Cloudflare
CloudCommonly used with
Skills using Cloudflare (757)
ai-image-creator
Generate PNG images using AI (multiple models via OpenRouter including Gemini, FLUX.2, Riverflow, SeedDream, GPT-5 Image, GPT-5.4 Image 2, proxied through Cloudflare AI Gateway BYOK). Also analyze/describe existing images using multimodal AI vision. Use when user asks to "generate an image", "create a PNG", "make an icon", "make it transparent", "describe this image", "analyze this image", "what's in this image", "explain this image", or needs AI-generated visual assets for the project. Supports model selection via keywords (gemini, riverflow, flux2, seedream, gpt5, gpt5.4), configurable aspect ratios/resolutions, transparent backgrounds (-t), reference image editing (-r), image analysis (--analyze), and per-project cost tracking (--costs).
drizzle-orm-expert
Expert in Drizzle ORM for TypeScript — schema design, relational queries, migrations, and serverless database integration. Use when building type-safe database layers with Drizzle.
hono
Build ultra-fast web APIs and full-stack apps with Hono — runs on Cloudflare Workers, Deno, Bun, Node.js, and any WinterCG-compatible runtime.
scrapling
使用 scrapling 进行网页抓取和数据提取。自动选择 Fetcher,支持 Cloudflare/WAF 绕过、Session 登录、HTML 解析。当用户提到 scrape/crawl/fetch page/extract data/爬取/抓取/绕过Cloudflare/解析HTML/批量采集 时触发。
clerk-install-auth
Install and configure Clerk SDK/CLI authentication. Use when setting up a new Clerk integration, configuring API keys, or initializing Clerk in your project. Trigger with phrases like "install clerk", "setup clerk", "clerk auth", "configure clerk API key", "add clerk to project".
lindy-local-dev-loop
Set up local development workflow for testing Lindy AI agent integrations. Use when building webhook receivers, testing agent callbacks, or iterating on Lindy-connected applications locally. Trigger with phrases like "lindy local dev", "lindy development", "test lindy locally", "lindy webhook local".
linear-local-dev-loop
Set up local Linear development environment and testing workflow. Use when configuring local dev, testing integrations, or setting up a development workflow with Linear webhooks. Trigger: "linear local development", "linear dev setup", "test linear locally", "linear development environment".
managing-api-cache
Implement intelligent API response caching with Redis, Memcached, and CDN integration. Use when optimizing API performance with caching. Trigger with phrases like "add caching", "optimize API performance", or "implement cache layer".
supabase-prod-checklist
Execute Supabase production deployment checklist covering RLS, key hygiene, connection pooling, backups, monitoring, Edge Functions, and Storage policies. Use when deploying to production, preparing for launch, or auditing a live Supabase project for security and performance gaps. Trigger with "supabase production", "supabase go-live", "supabase launch checklist", "supabase prod ready", "deploy supabase", "supabase production readiness".
vercel-migration-deep-dive
Migrate to Vercel from other platforms or re-architecture existing Vercel deployments. Use when migrating from Netlify, AWS, or Cloudflare to Vercel, or when re-platforming an existing Vercel application. Trigger with phrases like "migrate to vercel", "vercel migration", "switch to vercel", "netlify to vercel", "aws to vercel", "vercel replatform".
cloudflare-workers-expert
Expert in Cloudflare Workers and the Edge Computing ecosystem. Covers Wrangler, KV, D1, Durable Objects, and R2 storage.
deployment-procedures
Production deployment principles and decision-making. Safe deployment workflows, rollback strategies, and verification. Teaches thinking, not scripts.
drizzle-orm-expert
Expert in Drizzle ORM for TypeScript — schema design, relational queries, migrations, and serverless database integration. Use when building type-safe database layers with Drizzle.
expo-api-routes
Guidelines for creating API routes in Expo Router with EAS Hosting
file-uploads
Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking.
go-playwright
Expert capability for robust, stealthy, and efficient browser automation using Playwright Go.
go-rod-master
Comprehensive guide for browser automation and web scraping with go-rod (Chrome DevTools Protocol) including stealth anti-bot-detection patterns.
hono
Build ultra-fast web APIs and full-stack apps with Hono — runs on Cloudflare Workers, Deno, Bun, Node.js, and any WinterCG-compatible runtime.
inngest
Inngest expert for serverless-first background jobs, event-driven workflows, and durable execution without managing queues or workers.
nodejs-best-practices
Node.js development principles and decision-making. Framework selection, async patterns, security, and architecture. Teaches thinking, not copying.
upstash-qstash
Upstash QStash expert for serverless message queues, scheduled jobs, and reliable HTTP-based task delivery without managing infrastructure.
cloudflare-d1
Cloudflare D1 SQLite database with Workers, Drizzle ORM, migrations
deploying-cloudflare-access-for-zero-trust
Deploying Cloudflare Access with Cloudflare Tunnel to provide zero trust access to self-hosted and private applications, configuring identity-aware access policies, device posture checks, and WARP client enrollment for VPN replacement.
exploiting-http-request-smuggling
Detecting and exploiting HTTP request smuggling vulnerabilities caused by Content-Length and Transfer-Encoding parsing discrepancies between front-end and back-end servers.
hunting-for-dns-based-persistence
Hunt for DNS-based persistence mechanisms including DNS hijacking, dangling CNAME records, wildcard DNS abuse, and unauthorized zone modifications using passive DNS databases, SecurityTrails API, and DNS audit log analysis.
implementing-api-schema-validation-security
Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts and prevent injection, data exposure, and mass assignment attacks.
implementing-browser-isolation-for-zero-trust
Deploys remote browser isolation (RBI) as a core component of a Zero Trust architecture. Implements isolation policies with URL categorization and risk-based routing, content disarming and reconstruction (CDR) for file sanitization, data loss prevention controls within isolated sessions, and integration with Secure Web Gateway and ZTNA platforms. Based on Cloudflare Browser Isolation, Menlo Security, and Zscaler RBI approaches. Use when hardening web access against zero-day exploits, phishing, credential theft, and browser-based data exfiltration.
implementing-cloud-waf-rules
This skill covers deploying and tuning Web Application Firewall rules on AWS WAF, Azure WAF, and Cloudflare to protect cloud-hosted applications against OWASP Top 10 attacks. It details configuring managed rule sets, creating custom rules for business logic protection, implementing rate limiting, deploying bot management, and reducing false positives through rule tuning and logging analysis.
implementing-ddos-mitigation-with-cloudflare
Configure Cloudflare DDoS protection with managed rulesets, rate limiting, WAF rules, Bot Management, and origin protection to mitigate volumetric, protocol, and application-layer attacks.
implementing-device-posture-assessment-in-zero-trust
Implementing device posture assessment as a zero trust access control by integrating endpoint health signals from CrowdStrike ZTA, Microsoft Intune, and Jamf into conditional access policies that enforce compliance before granting resource access.
implementing-zero-trust-network-access
Implementing Zero Trust Network Access (ZTNA) in cloud environments by configuring identity-aware proxies, micro-segmentation, continuous verification with conditional access policies, and replacing traditional VPN-based access with BeyondCorp-style architectures across AWS, Azure, and GCP.
performing-api-rate-limiting-bypass
Tests API rate limiting implementations for bypass vulnerabilities by manipulating request headers, IP addresses, HTTP methods, API versions, and encoding schemes to circumvent request throttling controls. The tester identifies rate limit headers, determines enforcement mechanisms, and attempts bypasses including X-Forwarded-For spoofing, parameter pollution, case variation, and endpoint path manipulation. Maps to OWASP API4:2023 Unrestricted Resource Consumption. Activates for requests involving rate limit bypass, API throttling evasion, brute force protection testing, or API abuse prevention assessment.
performing-web-application-firewall-bypass
Bypass Web Application Firewall protections using encoding techniques, HTTP method manipulation, parameter pollution, and payload obfuscation to deliver SQL injection, XSS, and other attack payloads past WAF detection rules.
performing-web-cache-deception-attack
Execute web cache deception attacks by exploiting path normalization discrepancies between CDN caching layers and origin servers to cache and retrieve sensitive authenticated content.
performing-web-cache-poisoning-attack
Exploiting web cache mechanisms to serve malicious content to other users by poisoning cached responses through unkeyed headers and parameters during authorized security tests.
build-mcp-app
This skill should be used when the user wants to build an "MCP app", add "interactive UI" or "widgets" to an MCP server, "render components in chat", build "MCP UI resources", make a tool that shows a "form", "picker", "dashboard" or "confirmation dialog" inline in the conversation, or mentions "apps SDK" in the context of MCP. Use AFTER the build-mcp-server skill has settled the deployment model, or when the user already knows they want UI widgets.
cf-proxy
Deploy a free VLESS proxy/VPN node on Cloudflare Pages using edgetunnel. Automates code download, UUID generation, Pages deployment, free domain registration (DNSExit), DNS configuration, custom domain binding, and client setup for Shadowrocket/v2rayN/Clash. Uses Cloudflare Pages (not Workers) because Pages supports CNAME-based custom domains from any DNS provider, avoiding the need to host DNS on Cloudflare.
cloudflare-deploy
Deploy applications and infrastructure to Cloudflare using Workers, Pages, and related platform services. Use when the user asks to deploy, host, publish, or set up a project on Cloudflare.
deployment-procedures
Production deployment principles and decision-making. Safe deployment workflows, rollback strategies, and verification. Teaches thinking, not scripts.
nodejs-best-practices
Node.js development principles and decision-making. Framework selection, async patterns, security, and architecture. Teaches thinking, not copying.
ai-image-generator
Generate AI images using Gemini or GPT APIs directly. Covers model selection (Gemini for scenes; GPT Image 2 for text rendering, batch variations, multi-reference compositing; GPT Image 1.5 for transparent icons), the 5-part prompting framework, API calling patterns, multi-turn editing, and quality assurance. Produces photorealistic scenes, icons, illustrations, OG images, posters, infographics, and product shots. Use when building websites that need images, creating marketing assets, or generating visual content. Triggers: 'generate image', 'ai image', 'create hero image', 'make an icon', 'generate illustration', 'create og image', 'poster', 'infographic', 'image variations', 'gpt-image-2', 'ai art', 'image generation'.
app-docs
Generate complete user documentation for a web app with screenshots. Browses the app via browser automation, screenshots every screen, and produces a structured user guide with step-by-step instructions, annotated screenshots, workflow diagrams, and reference tables. Supports quick (key screens), standard (all pages), thorough (every state and flow), and exhaustive (publishable documentation suite). Triggers: 'document the app', 'user guide', 'app documentation', 'screenshot docs', 'generate user docs', 'help docs', 'how-to guide', 'write the docs'.
cloudflare-api
Hit the Cloudflare REST API directly for operations that wrangler and MCP can't handle well. Bulk DNS, custom hostnames, email routing, cache purge, WAF rules, redirect rules, zone settings, Worker routes, D1 cross-database queries, R2 bulk operations, KV bulk read/write, Vectorize queries, Queues, and fleet-wide resource audits. Produces curl commands or scripts. Triggers: 'cloudflare api', 'bulk dns', 'custom hostname', 'email routing', 'cache purge', 'waf rule', 'd1 query', 'r2 bucket', 'kv bulk', 'vectorize query', 'audit resources', 'fleet operation'.
cloudflare-worker-builder
Scaffold and deploy Cloudflare Workers with Hono routing, Vite plugin, and Static Assets. Describe project, scaffold structure, configure bindings, deploy. Use whenever the user wants to create a Worker project, set up Hono on Cloudflare, configure D1 / R2 / KV / Queues bindings, or troubleshoot Worker export syntax, API route conflicts, HMR issues, or deployment failures.
codex-review
Run an independent code review using the OpenAI Codex CLI in headless mode. Gets a second opinion from a different model family (the current Codex models) on recent changes, a PR, a commit, or the whole app — covering bugs, regressions, security, data consistency, UX/state bugs, performance risks, and testing gaps. Saves a severity-prioritised report to .jez/reviews/. Triggers: 'codex review', 'review with codex', 'independent code review', 'what does codex think', 'get codex to review'.
color-palette
Generate complete, accessible colour palettes from a single brand hex. Produces 11-shade scale (50-950), semantic tokens, dark mode variants, Tailwind v4 CSS output, WCAG contrast checks. Use whenever the user supplies a brand hex and asks for a palette, mentions setting up a design system, wants Tailwind theme colours from a brand colour, or asks to check colour accessibility / contrast.
d1-drizzle-schema
Generate Drizzle ORM schemas for Cloudflare D1 databases with correct D1-specific patterns. Produces schema files, migration commands, type exports, and DATABASE_SCHEMA.md documentation. Handles D1 quirks: foreign keys always enforced, no native BOOLEAN/DATETIME types, 100 bound parameter limit, JSON stored as TEXT. Use when creating a new database, adding tables, or scaffolding a D1 data layer.
