Terraform / OpenTofu / Nix / k8s manifest misconfiguration detection — open security groups, missing encryption, public S3/GCS, IAM wildcards, plaintext secrets, missing tags.
Full-power feature implementation using parallel subagents for backend, frontend, testing, and security.
Performs a first-pass security audit of project structure and attack surface to map risk and entry points. Use as the starting point for a security review.
Run the Vibe Innovation Framework mini-gate assessment to scope, justify, and execute a loop-back. Use when evidence in the current phase suggests an earlier phase's output is…
IOC pivots for a CVE — top IPs, ASNs, geo distribution, ATT&CK technique chain, Shadowserver scan counts (1d/7d/30d/90d averages), CrowdSec community sightings, merged in-the-wild…
Use when the user asks to find a device, contact, or serial number across every IT Glue client, rank clients by documentation completeness, audit stale passwords for SOC2 /…
Reviews or implements Spring Security configuration — JWT authentication, OAuth2, method-level security, CORS, and CSRF.
Quick OWASP security scan for injection risks, hardcoded secrets, weak crypto, and Spring Security misconfigs.
Jenkins UI and frontend development — Jelly views, Design Library components, form controls, help files, JavaScript integration, and XSS prevention.
Audit Kafka security configuration across the codebase and live cluster using the Lenses MCP server. Checks authentication (SASL), encryption (SSL/TLS), authorisation (ACLs),…
Use when the user asks to run their Kaseya BMS service desk from the terminal - check the queue, find stale or aging tickets, balance technician workload, review unbilled billable…
Keitaro tracker management for affiliate marketers and media buyers. Manage campaigns, flows, landings, reports, and optimization via natural language through Keitaro Admin API.
CISA + EU KEV (Known Exploited Vulnerabilities) catalog watch — pull recent KEV additions, intersect with installed dependencies, surface entries with imminent due dates.
Kronikarz projektu — generuje wpis dokumentujący postępy z bieżącej sesji AI (Dziennik Prac). Uruchamiaj pod koniec każdej sesji pracy, aby zapisać kontekst, decyzje…
Code review for PRs or local changes. Covers code quality, dependency updates, performance, test coverage, documentation accuracy, and security.
Every Level RMM endpoint, plus a local SQLite fleet store and offline cross-entity rollups no Level tool has: at-risk ranking, patch posture, alert triage, and stale-device…
Use when the user asks to see what changed across their Liongard environments, find stale launchpoints or offline agents, run an estate-wide health or coverage check, pivot a…
Reviews LLM-powered applications against the OWASP Top 10 for Large Language Model Applications (2025 edition).
Analyze a PR for LVMS (LVM Storage) security threats with STRIDE/DFD analysis, MITRE ATT&CK and OWASP mapping
Strategic analysis of a project to identify the single highest-leverage, most innovative addition. Use when the user asks what to build next, what the most impactful improvement…
Android APK analysis using GDA.exe. AI drives analysis by tracing code paths, extracting IOCs (including encrypted), and producing structured malware reports.
Proactieve weekly management-sweep — draait alle 5 manager-agents (SEO, indexering, security, performance, content) parallel over de LIVE shop + codebase en levert één…
Use when the user asks to find wasted Microsoft 365 licenses, see who holds global admin or other privileged roles, triage new Microsoft Defender security alerts, flag…
Manage and interact with MisarDefender — the local macOS security daemon. Use when: checking security daemon status, viewing security events, starting/stopping defender, scanning…
Score durability across 7 moat types (network, switching, scale, brand, IP, data, regulatory) with 0–10 per moat + decay-rate forecast. Routes to red-team-strategist.
Use when: structuring a multi-lens review of a change, spec, design, or implementation; combining intent, design, implementation, security, adversarial, and verification…
Use when the user asks to find a device in N-able N-central, run the morning NOC triage sweep, search across N-central servers, audit custom-property or maintenance-window…
Use when the user asks to audit autoscale across all their Nerdio Manager customers, sweep session-host power state, reconcile per-customer billing and usage, list customer…
Every NinjaOne report, plus a local store that answers fleet-wide questions no single API call can: patch compliance, backup gaps, AV blast-radius, health, drift.
Connect Google (GTM, GA4, Google Ads) and Meta Ads to ppc-manager via OAuth. Walks through Google Cloud Console and Meta app setup, runs browser-based OAuth, and stores encrypted…
Generate `op://` secret references for every field on a 1Password item. Output is ready to paste into a `.env` template.
