DevSecOps skill for securing CI/CD pipelines, infrastructure as code, containers, Kubernetes, cloud deployments, secrets handling, dependency management, SAST/DAST/SCA, release…
Expert DevSecOps engineer specializing in secure CI/CD pipelines, shift-left security, security automation, and compliance as code.
Looks up OWASP DevSecOps Guideline phases, security tools, and pipeline checks. Returns tool configurations, CWE mappings, and integration patterns for CI/CD security.
DevSecOps patterns — shift-left security, SAST (semgrep/CodeQL), secrets detection (gitleaks/trufflehog), dependency scanning (trivy/grype), DAST, OPA/Falco policy-as-code,…
DevSecOps methodology guidance covering shift-left security, SAST/DAST/IAST integration, security gates in CI/CD pipelines, vulnerability management workflows, and security…
Performs end-to-end DevSecOps security analysis on any GitHub repository. Runs a 6-stage pipeline: repo ingestion and inventory, application context classification with STRIDE…
Autonomous financial research agent for stock analysis, financial statements, metrics, prices, SEC filings, and crypto data. — from virattt/dexter.git
Autonomous financial research agent for stock analysis, financial statements, metrics, prices, SEC filings, and crypto data. — from virattt/dexter.git
Autonomous financial research agent for stock analysis, financial statements, metrics, prices, SEC filings, and crypto data. — from Zedit42/clawdbot-skills
DFG-Antrag aus Gutachterperspektive red-teamen: Originalität, Machbarkeit, Arbeitsprogramm, Qualifikation, Umfeld, Bias-Risiken, Kürzungsargumente, Ablehnungsrisiken und…
Build Solana wallet-connected apps with Phantom Connect SDKs and DFlow trading. Use when user asks to connect a Phantom wallet, integrate Phantom in React, React Native, or…
Expert-level code security audit skill using deep data flow analysis and business logic understanding for white-box static analysis across 9 languages
Guides users through the V-Model workflow: takes stock of the current project state, recommends the next phase skill, audits handoff entries for completeness, and runs the Closing…
Infrastructure diagrams: cloud, network, security, AWS, Azure. Use when user mentions 'cloud', 'AWS', 'Azure', 'réseau', 'sécurité'.
Generates Mermaid diagrams from Trailmark code graphs. Produces call graphs, class hierarchies, module dependency maps, containment diagrams, complexity heatmaps, and attack…
Verifiable credential lifecycle management for agent identity. Issue, verify, revoke credentials, DID document key rotation, credential schema validation, and W3C VC data model…
Compare checked-in SQL against live MySQL, PostgreSQL, SQLite, or SQL Server schemas and generate a reviewable apply plan before agents touch production databases.
One-call structured triage of a git diff. Returns per-file role classification (source/test/config/doc/generated/build/fixture/migration), risk tier (low/medium/high) with…
DigitalOcean infrastructure — Droplets, managed databases, Spaces, load balancers, firewalls, DNS management
DigitalOcean Kubernetes (DOKS) disipline — cluster provisioning (HA control plane, VPC, surge upgrade, maintenance window), node pool design (auto-scale, multi-pool, label/taint,…
DingTalk Workspace CLI (dws) - officially open-sourced cross-platform CLI tool from DingTalk. Provides 86 commands across 12 products: Contact, Chat, Bot, Calendar, Todo,…
Canonical phrasing for respectful disagreement without capitulation — structural resistance to sycophancy
Analyze disaster prediction and early warning systems — model accuracy for flood, earthquake, wildfire, hurricane, and tsunami hazards, data pipeline reliability from sensor…
Implement disaster recovery and backup strategies for Proxmox. Create and manage backups, test recovery procedures, and ensure business continuity for your infrastructure.
Use when designing, scheduling, or running a disaster recovery exercise — tabletops, live drills, chaos engineering, GameDays.
Write a disaster recovery plan for a service or system — covering RPO/RTO targets, failure scenario runbooks, backup and restore procedures, DR testing cadence, and communication…
Execute comprehensive disaster recovery tests, validate recovery procedures, and document lessons learned from DR exercises.
Automatically discover cryptography skills when working with encryption, TLS, certificates, PKI, and security — from security/security-misc
Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets managemen — from…
Identify potential quality, security, and delivery risks early in discovery to inform mitigation planning.