d1-migration
Cloudflare D1 migration workflow: generate with Drizzle, inspect SQL for gotchas, apply to local and remote, fix stuck migrations, handle partial failures. Use when running migrations, fixing migration errors, or setting up D1 schemas.
db-seed
Generate database seed scripts with realistic sample data. Reads Drizzle schemas or SQL migrations, respects foreign key ordering, produces idempotent TypeScript or SQL seed files. Handles D1 batch limits, unique constraints, and domain-appropriate data. Use when populating dev/demo/test databases. Triggers: 'seed database', 'seed data', 'sample data', 'populate database', 'db seed', 'test data', 'demo data', 'generate fixtures'.
deep-research
Deep research and discovery before building something new. Explores local projects for reusable code, researches competitors, reads forums and reviews, analyses plugin ecosystems, investigates technical options, and produces a comprehensive research brief. Three depths: focused (30 min), wide (1-2 hours), deep (3-6 hours). Triggers: 'research this', 'discovery', 'explore the space', 'what should I build', 'competitive analysis', 'before I start building', 'research before coding'. Not for cited fact-checking research reports (a separate harness does those); this is pre-build product discovery.
design-loop
Autonomous multi-page site builder using a baton-passing loop. Each iteration reads a task from .design/next-prompt.md, generates a page in HTML/Tailwind, integrates it into the site, verifies visually, then writes the next task to keep the loop alive. Use whenever the user asks to build an entire site autonomously, build all pages of a site, generate multiple pages in sequence, or run a 'design loop' / 'baton loop' / 'autonomous site build' — even if they say 'just keep going' or 'build the next page' or 'next page' mid-flow.
design-review
Review a web app or page for visual design quality — layout, typography, spacing, colour, hierarchy, consistency, interaction patterns, and responsive behaviour. Not a UX audit (that checks usability) — this checks whether it looks professional and polished. Produces a design findings report with screenshots. Triggers: 'design review', 'does this look good', 'review the design', 'check the layout', 'is this polished', 'visual review', 'design audit', 'make it look better', 'it looks off'.
design-system
Extract a complete design system from an existing website or screenshot into a DESIGN.md file. Analyses colours, typography, component styles, spacing, and atmosphere through browser automation and HTML inspection. Produces a semantic design system document optimised for consistent page generation. Triggers: 'extract design system', 'design system', 'create DESIGN.md', 'analyse the design', 'what design does this site use', 'extract styles from', 'reverse engineer the design'.
elevenlabs-agents
Build conversational AI voice agents on the ElevenLabs platform. Configure agent + tools + knowledge base, integrate SDK (React / React Native / Swift / JS / server-side), test, deploy. Use whenever the user mentions ElevenLabs, building a voice agent, an AI phone system, an AI receptionist, conversational AI, or troubleshooting deprecated @11labs packages, webhook errors, CSP violations, localhost allowlist, or tool parsing errors.
favicon-gen
Generate custom favicons from logos, text, or brand colours. Produces favicon.svg, favicon.ico, apple-touch-icon.png, icon-192/512.png, and web manifest. Use whenever the user wants a favicon, mentions replacing a CMS default favicon, converting a logo into a favicon, creating branded initials icons, or troubleshooting favicon not displaying / iOS black square / missing manifest.
fork-discipline
Audit and enforce the core/client boundary in multi-client projects. Detects where shared platform code is tangled with client-specific code, finds hardcoded client checks, config files that replace instead of merge, scattered client code, migration conflicts, and missing extension points. Produces a boundary map, violation report, and refactoring plan. Optionally generates FORK.md documentation and restructuring scripts. Triggers: 'fork discipline', 'check the boundary', 'is this core or client', 'platform audit', 'client separation', 'fork test', 'refactor for multi-client', 'clean up the fork'.
git-workflow
Guided git workflows: prepare PRs, clean up branches, resolve merge conflicts, handle monorepo tags, squash-and-merge patterns. Use when asked to prepare a PR, clean branches, resolve conflicts, or tag a release.
github-release
Prepare and publish GitHub releases. Sanitizes code for public release (secrets scan, personal artifacts, LICENSE/README validation), creates version tags, and publishes via gh CLI. Trigger with 'release', 'publish', 'open source', 'prepare for release', 'create release', or 'github release'.
google-apps-script
Build Google Apps Script automation for Sheets and Workspace. Custom menus, triggers (onEdit / time-driven / form submit), dialogs, sidebars, email batches, PDF export, external API. Use whenever the user wants to automate a Google Sheet, build a Sheets menu / sidebar / dialog, hit a Sheets row from email or a webhook, schedule a Sheets workflow, or asks 'how do I script this in Sheets'.
google-chat-messages
Send Google Chat messages via incoming webhooks — text, rich cards (cardsV2), threaded replies. TypeScript types, card builder utility, widget reference inline. Use whenever the user wants to post to Google Chat from a script, build a chatbot reply, send a notification card, build a Google Chat webhook integration, or troubleshoot card / threading issues.
gws-install
Quick install of the Google Workspace CLI (gws) on an additional machine using existing OAuth credentials. Requires client_secret.json from a previous gws-setup. Use whenever the user wants to install gws on a new computer, reinstall after a fresh OS, configure a second workstation, or says 'install gws', 'gws on new machine', 'set up gws again'.
gws-setup
Set up the Google Workspace CLI (gws) from scratch. Guides through GCP project creation, OAuth credentials, authentication, and installing 90+ agent skills for Claude Code. Use whenever the user wants to set up gws for the first time, configure Google Workspace API access, install the Google Workspace CLI, or troubleshoot gws auth issues.
hono-api-scaffolder
Scaffold Hono API routes for Cloudflare Workers. Produces route files, middleware, typed bindings, Zod validation, error handling, and API_ENDPOINTS.md documentation. Use after a project is set up with cloudflare-worker-builder or vite-flare-starter, when you need to add API routes, create endpoints, or generate API documentation.
icon-set-generator
Generate cohesive, project-specific SVG icon sets for websites and applications. Use this skill whenever the user needs custom icons, an icon set for a website or app, icons for a client project, or mentions needing SVG icons that look consistent together. Also trigger when the user describes a project and icons would naturally be part of the deliverable — e.g. 'I'm building a site for a plumber' implies they'll need service icons. Trigger on: 'icons for', 'icon set', 'custom icons', 'SVG icons', 'make me icons', 'I need icons', 'website icons', 'project icons', or any request for consistent visual assets for a web project. Produces individual SVG files with a consistent style engine, not generic icon library lookups.
image-processing
Process images for web development — resize, crop, trim whitespace, convert formats (PNG/WebP/JPG), optimise file size, generate thumbnails, create OG card images. Uses Pillow (Python) — no ImageMagick needed. Trigger with 'resize image', 'convert to webp', 'trim logo', 'optimise images', 'make thumbnail', 'create OG image', 'crop whitespace', 'process image', or 'image too large'.
landing-page
Generate a complete, deployable landing page from a brief. Produces a single self-contained HTML file with Tailwind CSS (via CDN), responsive design, dark mode, semantic HTML, and OG meta tags. Sections: hero with CTA, features, social proof, pricing (optional), FAQ, footer. Use when building a marketing page, product launch page, coming soon page, or any standalone landing page. Triggers: 'landing page', 'create a page', 'marketing page', 'launch page', 'coming soon page', 'one-page site'.
mcp-builder
Build MCP servers in Python with FastMCP. Define tools / resources / prompts, build the server, test locally, deploy to FastMCP Cloud or Docker. Use whenever the user mentions building an MCP server, exposing tools to LLMs, FastMCP, building a Claude integration, or troubleshooting FastMCP module-level server, storage, lifespan, middleware, OAuth, or deployment errors.
nemoclaw-setup
Install and configure NVIDIA NemoClaw (sandboxed OpenClaw agent platform) on Linux. Handles cloudflared tunnels, Docker cgroup fixes, OpenShell, sandbox creation, remote access via Cloudflare Tunnel, and known bug workarounds. Use whenever the user mentions installing NemoClaw, setting up OpenClaw, configuring an NVIDIA Spark or DGX for sandboxed agents, or troubleshooting NemoClaw deployment.
onboarding-ux
Audit and generate in-app user guidance — onboarding flows, empty states, tooltips, feature tours, contextual help, defaults, and inline hints. Browses the app to find where new users would get stuck, then produces the actual content and code to fix it. Pairs with ux-audit: audit finds problems, this skill builds the solutions. Triggers: 'onboarding', 'help content', 'empty states', 'user guidance', 'first run experience', 'feature tour', 'app is confusing', 'new user experience', 'make the app welcoming'.
product-showcase
Generate a comprehensive marketing website for a web app — multi-page with real screenshots, animated GIF walkthroughs, feature deep-dives, and workflow demonstrations. Browses the running app, captures screens and sequences, and produces a deployable site that actually teaches people what the product does. Especially useful for complex or agentic apps that are hard to explain. Triggers: 'showcase site', 'product page', 'show off the app', 'marketing site', 'demo site', 'product showcase', 'explain the app', 'how do I market this'.
project-docs
Generate project documentation from codebase analysis — ARCHITECTURE.md, API_ENDPOINTS.md, DATABASE_SCHEMA.md. Reads source code, schema files, routes, and config to produce accurate, structured docs. Use when starting a project, onboarding contributors, or when docs are missing or stale. Triggers: 'generate docs', 'document architecture', 'create api docs', 'document schema', 'project documentation', 'write architecture doc'.
project-health
All-in-one project configuration and health management. Sets up new projects (settings.local.json, CLAUDE.md, .gitignore), audits existing projects (permissions, context quality, MCP coverage, leaked secrets, stale docs), tidies accumulated cruft, captures session learnings, and adds permission presets. Uses sub-agents for heavy analysis to keep main context clean. Trigger with 'project health', 'check project', 'setup project', 'kickoff', 'bootstrap', 'tidy permissions', 'clean settings', 'capture learnings', 'audit context', 'add python permissions', or 'init project'.
react-native
React Native and Expo patterns for building performant mobile apps. Covers list performance, animations with Reanimated, navigation, UI patterns, state management, platform-specific code, and Expo workflows. Use when building or reviewing React Native code. Triggers: 'react native', 'expo', 'mobile app', 'react native performance', 'flatlist', 'reanimated', 'expo router', 'mobile development', 'ios app', 'android app'.
react-patterns
React 19 performance patterns and composition architecture for Vite + Cloudflare projects. 50+ rules ranked by impact — eliminating waterfalls, bundle optimisation, re-render prevention, composition over boolean props, server/client boundaries, and React 19 APIs. Use when writing, reviewing, or refactoring React components. Triggers: 'react patterns', 'react review', 'react performance', 'optimise components', 'react best practices', 'composition patterns', 'why is it slow', 'reduce re-renders', 'fix waterfall'.
responsiveness-check
Test website responsiveness across viewport widths using browser automation. Resizes a single session through breakpoints, screenshots each width, and detects layout transitions (column changes, nav switches, overflow). Produces comparison reports showing exactly where layouts break. Trigger with 'responsiveness check', 'check responsive', 'breakpoint test', 'viewport test', 'responsive sweep', 'check breakpoints', or 'test at mobile'.
roadmap
Plan and execute entire application builds. Generates phased delivery roadmaps, then executes them autonomously — phase by phase, committing at milestones, deploying, testing, and continuing until done or stuck. Modes: plan (generate roadmap), start (begin executing), resume (continue from where you left off), status (show progress). Triggers: 'roadmap', 'start building', 'resume the build', 'keep going', 'build the whole thing', 'execute the roadmap', 'what phase are we on'.
shadcn-ui
Install and configure shadcn/ui components for React projects. Guides component selection, installation order, dependency management, customisation with semantic tokens, and common UI recipes (forms, data tables, navigation, modals). Use after tailwind-theme-builder has set up the theme infrastructure, when adding components, building forms, creating data tables, or setting up navigation.
shopify-content
Create and manage Shopify pages, blog posts, navigation menus, redirects, and SEO metadata via the Admin API or browser automation. Use whenever the user wants to add a page to a Shopify store, write a Shopify blog post, update the storefront navigation, manage redirects, or tune SEO metadata on a Shopify site.
shopify-products
Create and manage Shopify products via the Admin GraphQL API or CSV import. Workflow: gather data, choose method, execute, verify. Use whenever the user wants to add products to Shopify, bulk-import a catalog from CSV/spreadsheet/URL, update variants or prices, manage inventory quantities, upload product images, or assign products to collections.
