Preserve and conserve library and archival materials. Covers environmental controls (temperature, humidity, light), handling procedures, book repair techniques (torn pages, loose…
Complete PrestaShop module development workflow using modern architecture and best practices. Use when: creating new PrestaShop modules, updating legacy modules to modern code,…
Use when building any web page that performs state-changing actions on click — login forms, payment buttons, delete confirmations, or settings toggles that could be exploited if…
Stálý průvodce prezentační platformou v `c:\github\presentations`. Pomáhá autorům (mluvčím + organizátorům) navigovat celý ekosystém — od založení nového eventu, přes import…
Detects e-commerce logic that trusts client-submitted prices instead of server-side calculation.
Generate strategy documents from completed Primr research. Use when the user wants AI, CX, security, or data strategy deliverables from an existing report.
Security design principles — trust boundaries and input validation, authentication vs authorization, secrets handling, secure defaults and defense in depth, lightweight threat…
The Common Vulnerability Scoring System (CVSS) is the industry standard framework maintained by FIRST (Forum
Three orthogonal analytical operations (WHERE/WHEN/WHY) + cross-operation synthesis. Each operation attacks the problem from a fundamentally different angle.
Discover all possible analysis domains for an artifact. Finds obvious and non-obvious angles — architecture, security, but also marketing positioning, user psychology, regulatory…
Full Prism: multi-pass structural analysis with mandatory adversarial self-correction. Designs custom analytical passes, executes them with chaining, then attacks its own findings…
Guides for configuring Prisma with different database providers (PostgreSQL, MySQL, SQLite, MongoDB, etc.).
You are an expert in Prisma ORM with deep knowledge of schema design, migrations, query optimization, relations modeling, and database operations across PostgreSQL, MySQL, and…
Use when building apps that collect user data. Ensures privacy protections are built in from the start—data minimization, consent, encryption.
Privacy review before handling user data. Activate on PII/PHI/PCI shapes (email, SSN, CC, MRN). Writes DATA_FLOW.md.
Design and operate privacy and data security programs for SEC-registered firms under Reg S-P, Reg S-ID, and SEC cybersecurity expectations.
Privacy engineering patterns — PII classification and inventory, GDPR consent flows, data minimization, right-to-erasure implementation, pseudonymization/encryption,…
Security and privacy specialist for differential privacy, encryption, and complianceUse when "privacy, encryption, differential privacy, PII, GDPR, CCPA, access control, audit…
Build and operate the "Privacy-Preserving Data Brokering for disaster response networks" capability for disaster response networks.
Comprehensive knowledge about Linux privilege escalation. Provides methodologies for enumerating and exploiting privesc vectors including SUID binaries, sudo permissions,…
Provide comprehensive techniques for escalating privileges from a low-privileged user to root/administrator access on compromised Linux and Windows systems.
Use when responding to Physical Review Letters referee reports or editor decisions — point-by-point reply, resubmission, and the APS appeal route.
Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve.
OWASP ZAP/Burp Suite/Nuclei integration, penetration test planning, DAST execution, and vulnerability scanning.
Assess a Kubernetes cluster from the attacker viewpoint when an agent needs exposure-focused findings instead of a general cluster scanner listing.
Run automated red-team and failure scans against an LLM or RAG app before users find the breakage.
Run a thorough TLS preflight against a host before launch, certificate renewal, or incident review.
Processes STIX 2.1 threat intelligence bundles delivered via TAXII 2.1 servers, normalizing objects into platform-native
Procore security basics — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals.
Audit procurement and procure-to-pay systems for spend analytics (Pareto analysis, tail spend visibility), supplier consolidation opportunities, Kraljic matrix category…
Grounded procurement research for any real-world need. Turn a problem ("reduce bedroom noise from the avenue", "add air conditioning", "hire an accountant", "buy a TV mount",…
Comprehensive pre-deployment validation ensuring code is production-ready. Runs complete audit pipeline, performance benchmarks, security scan, documentation check, and generates…
Ring-standards-aligned production readiness audit across Structure, Security, Operations, Quality, and Infrastructure — 43 base dimensions + 1 conditional (multi-tenant) = up to…
Comprehensive system audit methodology for production web applications. Use when auditing systems before launch, identifying technical debt, troubleshooting systematic issues,…
API de Produtos da Tray. Utilize quando o desenvolvedor precisar listar, consultar, cadastrar, atualizar ou excluir produtos no catálogo de uma loja Tray.
