Loading...
Loading...
Found 1,303 Skills
Run a comprehensive security audit combining automated SAST scanning, STRIDE threat modeling, and attack tree analysis. Use before major releases, after security-sensitive changes, or on a regular cadence. Can audit the full codebase or specific directories.
Bootstraps a new AI-assisted project through a structured 4-phase conversation, then generates PROJECT.md, JOURNAL.md, .gitignore, and tmp/README.md. Also searches skills.sh and installs relevant skills for the approved tech stack. Use when starting a new project from scratch or when no PROJECT.md exists in the current directory. Do NOT trigger if PROJECT.md already exists — redirect to /project-sync instead. Invoke with /project-init — never auto-trigger.
Applies DRY, YAGNI, PORO, Convention over Configuration, and KISS to Rails code; defers style to the project's linter(s). Covers structured logging, comment discipline, and path-specific rules (models, workers, services, controllers, repositories, serializers, RSpec, raw SQL). Use when designing or reviewing Rails structure, avoiding over-engineering, or aligning code with team boundaries by directory.
Create and launch benchmark test projects to exercise vercel-plugin skill injection across realistic scenarios. Sets up isolated directories, installs the plugin, and spawns WezTerm panes running Claude Code with crafted prompts.
Fetch financial data from the Funda AI API (https://api.funda.ai). Covers quotes, historical prices, financials, SEC filings, earnings transcripts, analyst estimates, options flow/greeks/GEX, supply chain graph, social sentiment, prediction markets, congressional trades, economic indicators, ESG, and news. Triggers: stock quotes, fundamentals, balance sheet, income statement, cash flow, analyst targets, DCF, options chain/flow/unusual activity, GEX, IV rank, max pain, earnings/dividend/IPO calendar, SEC filings (10-K/10-Q/8-K), transcripts, supply chain (suppliers/customers/competitors), congressional trading, insider trades, institutional holdings (13F), Reddit/Twitter sentiment, Polymarket, treasury rates, GDP, CPI, FRED data, ESG scores, commodity/forex/crypto prices, stock screener, sector performance, ETF holdings, news, COT reports. Also triggers for "funda" or "funda.ai". If only a ticker is provided and Funda API can answer, use this skill.
Guide the design and implementation of automated pre-trade compliance systems that validate orders before execution. Use when building a compliance rule engine for an RIA or broker-dealer, configuring hard blocks and soft blocks, maintaining restricted and watch lists including MNPI-driven restrictions, setting concentration limits at security/sector/issuer level, implementing position limits or short selling controls, enforcing wash sale detection or free-riding prevention or pattern day trader identification, applying client-specific ESG screens or legal constraints, designing compliance override workflows with authorization and documentation, backtesting compliance rules, or evaluating compliance check latency impact on execution quality.
Analyze real estate and infrastructure investments including REITs, direct property valuation, and infrastructure assets. Use when the user asks about real estate investing, REITs, cap rates, NOI, FFO, AFFO, property valuation, or infrastructure investments. Also trigger when users mention 'rental property analysis', 'cash-on-cash return', 'gross rent multiplier', 'REIT dividends', 'real estate sectors', 'cell towers', 'toll roads', 'LTV ratio', 'DSCR', or ask whether to invest in real estate directly or through REITs.
TanStack Router bundler plugin for route generation and automatic code splitting. Supports Vite, Webpack, Rspack, and esbuild. Configures autoCodeSplitting, routesDirectory, target framework, and code split groupings.
Use when the user needs project structure organization — monorepo patterns, feature-based architecture, naming conventions, barrel exports, or configuration placement. Trigger conditions: restructure project directories, set up monorepo, define naming conventions, create barrel exports, organize configuration files, plan migration from flat to feature-based structure, establish import ordering rules.
Privacy-first planning-only statement export for banks, cards, brokerages, and payment platforms. The LLM builds a manual download checklist with official URLs, suggested date ranges, export formats, and staging directory, but does not use browser tools or browser automation. Use when account files are not on disk yet and the user wants more privacy. CLEAR step: C (Capture)
Vercel agent-browser — Rust CLI for AI-driven browser automation via CDP. Use when: "agent-browser", "browse website", "automate browser", "scrape with browser", "fill form", "click button", "take screenshot", "browser automation", "headless chrome", "web interaction", "accessibility snapshot", "browser refs". Deterministic ref-based selectors, JSON output, daemon architecture. Replaces Playwright/Puppeteer for agent workflows.
Expert knowledge for Azure Role-based access control development including troubleshooting, best practices, decision making, limits & quotas, security, configuration, and integrations & coding patterns. Use when managing Azure RBAC roles, ABAC conditions, deny assignments, PIM, policy integration, or role APIs, and other Azure Role-based access control related development tasks. Not for Azure Active Directory B2C (use azure-active-directory-b2c), Azure Information Protection (use azure-information-protection), Azure Policy (use azure-policy), Azure Security (use azure-security).