shopify-setup
Set up Shopify CLI auth and Admin API access for a store. Install CLI, authenticate, create custom app, store access token, verify. Use whenever the user wants to connect to a Shopify store, set up Shopify API access, install Shopify CLI, or troubleshoot Shopify auth / Admin API token issues.
social-media-posts
Create platform-specific social media posts for LinkedIn, Facebook, Instagram, and Reddit. Handles character limits, hashtag strategies, hook placement, and image specs per platform. Works from scratch, from existing content (blog, newsletter, announcement), or as a multi-platform campaign. Produces copy-paste-ready posts. Triggers: 'social media post', 'linkedin post', 'facebook post', 'instagram caption', 'reddit post', 'social posts', 'post to social', 'repurpose for social', 'social media campaign'.
stripe-payments
Add Stripe payments to a web app — Checkout Sessions, Payment Intents, subscriptions, webhooks, customer portal, and pricing pages. Covers the decision of which Stripe API to use, produces working integration code, and handles webhook verification. No MCP server needed — uses Stripe npm package directly. Triggers: 'add payments', 'stripe', 'checkout', 'subscription', 'payment form', 'pricing page', 'billing', 'accept payments', 'stripe webhook', 'customer portal'.
tailwind-theme-builder
Set up Tailwind v4 + shadcn/ui themed UI with dark mode. Install deps, configure CSS variables via @theme inline, wire dark mode toggle, verify. Use whenever the user mentions Tailwind v4, setting up Tailwind theming, shadcn/ui colours, dark mode, or troubleshooting colours not working, tw-animate-css errors, @theme inline conflicts, @apply breaking after upgrade, or v3 → v4 migration issues.
tanstack-start
Build a full-stack TanStack Start app on Cloudflare Workers from scratch — SSR, file-based routing, server functions, D1+Drizzle, better-auth, Tailwind v4+shadcn/ui. Use whenever the user mentions TanStack Start, asks to scaffold a full-stack Cloudflare app with SSR, wants an SSR dashboard, or asks for a React 19 + Cloudflare Workers app with file-based routing and server functions — even if they don't name TanStack Start specifically. No template repo — Claude generates every file fresh per project.
team-update
Post project updates to team chat, gather feedback, triage responses, and plan next steps. Adapts to available tools (chat, git, issues, tasks). First run discovers tools and saves a playbook; subsequent runs execute from the playbook. Trigger with 'team update', 'post update', 'sync with team', 'standup', 'check team chat', 'feedback loop', 'project update', 'what did the team say'.
ux-audit
Walk through a live web app AS a real user to find usability + behavioural bugs that static reviews miss. REQUIRES proof of interaction (typing, clicking, sending, observing) before any verdict — a sweep that didn't interact terminates with verdict 'Incomplete'. Walks threads, exercises every element, runs the multi-pane stress matrix, visual polish sweep, component perfection checklist, automated a11y (axe-core), pragmatic performance budget (LCP/CLS/INP), scenario battery (11 scenarios), and stress recipes including the real-flavour data battery. Hard gates: console errors/warnings = 0, network 5xx = 0, layout collapse = 0, axe Critical/Serious = 0, perf budget green. Audit-the-audit meta-check rejects rushed reports. Each finding has reproduction steps, evidence path, and suspected code location. Trigger with 'ux audit', 'walkthrough', 'qa sweep', 'audit the app', 'dogfood this', 'check all pages', 'find what's broken', 'stress the UI'.
ux-compare
Compare UX patterns across multiple reference apps using pattern libraries produced by ux-extract. Reads 2+ pattern-library.md files, walks them category by category, identifies where apps converge (strong signal), where they diverge (genuine design choice), what's unique to one app, and what's absent across the set. Produces an opinionated comparison document with recommendations for a new build. No browser needed — pure markdown analysis. Trigger with 'compare UX patterns', 'how do top apps handle X', 'ux comparison', 'pattern comparison across reference apps'.
ux-extract
Exhaustively extract UX patterns from a reference web app. Walks every screen, captures screenshots of every state, records interaction patterns, copy verbatim, keyboard shortcuts, responsive treatments, motion, and empty/error/loading states. Produces a reusable pattern library that other audits can compare against. The inverse of ux-audit — asks 'what is the bar?' rather than 'does this match the bar?'. Trigger with 'learn from X', 'extract patterns from X', 'study X's UX', 'reverse engineer the UX of X', 'build a pattern library from X'.
vite-flare-starter
Scaffold a full-stack Cloudflare app from the vite-flare-starter template — React 19 + Hono + D1+Drizzle + better-auth + Tailwind v4+shadcn/ui + TanStack Query + R2 + Workers AI. Run setup.sh to clone, configure, and deploy. Use whenever the user wants a batteries-included Cloudflare full-stack app, vite-flare-starter scaffold, or a React + Cloudflare app with auth + database + Workers AI ready to go.
vitest
Set up Vitest testing in any project — detects type (Cloudflare Workers, React, Node, library), generates vitest.config.ts, test setup, utilities, and a sample test. Covers mocking patterns, coverage config, workspace setup, Jest migration. Use whenever the user mentions adding tests, setting up Vitest, configuring tests, migrating from Jest, fixing testing infrastructure, or asks 'how do I test this'.
walkthrough-video
Generate professional walkthrough videos from app screenshots or live sites using Remotion. Smooth transitions, zoom effects, text overlays, and optional voiceover narration. Produces MP4 videos for demos, product showcases, or documentation. Triggers: 'walkthrough video', 'demo video', 'product video', 'create a video walkthrough', 'remotion video', 'screen recording', 'app demo', 'showcase video', 'generate video from screenshots'.
wordpress-content
Create and manage WordPress posts, pages, media, categories, and menus. Workflow: determine content type, choose method (WP-CLI or REST API), execute, verify. Use when creating blog posts, updating pages, uploading media, managing categories and tags, updating menus, or doing bulk content operations on WordPress sites.
wordpress-elementor
Edit Elementor pages and manage templates on WordPress sites. Workflow: identify page, choose editing method (browser or WP-CLI), execute, verify. Use when editing Elementor pages, updating text in Elementor widgets, applying or managing Elementor templates, or making content changes to pages built with Elementor page builder.
wordpress-setup
Connect to a WordPress site via WP-CLI over SSH or REST API. Workflow: check CLI, test SSH connection, set up auth, verify access, save config. Use when connecting to a WordPress site, setting up WP-CLI access, creating application passwords, or troubleshooting WordPress connection issues.
detecting-sql-injection-via-waf-logs
Analyze WAF (ModSecurity/AWS WAF/Cloudflare) logs to detect SQL injection attack campaigns. Parses ModSecurity audit logs and JSON WAF event logs to identify SQLi patterns (UNION SELECT, OR 1=1, SLEEP(), BENCHMARK()), tracks attack sources, correlates multi-stage injection attempts, and generates incident reports with OWASP classification.
hunting-for-domain-fronting-c2-traffic
Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate discrepancies using pyOpenSSL for certificate inspection
file-uploads
Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking. Use when: file upload, S3, R2, presigned URL, multipart.
gitnexus-explorer
Index a codebase with GitNexus and serve an interactive knowledge graph via web UI + Cloudflare tunnel.
grok
Delegate coding to xAI Grok Build CLI (features, PRs).
pinggy-tunnel
Zero-install localhost tunnels over SSH via Pinggy.
popular-web-designs
54 production-quality design systems extracted from real websites. Load a template to generate HTML/CSS that matches the visual identity of sites like Stripe, Linear, Vercel, Notion, Airbnb, and more. Each template includes colors, typography, components, layout rules, and ready-to-use CSS values.
scrapling
Web scraping with Scrapling - HTTP fetching, stealth browser automation, Cloudflare bypass, and spider crawling via CLI and Python.
watcher-creator
Guide for creating agent-deck watchers conversationally. This skill should be used when users want to set up a new watcher (webhook, ntfy, github, slack, gmail) to route events to a conductor. It walks the user through selecting an adapter type, gathering required settings, generating watcher.toml and clients.json entries, and emits the exact `agent-deck watcher create` command to run.
cf-crawl
Crawl entire websites using Cloudflare Browser Rendering /crawl API. Initiates async crawl jobs, polls for completion, and saves results as markdown files. Useful for ingesting documentation sites, knowledge bases, or any web content into your project context. Requires CLOUDFLARE_ACCOUNT_ID and CLOUDFLARE_API_TOKEN environment variables.
cloudflare-deploy
Comprehensive Cloudflare platform skill covering Workers, Pages, storage (KV, D1, R2), AI (Workers AI, Vectorize, Agents SDK), networking (Tunnel, Spectrum), security (WAF, DDoS), and infrastructure-as-code (Terraform, Pulumi). Use for any Cloudflare development task. Biases towards retrieval from Cloudflare docs over pre-trained knowledge.
aussie-business-english
Australian business English writing style for professional communications. Warm, direct, EN-AU spelling. Use when writing emails, chat messages, proposals, client communications, or any business writing for Australian SME audiences. Applies to drafting, editing, and tone-checking any professional text.
award-application
Write compelling award submissions, grant applications, and competition entries. Maps achievements to selection criteria using evidence-based narratives. Handles business awards (Telstra, chamber of commerce), industry awards, and grant applications. Use when preparing any competitive submission where you need to demonstrate merit against defined criteria.
nz-business-english
New Zealand business English writing style for professional communications. Warm, inclusive, EN-NZ spelling. Use when writing emails, chat messages, proposals, client communications, or any business writing for New Zealand SME audiences. Applies to drafting, editing, and tone-checking any professional text.
parcel-tracking
Track parcels and check delivery status for Australian and international couriers. Searches Gmail for dispatch/shipping emails and provides tracking links for all major Australian couriers including AusPost, StarTrack, Aramex, CouriersPlease, Sendle, Toll, Team Global Express, DHL, FedEx, TNT, Hunter Express, Border Express, Direct Freight Express, and UPS. Triggers: 'where is my parcel', 'track my order', 'has my package arrived', 'tracking status', 'check tracking', 'where is my delivery'.
proposal-writer
Write a client proposal or quote for a service business. Covers project understanding, scope, timeline, pricing presentation, and terms. Works for web development, consulting, trades, professional services, and any B2B service engagement. Triggers: proposal, quote, project proposal, client proposal, scope of work, SOW, engagement letter.
resume-cover-letter
Write a resume/CV or cover letter tailored to a specific role. Handles regional format differences (AU/NZ, US, UK), ATS-friendly formatting, achievement-focused bullets, and cover letter structure. Use when someone needs help with a job application, resume review, CV update, or cover letter draft. Triggers: resume, CV, cover letter, job application, career document.
seo-local-business
Generate complete SEO setup for local business websites — HTML head tags, JSON-LD LocalBusiness schema, robots.txt, sitemap.xml. Australian-optimised with +61 phone, ABN, suburb patterns.
strategy-document
Write structured strategic documents for small and medium businesses. Produces SWOT analyses, lean business plans, OKRs, and competitive analyses. Each mode has a defined structure and quality bar. Use when a business needs to articulate strategy, set goals, analyse competition, or plan for growth. Outputs actionable documents, not generic frameworks.
uk-business-english
British business English writing style for professional communications. Polished, understated, EN-GB spelling. Use when writing emails, chat messages, proposals, client communications, or any business writing for British SME audiences. Applies to drafting, editing, and tone-checking any professional text.
us-business-english
American business English writing style for professional communications. Direct, action-oriented, EN-US spelling. Use when writing emails, chat messages, proposals, client communications, or any business writing for American SME audiences. Applies to drafting, editing, and tone-checking any professional text.
cloudflare-d1
Cloudflare D1 serverless SQLite on edge. Use for databases, migrations, bindings, or encountering D1_ERROR, statement too long, too many requests queued errors.
inspira-ui
120+ Vue/Nuxt animated components with TailwindCSS v4, motion-v, GSAP, Three.js. Use for hero sections, 3D effects, interactive backgrounds, or encountering setup, CSS variables, motion-v integration errors.
multi-ai-consultant
Consult external AIs (Gemini 2.5 Pro, OpenAI Codex, Claude) for second opinions. Use for debugging failures, architectural decisions, security validation, or need fresh perspective with synthesis.
sveltia-cms
Sveltia CMS Git-backed content management (Decap/Netlify CMS successor). 5x smaller bundle (300 KB), GraphQL performance, solves 260+ issues. Use for static sites (Hugo, Jekyll, 11ty, Gatsby, Astro, Next.js), blogs, docs, i18n, or encountering OAuth errors, TOML/YAML issues, CORS problems, content listing errors.
