Loading...
Loading...
Found 5,605 Skills
Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated user can access or modify resources belonging to other users by manipulating object identifiers in API requests. The tester intercepts API calls, identifies object ID parameters (numeric IDs, UUIDs, slugs), and systematically replaces them with IDs belonging to other users to determine if the server enforces per-object authorization. This is OWASP API Security Top 10 2023 risk API1. Activates for requests involving BOLA testing, IDOR in APIs, object-level authorization testing, or API access control bypass.
Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage, and unprotected data transmission during security assessments.
Jetpack Compose expert skill for Android UI development. Guides state management decisions (@Composable, remember, mutableStateOf, derivedStateOf, State hoisting), view composition and structure, Modifier chains, lazy lists, navigation, animation, side effects, theming, accessibility, and performance optimization. Backed by actual androidx source code analysis. Use this skill whenever the user mentions Compose, @Composable, remember, LaunchedEffect, Scaffold, NavHost, MaterialTheme, LazyColumn, Modifier, recomposition, Style, styleable, MutableStyleState, or any Jetpack Compose API. Also trigger when the user says "Android UI", "Kotlin UI", "compose layout", "compose navigation", "compose animation", "material3", "compose styles", "styles api", or asks about modern Android development patterns. Even casual mentions like "my compose screen is slow" or "how do I pass data between screens" should trigger this skill.
Use when users provide vague, underspecified, or unclear requests where they need help defining WHAT they actually want - across ANY domain (writing, analysis, code, documentation, proposals, reports, presentations, creative work). Trigger aggressively when users express VAGUE GOALS ("make this better", "improve our X", "figure out what to include", "I don't know where to start", "kinda lost on what to do", "not sure what this means"), UNDEFINED SUCCESS ("should look professional", "explain this clearly", "make it convincing", "whatever works best", missing constraints/audience/format), COMMUNICATION UNCLEAR ("how do I explain/communicate this", "my team gets confused when I describe it", "help me figure out what to ask about X"), AMBIGUOUS REQUIREMENTS ("analyze the data" without saying what to look for, "improve documentation" without saying how, "make it more robust" without defining robustness, any request with multiple valid interpretations), or META-PROMPTING ("optimize this prompt", "improve my prompt", "make this clearer", "review my instructions", learning about prompt frameworks like CO-STAR/RISEN/RODES, understanding what makes prompts effective). Trigger for non-technical users and ANY situation where the request needs refinement, structure, or clarification before execution can begin. When in doubt about whether a request is clear enough - trigger.
Expert guidance for Django REST Framework class-based views using Classy DRF (https://www.cdrf.co). Use when selecting or debugging APIView, GenericAPIView, concrete generic views, mixin combinations, or ViewSet/GenericViewSet/ModelViewSet behavior; tracing method resolution order (MRO); understanding which method to override (`create` vs `perform_create`, `update` vs `perform_update`, `destroy` vs `perform_destroy`, `get_queryset`, `get_serializer_class`); and comparing behavior across DRF versions. Do not use for function-based views, GraphQL, FastAPI/Flask, frontend work, or non-DRF backend frameworks.
A deterministic thinking partner that challenges assumptions and applies mental models to sharpen decisions, solve problems, and think more clearly. Use this skill whenever a user says "help me think through X", "challenge my thinking", "what am I missing", "apply mental models to this", "play devil's advocate", "stress test this idea", "poke holes in my plan", "help me decide between X and Y", "what are the second-order effects", "I'm stuck on a decision", names any specific model (SWOT, first principles, inversion, pre-mortem, etc.), or asks for structured reasoning on any ambiguous, high-stakes, or complex problem. Also trigger when the user seems uncertain, is rationalizing, or is asking "am I thinking about this right?" Even casual phrases like "what do you think about..." on non-trivial topics should trigger this skill.
Build real-time voice AI applications with bidirectional WebSocket communication.
Run a comprehensive Go-to-Market and launch readiness review for a project phase. Combines marketing content audit, code quality review, performance audit, accessibility audit, infrastructure readiness, and business review with council evaluation. Use before phase launches or when GTM review issues are ready.
Use this skill for on-chain DEX operations: token search, swap quotes, DEX trading, wallet portfolio/balance queries, gas estimation, and transaction broadcasting across 20+ blockchains (Ethereum, Solana, Base, BSC, Arbitrum, Polygon, etc.). Use when user says: 'swap ETH for USDC', 'buy token on-chain', 'DEX swap', 'token search on-chain', 'wallet balance', 'portfolio value', 'gas price', 'broadcast transaction', 'trending on-chain tokens', 'hot tokens', 'token holders', 'token liquidity', 'smart money signal', 'whale signal', 'K-line on-chain', '链上交易', '链上swap', 'DEX交易', '买币', '链上行情', '钱包余额', '持仓', 'gas费', '广播交易', '链上热门币', '聪明钱', '巨鲸信号'. Powered by OKX Web3 DEX API with 500+ liquidity sources. MUST run node scripts — NEVER fabricate on-chain data. For CEX trading (Binance/OKX spot/futures), use aicoin-trading. For CEX market data (funding rates, OI, liquidation), use aicoin-market.
Use this skill when implementing data validation, data quality monitoring, data lineage tracking, data contracts, or Great Expectations test suites. Triggers on schema validation, data profiling, freshness checks, row-count anomalies, column drift, expectation suites, contract testing between producers and consumers, lineage graphs, data observability, and any task requiring data integrity enforcement across pipelines.
Use this skill when working with PostHog - product analytics, web analytics, feature flags, A/B testing, experiments, session replay, error tracking, surveys, LLM observability, or data warehouse. Triggers on any PostHog-related task including capturing events, identifying users, evaluating feature flags, creating experiments, setting up surveys, tracking errors, and querying analytics data via the PostHog API or SDKs (posthog-js, posthog-node, posthog-python).
Use this skill when architecting on Google Cloud Platform, selecting GCP services, or implementing data and compute solutions. Triggers on Cloud Run, BigQuery, Pub/Sub, GKE, Cloud Functions, Cloud Storage, Firestore, Spanner, Cloud SQL, IAM, VPC, and any task requiring GCP architecture decisions or service selection.