Loading...
Loading...
Found 3,839 Skills
Builds and queries multi-language source code graphs for security analysis. Includes pre-analysis passes for blast radius, taint propagation, privilege boundaries, and entry point enumeration. Use when analyzing call paths, mapping attack surface, finding complexity hotspots, enumerating entry points, tracing taint propagation, measuring blast radius, or building a code graph for audit prioritization. Supports 16 languages including Solidity, Cairo, Circom, Rust, Go, Python, C/C++, TypeScript.
Compares Trailmark code graphs at two source code snapshots (git commits, tags, or directories) to surface security-relevant structural changes. Detects new attack paths, complexity shifts, blast radius growth, taint propagation changes, and privilege boundary modifications that text diffs miss. Use when comparing code between commits or tags, analyzing structural evolution, detecting attack surface growth, reviewing what changed between audit snapshots, or finding security-relevant changes that text diffs miss.
Use when you need to execute I1 (Implementation Plan) in the Spec Pack of sdlc-dev, convert requirements/design into `{FEATURE_DIR}/implementation/plan.md` (the single source of truth for execution checklist and status, SSOT), and provide an unambiguous task list for subsequent I2 execution.
Track which stacks use a specific Pulumi package and at what versions, or upgrade a stack to the latest version of a package. Use when users ask about package version tracking, outdated package versions across stacks, upgrade candidates, or package usage audits. Also use when users want to upgrade/update a specific package version in a stack or project. Do NOT use for general infrastructure creation, resource provisioning, or questions about how to use a package.
Build Android networking stacks with Retrofit, OkHttp, interceptors, API contracts, and resilient error handling.
Search the web with DuckDuckGo as a no-API-key fallback or second source. Use when the normal web search tool or primary search provider is rate-limited, failing, unavailable, not delivering enough useful results, or producing weak results, and you want quick text, news, image, or video search results, instant-answer lookups, or DuckDuckGo bang resolution without browser automation.
Use when running autonomous loops, repeated operations, or when detecting stagnation patterns - enforces rate limits, protects configuration files, manages recovery with cooldown periods, and prevents infinite loops during autonomous development
Use when managing Alibaba Cloud Key Management Service (KMS) via OpenAPI/SDK, including the user needs key lifecycle/resource operations, policy/configuration changes, status inspection, or troubleshooting KMS API workflows.
Use when generating or reasoning over text with Alibaba Cloud Model Studio Qwen flagship text models (`qwen3-max`, `qwen3.5-plus`, `qwen3.5-flash`, snapshots, and compatible open-source variants). Use when building chat, agent, tool-calling, or long-context text generation workflows on Model Studio.
Use when managing Alibaba Cloud Cloud Backup (HBR) via OpenAPI/SDK, including the user asks for backup lifecycle operations such as resource listing, policy/config updates, job status queries, and troubleshooting HBR backup or restore workflows.
Build a complete, production-ready full-stack web application from PRD documents, prototype images, and resource files. Handles the entire pipeline: system design, database schema, seed data, backend API, frontend UI, visual verification against prototypes, and deployment script generation. Use this skill whenever the user: - Provides a PRD (product requirement document) and wants a working app built - Says things like "根据PRD开发", "build from PRD", "implement this product", "把需求文档做成应用", "develop this app from requirements" - Has prototype images + requirements and wants full-stack implementation - Wants to turn product specifications into a running web application - Mentions building an app from wireframes/mockups combined with a requirements doc Trigger this skill even if the user just says "帮我开发" or "build this" with PRD materials present in the working directory.
PHP Web source code CRLF/response splitting audit tool. Identifies user input that enters HTTP response headers, analyzes filtering and encoding of newlines/control characters, and outputs severity ratings, PoCs and fix suggestions (omission is prohibited).