swift-best-practices
This skill should be used when writing or reviewing Swift code for iOS or macOS projects. Apply modern Swift 6+ best practices, concurrency patterns, API design guidelines, and migration strategies. Covers async/await, actors, MainActor, Sendable, typed throws, and Swift 6 breaking changes. Keywords: concurrency, async-await, actors, Sendable, typed-throws, Swift-6, migration, data-races, MainActor, nonisolated, isolated, iOS, macOS, SwiftUI, Combine, Swift-concurrency, actor-isolation, strict-concurrency, Swift-migration, modern-Swift, Swift-evolution, code-review, Swift-patterns, Apple-platforms, Xcode, iOS-development, macOS-development
tanstack-router
TanStack Router type-safe file-based routing for React. Use for SPAs, TanStack Query integration, Cloudflare Workers, or encountering devtools, type safety, loader, Vite bundling errors.
tanstack-table
TanStack Table v8 headless data tables with server-side features for Cloudflare Workers + D1. Use for pagination, filtering, sorting, virtualization, or encountering state management, TanStack Query coordination, URL sync errors.
cli-tunnel
Start and stop tunnel connections (ngrok, Cloudflare, custom) from the CLI. Inspect active tunnel URLs, configure authentication, and test external reachability.
omni-tunnels
Create and manage secure tunnels (ngrok, Cloudflare Tunnel, custom) to expose OmniRoute to the internet or share access with remote agents and CI pipelines.
pinme
Use this skill when the user mentions "pinme", or needs to upload files, store to IPFS, create/publish/deploy websites or full-stack services (including frontend pages, backend APIs, database storage, email sending, etc.), or any feature requiring backend database/server support.
chatgpt-imagegen
Generate raster images (PNG/JPEG/WebP) using the user's ChatGPT subscription via a local one-file Python CLI — no OPENAI_API_KEY, no gateway, no daemon. Two backends: web (default) drives the user's logged-in ChatGPT browser so generation runs on the conversation surface and does NOT consume Codex-usage limits; codex is a headless fallback that bills the Codex-usage bucket. Use when an agent needs to create a brand-new bitmap asset for the current project (photos, illustrations, icons, hero banners, mockups, sprites, concept art) and the output should be a bitmap file saved into the workspace. Do not use when the task is better solved by editing existing SVG/vector assets, writing code-native graphics (HTML/CSS/canvas), or extending an established repo icon system.
nuxt
Nuxt full-stack Vue framework with SSR, auto-imports, and file-based routing. Use when working with Nuxt apps, server routes, useFetch, middleware, or hybrid rendering.
access-control-rbac
Role-based access control (RBAC) with permissions and policies. Use for admin dashboards, enterprise access, multi-tenant apps, fine-grained authorization, or encountering permission hierarchies, role inheritance, policy conflicts.
aceternity-ui
100+ animated React components (Aceternity UI) for Next.js with Tailwind. Use for hero sections, parallax, 3D effects, or encountering animation, shadcn CLI integration errors.
api-authentication
Secure API authentication with JWT, OAuth 2.0, API keys. Use for authentication systems, third-party integrations, service-to-service communication, or encountering token management, security headers, auth flow errors.
api-contract-testing
Verifies API contracts between services using consumer-driven contracts, schema validation, and tools like Pact. Use when testing microservices communication, preventing breaking changes, or validating OpenAPI specifications.
api-design-principles
Master REST and GraphQL API design principles to build intuitive, scalable, and maintainable APIs that delight developers. Use when designing new APIs, reviewing API specifications, or establishing API design standards.
api-error-handling
Implements standardized API error responses with proper status codes, logging, and user-friendly messages. Use when building production APIs, implementing error recovery patterns, or integrating error monitoring services.
api-filtering-sorting
Builds flexible API filtering and sorting systems with query parameter parsing, validation, and security. Use when implementing search endpoints, building data grids, or creating dynamic query APIs.
api-security-hardening
REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues.
api-testing
HTTP API testing for TypeScript (Supertest) and Python (httpx, pytest). Test REST APIs, GraphQL, request/response validation, authentication, and error handling.
app-store-deployment
Publishes mobile applications to iOS App Store and Google Play with code signing, versioning, and CI/CD automation. Use when preparing app releases, configuring signing certificates, or setting up automated deployment pipelines.
architecture-patterns
Implement proven backend architecture patterns including Clean Architecture, Hexagonal Architecture, and Domain-Driven Design. Use when architecting complex backend systems or refactoring existing applications for better maintainability.
better-auth
Skill for integrating Better Auth - comprehensive TypeScript authentication framework for Cloudflare D1, Next.js, Nuxt, and 15+ frameworks. Use when adding auth, encountering D1 adapter errors, or implementing OAuth/2FA/RBAC features.
bun-bundler
This skill should be used when the user asks about "bun build", "Bun.build", "bundling with Bun", "code splitting", "tree shaking", "minification", "sourcemaps", "bundle optimization", "esbuild alternative", "building for production", "bundling TypeScript", "bundling for browser", "bundling for Node", or JavaScript/TypeScript bundling with Bun.
bun-cloudflare-workers
This skill should be used when the user asks about "Cloudflare Workers with Bun", "deploying Bun to Workers", "wrangler with Bun", "edge deployment", "Bun to Cloudflare", or building and deploying applications to Cloudflare Workers using Bun.
bun-docker
Use for Docker with Bun, Dockerfiles, oven/bun image, containerization, and deployments.
bun-drizzle-integration
Use when integrating Drizzle ORM with Bun's SQLite driver for type-safe schema definitions and migrations.
bun-ffi
This skill should be used when the user asks about "bun:ffi", "foreign function interface", "calling C from Bun", "native libraries", "dlopen", "shared libraries", "calling native code", or integrating C/C++ libraries with Bun.
bun-hono-integration
Use when building APIs with Hono framework on Bun, including routing, middleware, REST APIs, context handling, or web framework features.
bun-hot-reloading
Use when implementing hot reloading with Bun (--hot, --watch), HMR, or automatic code reloading during development. Covers watch mode, hot mode, and HTTP server reload.
bun-http-server
Use when building HTTP servers with Bun.serve, handling requests/responses, implementing routing, creating REST APIs, or configuring fetch handlers.
bun-jest-migration
Use when migrating from Jest to Bun's test runner, import compatibility, mocks, and config.
bun-macros
Evaluate JavaScript at bundle time and inline results. Use when optimizing compile-time code generation, embedding files, inlining environment variables, or executing code during the bundling process.
bun-nextjs
This skill should be used when the user asks about "Next.js with Bun", "Bun and Next", "running Next.js on Bun", "Next.js development with Bun", "create-next-app with Bun", or building Next.js applications using Bun as the runtime.
bun-nuxt
Use when running Nuxt 3 with Bun runtime, building Vue/Nuxt apps with Bun, or configuring Nuxt projects to use Bun for development and production.
bun-package-manager
Bun package manager commands (install, add, remove, update), workspaces, lockfiles, npm/yarn/pnpm migration. Use for dependency management with Bun.
bun-react-ssr
Use when building server-rendered React with Bun, including streaming SSR, hydration, renderToString, or custom SSR without a framework.
bun-redis
Use when working with Redis in Bun (ioredis, Upstash), caching, pub/sub, session storage, or key-value operations.
bun-runtime
Use for Bun runtime, bunfig.toml, watch/hot modes, env vars, CLI flags, and module resolution.
bun-shell
Bun shell scripting with Bun.$, Bun.spawn, subprocess management. Use for shell commands, template literals, or command execution.
bun-sqlite
Use for bun:sqlite, SQLite operations, prepared statements, transactions, and queries.
bun-sveltekit
Use when building or running SvelteKit apps on Bun, including SSR, adapters, and Bun-specific APIs
bun-tanstack-start
TanStack Start full-stack React framework with Bun runtime. Use for TanStack Router, server functions, vinxi, or encountering SSR, build, preset errors.
bun-test-basics
Use for bun:test syntax, assertions, describe/it, test.skip/only/each, and basic patterns.
bun-test-coverage
Use for test coverage with Bun, --coverage flag, lcov reports, thresholds, and CI integration.
bun-test-mocking
Use for mock functions in Bun tests, spyOn, mock.module, implementations, and test doubles.
bun-websocket-server
This skill should be used when the user asks about "WebSocket in Bun", "real-time communication", "Bun.serve websocket", "ws server", "socket connections", "pub/sub", "broadcasting messages", "WebSocket upgrade", or building real-time applications with Bun.
bun-workers
Use for Web Workers in Bun, worker_threads, parallel processing, and background tasks.
chrome-devtools
Browser automation with Puppeteer CLI scripts. Use for screenshots, performance analysis, network monitoring, web scraping, form automation, or encountering JavaScript debugging, browser automation errors.
claude-code-bash-patterns
Claude Code Bash tool patterns with hooks, automation, git workflows. Use for PreToolUse hooks, command chaining, CLI orchestration, custom commands, or encountering bash permissions, command failures, security guards, hook configurations.
claude-hook-writer
Expert guidance for writing secure, reliable, and performant Claude Code hooks - validates design decisions, enforces best practices, and prevents common pitfalls. Use when creating, reviewing, or debugging Claude Code hooks.
cloudflare-agents
Build AI agents on Cloudflare Workers with MCP integration, tool use, and LLM providers.
cloudflare-manager
Comprehensive Cloudflare account management for deploying Workers, KV Storage, R2, Pages, DNS, and Routes. Use when deploying cloudflare services, managing worker containers, configuring KV/R2 storage, or setting up DNS/routing. Requires CLOUDFLARE_API_KEY in .env and Bun runtime with dependencies installed.
cloudflare-workers-ci-cd
Complete CI/CD guide for Cloudflare Workers using GitHub Actions and GitLab CI. Use for automated testing, deployment pipelines, preview environments, secrets management, or encountering deployment failures, workflow errors, environment configuration issues.
cloudflare-workers-dev-experience
Cloudflare Workers local development with Wrangler, Miniflare, hot reload, debugging. Use for project setup, wrangler.jsonc configuration, or encountering local dev, HMR, binding simulation errors.
cloudflare-workers-frameworks
Framework integration for Cloudflare Workers. Use when building with Hono, Remix, Next.js, Astro, SvelteKit, Qwik, or Nuxt on Workers. Covers routing, SSR, static assets, and edge deployment.
cloudflare-workers-migration
Migrate to Cloudflare Workers from AWS Lambda, Vercel, Express, and Node.js. Use when porting existing applications to the edge, adapting serverless functions, or resolving Node.js API compatibility issues.
cloudflare-workers-multi-lang
Multi-language Workers development with Rust, Python, and WebAssembly. Use when building Workers in languages other than JavaScript/TypeScript, or when integrating WASM modules for performance-critical code.
cloudflare-workers-observability
Cloudflare Workers observability with logging, Analytics Engine, Tail Workers, metrics, and alerting. Use for monitoring, debugging, tracing, or encountering log parsing, metric aggregation, alert configuration errors.
cloudflare-workers-performance
Cloudflare Workers performance optimization with CPU, memory, caching, bundle size. Use for slow workers, high latency, cold starts, or encountering CPU limits, memory issues, timeout errors.
cloudflare-workers-runtime-apis
Cloudflare Workers Runtime APIs including Fetch, Streams, Crypto, Cache, WebSockets, and Encoding. Use for HTTP requests, streaming, encryption, caching, real-time connections, or encountering API compatibility, response handling, stream processing errors.
cloudflare-workers-security
Cloudflare Workers security with authentication, CORS, rate limiting, input validation. Use for securing APIs, JWT/API keys, or encountering auth failures, CORS errors, XSS/injection vulnerabilities.
cloudflare-workers-testing
Comprehensive testing guide for Cloudflare Workers using Vitest and @cloudflare/vitest-pool-workers. Use for test setup, binding mocks (D1/KV/R2/DO), integration tests, or encountering test failures, mock errors, coverage issues.
code-review
Code review practices with technical rigor and verification gates. Use for receiving feedback, requesting code-reviewer subagent reviews, or preventing false completion claims in pull requests.
csrf-protection
Implements CSRF protection using synchronizer tokens, double-submit cookies, and SameSite attributes. Use when securing web forms, protecting state-changing endpoints, or implementing defense-in-depth authentication.
database-schema-design
Database schema design for PostgreSQL/MySQL with normalization, relationships, constraints. Use for new databases, schema reviews, migrations, or encountering missing PKs/FKs, wrong data types, premature denormalization, EAV anti-pattern.
database-sharding
Database sharding for PostgreSQL/MySQL with hash/range/directory strategies. Use for horizontal scaling, multi-tenant isolation, billions of records, or encountering wrong shard keys, hotspots, cross-shard transactions, rebalancing issues.
defense-in-depth-validation
Validate at every layer data passes through to make bugs impossible. Use when invalid data causes failures deep in execution, requiring validation at multiple system layers.
