Loading...
Loading...
Found 668 Skills
WhatsApp Web automation via Playwright and Chrome CDP. Use when the user needs to open WhatsApp Web, launch the WhatsApp Web browser, verify phone numbers on WhatsApp, send WhatsApp messages, read recent chat messages or chat history, read the last reply from a contact, list chats in the sidebar, count chats, count pinned chats, list unread chats, count unread messages, check if a number is registered on WhatsApp, add a new WhatsApp contact, save a number to contacts, automate WhatsApp Web login, or perform bulk number verification. Triggers include requests to "open WhatsApp Web", "buka WhatsApp Web", "launch WhatsApp", "check this number on WhatsApp", "send a WhatsApp message", "verify WhatsApp numbers", "read WhatsApp messages", "list WhatsApp messages", "show recent WhatsApp chat", "ambil pesan WhatsApp", "open WhatsApp chat", "batch check numbers", "list my WhatsApp chats", "ada berapa chat", "berapa pinned chat", "show pinned chats", "ada berapa chat yang belum dibaca", "unread chats", "pesan yang belum dibaca", "how many unread messages", "X bales apa", "apa chat terakhir X", "chat terakhir dari X", "last reply from X", "what did X say", "what did X reply", "add to contacts", "save contact", "add new contact", "simpan kontak", "tambah kontak", "save this number", "pin chat", "unpin chat", "pin this chat", "sematkan chat", "lepas sematan", "pin X", "unpin X", "create group", "new group", "buat grup", "bikin grup baru", "make a whatsapp group", "delete group", "hapus grup", "bubarkan grup", "kick all members", "keluar dan hapus grup", "teardown group", "exit group", "leave group", "keluar grup", "keluar dari grup", "delete chat", "hapus chat", "clear chat", "remove this chat", or any task requiring programmatic WhatsApp Web interaction. For any "open/launch/buka WhatsApp Web" request, run `scripts/login.py` WITHOUT `--wait` — the script exits immediately after opening the window so the agent stays responsive. Never use `--wait` unless the user explicitly asks the agent to wait for them to sign in. For reading messages, run `scripts/read_messages.py --from <name>`. For the last reply from a contact (prompts like "X bales apa"), run `scripts/last_reply.py --from <name>`; add `--any-direction` if the user wants the very last message regardless of who sent it (prompts like "apa chat terakhir X"). For listing chats, run `scripts/list_chats.py`. For pinned chats, run `scripts/list_pinned.py`. For unread chats, run `scripts/list_unread.py`. For adding a contact (prompts like "add this number to contacts", "simpan jadi kontak"), ALWAYS ask the user for First Name, Last Name (optional), and whether to sync the contact to the phone before running `scripts/add_contact.py --phone <number> --first-name <first> [--last-name <last>] [--sync]`. For pinning or unpinning a chat (prompts like "pin chat Ezra", "sematkan chat X", "unpin X"), run `scripts/pin_chat.py --to <name-or-number>` or add `--unpin` to unpin. WhatsApp Web allows at most 3 pinned chats — if the pin action becomes a no-op with `already=true`, tell the user the chat is already pinned; if pinning fails due to the 3-pin cap, tell the user they need to unpin something first. For exiting a group without deleting it from the chat list (prompts like "keluar grup X", "leave group X"), ALWAYS ask the user to confirm first ("Keluar dari grup X? Grup tetap ada di chat list sampai kamu hapus manual."), then run `scripts/exit_group.py --name <group-name> --confirm`. For deleting a chat from the sidebar (prompts like "hapus chat Ezra", "delete chat X", "clear chat"), ALWAYS ask the user to confirm first ("Hapus chat X dari sidebar? Ga bisa di-undo."), then run `scripts/delete_chat.py --to <name-or-number> --confirm`. For active groups you want fully gone, prefer `scripts/delete_group.py` (kick-all + exit + delete) over calling exit + delete-chat separately. For deleting a group (prompts like "hapus grup X", "bubarkan grup"), ALWAYS ask the user to confirm first ("This will kick every member, exit the group, and remove it from your chat list. Lanjut?"). Only after the user confirms, run `scripts/delete_group.py --name <group-name> --confirm`. The script refuses to run without `--confirm`. After it returns, report the `status` field back — "deleted" = fully gone; "exited" = you're out but delete didn't finalize; "partial" = something failed mid-way. Also surface the `skipped` list so the user knows which members couldn't be kicked (usually because the caller isn't admin). For creating a new group (prompts like "buat grup baru", "create a group"), ALWAYS ask the user for the group name AND the members. Members can be many — accept comma-separated input and ask again (repeatably) if the user has more to add, stopping when they signal done. Then run `scripts/create_group.py --name <name> --members <a,b,c> [--members ...]`. After the script returns, check the `failed` array — if any member failed to match a contact, tell the user which ones so they can add them manually later. Always keep responses to the user friendly and non-technical (say "Opening WhatsApp Web..." instead of "Starting Chrome with CDP").
