template, and optionally creates a first workspace. Activate when the user says: "install Coder", "set up Coder", "deploy Coder", "bootstrap Coder", "run Coder in Docker / on Kubernetes / on a VM", "Coder on AWS / GCP / Azure", "put Coder behind HTTPS / Caddy / nginx / cert-manager", "wildcard domain", "headless / non-interactive setup", "create the first admin from the CLI", "push a starter template", or "create my first workspace". Also activate for /coder:setup. Do NOT activate for upgrading an existing deployment, editing an existing template, debugging a running server, or configuring OIDC / custom OAuth on a running deployment.
Manages Neo4j Aura Agents via the v2beta1 REST API — create, list, get, update, delete, and invoke Aura agents backed by an AuraDB instance. Use when configuring Aura Agent tools (CypherTemplate, SimilaritySearch, Text2Cypher), setting system prompts, deploying agents to REST or MCP endpoints, or invoking agents with natural language queries. Covers OAuth2 auth, organization/project scoping, tool parameter schemas, and InvokeAgentResponse format. Does NOT cover AuraDB instance provisioning — use neo4j-aura-provisioning-skill. Does NOT cover vector index creation — use neo4j-vector-index-skill.
Tests API authentication mechanisms for weaknesses including broken token validation, missing authentication on endpoints, weak password policies, credential stuffing susceptibility, token leakage in URLs or logs, and session management flaws. The tester evaluates JWT implementation, API key handling, OAuth flows, and session token entropy to identify authentication bypasses. Maps to OWASP API2:2023 Broken Authentication. Activates for requests involving API authentication testing, token validation assessment, credential security testing, or API auth bypass.
Google API integration for blog performance: PageSpeed Insights, CrUX Core Web Vitals with 25-week history, Search Console performance, URL Inspection, Indexing API, GA4 organic traffic, NLP entity analysis for E-E-A-T, YouTube video search for embedding, and Google Ads Keyword Planner. Progressive feature availability based on credential tier (API key, OAuth/service account, GA4, Ads). Shares config with claude-seo at ~/.config/claude-seo/google-api.json. Use when user says "google data", "page speed", "core web vitals", "search console", "indexation", "GA4", "keyword research", "nlp entities", "blog performance", "youtube search", "google api setup".
Use when handling any auth, API keys, tokens, OAuth, bearer tokens, basic auth, or secret values in n8n workflows. Triggers on "API key", "token", "bearer", "OAuth", "secret", "auth", "credentials", "Authorization header", "x-api-key", or any node configuration that mentions a third-party service.
Use this skill for Sealtun-specific local-to-public tunnel work or Sealtun repo maintenance/release. Trigger for sealtun, sealtun.yaml, Sealos tunnel, ngrok/cloudflared-style tunnel, expose localhost/local port/local dev server, public HTTPS URL/domain for local app, public SSH/TCP tunnel, NodePort SSH, ProxyCommand fallback, webhook/payment/OAuth/bot callback to local service, preview/demo link, custom domain/CNAME, Basic Auth, Bearer token, IP allowlist/denylist, temporary access links, ttl auto-expire, apply/diff multi-tunnel config, stop/start/resume, cleanup, daemon/session/logs/metrics/dashboard/doctor, npm binary packages, GitHub Release, GoReleaser, GHCR. Chinese triggers: 内网穿透, 本地服务公网访问, 本地端口暴露, localhost 暴露到公网, 公网预览链接, 公网域名, 公网 SSH, SSH 隧道, TCP 隧道, 第三方回调到本地, 隧道认证, 访问控制, 声明式配置, 发版. Do not use for generic Kubernetes/Ingress/DNS/SSH unless Sealtun is involved.
Autonomously set up an OpenClaw bot on a fresh Yandex Cloud VM in Kazakhstan (kz1-a, Karaganda). Asks the user for exactly two things — a Telegram bot token and one of three LLM access options (Anthropic API key, OpenRouter API key, or OpenAI Codex OAuth via ChatGPT Plus/Pro subscription) — then handles VM creation, hardening, OpenClaw install, CEO AI OS workspace seeding, Telegram pairing, chat_id auto-detection, and bot-reply verification on its own. The only other actions the user performs are pressing /start in Telegram once and (if Codex) confirming a device code on auth.openai.com. Use when the user says install OpenClaw to Yandex Cloud, deploy OpenClaw to YC Kazakhstan, set up my CEO bot in YC KZ, I am at OpenClaw workshop and need my own bot, create a Yandex Cloud VM for OpenClaw, or any close paraphrase. Targets a ~15-minute end-to-end run for non-DevOps users (founders, CEOs, marketing leads). Supports two modes of accessing Yandex Cloud — Plan A (the user's own YC Kazakhstan account via OAuth) and Plan B (a workshop-key bundle provided by the workshop organizer, for participants without their own YC account). The mode is auto-detected from the inputs. For local-machine OpenClaw install, use openclaw/install.sh in this repo instead. Companion skill openclaw-guide is required; prepare-yc-workshop is the matching organizer-side skill that produces the bundles consumed in Plan B; openclaw-user-onboarding is auto-invoked after Step 5 to collect the five basic facts about the user (identity, focus, style, tools, anti-patterns) and write them into USER.md so the bot is useful from message one.
Search Newark, Farnell, and element14 for electronic components — find parts by MPN or distributor part number, check pricing/stock, download datasheets, analyze specifications. One unified API covers all three storefronts (Newark for US, Farnell for UK/EU, element14 for APAC). Free API key, simple query-parameter auth, no OAuth. Datasheets download directly from farnell.com CDN with no bot protection. Sync and maintain a local datasheets directory for a KiCad project, or use batch MPN-list seeding (`--mpn-list`) for bulk workflows without a project. Use this skill when the user mentions Newark, Farnell, element14, needs parts from a non-US distributor, wants to compare pricing across regions, or needs datasheets from a source that doesn't require complex API auth. For package cross-reference tables and BOM workflow, see the `bom` skill.
Guideline for designing, implementing, and verifying secure APIs following OWASP API Security Top 10 (2023) best practices. Use when the user wants to: (1) review API code or design for security vulnerabilities, (2) design a secure REST, GraphQL, or gRPC API architecture, (3) implement API authentication and authorization (OAuth2, JWT, API keys, mTLS), (4) configure rate limiting, input validation, or CORS, (5) audit API endpoints for BOLA, BFLA, or mass assignment vulnerabilities, (6) create API security checklists or verification plans, (7) fix API security bugs or harden existing APIs, (8) set up API security testing (OWASP ZAP, Schemathesis, Burp Suite), or (9) handle any API security concern including SSRF prevention, resource consumption limits, business flow protection, API inventory management, and secure third-party API consumption.
Keycloak identity and access management including realms, clients, authentication flows, themes, and user federation. Activate for OAuth2, OIDC, SAML, SSO, identity providers, and authentication configuration.