Loading...
Loading...
Found 90 Skills
Craft platform help — AI growth engine for home services with real-time field sales coaching during in-home appointments, 24/7 AI call center with live CSR coaching, revenue recovery AI agents, Craft Intelligence analytics. Use when reps need live coaching during appointments not after, call center booking rates are too low, missed estimates and unsold jobs pile up without follow-up, comparing Craft vs Rilla vs Siro vs SalesAsk for home services coaching, setting up Craft with ServiceTitan or Salesforce, or wondering if bundled pricing is worth it. Do NOT use for virtual/video meeting note-taking (use /sales-note-taker) or building a coaching program from scratch (use /sales-coaching).
Web application security expert. OWASP Top 10, XSS, SQLi, CSRF, SSRF, authentication bypass, IDOR. Use for web app security testing.
YouTube Analytics integration. Manage Channels, Comments, AnalyticsReports. Use when the user wants to interact with YouTube Analytics data.
Refactor Flask code to improve maintainability, readability, and adherence to best practices. This skill transforms Flask applications using the application factory pattern, Blueprint organization, and service layer separation. It addresses fat route handlers, missing error handling, improper context local usage, and security issues. Apply when you notice global app instances, routes without Blueprints, business logic in handlers, or missing CSRF protection.
IPA guideline-compliant security diagnostic and review skill for Laravel/React applications. Use when performing security checks during code implementation or review. Diagnoses 11 vulnerability types (SQL injection, XSS, CSRF, etc.), provides safe code examples, and performs checklist-based validation. Works in conjunction with .claude/rules/security/ to provide concrete diagnostic workflows during implementation phases. Triggers when: (1) reviewing code for security vulnerabilities, (2) implementing authentication/authorization, (3) handling user input/output, (4) working with sessions/cookies, (5) processing files or executing commands, (6) creating forms or APIs, (7) performing security audits.
Manage App Store Connect code signing resources using the `asc` CLI tool. Use this skill when: (1) Managing bundle identifiers — register, list, or delete (`asc bundle-ids`) (2) Managing signing certificates — create from CSR, list, or revoke (`asc certificates`) (3) Registering or listing test devices (`asc devices`) (4) Managing provisioning profiles — create, list, or delete (`asc profiles`) (5) Setting up the full code signing chain for CI/CD pipelines (6) User says "set up signing", "create a profile", "register my device", "revoke cert", "list certificates", "create bundle id", or any code-signing related task
Use this skill when working on technical SEO infrastructure - crawlability, indexing, XML sitemaps, canonical URLs, robots.txt, redirect chains, rendering strategies (SSR/SSG/ISR/CSR), crawl budget optimization, and search engine rendering. Triggers on fixing indexing issues, configuring crawl directives, choosing rendering strategies for SEO, debugging Google Search Console errors, or auditing site architecture for search engines.
OWASP security guidelines and Top 10 vulnerabilities USE WHEN: user mentions "OWASP", "security audit", "vulnerability scan", asks about "injection", "XSS", "CSRF", "access control", "authentication security" DO NOT USE FOR: OWASP Top 10:2025 specific - use `owasp-top-10` instead
Use when initializing a new Vite + React (CSR) project or when an existing Vite React project needs missing configuration (ESLint, Prettier, TanStack Query, React Router, Zustand, Tailwind CSS, VSCode, Cursor, Antigravity settings, path aliases).
Dangling markup injection playbook. Use when HTML injection is possible but JavaScript execution is blocked (CSP, sanitizer strips event handlers, WAF blocks script tags) — exfiltrate CSRF tokens, session data, and page content by injecting unclosed HTML tags that capture subsequent page content.
Performs security audits and vulnerability assessments on Ruby on Rails application code. Use when reviewing Rails code for security risks, assessing authentication or authorization, auditing parameter handling, redirects, file uploads, secrets management, or checking for XSS, CSRF, SSRF, SQL injection, and other common vulnerabilities.
Maintain JSONL-only profiler performance test cases under csrc/ops/<op>/test in ascend-kernel. Collect data using torch_npu.profiler (with fixed warmup=5 and active=5), aggregate the Total Time(us) from ASCEND_PROFILER_OUTPUT/op_statistic.csv, and output a unified Markdown comparison report (custom operator vs baseline) that includes a DType column. Do not generate perf_cases.json or *_profiler_results.json. Refer to examples/layer_norm_profiler_reference/ for the reference implementation.