Analyze disk images and file systems for forensic investigation. Use when investigating data theft, insider threats, malware persistence, deleted file recovery, or any incident…
Defense-in-depth, PII protection, secrets scanning, and secure packaging for distributed software
Django security - CSRF protection, authentication, sessions, login/logout, password handling, middleware, protected views
Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations.
Advanced Django security — file upload validation (extension/size/storage), DRF API security (rate limiting throttles, JWT), Content Security Policy middleware, django-environ…
Interact with dm.bot API for encrypted agent-to-agent messaging. Use when sending DMs to other agents, posting public messages, checking inbox, managing groups, or setting up…
Manage DNS records, routing policies, and failover configurations for high availability and disaster recovery.
Debug DNS resolution and network connectivity. Use when troubleshooting DNS failures, testing port connectivity, diagnosing firewall rules, inspecting HTTP requests with curl…
Run DNS, email security, SSL, WHOIS, and network tools via dnsrobot.net API — no API key required
对 jar-analyzer-engine 构建的 SQLite 数据库执行安全审计分析查询。支持方法调用搜索、调用链追踪、Spring 组件分析、字符串搜索、漏洞模式检测等。
Electron 33+ desktop app development specialist covering Main/Renderer process architecture, IPC communication, auto-update, packaging with Electron Forge and electron-bu — from…
Performs deep documentation analysis on software repositories to build a comprehensive product context profile used to validate and enrich security vulnerability findings.
Gera documentação rica e profissional para projetos — README bilíngue EN+PT-BR, docs estruturados, placeholders de imagem com dimensões corretas, CHANGELOG, CONTRIBUTING, SECURITY…
Runs Trivy against a Docker image and produces a prioritized CVE list grouped by severity with fix availability. Filters out CVEs with no available fix.
Secure Docker containers and images with hardening, scanning, and secrets management
OWASP Docker Top 6 vulnerability knowledge base for identifying, assessing, and remediating security risks in containerized Docker environments.
Audits Dockerfiles for security vulnerabilities using Hadolint and Trivy container scanner. Recommends hardening steps based on CIS Docker Benchmark and Snyk container advisories.
Automatically applies when writing function docstrings. Uses Google-style format with Args, Returns, Raises, Examples, and Security Note sections for proper documentation.
Implement security best practices for Documenso document signing integrations. Use when securing API keys, configuring webhooks securely, or implementing document security…
Analiza la jerarquía de archivos de un repositorio técnico de fabricante de componentes electrónicos, construye un grafo semántico de relaciones entre documentos, y define el…
Systematically improve documentation quality from 7/10 → 9/10 using assessment checklists and transformation patterns.
Security best practices for Dokploy templates: secrets management, network isolation, least privilege, image security, and hardening recommendations.
Dokploy 셀프호스팅 PaaS 플랫폼의 전체 관리 스킬. SSH 및 API를 통한 서버 관리, 애플리케이션 배포, Docker Compose/Swarm 관리, 데이터베이스(PostgreSQL, MySQL, MongoDB, Redis) 관리, Traefik 리버스 프록시 설정, SSL 인증서(Let's Encrypt,…
Configure Traefik labels for routing, SSL/TLS with LetsEncrypt, and advanced routing patterns including Cloudflare DNS challenge. Use when adding web access to Dokploy services.
Domain reconnaissance coordinator that orchestrates subdomain discovery and port scanning to build comprehensive domain attack surface inventory
DDD/Event Storming skill dlya issledovaniya novogo domena ili bounded context. Ispol'zuj pri zaprose "novyj domen", "event storming", "bounded context", "issledovaniye domena",…
Kullanıcının belirttiği anahtar kelimeleri ve sayısal hedefleri kullanarak yaratıcı ve akılda kalıcı domain isimleri listeler.
Kullanıcının belirttiği anahtar kelimeleri ve sayısal hedefleri kullanarak yaratıcı ve akılda kalıcı domain isimleri listeler.
Escribe tutoriales completos en lenguaje natural para proyectos de domótica, contextualizados en escenarios reales de automatización del hogar con integración Home Assistant.
DOMPurify XSS sanitization for HTML content in agent outputs. Strip script tags and event handlers, allowlist-based tag/attribute filtering, sanitize LLM-generated HTML before…