Loading...
Loading...
Found 173 Skills
HTTP Parameter Pollution (HPP): duplicate query/body keys parsed differently by servers, proxies, WAFs, and app frameworks. Use when filters and application layers disagree on which value wins, enabling bypass, SSRF second URL, logic abuse, or CSRF token confusion.
Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for CTF web, API, SSR, frontend, queue-backed app, and routing challenges. Use when the user asks to inspect a site or API, follow real browser requests, debug auth or session flow, trace uploads or workers, find hidden routes, or explain why frontend and backend behavior diverge under sandbox-internal routing. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here.
ALWAYS use when working with Angular SSR, server-side rendering, hydration, prerendering, or Angular Universal in Angular applications.
Entry P1 category router for injection testing. Use when routing between XSS, SQLi, SSRF, XXE, SSTI, command injection, and NoSQL injection workflows based on how attacker-controlled input is consumed.
React Router v7 patterns with Clerk — rootAuthLoader, getAuth in loaders, clerkMiddleware, protected routes, SSR user data, org switching. Triggers on: react-router auth, rootAuthLoader, getAuth loader, react-router protected route, loader authentication, SSR auth react-router.
Astro patterns with Clerk — middleware, SSR pages, island components, API routes, static vs SSR rendering. Triggers on: astro clerk, clerk astro middleware, astro protected page, clerk island component, astro API route auth, clerk astro SSR.
Use this skill when running PixiJS v8 outside a standard browser: Web Workers, OffscreenCanvas, Node/SSR, or CSP-restricted contexts. Covers DOMAdapter.set, BrowserAdapter, WebWorkerAdapter, custom Adapter interface, pixi.js/unsafe-eval for strict CSP. Triggers on: DOMAdapter, BrowserAdapter, WebWorkerAdapter, Web Worker, OffscreenCanvas, Node, headless, SSR, CSP, unsafe-eval, Adapter.
Build full-stack React apps with TanStack Start on Cloudflare Workers. Type-safe routing, server functions, SSR/streaming, D1/KV/R2 integration. Use when building full-stack React apps with SSR, migrating from Next.js, or from Vinxi to Vite (v1.121.0+). Prevents 9 documented errors including middleware bugs, file upload limitations, and deployment config issues.
React/Next.js 앱의 성능을 분석하고 최적화하는 스킬. 번들 사이즈, 렌더링 최적화, 코드 분할, 이미지 최적화, SSR/SSG 전략 등. "성능", "performance", "최적화", "느려", "번들 사이즈", "렌더링" 등의 요청 시 사용.
Use when facing complex decisions, architectural trade-offs, philosophical questions, or any problem requiring deep analysis before action. Use when the user asks to "think deeply", "question assumptions", "analyze from first principles", "challenge this decision", debates between two approaches (e.g. monolith vs microservices, build vs buy, SSR vs CSR), or invokes /socrates. Also triggered when other skills need a thinking engine for rigorous pre-analysis. Even if the problem seems simple, if there are hidden assumptions worth examining, this skill applies.
Ant Design ecosystem guidance covering antd 6.x, Ant Design Pro 5/ProComponents, and Ant Design X v2 (AI/chat UI). Use when making component/layout decisions, theming/tokens, SSR, routing/access, CRUD patterns, or AI chat UI integrations.
Build with @vuetify/v0 headless composables and components for Vue 3. Use when creating selection state (single, multi, grouped, stepped), form validation, tab/dialog/popover UI, provide/inject context, registries, virtual scrolling, pagination, keyboard shortcuts, resize observers, theming, breakpoints, or SSR-safe browser detection. Triggers on v0, vuetify0, headless components, or WAI-ARIA patterns.