Implement OAuth 2.1 / OIDC authentication using Better Auth with MCP assistance. Use when setting up a centralized auth server (SSO provider), implementing SSO clients in Next.js apps, configuring PKCE flows, or managing tokens with JWKS verification. Uses Better Auth MCP for guided setup. NOT when using simple session-only auth without OAuth/OIDC requirements.
Self-contained deploy automation — invoke directly, do not decompose. Deploys a Vibes app to Cloudflare Workers with subdomain registry. Uses KV for storage and native Web Crypto for JWT verification.
Browser automation skill for UI testing via Chrome MCP tools. Use when: (1) QA Agent needs to verify UI visually or test interactions, (2) UI/UX Designer needs to check responsive design or component states, (3) Frontend Dev needs quick visual verification during development, (4) Test Writer needs to document user flows with screenshots/GIFs, (5) Any agent needs to test web interfaces, record demos, or debug UI issues. Capabilities: screenshots, interaction testing, accessibility checks, GIF recording, responsive testing, console/network debugging.
Multi-Model Collaboration — Invoke gemini-agent and codex-agent for auxiliary analysis **Trigger Scenarios** (Proactive Use): - In-depth code analysis: algorithm understanding, performance bottleneck identification, architecture sorting - Large-scale exploration: 5+ files, module dependency tracking, call chain tracing - Complex reasoning: solution evaluation, logic verification, concurrent security analysis - Multi-perspective decision-making: requiring analysis from different angles before comprehensive judgment **Non-Trigger Scenarios**: - Simple modifications (clear changes in 1-2 files) - File searching (use Explore or Glob/Grep) - Read/write operations on known paths **Core Principle**: You are the decision-maker and executor, while external models are consultants.
Verify and enforce coding standards, AI guidelines, and workspace compliance across repositories. Use for standards propagation, compliance verification, and enforcing development best practices.
Applies multi-algorithm cryptography (ED25519, P-256, RSA-4096) using Sorcha.Cryptography. Use when: implementing signing, verification, encryption, key generation, HD wallets, or address encoding.
Guides technical evaluation of code review feedback before implementation. Use when receiving PR comments, review suggestions, GitHub feedback, or when asked to address reviewer feedback. Emphasizes verification and reasoned pushback over blind agreement.
Load PROACTIVELY when task involves payments, billing, or subscriptions. Use when user says "add payments", "integrate Stripe", "set up subscriptions", "add a checkout flow", or "handle billing webhooks". Covers Stripe, LemonSqueezy, and Paddle integration, checkout sessions, subscription lifecycle management, webhook verification and handling, customer portal, metered billing, refunds, and PCI compliance considerations.
Load PROACTIVELY when task involves user identity, login, or access control. Use when user says "add authentication", "set up login", "add OAuth", "protect these routes", "implement RBAC", or "add sign-up". Covers session management, JWT tokens, OAuth2 flows, password reset, email verification, protected route middleware, role-based access control, and security hardening (CSRF, rate limiting, token rotation).
Conducts investigative-grade research with primary source analysis, cross-verification, and trial-level depth. Use when an album needs factual research, source material, or verification of claims.
Mandatory incident fix verification with observables. Invoke after: applying production fixes, before declaring incidents resolved, when someone says 'I think that fixed it'. Requires log entries, metric changes, and database state confirmation.