dependency-upgrade
Secure dependency upgrades with supply chain protection, cooldowns, and staged rollout. Use when upgrading deps, configuring security policies, or preventing supply chain attacks.
design-system-creation
Creates comprehensive design systems with typography, colors, components, and documentation for consistent UI development. Use when establishing design standards, building component libraries, or ensuring cross-team consistency. Keywords: design-tokens, typography, spacing, color-palette, components, patterns, variables, dark-mode, theming, CSS-variables, accessibility, WCAG, responsive, grid-system, breakpoints, design-scale, semantic-tokens, component-library, style-guide, documentation, Figma, Storybook, brand-consistency, design-principles
drizzle-orm-d1
Type-safe ORM for Cloudflare D1 databases using Drizzle. Use when: building D1 database schemas, writing type-safe SQL queries, managing migrations with Drizzle Kit, defining table relations, implementing prepared statements, using D1 batch API, or encountering D1_ERROR, transaction errors, foreign key constraint failures, or schema inference issues. Keywords: drizzle orm, drizzle d1, type-safe sql, drizzle schema, drizzle migrations, drizzle kit, orm cloudflare, d1 orm, drizzle typescript, drizzle relations, drizzle transactions, drizzle query builder, schema definition, prepared statements, drizzle batch, migration management, relational queries, drizzle joins, D1_ERROR, BEGIN TRANSACTION d1, foreign key constraint, migration failed, schema not found, d1 binding error, schema design, database indexes, soft deletes, uuid primary keys, enum constraints, performance optimization, naming conventions, schema testing
frontend-design
Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
google-gemini-file-search
Google Gemini File Search for managed RAG with 100+ file formats. Use for document Q&A, knowledge bases, or encountering immutability errors, quota issues, polling failures. Supports Gemini 3 Pro/Flash (Gemini 2.5 legacy).
graphql-implementation
Builds GraphQL APIs with schema design, resolvers, error handling, and performance optimization using Apollo or Graphene. Use when creating flexible query APIs, migrating from REST, or implementing real-time subscriptions.
health-check-endpoints
Health check endpoints for liveness, readiness, dependency monitoring. Use for Kubernetes, load balancers, auto-scaling, or encountering probe failures, startup delays, dependency checks, timeout configuration errors.
idempotency-handling
Idempotent API operations with idempotency keys, Redis caching, DB constraints. Use for payment systems, webhook retries, safe retries, or encountering duplicate processing, race conditions, key expiry errors.
interaction-design
Creates intuitive user experiences through feedback patterns, microinteractions, and accessible interaction design. Use when designing loading states, error handling UX, animation guidelines, or touch interactions.
internationalization-i18n
Implements multi-language support using i18next, gettext, or Intl API with translation workflows and RTL support. Use when building multilingual applications, handling date/currency formatting, or supporting right-to-left languages.
jest-generator
Generate Jest unit tests for JavaScript/TypeScript with mocking, coverage. Use for JS/TS modules, React components, test generation, or encountering missing coverage, improper mocking, test structure errors.
kpi-dashboard-design
Designs effective KPI dashboards with proper metric selection, visual hierarchy, and data visualization best practices. Use when building executive dashboards, creating analytics views, or presenting business metrics.
logging-best-practices
Structured logging with proper levels, context, PII handling, centralized aggregation. Use for application logging, log management integration, distributed tracing, or encountering log bloat, PII exposure, missing context errors.
maz-ui
Maz-UI v4 - Modern Vue & Nuxt component library with 50+ standalone components, composables, directives, theming, i18n, and SSR support. Use when building Vue/Nuxt applications with forms, dialogs, tables, animations, or need responsive design system with dark mode.
microservices-patterns
Design microservices architectures with service boundaries, event-driven communication, and resilience patterns. Use when building distributed systems, decomposing monoliths, or implementing microservices.
ml-model-training
Train ML models with scikit-learn, PyTorch, TensorFlow. Use for classification/regression, neural networks, hyperparameter tuning, or encountering overfitting, underfitting, convergence issues.
ml-pipeline-automation
Automate ML workflows with Airflow, Kubeflow, MLflow. Use for reproducible pipelines, retraining schedules, MLOps, or encountering task failures, dependency errors, experiment tracking issues.
mobile-offline-support
Offline-first mobile apps with local storage, sync queues, conflict resolution. Use for offline functionality, data sync, connectivity handling, or encountering sync conflicts, queue management, storage limits, network transition errors.
model-deployment
Deploy ML models with FastAPI, Docker, Kubernetes. Use for serving predictions, containerization, monitoring, drift detection, or encountering latency issues, health check failures, version conflicts.
motion
Motion (Framer Motion) React animation library. Use for drag-and-drop, scroll animations, gestures, SVG morphing, or encountering bundle size, complex transitions, spring physics errors.
mutation-testing
Validate test effectiveness with mutation testing using Stryker (TypeScript/JavaScript with Vitest or bun test via @hughescr/stryker-bun-runner) and mutmut (Python). Find weak tests that pass despite code mutations. Use to improve test quality.
nano-banana-prompts
Generate optimized prompts for Gemini 2.5 Flash Image (Nano Banana). Use for image generation, crafting photo prompts, art styles, or multi-turn editing workflows with best practices.
neon-vercel-postgres
Neon + Vercel serverless Postgres for edge and serverless environments. Use for Cloudflare Workers, Vercel Edge, Next.js apps with HTTP/WebSocket connections, database branching (git-like), Drizzle/Prisma ORM integration, migrations, PITR backups, or encountering connection pool exhausted errors, TCP connection issues, SSL config problems.
nuxt-core
Nuxt 5 core framework with project setup, routing, SEO, error handling, and Vite 8/Nitro v3 configuration. Use when creating Nuxt 5 apps, setting up routing, or migrating config.
nuxt-data
Nuxt 5 data management with useFetch, useAsyncData, useState, and Pinia. Use when creating composables, fetching data, managing state, or debugging reactive/SSR data issues.
nuxt-production
Nuxt 5 production optimization: hydration, performance, testing with Vitest, deployment to Cloudflare/Vercel/Netlify, and migration from Nuxt 4. Use when: debugging hydration mismatches, optimizing performance and Core Web Vitals, writing tests with Vitest, deploying to Cloudflare Pages/Workers/Vercel/Netlify, or migrating from Nuxt 4 to Nuxt 5. Keywords: hydration, hydration mismatch, ClientOnly, SSR, performance, lazy loading, lazy hydration, Vitest, testing, deployment, Cloudflare Pages, Cloudflare Workers, Vercel, Netlify, NuxtHub, migration, Nuxt 4 to Nuxt 5, Rolldown, Vite 8, Nitro v3, comment placeholder
nuxt-server
Nuxt 5 server-side development with Nitro v3, h3 v2, API routes, middleware, and database integration. Use when creating server routes, integrating D1/Drizzle, or migrating from Nitro v2.
nuxt-studio
This skill should be used when the user asks to "set up Nuxt Studio", "configure Studio OAuth", "deploy Studio to Cloudflare", "add visual editor to Nuxt", "configure studio.domain.com subdomain", "Studio authentication", "Nuxt CMS", or mentions visual content editing, Nuxt Studio module, TipTap editor, Monaco editor, or content management for Nuxt websites.
nuxt-ui-v4
Nuxt UI v4 component library for building Nuxt v4 applications. 125+ accessible components with Tailwind v4, Reka UI, dark mode, theming. Use for dashboards, forms, overlays, editors, page layouts, pricing pages, or encountering component, theming, or TypeScript errors.
oauth-implementation
OAuth 2.0 and OpenID Connect authentication with secure flows. Use for third-party integrations, SSO systems, token-based API access, or encountering authorization code flow, PKCE, token refresh, scope management errors.
payment-gateway-integration
Integrates payment processing with Stripe, PayPal, or Square including subscriptions, webhooks, and PCI compliance. Use when implementing checkout flows, recurring billing, or handling refunds and disputes.
plan-interview
Adaptive interview-driven spec generation. Use when converting rough plans into comprehensive specifications, needing structured requirements gathering, or transforming ideas into implementation-ready documentation.
playwright
Browser automation and E2E testing with Playwright. Auto-detects dev servers, writes clean test scripts. Test pages, fill forms, take screenshots, check responsive design, validate UX, test login flows, check links, automate any browser task. Use for cross-browser testing, visual regression, API testing, component testing in TypeScript/JavaScript and Python projects.
progressive-web-app
Progressive Web Apps with service workers, web manifest, offline support, installation prompts. Use for installable web apps, offline functionality, push notifications, or encountering service worker registration, cache strategy, manifest configuration errors.
push-notification-setup
Implements push notifications across iOS, Android, and web using Firebase Cloud Messaging and native services. Use when adding notification capabilities, handling background messages, or setting up notification channels.
react-best-practices
React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.
react-composition-patterns
React composition patterns that scale. Use when refactoring components with boolean prop proliferation, building flexible component libraries, or designing reusable APIs. Triggers on tasks involving compound components, render props, context providers, or component architecture.
react-native-skills
React Native and Expo best practices for building performant mobile apps. Use when building React Native components, optimizing list performance, implementing animations, or working with native modules. Triggers on tasks involving React Native, Expo, mobile performance, or native platform APIs.
recommendation-engine
Build recommendation systems with collaborative filtering, matrix factorization, hybrid approaches. Use for product recommendations, personalization, or encountering cold start, sparsity, quality evaluation issues.
recommendation-system
Deploy production recommendation systems with feature stores, caching, A/B testing. Use for personalization APIs, low latency serving, or encountering cache invalidation, experiment tracking, quality monitoring issues.
root-cause-tracing
Systematically trace bugs backward through call stack to find original trigger. Use when errors occur deep in execution and you need to trace back to find the original trigger.
security-headers-configuration
Configures HTTP security headers to protect against XSS, clickjacking, and MIME sniffing attacks. Use when hardening web applications, passing security audits, or implementing Content Security Policy.
seo-keyword-cluster-builder
SEO keyword clustering with topic organization, content hub architecture, internal linking strategies. Use for content strategy, keyword research, pillar page structures, or encountering cluster organization, hub architecture, internal linking errors.
seo-optimizer
SEO optimization with keyword analysis, readability assessment, technical validation, content quality. Use for search rankings, blog posts, content audits, or encountering keyword density, readability scores, meta tags, schema markup errors.
sequential-thinking
Systematic step-by-step reasoning with revision and branching. Use for complex problems, multi-stage analysis, design planning, problem decomposition, or encountering unclear scope, alternative approaches needed, revision requirements.
systematic-debugging
Four-phase debugging framework that ensures root cause investigation before attempting fixes. Never jump to solutions. Use when encountering any bug, test failure, or unexpected behavior, before proposing fixes.
tailwind-v4-shadcn
Production-tested setup for Tailwind CSS v4 with shadcn/ui, Vite, and React. Use when: initializing React projects with Tailwind v4, setting up shadcn/ui, implementing dark mode, debugging CSS variable issues, fixing theme switching, migrating from Tailwind v3, or encountering color/theming problems. Covers: @theme inline pattern, CSS variable architecture, dark mode with ThemeProvider, component composition, vite.config setup, common v4 gotchas, and production-tested patterns. Keywords: Tailwind v4, shadcn/ui, @tailwindcss/vite, @theme inline, dark mode, CSS variables, hsl() wrapper, components.json, React theming, theme switching, colors not working, variables broken, theme not applying, @plugin directive, typography plugin, forms plugin, prose class, @tailwindcss/typography, @tailwindcss/forms
technical-specification
Creates detailed technical specifications for software projects covering requirements, architecture, APIs, and testing strategies. Use when planning features, documenting system design, or creating architecture decision records.
test-quality-analysis
Detect test smells, overmocking, flaky tests, and coverage issues. Analyze test effectiveness, maintainability, and reliability. Use when reviewing tests or improving test quality.
threejs
Three.js 3D graphics library - scene setup, geometry, materials, lighting, textures, animation, loaders, shaders, postprocessing, interaction. Use when building 3D web experiences, creating WebGL visualizations, working with GLTF models, implementing custom shaders, or adding interactive 3D elements to web applications.
turborepo
Turborepo monorepo build system guidance. Triggers on: turbo.json, task pipelines, dependsOn, caching, remote cache, the "turbo" CLI, --filter, --affected, CI optimization, environment variables, internal packages, monorepo structure/best practices, and boundaries. Use when user: configures tasks/workflows/pipelines, creates packages, sets up monorepo, shares code between apps, runs changed/affected packages, debugs cache, or has apps/packages directories.
ultracite
Ultracite multi-provider linting/formatting (Biome, ESLint, Oxlint). Use for v6/v7 setup, provider selection, Git hooks, MCP integration, AI hooks, migrations, or encountering configuration, type-aware linting, monorepo errors.