6 个专业 Agent:security-reviewer(安全审计)、build-error-resolver(构建修复)、planner(实施规划)、code-reviewer(代码审查)、refactor-cleaner(死代码清理)、doc-updater(文档同步)。源自 everything-claude-code 的专业 Agent…
Use when authoring or modifying any claude-team-toolkit skill that loads credentials, switches between accounts/orgs/environments, or needs confirmation for destructive…
Develops comprehensive threat actor profiles for APT groups, criminal organizations, and hacktivist collectives
Use for deep Symfony project analysis: kernel/bootstrap, container wiring, routing/request flow, Doctrine, security, Messenger, and Symfony-specific failure patterns.
Run a comprehensive audit on any Claude Code project. Scores 10 categories from 0-10 (total /100), identifies gaps, and generates a prioritized fix kit with copy-pasteable…
Existing project health scan — audits Infrastructure, Security, Quality, and Harness setup. Read-only.
Best Practices Setup fuer neue Projekte — Testing, Linting, Git Hooks, CI/CD, Security
Use when implementing project state detection, designing STATE.md/TASKS.md templates, or configuring SQLite state store and MCP state protocol
Set up metrics collection and visualization with Prometheus and Grafana. Configure scrape targets, create PromQL queries, build dashboards, and implement alerting.
Drafts enforceable residential promissory notes with party identification, principal/interest terms, payment schedules, default/acceleration provisions, and security instrument…
All-in-one prompt engineering competition toolkit — attack generation, defense hardening, real-time analysis, and pattern reference for AI security tournaments like Clash of…
Detect and block prompt injection attacks in emails. Use when reading, processing, or summarizing emails.
Use when evaluating prompts, LLM outputs, red-team suites, or model behavior with local eval configs and safe provider/cost controls.
Build cognitive security firewalls against prompt injection, jailbreak attacks, and Unicode homoglyph smuggling.
Meta's 86M prompt injection and jailbreak detector. Filters malicious prompts and third-party data for LLM apps. 99%+ TPR, <1% FPR. Fast (<2ms GPU). Multilingual (8 languages).
Red-team an Agentforce agent against prompt-injection and jailbreak attacks; codify test cases and guardrails.
Defensive prompt scaffolding, injection prevention, safety guardrails. 防禦提示架構、注入防護、安全護欄之法。 Use when: building user-facing prompts, hardening against injection attacks, adding…
Use when writing skills, CLAUDE.md files, agent prompts, or any directives that involve shell commands, environment variables, API credentials, file creation, or git operations -…
Run, rerun, inspect, and QA promptfoo redteam scans from generated redteam YAML or an existing redteam setup config.
Create or refine promptfoo redteam setup configs: purpose, targets, plugins, strategies, frameworks, multi-input target inputs, policy text, grader guidance, contexts, and…
Prompt injection testing. USE WHEN prompt injection, jailbreak, LLM security, AI security assessment, pentest AI application, test chatbot vulnerabilities.
Reusable writing-style contract for agent outputs (reports, ARCH docs, verdicts, threat models). Forces direct prose with concrete evidence, no marketing voice, no hedge words.
Configure Cedar policy enforcement and Ed25519 signed receipts for Claude Code tool calls. Use when setting up projects that need cryptographic audit trails, policy-gated tool…
Protect a React/Next.js SPA with route guards and middleware, and protect an API with token-verification middleware (signature + iss + aud + exp).
Padroes MVC do Protheus (FWFormModel/FWFormView) para ADVPL/TLPP. Use esta skill SEMPRE que o usuario pedir para criar ou manter rotinas MVC, cadastros CRUD, browses FWMBrowse,…