Użyj tego skilla do wieloźródłowego researchu w sieci: wyszukiwania jednego lub wielu tematów, pobierania wielu stron przez fetchWebContent i zapisywania oczyszczonych plików…
OpenAI Agents SDK (Python) development. Use when building AI agents, multi-agent handoffs, function tools, guardrails, sessions, streaming, or tracing with the `openai-agents` /…
Use when the user asks for news, wants a briefing, says "/news-briefing", or asks to aggregate recent information on any topic.
Pack an EXTERNAL repository into a single AI-friendly file (markdown/xml/json). Use for third-party library analysis, security audits, or handoff to external LLMs.
Fan a local diff through three independent, axis-focused review passes (correctness, security, conventions), then merge the findings into a single structured report.
Run a structured pre-flight self-review on local changes before opening a PR. Reads the diff against a configurable base (default: the merge base of HEAD and the upstream default…
Use Pawahara Harness for difficult coding, CTF, competitive programming, debugging, optimization, or long-running tasks that benefit from diverse beam-search workers, scoring,…
Use when the user asks to reconcile Pax8 billing, find invoice leakage, compute Pax8 MRR and margin, catch usage overages before they invoice, see what changed in their book of…
Comprehensive 9-point audit of a Power BI PBIP project covering relationships, naming conventions, TMDL syntax, best practices, RLS security, performance, visual consistency,…
Review an economics paper following Pedro Sant'Anna's writing style. Accepts a paper path and produces a structured editorial report covering abstract, introduction, terminology,…
Uruchamia pełny zestaw testów penetracyjnych Finora v2 — broken access control, SQL injection, rate limit bypass, XSS, ekspozycja danych, user enumeration, CSRF, misconfiguration.
Pixa.com (eski Pixelcut) — Claude'a MCP-native baglanan yaratici AI araclari. Arka plan kaldir, gorsel olustur, kalite iyilestir, video olustur, nesne sil. API anahtari gerekmez.
Audit a project plan against the actual implementation — verifying code, types, security, and Supabase backend alignment.
Analyze agent extensions and generate self-contained HTML wiki reports with security audit and architecture diagrams. Use when asked to analyze, audit, or document a plugin.
Policy-diff veya gaps sonucunda bulunan boşluğu kapatmak için Türkçe/İngilizce iç politika üzerinde öneri redraft üretir.
Every Eventbrite organizer endpoint, plus a local SQLite mirror of your events, orders Trigger phrases: `sync my eventbrite events`, `which of my events are selling slowest`,…
Critical security-focused PR review for GitHub Actions CI. Only posts feedback when issues are found. Prefers inline comments over summaries.
Verify all gates pass before merging a PR. Checks code review, user stories, QA, lint, build, and security audit.
Search for new preprints in infectious disease modelling from arXiv, medRxiv, and bioRxiv
ProductionOS — dual-target AI engineering operating system for repo-wide audits, upgrade plans, code reviews, strategic product reviews, security sweeps, UX audits, and recursive…
Run an OWASP LLM01 injection corpus against the system prompt + tool surface and report which payloads succeeded
Parallel QA using agent teams for comprehensive multi-type testing. Spawns specialized QA agents that simultaneously run different test categories (unit, integration, lint,…
Initialize a new project with qsdev. Detects ecosystem, generates security-hardened devenv configs, Claude Code settings, and pre-commit hooks.
Pre-release audit orchestrator — runs advisory multi-domain audits (Security, Code Quality, UI/UX, Docs, Performance, Regulated-Data, Mobile, Infra) across the project, produces…
Security forensics for git repos, AI skills, and MCP servers. Audits dependencies, detects prompt injection, credential theft, runtime dynamism, manifest drift, known CVEs, CISA…
Resolve GitHub Dependabot security alerts by updating vulnerable dependencies, recompiling requirements, and submitting PRs.
Deep audit of a Rust crate for vulnerabilities, bugs, unfinished work, inconsistencies, duplicate code, and oversights. Works on the current crate or a specified path.
Fetch a Gerrit change by ID and run a structured code review using the gerrit-reviewer agent. Use when the user wants feedback on a Gerrit patch — code quality, security, project…
Use when code changes need review before merge - validates architecture, types, security, and test coverage.