verification-before-completion
Run verification commands and confirm output before claiming success. Use when about to claim work is complete, fixed, or passing, before committing or creating PRs.
vitest-testing
Modern TypeScript/JavaScript testing with Vitest. Fast unit and integration tests, native ESM support, Vite-powered HMR, and comprehensive mocking. Use for testing TS/JS projects.
web-performance-audit
Web performance audits with Core Web Vitals, bottleneck identification, optimization recommendations. Use for page load times, performance reviews, UX optimization, or encountering LCP, FID, CLS issues, resource blocking, render delays.
websocket-implementation
Implements real-time WebSocket communication with connection management, room-based messaging, and horizontal scaling. Use when building chat systems, live notifications, collaborative tools, or real-time dashboards.
woocommerce-code-review
Review WooCommerce code changes for coding standards compliance. Use when reviewing code locally, performing automated PR reviews, or checking code quality in WooCommerce projects.
zod
TypeScript-first schema validation and type inference. Use for validating API requests/responses, form data, env vars, configs, defining type-safe schemas with runtime validation, transforming data, generating JSON Schema for OpenAPI/AI, or encountering missing validation errors, type inference issues, validation error handling problems. Zero dependencies (2kb gzipped).
cloud-uploader
Uploads promo videos and content to Cloudflare R2 or AWS S3. Use when the user wants to host promo content for social media or distribution.
durable-objects
Use when building stateful per-key actors — chat rooms, multiplayer rooms, rate limiters, long-running agents, leaderboards — that need persistent in-memory + storage state across requests
solana-dev
Unified skill hub for Solana development. Routes to external submodule skills (solana-foundation, sendai, solana-game, trailofbits, cloudflare, qedgen, colosseum) and local skills. Progressive disclosure — read only what you need.
content-publish
End-to-end content creation and publishing. Takes a topic (or generates one), drafts in the user's voice, gets approval via Telegram, and publishes to Medium via browser automation. Invoke with "publish a post about X", "write and publish to Medium", "content-publish", or when an ego-dispatched session needs to create and distribute content.
webreaper
Scrape, crawl, or extract structured data from one or more URLs via the `webreaper` CLI. Outputs clean Markdown by default; JSON when a schema is given. Maps a site's URLs in one call. Handles JS-rendered pages and bot-protected sites (Cloudflare, DataDome, PerimeterX) via auto-escalating stealth. Use this skill whenever the user asks to: - scrape, crawl, or extract from a URL or site - get clean Markdown of a webpage (for further processing, not a summary) - pull specific fields from one or many pages - enumerate / discover URLs on a site - read a JS-rendered single-page app - scrape a site that's blocking direct requests Trigger phrases include: "scrape <site>", "crawl <site>", "extract <data> from <url>", "what's on <site>", "what pages does <site> have", "give me the markdown of <url>", "convert <url> to markdown", "pull <field> from <url>", "save <article> as markdown", "build a scraper for <site>", "read <url> into context", "this site is blocking me", "Cloudflare-protected site". Prefer this over the b
api-changelog-versioning
Creates comprehensive API changelogs documenting breaking changes, deprecations, and migration strategies for API consumers. Use when managing API versions, communicating breaking changes, or creating upgrade guides.
api-gateway-configuration
Configures API gateways for routing, authentication, rate limiting, and request transformation in microservice architectures. Use when setting up Kong, Nginx, AWS API Gateway, or Traefik for centralized API management.
api-pagination
Implements efficient API pagination using offset, cursor, and keyset strategies for large datasets. Use when building paginated endpoints, implementing infinite scroll, or optimizing database queries for collections.
api-rate-limiting
Implements API rate limiting using token bucket, sliding window, and Redis-based algorithms to protect against abuse. Use when securing public APIs, implementing tiered access, or preventing denial-of-service attacks.
api-reference-documentation
Creates professional API documentation using OpenAPI specifications with endpoints, authentication, and interactive examples. Use when documenting REST APIs, creating SDK references, or building developer portals.
api-versioning-strategy
Implements API versioning using URL paths, headers, or query parameters with backward compatibility and deprecation strategies. Use when managing multiple API versions, planning breaking changes, or designing migration paths.
cloudflare-mcp-server
Build MCP (Model Context Protocol) servers on Cloudflare Workers with tools, resources, and prompts.
mobile-app-debugging
Mobile app debugging for iOS, Android, cross-platform frameworks. Use for crashes, memory leaks, performance issues, network problems, or encountering Xcode instruments, Android Profiler, React Native debugger, native bridge errors.
mobile-app-testing
Mobile app testing with unit tests, UI automation, performance testing. Use for test infrastructure, E2E tests, testing standards, or encountering test framework setup, device farms, flaky tests, platform-specific test errors.
mobile-first-design
Designs responsive interfaces starting from mobile screens with progressive enhancement for larger devices. Use when building responsive websites, optimizing for mobile users, or implementing adaptive layouts.
responsive-web-design
Builds adaptive web interfaces using Flexbox, CSS Grid, and media queries with a mobile-first approach. Use when creating multi-device layouts, implementing flexible UI systems, or ensuring cross-browser compatibility.
rest-api-design
Designs RESTful APIs with proper resource naming, HTTP methods, status codes, and response formats. Use when building new APIs, establishing API conventions, or designing developer-friendly interfaces.
supabase-postgres-best-practices
Postgres performance optimization and best practices from Supabase. Use this skill when writing, reviewing, or optimizing Postgres queries, schema designs, or database configurations.
thesys-generative-ui
Generate, modify, and style React components from natural language using the Thesys SDK. Guides schema-driven UI generation, theme customisation, tool calling integration, and deployment to Vite, Next.js, or Cloudflare Workers. Use when the user says "generate UI", "create a component", "build an interface", "Thesys", "generative UI", or asks to turn a description into a React component.
vulnerability-scanning
Automated security scanning for dependencies, code, containers with Trivy, Snyk, npm audit. Use for CI/CD security gates, pre-deployment audits, compliance requirements, or encountering CVE detection, outdated packages, license compliance, SBOM generation errors.
woocommerce-backend-dev
Add or modify WooCommerce backend PHP code following project conventions. Use when creating new classes, methods, hooks, or modifying existing backend code in WooCommerce projects.
woocommerce-copy-guidelines
Guidelines for UI text and copy in WooCommerce. Use when writing user-facing text, labels, buttons, messages, or documentation in WooCommerce projects.
woocommerce-dev-cycle
Run tests, linting, and quality checks for WooCommerce development. Use when running tests, fixing code style, or following the development workflow in WooCommerce projects.
ops-marketing
Marketing command center. Email campaigns (Klaviyo), paid ads (Meta/Google), analytics (GA4), SEO, and social media metrics. One dashboard for all marketing channels.
ops-rotate-setup
Interactive OAuth init wizard for the multi-account Claude rotator. Walks through every account in the rotation config and, for any account missing a valid keychain token, delegates to the proven `rotate.mjs` magic-link flow (browser-driver cascade + Gmail polling), which writes the verified OAuth token to `Claude-Rotation-<key>` (key = account label or email, keychain account `$USER`). Re-runnable any time. Standalone alias of the same step inside `/ops:setup`.
nuxt
Use when working on Nuxt 4+ projects — server routes, routing, middleware, composables, h3 v1 helpers, nitropack v2. Updated for Nuxt 4.3+.
nuxthub
Use when building NuxtHub v0.10.6 applications - provides database (Drizzle ORM with sqlite/postgresql/mysql), KV storage, blob storage, and cache APIs. Covers configuration, schema definition, migrations, multi-cloud deployment (Cloudflare, Vercel), and the new hub:db, hub:kv, hub:blob virtual module imports.
review-logging-patterns
Review code for logging patterns and suggest evlog adoption. Guides setup on Nuxt, Next.js, SvelteKit, Nitro, TanStack Start, React Router, NestJS, Express, Hono, Fastify, Elysia, Cloudflare Workers, and standalone TypeScript. Detects console.log spam, unstructured errors, and missing context. Covers wide events, structured errors, drain adapters (Axiom, OTLP, HyperDX, PostHog, Sentry, Better Stack, Datadog), sampling, enrichers, and AI SDK integration (token usage, tool calls, streaming metrics, telemetry integration, cost estimation, embedding metadata).
edge-computing-patterns
Deploy to edge runtimes (Cloudflare Workers, Vercel Edge, Deno Deploy) for globally distributed, low-latency applications. Master edge middleware, streaming, and runtime constraints for 2025+ edge computing.
tool-discovery
Recommend the right agents and skills for any task. Covers both heavyweight agents (Task tool) and lightweight skills (Skill tool). Triggers on: which agent, which skill, what tool should I use, help me choose, recommend agent, find the right tool.
hunt-cache-poison
Hunting skill for cache poison vulnerabilities. Built from 10 public bug bounty reports including X-Forwarded-Host poisoning, X-HTTP-Method-Override / GCS cache, reflected→stored XSS via cache, classic Omer-Gil Web Cache Deception, Cloudflare Cache Deception Armor bypass, session-token cache deception, Akamai hop-by-hop smuggling → server-side edge poisoning, and Kettle's 2024 path-normalization WCD against Cloudflare/Fastly/GCP. Use when hunting cache poisoning, Web Cache Deception, CDN-fronted apps.
ai-ui-generation
AI-assisted UI generation patterns for json-render, v0.app, Google Stitch, Bolt Cloud, and Cursor workflows. Covers prompt engineering for component and full-stack app generation, review checklists for AI-generated code, design token injection, refactoring for design system conformance, and CI gates for quality assurance. Use when generating UI components with AI tools, rendering multi-surface MCP visual output, reviewing AI-generated code, or integrating AI output into design systems.
exploiting-http-request-smuggling
Detecting and exploiting HTTP request smuggling vulnerabilities caused by Content-Length and Transfer-Encoding parsing discrepancies between front-end and back-end servers.
fetch-url-as-markdown
Fetch a web page (URL) and return clean Markdown via local trafilatura, with Exa MCP as a fallback for JS-rendered or anti-bot pages. Use when the user asks to read, fetch, scrape, summarize, or quote a URL — prefer this over the built-in WebFetch tool. Don't use for binary files (PDFs, images, archives) or for fetching API/JSON endpoints.
wjs-looping-feedback
Use when the user wants to add an in-site feedback loop to a website repo — a floating "提个建议" button where allowlisted visitors submit suggestions that become a GitHub Issue, which GitHub Actions turns into an automatic code change via Claude Code, auto-merges and deploys, and records on a /_feedback dashboard with one-click revert. Triggers — "给网站加个反馈对话框", "提一句话就自动改网站", "装上反馈闭环", "feedback loop", "/wjs-looping-feedback".
wjs-publishing-hugo
当用户想给自己的 Hugo 静态博客(如 maggiacito.com)新增或编辑帖子、管理类目、上传图片并发布上线时使用——对话式后台,说一句就改文件、commit、推送、自动部署,不需要任何 CMS/服务器。触发词:「发一篇博客」「给 Hugo 加文章」「写篇帖子到博客」「管理博客类目」「上传图片到博客」「博客后台」「/wjs-publishing-hugo」。
cloudflare-workers
Rapid development with Cloudflare Workers - build and deploy serverless applications on Cloudflare's global network. Use when building APIs, full-stack web apps, edge functions, background jobs, or real-time applications. Triggers on phrases like "cloudflare workers", "wrangler", "edge computing", "serverless cloudflare", "workers bindings", or files like wrangler.toml, worker.ts, worker.js.
tanstack
Build type-safe React apps with TanStack Query (data fetching, caching, mutations), Router (file-based routing, search params, loaders), and Start (SSR, server functions, middleware). Use when working with react-query, data fetching, server state, routing, search params, loaders, SSR, server functions, or full-stack React. Triggers on tanstack, react query, query client, useQuery, useMutation, invalidateQueries, tanstack router, file-based routing, search params, route loader, tanstack start, createServerFn, server functions, SSR.
typescript-dev
Build full-stack TypeScript apps with Vite 8, React 19, Tailwind CSS v4, shadcn/ui, Biome, Vitest, and Hono. Covers the frontend (Vite/Rolldown build + dev server, type-safe React 19, strict TypeScript 6.0, Tailwind/shadcn styling, Biome lint/format, Vitest) and the Hono 4 backend/edge layer (routing, middleware, Zod validation, end-to-end type-safe RPC, OpenAPI, multi-runtime deploy). Use when setting up or working in a TypeScript project: configuring Vite, writing components, the React Compiler, Tailwind/shadcn, dev server/HMR, bundles, tests, lint/format/CI, or building a Hono API and wiring its RPC client to React. Triggers on vite, rolldown, react, tsx, typescript, tsconfig, react compiler, tailwind, shadcn, cva, biome, vitest, hmr, dev server, hono, hono rpc, hc client, cloudflare workers, edge api, zod validator, zod-openapi.
