Loading...
Loading...
Found 610 Skills
Use when the user wants to verify their understanding of a branch's code changes by being quizzed on runtime behavior, assumptions, failure points, and edge cases instead of just reading diffs
Validates permission inheritance between parent and child agents. Ensures child permissions are equal to or more restrictive than parent. Activate on 'validate permissions', 'permission check', 'inheritance validation', 'permission matrix', 'security validation'. NOT for runtime enforcement (use dag-scope-enforcer) or isolation management (use dag-isolation-manager).
Effect-TS (Effect) guidance for TypeScript. Use when building, refactoring, reviewing, or explaining Effect code, especially for: typed error modeling (expected errors vs defects), Context/Layer/Effect.Service dependency wiring, Scope/resource lifecycles, runtime execution boundaries, schema-based decoding, concurrency/scheduling/streams, @effect/platform APIs, Effect AI workflows, and Promise/async migration.
Write, refactor, and debug Joplin plugins for desktop/mobile using the official Joplin plugin architecture, API, and manifest rules. Use when a user asks to create a new Joplin plugin, add features to an existing plugin, build CodeMirror/editor extensions, fix plugin loading/runtime errors, prepare manifest/package output, or align implementation with official docs from laurent22/joplin and joplin/plugins.
Debugs Windows applications using WinDbg and crash dump analysis including MCP server integration, live process attach, dump file triage, hang detection, high-CPU diagnosis, memory leak investigation, kernel debugging, symbol configuration, scenario command packs, diagnostic report generation, and SOS extension workflows for .NET runtime inspection.
Fastify high-performance Node.js framework. Covers routing, plugins, validation, and serialization. Use when building fast Node.js APIs. USE WHEN: user mentions "Fastify", "fastify", "TypeBox", "schema validation", asks about "fast Node.js framework", "high-throughput API", "JSON schema validation", "performance-critical backend", "plugin-based architecture" DO NOT USE FOR: Enterprise DI patterns - use `nestjs` instead, Minimalist approach - use `express` instead, Edge runtimes - use `hono` instead, Deno - use `oak` or `fresh` instead
MUST USE for any task involving the dotenvx CLI tool — encrypting .env files, running commands with injected env vars, managing secrets across environments, and decrypting at runtime. Use this skill whenever the user mentions dotenvx, dotenv encryption, DOTENV_PRIVATE_KEY, encrypted .env files, or the dotenvx encrypt/run/set/get/decrypt/keypair commands. Also trigger when the user wants to: commit .env files safely to git, stop sharing secrets over Slack/chat, encrypt environment variables with public-key cryptography, set up multi-environment .env configs (production/staging/ci), manage secrets in a monorepo with -fk flag, migrate from python-dotenv or plain dotenv to encrypted envs, inject env vars into any process across any language (Node, Python, Ruby, Go, Rust, etc.), or configure CI/CD pipelines (GitHub Actions, Docker) with encrypted env files. This skill contains the authoritative CLI reference — without it, responses will hallucinate non-existent commands and flags.
Run TypeScript type checking with tsc --noEmit and parse errors into actionable, file-grouped output. Use when validating TypeScript code before commits, after refactors, or when checking for type regressions. Use for "type check", "tsc", "TypeScript errors", "type validation", or pre-commit TypeScript verification. Do NOT use for linting, test execution, runtime errors, or JavaScript-only projects without tsconfig.json.
Execute a comprehensive, framework-agnostic Security Audit. Detects project type at runtime and adapts security checks accordingly. Analyzes sensitive files, source code secrets, dependency vulnerabilities, and optionally uses Gemini AI for advanced analysis. Produces a severity-classified report. Use when the user asks to audit security, scan for vulnerabilities, check for secrets, or assess dependency risks. Triggers on: 'security audit', 'vulnerability scan', 'secret scan', 'dependency audit', 'security check', 'pentest', 'owasp'.
This skill should be used when the user asks to "test my site", "test the site", "run site tests", "check if site is working", "verify site", "smoke test", "test pages", "check api calls", "test web api", "verify deployment works", or wants to test a deployed, activated Power Pages site at runtime using browser-based navigation, page crawling, and API request verification.
Installs, configures, audits, and operates Agent Package Manager (APM) in repositories. Use when initializing apm.yml, installing or updating packages, validating manifests, managing lockfiles, compiling agent context, browsing MCP servers, setting up runtimes, or packaging resolved context for CI and team distribution. Don't use for writing a single skill by hand, generic package managers like npm or pip, or non-APM agent configuration systems.
Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for CI/CD, registry, dependency drift, artifact provenance, image build, release pipeline, and runtime consumer challenges. Use when the user asks to trace dependency drift, registry pulls, malicious packages, build or release tampering, CI execution, artifact signing, or which shipped artifact the runtime actually consumes. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here.