Loading...
Loading...
Found 48 Skills
Find and replace code patterns structurally using ast-grep. Use when you need to match code by its AST structure (not just text), such as finding all functions with specific signatures, replacing API patterns across files, or detecting code anti-patterns that regex cannot reliably match.
Perform static analysis of malicious PDF documents using peepdf, pdfid, and pdf-parser to extract embedded JavaScript, shellcode, and suspicious objects.
Find orphan functions, dangling imports, and dead code via GitNexus CLI (npx gitnexus@latest). CLI ONLY - NO MCP server exists, never use readMcpResource with gitnexus:// URIs. TRIGGERS - dead code, orphan functions, unused imports, dangling references, unreachable code.
Analyse PHP code with PHPStan via the playground API. Tests across all PHP versions (7.2–8.5) and reports errors grouped by version. Supports configuring level, strict rules, and bleeding edge.
This skill should be used when the user asks to lint Perl code, run perlcritic, check Perl style, format Perl code, run perltidy, or mentions Perl Critic policies, code formatting, or style checking.
Multi-language code quality gate with auto-detection and language-specific linters. Use when user asks to "run quality checks", "quality gate", "lint all", "check everything", "pre-commit checks", or "is this code ready to commit". Use for verifying code quality across polyglot repos. Do NOT use for single-language linting (use code-linting) or comprehensive code review (use systematic-code-review).
KGF-aware token pattern and semantic code search. Use when the user wants to search code by structure (not just text), find specific patterns like nested loops or undocumented functions, or search by natural language similarity.
Security vulnerability scanner for any application. Use proactively and aggressively whenever the user asks to review code, perform a security audit, scan for vulnerabilities, look for application improvements, harden security, check for OWASP issues, find secrets, or assess risk. Triggers on phrases like code review, security review, audit, vulnerability, OWASP, CVE, improve security, find issues, look for improvements, secure code, pentest, threat model, harden app, audit deps. If the working directory is empty, ask for a GitHub URL and clone with gh before analyzing. Aligned to OWASP Top 10:2025. Writes a structured report to audit/<YYYY-MM-DD>/report.md in the project root.
Static analysis security vulnerability scanner for Ruby on Rails applications. Use when analyzing Rails code for security issues, running security audits, reviewing code for vulnerabilities, setting up security scanning in CI/CD, managing security warnings, or investigating specific vulnerability types (SQL injection, XSS, command injection, etc.). Also use when configuring Brakeman, reducing false positives, or integrating with automated workflows.
Scan codebase for security vulnerabilities including secrets, insecure dependencies, and unsafe code patterns. Use when performing automated security scans.
Java code quality with Checkstyle, SpotBugs, PMD, and SonarJava. Covers static analysis, code style, and best practices. USE WHEN: user works with "Java", "Spring Boot", "Maven", "Gradle", asks about "Checkstyle", "SpotBugs", "PMD", "Java code smells", "Java best practices" DO NOT USE FOR: SonarQube generic - use `sonarqube` skill, testing - use Spring Boot test skills, security - use `java-security` skill
Classify a code quality concern into the right enforcement tool and act on it. Activate when the user wants to enforce a pattern, catch a mistake, add a check, create a rule, prevent a practice, guard against regressions, set up linting, improve their feedback loop, or asks "how do I make sure X."