Loading...
Loading...
Found 709 Skills
Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated user can access or modify resources belonging to other users by manipulating object identifiers in API requests. The tester intercepts API calls, identifies object ID parameters (numeric IDs, UUIDs, slugs), and systematically replaces them with IDs belonging to other users to determine if the server enforces per-object authorization. This is OWASP API Security Top 10 2023 risk API1. Activates for requests involving BOLA testing, IDOR in APIs, object-level authorization testing, or API access control bypass.
Migrates apps from @coinbase/onchainkit to standalone wagmi/viem components. Handles provider replacement (OnchainKitProvider to WagmiProvider), wallet component replacement (Wallet/ConnectWallet to custom WalletConnect), and transaction component replacement. Use when the user says "migrate my onchainkit", "replace onchainkit provider", "migrate my wallet component", "replace my onchainkit wallet", "migrate my transaction component", "remove onchainkit dependency", or "move off onchainkit".
Generate animated GIF/MP4/AVIF terminal replays from Claude Code or Codex sessions. Use this skill whenever the user wants to create a GIF, animation, video, or visual replay of a coding session — whether they say "make a gif of my session", "animate that conversation", "create a terminal recording", "share a replay", or reference agent-log-gif directly. Also trigger when users want to find, search, or browse their Claude Code or Codex sessions for visualization purposes. Can also create synthetic/fictional session GIFs from scratch for demos, docs, or tutorials — if the user says "make a demo gif showing X" or "create a fake session gif", use this.
Trigger Scenarios: (1) Explicit memory requests – remember, record, don't forget, pay attention next time, form rules, generate summaries/record documents; (2) Correction and modification – note, incorrect, wrong, it should be, change to, replace with, don't, also need, missing; (3) Preference expression – I prefer, in the future, it's better, suggest, my habit, I usually; (4) Global specifications – unified, all, every, any, each, every time, all, uniformly; (5) Conversation end settlement – when the conversation ends naturally or the topic switches. Convert users' corrections, preferences and rules into structured memory files to improve the output quality of subsequent conversations.
Safe bulk editing across multiple Hugo markdown posts: find/replace, frontmatter updates, content transforms with mandatory preview before apply. Use when user needs batch text replacement, bulk frontmatter field changes, heading/link/whitespace normalization, or regex-based content transforms across posts. Use for "batch edit", "find and replace across files", "add field to all posts", "bulk update tags". Do NOT use for single-file edits, structural refactoring, or content generation.
Build generative UI apps with OpenUI and OpenUI Lang — the token-efficient open standard for LLM-generated interfaces. Use when mentioning OpenUI, @openuidev, generative UI, streaming UI from LLMs, component libraries for AI, or replacing json-render/A2UI. Covers scaffolding, defineComponent, system prompts, the Renderer, and debugging OpenUI Lang output.
Novita AI: LLM, Image Generation & Editing, Video Generation, Audio (TTS/ASR), and GPU Cloud. Use this skill whenever the user wants to call Novita AI APIs — chat with LLMs (DeepSeek, Llama, Qwen), generate images (FLUX, Stable Diffusion, Seedream, Hunyuan Image), edit images (remove background, upscale, inpainting, img2img, outpainting, reimagine, merge face, replace background, remove text), generate videos (Kling, Wan, Hunyuan, Minimax Hailuo, Vidu, PixVerse, Seedance), do text-to-speech or speech-to-text (MiniMax TTS, GLM TTS, Fish Audio, ASR, voice cloning), run OpenAI-compatible batch jobs, manage GPU cloud instances and serverless endpoints, or check account balance and billing. Also trigger when the user mentions novita.ai, Novita AI, Novita API key, or wants to use any Novita platform service — even if they just say "generate an image" or "run an LLM" and Novita is available as a provider.
Local-first architecture decision framework for web applications. Covers when to go local-first vs server-based vs hybrid, sync engine selection (ElectricSQL, Zero, PowerSync, Replicache, LiveStore, Triplit), client-side storage options (IndexedDB, OPFS, SQLite WASM, PGlite), and conflict resolution strategies (LWW, CRDTs, server-wins, field-level merge). Use when deciding whether to adopt local-first architecture, choosing a sync engine, selecting client storage, or designing conflict resolution strategies.
record or replay manual browser actions into a reusable single-file playwright script. use when the user invokes /auto-e2e or /aee with a url to open a page for step-by-step natural-language recording, when the user adds the record flag to save the session conversation, or when the user invokes /auto-e2e replay or /aee replay with a natural-language query to find a prior record and guide a verification re-recording against it. keep an editable step queue, support explicit variable extraction into a single params object, and finish by saving a runnable node-compatible replay script plus package.json under the agent workspace auto-e2e folder.
Use when you need to write fast unit tests for Quarkus applications — including pure tests with @ExtendWith(MockitoExtension.class), @QuarkusTest with @InjectMock for full CDI mock replacement, @InjectSpy for partial CDI bean mocking, REST Assured for resource-focused tests, @ParameterizedTest with @CsvSource / @MethodSource, QuarkusTestProfile for test-specific configuration overrides, and naming conventions (*Test → Surefire, *IT → Failsafe). For framework-agnostic Java use @131-java-testing-unit-testing. Part of the skills-for-java project
Draft and review professional emails that match your personal writing style. Analyzes your sent emails for tone, greeting, structure, and sign-off patterns via WorkIQ, then generates context-aware drafts for any recipient. USE FOR: draft email, write email, compose email, reply email, follow-up email, analyze email tone, email style.
Manage and reply to lead responses in Instantly unibox. Fetches unread conversations, classifies reply intent, drafts contextual responses, and sends replies via Instantly API. Fits after campaign-sending in the GTM pipeline. Triggers on: "reply to leads", "inbox replies", "instantly inbox", "unibox", "respond to replies", "manage replies", "instantly replies", "check inbox", "lead replies", "answer leads".