vite
Configure and optimize Vite 7 for React projects. Covers build tooling, dev server, plugins, HMR, chunk splitting, Environment API, and Rolldown integration. Use when setting up Vite, configuring builds, optimizing bundles, managing plugins, or troubleshooting dev server. Triggers on vite, vite config, vite plugin, HMR, dev server, build optimization, chunk splitting, rolldown, vite proxy, environment api, rolldown-vite.
cloudflare-api-key-automation
Automate Cloudflare API tasks via Rube MCP (Composio). Always search tools first for current schemas.
cloudflare-automation
Automate Cloudflare tasks via Rube MCP (Composio). Always search tools first for current schemas.
cloudflare-browser-rendering-automation
Automate Cloudflare Browser Rendering tasks via Rube MCP (Composio). Always search tools first for current schemas.
astro-6
Expert Astro 6 framework — routing, output modes, middleware, Vite Environment API, Rust compiler, Content Security Policy, Live Collections, Fonts API. Use when building Astro sites, configuring output, or upgrading from Astro 5.
astro-deployment
Deploying Astro 6 apps — @astrojs/cloudflare (Workers, D1, KV, R2), @astrojs/vercel (Serverless/Edge, Image CDN), @astrojs/netlify (Edge Functions), @astrojs/node (standalone), ISR patterns, edge middleware, skew protection. Use for any deployment configuration.
craft-cloud
Craft Cloud — Pixel & Tonic's serverless hosting platform for Craft CMS. Covers craft-cloud.yaml configuration, the Build → Migrate → Release deploy pipeline, the craftcms/cloud extension package, edge image transforms via Cloudflare, edge static caching with cache.rules + ESI, Cloud-managed S3 filesystem, MySQL 8 / Postgres 15 databases (no MariaDB, no tablePrefix), Console-based command runner and scheduled cron (once-per-hour minimum), auto-handled queue jobs, custom domains and SSL, preview environments per branch, Cloud limitations (ephemeral filesystem, no SSH, no .htaccess, no built-in mail), plugin development requirements for Cloud compatibility, and self-hosted → Cloud migration. Triggers on: craft-cloud.yaml, craftcms/cloud package, cloud.esi(), php craft cloud/up, php craft cloud/setup, App::isEphemeral(), CRAFT_EPHEMERAL, edge.craft.cloud, preview.craft.cloud, CRAFT_CLOUD_PROJECT_ID, CRAFT_CLOUD_ENVIRONMENT_ID, CRAFT_CLOUD_CDN_BASE_URL, Build → Migrate → Release, Cloud filesystem, Cloud-compatibl
invoking-gemini
Invokes Google Gemini models for structured outputs, image generation, multi-modal tasks, and Google-specific features. Use when users request Gemini, image generation, structured JSON output, Google API integration, or cost-effective parallel processing.
cloudflare
Comprehensive Cloudflare platform skill covering Workers, Pages, storage (KV, D1, R2), AI (Workers AI, Vectorize, Agents SDK), networking (Tunnel, Spectrum), security (WAF, DDoS), and infrastructure-as-code (Terraform, Pulumi). Use for any Cloudflare development task.
cloudflare
Comprehensive Cloudflare platform skill covering Workers, Pages, storage (KV, D1, R2), AI (Workers AI, Vectorize, Agents SDK), networking (Tunnel, Spectrum), security (WAF, DDoS), and infrastructure-as-code (Terraform, Pulumi). Use for any Cloudflare development task.
scrapling
使用 scrapling 进行网页抓取和数据提取。自动选择 Fetcher,支持 Cloudflare/WAF 绕过、Session 登录、HTML 解析。当用户提到 scrape/crawl/fetch page/extract data/爬取/抓取/绕过Cloudflare/解析HTML/批量采集 时触发。
cockpit-release
Cut a new Cockpit release end-to-end — bump version, tag, publish to npm, write user-facing release notes, refresh the website, and verify everything went live.
cf-crawl
Crawl entire websites using Cloudflare Browser Rendering /crawl API. Initiates async crawl jobs, polls for completion, and saves results as markdown files. Useful for ingesting documentation sites, knowledge bases, or any web content into your project context. Requires CLOUDFLARE_ACCOUNT_ID and CLOUDFLARE_API_TOKEN environment variables.
deployment-procedures
Production deployment principles and decision-making. Safe deployment workflows, rollback strategies, and verification. Teaches thinking, not scripts.
expo-api-routes
Guidelines for creating API routes in Expo Router with EAS Hosting
go-playwright
Expert capability for robust, stealthy, and efficient browser automation using Playwright Go.
go-rod-master
Comprehensive guide for browser automation and web scraping with go-rod (Chrome DevTools Protocol) including stealth anti-bot-detection patterns.
gsap-animations
GSAP animation best practices for web design - scroll triggers, performance optimization, accessibility, responsive animations, and testing integration. Use when implementing or reviewing animations on WordPress or any web project.
nodejs-best-practices
Node.js development principles and decision-making. Framework selection, async patterns, security, and architecture. Teaches thinking, not copying.
threejs-skills
Create 3D scenes, interactive experiences, and visual effects using Three.js. Use when user requests 3D graphics, WebGL experiences, 3D visualizations, animations, or interactive 3D elements.
typescript-drizzle-orm
Type-safe SQL with Drizzle ORM in TypeScript. Use when defining database schemas, writing queries, setting up relations, running migrations, or working with PostgreSQL/MySQL/SQLite/Cloudflare D1/Durable Objects data layers.
ccc-ci
CI/CD webhook channel. Receive GitHub Actions, Vercel, Railway deploy events in your session. Auto-triggers /ccc-doctor on failures.
ccc-deploy
CC Commander actual deployment workflow. Detects Vercel, Fly.io, Cloudflare, GitHub Pages, or npm deploy targets, asks for the deploy destination, runs the platform…
cloudflare
Cloudflare platform management via Wrangler CLI, Agents SDK, and Browser Rendering REST API. Deploy Pages sites, manage Workers, KV namespaces, R2 buckets, D1 databases, Queues, Vectorize indexes, Workflows, and Hyperdrive connections. Build stateful AI agents with Code Mode (MCP tools as TypeScript APIs in sandboxed Workers). Also provides budget web scraping, crawling, screenshots, and PDF generation via cf_browser.py (Browser Rendering API). Use when deploying to Cloudflare, managing CF infrastructure, configuring wrangler.toml, working with CF storage services, setting up Cloudflare Pages projects, building AI agents on Workers, or when you need cheap/free web scraping as an alternative to Firecrawl. Triggers on Cloudflare, wrangler, Pages deploy, KV namespace, R2 bucket, D1 database, CF Workers, Cloudflare DNS, Vectorize, Queues, Workflows, Hyperdrive, cf_browser, Browser Rendering, budget scrape, Cloudflare Agents SDK, Code Mode, codemode, AI agent Workers, MCP tools to TypeScript.
scrapling
Local Python web scraping with anti-bot bypass, adaptive element tracking, and stealth browser automation. This skill should be used when scraping pages behind Cloudflare or anti-bot protection, extracting specific elements with CSS/XPath selectors, stealth fetching with TLS impersonation, local scraping without API keys, or when adaptive element tracking is needed to survive site redesigns. Complements the firecrawl skill (cloud API) with 100% local execution.
file-uploads
Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking. Use when: file upload, S3, R2, presigned URL, multipart.
scaffold
Bootstrap a new web project on a strictly opinionated Cloudflare Workers stack — Next.js 16 or Astro 6, TypeScript strict, pnpm, Biome, Tailwind. No fallbacks: no Vercel/Netlify, no ESLint/Prettier, no swap. Skip if the user wants any of these. Use when the user says "start a new project", "bootstrap", "init", "scaffold", "create a new site", or is working in an empty directory and wants production-ready foundations.
best-choice
Select the best technology for any project automatically during planning. Never ask users to choose technology. Activates whenever technical decisions are needed.
deploy-global
Deploy the product so anyone in the world can access it.
agents-sdk
Build AI agents on Cloudflare Workers using the Agents SDK. Load when creating stateful agents, durable workflows, real-time WebSocket apps, scheduled tasks, MCP servers, or chat applications. Covers Agent class, state management, callable RPC, Workflows integration, and React hooks.
agent-kanban
CLI reference for agents — how to claim tasks, log progress, submit for review
ak-plan
Plan and execute a project — either a new version of an existing project, or a brand new product from scratch. Analyzes gaps, creates board with tasks and dependencies, assigns to agents. Use when asked to plan a version, build a product, create a project, or 规划版本.
ak-task
Full task lifecycle: create → assign → monitor → review → reject/complete. Use when asked to add a feature, fix a bug, create a task, 加个功能, or 修个 bug.
agents-sdk
Build AI agents on Cloudflare Workers using the Agents SDK. Load when creating stateful agents, durable workflows, real-time WebSocket apps, scheduled tasks, MCP servers, or chat applications. Covers Agent class, state management, callable RPC, Workflows integration, and React hooks.
seo-llms-txt
Generate, validate, or audit llms.txt files for AI search visibility. Crawls site structure, generates spec-compliant Markdown index for LLMs. Use when user says "llms.txt", "llm txt", "AI crawlers", "generate llms", "LLM file", "AI readability file".
drizzle-orm-patterns
This skill provides comprehensive Drizzle ORM patterns for PostgreSQL with Vercel Edge Runtime support. Drizzle is Quetrex's chosen ORM because it's edge-first, type-safe, and supports all deployme...
portfolio-context
Auto-loaded context for Portfolio Buddy 2 development. Use for ANY task involving: React 19 development, TypeScript, portfolio analysis features, metrics calculations, trading strategy comparison, or working with the Portfolio Buddy 2 codebase. Contains tech stack, known issues, and architectural constraints.
prisma-v7
Expert guidance for Prisma ORM v7 (7.0+). Use when working with Prisma schema files, migrations, Prisma Client queries, database setup, or when the user mentions Prisma, schema.prisma, @prisma/client, database models, or ORM. Covers ESM modules, driver adapters, prisma.config.ts, Rust-free client, and migration from v6.
project-scaffolding
IDE-grade project scaffolding wizard for creating new projects with comprehensive configuration. Supports 70+ project types: HTML/CSS websites, React, Next.js, Vue, Astro, Remix, React Native, Flutter, Expo, FastAPI, Django, Express, NestJS, Go/Gin, Rust/Axum, Spring Boot, Hono, Elysia, Chrome Extensions, VS Code Extensions, Tauri desktop apps, serverless functions, and more. Provides WebStorm/PyCharm-level project creation with interactive SDK selection, framework configuration, database setup, and DevOps tooling. Use when: creating a new project, setting up a framework application, initializing a codebase, scaffolding boilerplate, building extensions, creating mobile/desktop/web apps, setting up monorepos, or making static websites/landing pages.
os-health
VPS OS health, network speed test, disk, RAM, CPU, uptime, process snapshot
ccc-connect
Opt-in MCP connector setup — click-connect Notion, Slack, GitHub, Supabase, Figma, Linear, Vercel, Neon, Fly.io, Upstash, Sentry, Stripe, Browserbase, Postgres,…
ccc-harden
Production hardening audit across 11 pillars (Vercel, GitHub, Sentry, PostHog, Stripe, Cloudflare, Secrets/PII). Read-only; --fix applies safe auto-fixes. Use pre-launch. NO PII.
file_uploads
Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking.
deploy-cf-workers
Deploy to Cloudflare Workers. Fast, free tier, global.
openpress-deploy
Use when preparing, configuring, checking, staging, or publishing an open-press document to public hosting, especially Cloudflare Pages, deploy setup, deploy buttons, deploy status, public release checks, or safe deployment workflow.
cloudflare-workers-publish
Deploy static HTML files to Cloudflare Workers with 1Password credential management.
aws-spa-deploy
Use this skill whenever the user is deploying a React/Vite single-page app to AWS, or mentions Amplify, CDK, or wiring up Lambda + API Gateway for a frontend. Covers Amplify hosting, custom domains, CDK backend (Lambda + API Gateway), SES email, CORS configuration, and environment variables. Skip for non-AWS hosts (Vercel, Netlify, Cloudflare Pages), pure backend services without an SPA, or server-rendered apps (Next.js SSR on Vercel).
