Loading...
Loading...
Found 386 Skills
Security-first Uniswap v4 hook development. Use when user mentions "v4 hooks", "hook security", "PoolManager", "beforeSwap", "afterSwap", or asks about V4 hook best practices, vulnerabilities, or audit requirements.
Release preparation workflow - security audit → E2E tests → review → changelog → docs
Security audit workflow - vulnerability scan → verification
Conduct rigorous, adversarial code reviews with zero tolerance for mediocrity. Use when users ask to "critically review" my code or a PR, "critique my code", "find issues in my code", or "what's wrong with this code". Identifies security holes, lazy patterns, edge case failures, and bad practices across Python, R, JavaScript/TypeScript, SQL, and front-end code. Scrutinizes error handling, type safety, performance, accessibility, and code quality. Provides structured feedback with severity tiers (Blocking, Required, Suggestions) and specific, actionable recommendations.
[Testing] Autonomous subagent variant of code-review. Use when reviewing code changes, pull requests, or performing refactoring analysis with focus on patterns, security, and performance.
Review code changes in Tenzir projects. Use when auditing diffs or pull requests for bugs, security issues, missing tests, documentation drift, readability problems, performance regressions, user experience issues, or when deciding how to respond to GitHub review comments. Also use this skill whenever the user says "review", "look at this PR", "check my changes", "audit this diff", "what do you think of this code", or asks for feedback on any code they've written or changed — even if they don't explicitly say "code review."
Use when reviewing code for bugs, security issues, race conditions, N+1 queries, trust boundary violations, or any pre-merge quality check
Security audit of Solidity code while you develop. Trigger on "audit", "check this contract", "review for security". Modes - default (full repo) or a specific filename.
Use this skill to audit existing table permissions on a Power Pages site. Trigger examples: "audit permissions", "check permissions", "review table permissions", "are my permissions correct", "permission security audit", "verify permissions setup", "check for permission issues", "permission health check". This skill analyzes existing table permissions against the site code and Dataverse metadata, generates an HTML audit report with findings grouped by severity (critical, warning, info, pass), and suggests fixes for any issues found.
Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for live container runtime analysis, mounted secrets, sidecars, namespaces, init containers, entrypoint drift, and route-to-container resolution. Use when the user asks why a live container differs from manifests, where a mounted secret is consumed, how a sidecar or init container changes runtime state, or which route resolves to which live container. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here.
Use when researching, compiling, or assessing best practices for any AWS service, building HA/DR/security checklists from official AWS documentation, or checking whether live AWS resources follow official recommendations. Requires aws-knowledge-mcp-server. Triggers on "best practices", "compile checklist", "summarize HA/DR best practices", "what are the best practices for", "find all best practices", "check my cluster", "audit my redis", "assess my redis", "assessment", "是否符合最佳实践", "检查现有资源", "查找最佳实践", "编译检查清单", "总结最佳实践", "帮我查找", "汇总成表", "帮我检查", "审计一下", "评估一下".
Local pentest sandbox for a full black-box engagement. Triggers on "kage", "pentest", "security audit on", "audit the security of". Runs recon, deep testing, exploit verification, and judging inside a per-engagement Kali Docker container. Each host working directory gets its own isolated sandbox. Produces `./results/<target>/audit-report.md`.