Loading...
Loading...
Found 75 Skills
Bootstrap Python MCP server projects and workspaces on macOS using uv and FastMCP with consistent defaults. Use when creating a new MCP server from scratch, scaffolding a single uv MCP project, scaffolding a uv workspace with package/service members, initializing pytest+ruff+mypy defaults, creating README.md, initializing git, running initial validation checks, or starting from OpenAPI/FastAPI with MCP mapping guidance.
Stage all changes, commit, and push. Use when user asks to "ship", "commit and push", "add all and push", or requests staging all changes, committing, and pushing.
Use this skill when the user wants to check if their system is affected by the axios npm supply chain attack (March 31, 2026), scan for malicious axios versions (1.14.1, 0.30.4), check for malware artifacts, or audit package manager security settings (pnpm, npm, bun, yarn) for protections against supply chain attacks. Trigger on phrases like "axios vulnerability", "axios supply chain", "check if affected by axios", "scan for axios malware", or "package manager security audit".
Helm is a package manager for Kubernetes that allows defining, installing, and upgrading applications via charts.
This skill should be used when the user asks to "create a new FastAPI project", "setup a fastapi api", "new fastapi project", "scaffold a fastapi app", "initialize a fastapi backend", or "start a new python api". Scaffolds a complete production-ready FastAPI project with SQLAlchemy, PostgreSQL, JWT auth, Pydantic v2 settings, and uv package management.
Detect package managers and discover outdated or vulnerable dependencies. Returns structured findings without upgrading. Use when the user asks to "review dependencies", "check for outdated packages", "check dependencies", "scan dependencies", or "dependency review".
Audit and fix npm supply-chain security issues in the current repo. Detects the package manager, checks for missing protections (lockfile, lifecycle script blocking, release-age cooldown, pnpm exotic subdeps/trust policy, Yarn Berry hardened mode), presents findings, and applies fixes after user confirmation. Supports npm, pnpm, Yarn, Bun, and Aube. Use when asked to "harden npm", "fix supply chain", "secure dependencies", or "audit npm security".
Expert guidance on securing npm packages, preventing supply chain attacks, and hardening package manager configurations
Guides the agent through migrating an existing Capacitor app project from CocoaPods to Swift Package Manager (SPM) for iOS dependency management. Covers prerequisite checks, inventorying installed Capacitor plugins, backing up customized iOS project files (Info.plist, AppDelegate.swift, Assets.xcassets, Base.lproj, App.entitlements, GoogleService-Info.plist, .xcconfig files, signing configuration), deleting the existing `ios/` folder, re-scaffolding with `npx cap add ios --packagemanager SPM`, restoring preserved files, re-syncing plugins, and verifying the build. Performs all migration steps manually — does not use the interactive `npx cap spm-migration-assistant` command. Do not use for Capacitor plugin projects, app projects already on SPM, app projects without an existing `ios/` folder, or non-Capacitor mobile frameworks.
Cargo Rust package manager and build system. Use for Rust crates.
Install missing language runtimes and dev tools via mise. Use when (1) a command fails due to missing runtime (e.g. node not found, python3 not found, go command not found), (2) user asks to install/setup a language runtime or SDK (node, python, go, rust, java, ruby, etc.), (3) user mentions version management for languages, or (4) setting up a new development environment.
Check and install prerequisites for Cyrus — Node.js, jq, gh CLI, and the cyrus-ai npm package.