Loading...
Loading...
Found 2,247 Skills
Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Detects attack vectors where attacker-controlled input reaches. AI agents running in CI/CD pipelines.
Go testing patterns for production-grade code: subtests, test helpers, fixtures, golden files, httptest, testcontainers, property-based testing, and fuzz testing. Covers mocking strategies, test isolation, coverage analysis, and test design philosophy. Use when writing tests, improving coverage, reviewing test quality, setting up test infrastructure, or choosing a testing approach. Trigger examples: "add tests", "improve coverage", "write tests for this", "test helpers", "mock this dependency", "integration test", "fuzz test". Do NOT use for performance benchmarking methodology (use go-performance-review), security testing (use go-security-audit), or table-driven test patterns specifically (use go-test-table-driven).
A comprehensive starting point for AI agents to work with Capacitor. Covers core concepts, CLI, app creation, plugins, framework integration, best practices, storage, security, testing, troubleshooting, upgrading, and Capawesome Cloud (live updates, native builds, app store publishing). Pair with the other Capacitor skills in this collection for deeper topic-specific guidance.
Security review for Go applications: input validation, SQL injection, authentication/authorization, secrets management, TLS, OWASP Top 10, and secure coding patterns. Use when performing security reviews, checking for vulnerabilities, hardening Go services, or reviewing auth implementations. Trigger examples: "security review", "check vulnerabilities", "OWASP", "SQL injection", "input validation", "secrets management", "auth review". Do NOT use for dependency CVE scanning (use go-dependency-audit) or concurrency safety (use go-concurrency-review).
Use kuri-agent to automate Chrome — navigate pages, interact with elements via a11y refs, capture screenshots, run security audits, enumerate cookies/JWTs, probe for IDOR vulnerabilities, and make authenticated fetches. Use when the user wants to automate a browser, test a web app, scrape data, or run security trajectories against a live site.
Diagnose and manage Alibaba Cloud databases through natural language. Use when users need to troubleshoot database performance issues (high CPU, slow queries, abnormal connections, lock waits), check instance status, analyze disk space, optimize SQL, run health inspections, or detect security baseline violations. Supports RDS (MySQL/PostgreSQL/SQL Server), PolarDB, MongoDB, Redis (Tair), and Lindorm. Trigger this skill even for casual descriptions like "my database is slow", "can't connect to the database", "help me check this SQL", or "database disk is almost full". Also suitable for consulting Alibaba Cloud-specific database features (e.g., PolarDB Serverless, DAS autonomy capabilities) and comparing product differences (RDS vs PolarDB). Do NOT use this skill for general SQL tutorials, non-Alibaba Cloud databases, or local database administration.
Expert guidance for Spring Boot application development with best practices for RESTful APIs, testing, security, and deployment
Alibaba Cloud PolarDB Database AI Assistant. For PolarDB MySQL/PostgreSQL cluster management, performance diagnostics, parameter tuning, slow SQL analysis, backup recovery, connection session analysis, primary-standby switchover diagnostics, security configuration audit, and other O&M operations. Use when user questions involve PolarDB, cluster IDs starting with pc-, kernel parameters, primary-standby switchover, IMCI columnar storage, etc.
Complete security remediation workflow. Scans code for vulnerabilities using Snyk, fixes them, validates the fix, and optionally creates a PR. Supports both single-issue and batch mode for multiple vulnerabilities. Use this skill when: - User asks to fix security vulnerabilities - User mentions "snyk fix", "security fix", or "remediate vulnerabilities" - User wants to fix a specific CVE, Snyk ID, or vulnerability type (XSS, SQL injection, path traversal, etc.) - User wants to upgrade a vulnerable dependency - User asks to "fix all" vulnerabilities or "fix all high/critical" issues (batch mode)
Android pentesting playbook. Use when testing Android applications for SSL pinning bypass, exported component abuse, WebView vulnerabilities, intent redirection, root detection bypass, tapjacking, and backup extraction during authorized mobile security assessments.
Deep code property graph analysis with Joern CPG (AST+CFG+PDG) and CodeQL for control flow, data flow, taint analysis, and security auditing
Vercel security and access controls including RBAC, SSO, deployment protection, firewall, bot defense, audit logs, and 2FA. Use when securing Vercel projects or managing access.