Loading...
Loading...
Found 2,572 Skills
Use when writing tests, creating test strategies, or building automation frameworks. Invoke for unit tests, integration tests, E2E, coverage analysis, performance testing, security testing.
Optimizes Dockerfiles for smaller images, faster builds, better caching, and security hardening using multi-stage builds and best practices. Use when users request "optimize Dockerfile", "reduce Docker image size", "Docker best practices", or "containerize application".
Guidelines for implementing Clerk authentication in Next.js applications with middleware, hooks, and security best practices
Best practices for Capacitor app development including project structure, plugin usage, performance optimization, security, and deployment. Use this skill when reviewing Capacitor code, setting up new projects, or optimizing existing apps.
Detect security misconfigurations in config files, Docker, and IaC. Use when reviewing configuration security for containers, Kubernetes, Terraform, or application settings.
This skill should be used when the user asks to "verify code", "run verification", "check quality", "validate changes", or before creating a PR. Provides comprehensive verification including build, type check, lint, tests, security scan, and diff review.
Verify, download, and inspect build provenance attestations using the orbit CLI. Use this skill whenever the user asks about verifying attestations, checking provenance, inspecting Sigstore bundles, SLSA provenance, build provenance, verifying binaries, downloading attestation bundles, signer identity, in-toto attestations, or supply chain security. Trigger on phrases like 'verify attestation', 'check provenance', 'inspect bundle', 'build provenance', 'sigstore', 'SLSA', 'verify binary', 'attestation download', 'download bundle', 'check signer', 'inspect attestation', 'provenance verification', 'verify artifact', 'supply chain verification', 'check build origin', or any attestation-related task — even casual references like 'is this binary legit', 'who built this', 'where did this artifact come from', 'check the bundle', or 'show provenance'. The orbit CLI alias for attestation is `attest`.
Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.
Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Supabase security and performance guidelines with Clerk authentication integration. Contains 40+ rules across 10 categories covering RLS policies, Clerk setup, database security, and more.
Build robust backend systems with modern technologies (Node.js, Python, Go, Rust), frameworks (NestJS, FastAPI, Django), databases (PostgreSQL, MongoDB, Redis), APIs (REST, GraphQL, gRPC), authentication (OAuth 2.1, JWT), testing strategies, security best practices (OWASP Top 10), performance optimization, scalability patterns (microservices, caching, sharding), DevOps practices (Docker, Kubernetes, CI/CD), and monitoring. Use when designing APIs, implementing authentication, optimizing database queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or developing production-ready backend systems.
Build comprehensive GitHub Actions workflows for CI/CD, testing, security, and deployment. Master workflows, jobs, steps, and conditional execution.