seo-llmo
Use this skill whenever the user is building, reviewing, or preparing to launch any public-facing website or web app. SEO, LLMO, and agent-readiness are baseline requirements for every public site, not optional add-ons. Covers meta tags, Open Graph, JSON-LD structured data (including SoftwareApplication and Product types), robots.txt (including the Content-Signal directive), sitemap.xml, llms.txt (including agent instruction block and MCP declaration), AI crawler access (GPTBot, ClaudeBot, PerplexityBot), Markdown content negotiation for agents, Link response headers, Agent Skills index, A2A Agent Card, MCP server discovery, agent.json, pricing.md, and the "explicit absence beats silence" principle for agent-facing files. Trigger for marketing sites, landing pages, blogs, docs, and e-commerce stores; before any "launch" or "go live"; during pre-launch checklists; when the user mentions isitagentready.com, ora.run, agent-readiness, A2A, MCP discovery, Cloudflare Markdown for Agents, or wants AI agents (ChatGPT
secret-capture
Capture a secret from the user via a hidden-input dialog and route it to exactly one destination (1Password, macOS Keychain, GitHub secret, Cloudflare Workers secret, Coolify env var, n8n credential, or a local .env file) without the value ever appearing in any tool result, log, or chat transcript. Auto-triggers whenever the agent needs a new credential, API key, token, password, or secret to configure a service, onboard an integration, set up an MCP, or rotate an existing credential. Use this every time you're about to say "paste your key here" — instead, invoke this skill.
alchemy-infra
Sets up Alchemy (alchemy-run/alchemy, Infrastructure-as-TypeScript) in any codebase — new project scaffold OR add to existing app. Wires Cloudflare/AWS providers, state backend, secrets, and binding types end-to-end with strict secret hygiene. USE THIS SKILL whenever the user mentions "alchemy", "alchemy.run", "Infrastructure as TypeScript", or asks to deploy a Worker/Lambda/D1/R2/KV/Queue/DO via TS, add a state backend, configure ALCHEMY_PASSWORD, generate alchemy.run.ts, replace SST/Pulumi/CDK/Terraform with Alchemy, or scaffold a Cloudflare/AWS app from TypeScript. Trigger even when the user does not say "alchemy" explicitly but describes the workflow (e.g., "deploy a Worker with KV in pure TS", "TypeScript IaC", "wire D1 + Drizzle to a Worker", "set up Cloudflare bindings without wrangler.toml").
daily-news
This skill should be used when the user asks to "run daily news", "publish today's news", "draft today's vatt-ghern roundup", "do the daily-news routine", invokes `/vatt-ghern:daily-news`, or asks Claude to author tech-news posts for the vatt-ghern blog. The skill produces one daily-roundup HTML (10 items) plus up to three daily-deep-story HTML posts under `src/posts/YYYY/MM/DD/`, runs anti-duplication checks (exact source-URL/news_id against the full archive, fuzzy title similarity against the past 7 days), and opens a PR to `main`. Always use this skill (instead of authoring news posts ad-hoc) so output stays consistent with the archetype rules, design system, and dedup conventions.
good-readme
Create and improve README documents for GitHub projects. Use when the user wants to write a new README, improve an existing one, audit README quality, or asks about documentation best practices for their repository.
wrangler
Deploy and manage Cloudflare Workers, Pages, KV, R2, D1, and other Cloudflare services using the `wrangler` CLI.
nuxt
Nuxt full-stack Vue framework with SSR, auto-imports, and file-based routing. Use when working with Nuxt apps, server routes, useFetch, middleware, or hybrid rendering.
crawl
Fetch web pages that may be JS-rendered or bot-protected, returning clean markdown or HTML. Works zero-setup with a direct HTTP fetch; if you supply your own Cloudflare Browser Rendering credentials it uses a managed headless browser that renders JS and bypasses most WAFs. Use when a plain fetch returns 403, when a page is a JS-rendered SPA, or when you need reliable markdown extraction from a URL. Triggers on 'crawl this page', 'fetch this URL', 'scrape this site', 'get the content from this page', 'this page is blocked', or when a normal fetch fails on a URL.
deepline-gtm
Use to prospect, enrich, qualify, and activate outbound, especially when users mention Deepline, CSV processing, lead/account/contact research, waterfall enrichment, email or LinkedIn lookup, personalization, scoring, or campaign activation. Route CSV-heavy and provider-driven requests here, then rely on linked sub-docs and provider playbooks for execution details. Providers: adyntel, ai_ark, allegrow, apify, apollo, attio, aviato, bettercontact, bloomberry, builtwith, cloudflare, contactout, crustdata, crustdata-v2, customer_db, dataforseo, datagma, deepline_native, deeplineagent, discolike, dropleads, exa, findymail, firecrawl, forager, fullenrich, generic_http, google_ads_audiences, heyreach, hubspot, hunter, icypeas, instantly, ipqs, leadmagic, lemlist, limadata, linkedin_ads_audiences, linkedin_scraper, lusha, meta_audiences, openmart, openwebninja, parallel, peopledatalabs, predictleads, prospeo, rocketreach, salesforce, serper, slack, smartlead, snowflake, theirstack, trestle, upcell, wiza, zerobounce.
cyberseguranca
Skill ROBUSTA de cybersegurança full-spectrum para arquitetar, auditar e responder. Usar SEMPRE que o usuário quiser projetar segurança, auditar projeto, garantir hardening, defender contra invasão, mitigar vulnerabilidades, ou tratar incident. Também aciona quando mencionar 'cybersegurança', 'cyber', 'segurança do projeto', 'hackeado', 'invadido', 'invasão', 'ataque', 'breach', 'vazamento', 'pentest', 'red team', 'blue team', 'audit de segurança', 'OWASP', 'LGPD', 'ISO 27001', 'SOC 2', 'PCI', 'NIST', 'CIS Controls', 'STRIDE', 'threat modeling', 'modelagem de ameaças', 'MFA', 'FIDO2', 'WebAuthn', 'passkey', 'JWT seguro', 'RLS', 'row-level security', 'CSP', 'security headers', 'WAF', 'Cloudflare Access', 'Zero Trust', 'BeyondCorp', 'SSRF', 'XSS', 'CSRF', 'BOLA', 'IDOR', 'injection', 'SQLi', 'prompt injection', 'LLM security', 'AI security', 'agent security', 'supply chain', 'SBOM', 'SLSA', 'Sigstore', 'cosign', 'gitleaks', 'secret scanning', 'rotação de chave', 'data breach', 'incident response', 'IR plan', 'N
mb-site
Triage and build any site shape -- lander (1 page), minisite (~4 pages), or full website -- and graduate between them. Also writes owned-surface sales videos/VSLs, about-page videos, landing-page videos, and embedded pitch scripts. Routes to per-shape build flow, reads from business context files, deploys to Cloudflare Pages with git auto-deploy. Use when: (1) Operator says 'I want a site' / 'I want a lander' / 'spin up a one-pager' (2) Setting up a new site of any shape from offer + audience material (3) Updating / iterating on an existing site (4) Graduating a site to a new shape (lander -> minisite -> website -> website + CMS) (5) Writing a sales video, VSL, about-page video, landing-page video, or embedded pitch script for an owned conversion surface (6) Previewing or publishing changes Triggered by: /mb-site, 'build a site', 'landing page', 'lander', 'minisite', 'website', 'I need a site', 'spin up a site', 'put this online', 'publish site', 'deploy site', 'update my site', 'graduate my site', 'add a CMS
mb-wiki
Create and maintain personal wikis using Commune Wiki architecture. Use when: (1) Setting up a new wiki from the commune-wiki template (2) Personalizing wiki (name, avatar, social links, domain) (3) Adding atomic notes with proper frontmatter and WikiLinks (4) Publishing changes (git commit + push for auto-deploy) (5) Converting Gemini/GPT deep research into wiki format (6) Pulling upstream template updates from Devon (7) Generating "Recent Updates" notes from Git history Triggered by: /mb-wiki, "add a note", "publish wiki", "create wiki", "configure wiki", "personalize wiki"
offensive-osint
Operational arsenal for external red-team and bug-bounty reconnaissance. Concrete wordlists (28 Swagger paths, 13 GraphQL paths, 35 high-risk ports, 6 missing-header findings, 15 always-on HTTP checks, 5 SAML paths, cloud bucket permutations, JS guess-paths, vendor product fingerprints for Citrix/F5/Pulse/Fortinet/Cisco/PaloAlto/VMware/Exchange, cloud-native service fingerprints, container/K8s exposure paths, CI/CD platform paths, documentation/wiki leak paths, WHOIS/RDAP, DNS record catalog, Wayback CDX recipes), 43+-pattern secret-regex catalog (incl. modern AI API keys: Anthropic/OpenAI/HuggingFace/Cloudflare/DigitalOcean/npm/PyPI/Docker Hub/Atlassian/DataDog/Sentry/ngrok), 80+ dork corpus across 9 categories, GitHub code-search dorks, copy-paste curl/httpie probes for every check, post-discovery enumeration workflows (AWS/GitHub/Slack/JWT/PMAK/Anthropic/OpenAI), endpoint interest scoring rubric (0–100), mobile app ownership confidence, identity-fabric endpoints (Entra/Okta/ADFS/Google/SAML/M365 Teams+Shar
publish-report
Publish local HTML, Markdown, or built static web projects with Pagecast as shareable public URLs. Use whenever Codex creates or finishes an .html, .htm, .md, .markdown, or static build output that a person could share (a report, plan, doc, dashboard, or analysis) — proactively offer to publish it without being asked — and whenever the user asks to publish, share, make a public link for, or send a local report/doc/dashboard/web project from terminal, Codex CLI, or Codex desktop.
define-deployment
Capture deployment characteristics for both production and development — hosting, IaC, CI/CD, secrets, observability, local dev environment, containerization, hot reload, and seed data. Use when the project-builder agent is gathering deployment information.
arifos-deploy
arifOS sovereign deployment: static hub, docs, runtime, and machine files. Use when deploying arifOS estate surfaces. Encodes deployment philosophy, estate roles, CI/CD policy, machine file invariants, and rollback doctrine. Triggers: deploy, build site, CI/CD, publish, machine files, llms.txt, static hub, Cloudflare, GitHub Pages, VPS runtime.
deployment-procedures
Production deployment principles and decision-making. Safe deployment workflows, rollback strategies, and verification. Teaches thinking, not scripts.
nodejs-best-practices
Node.js development principles and decision-making. Framework selection, async patterns, security, and architecture. Teaches thinking, not copying.
shadcn-svelte-sync
Sync upstream shadcn-svelte components and adapt Remini Labs wrappers. Invoke when the user says "sync shadcn-svelte", "update shadcn from upstream", "refresh shadcn components", or types /shadcn-svelte-sync.
systematic-debugging
Use when a bug, test failure, or unexpected behaviour appears, to find the root cause before changing code instead of guessing fixes. A four-phase process that stops the hallucinated-fix loop and the token waste of trying patches at random.
think-before-coding
Use before writing or changing code on any non-trivial task, to surface hidden assumptions, keep the change minimal and surgical, and define how you will verify success. The discipline that stops over-engineering and wasted tokens before they happen.
share
STUB — bundle, sanitize, upload Claude Code sessions to Cloudflare R2, emit 7-day presigned URL.
clusterlog-review
Analyzes Windows Server Failover Cluster (WSFC) CLUSTER.LOG files for Always On Availability Group root-cause diagnosis. Use this skill when an availability group has gone offline, a failover occurred unexpectedly, or a node was evicted, and you need to identify the WSFC-level cause that SQL Server DMVs cannot see. Applies 30 checks (L1–L30) covering lease timeouts, health check failures, quorum loss, node eviction, network partition, RHS crashes, AG resource transitions, Cloud Witness, Azure Arc, and Contained AG.
errorlog-review
Analyzes SQL Server ERRORLOG files for operational issues, availability group failures, memory pressure, I/O subsystem warnings, and security events. Use this skill whenever a SQL Server instance has experienced unexpected behavior, an AG failover, memory warnings, I/O latency alerts, or abnormal shutdown, and you need a structured timeline of what SQL Server recorded. Applies 33 checks (E1–E33) covering AG health, memory/resource pressure, I/O and storage, startup/shutdown, connectivity, configuration signals, and SQL 2019/2022 modern feature events.
hadr-health-review
Analyzes sys.dm_hadr_* DMV output to assess Always On Availability Group replica health, synchronization state, secondary lag, redo and log send queue sizes, and configuration gaps. Use this skill when an availability group is behaving unexpectedly, a secondary replica is lagging, data loss is a concern, or you need a SQL-side snapshot of AG health to complement CLUSTER.LOG and ERRORLOG diagnostics. Applies 27 checks (H1–H27) covering replica connectivity, data loss risk, recovery time, throughput, configuration, and SQL 2016–2022 modern AG features.
mssql-performance-review
Agentic offline orchestrator for end-to-end SQL Server performance reviews. Forms hypotheses from artifacts or symptoms, dispatches the specialised review skills (tsql-review, sqlplan-review, sqlwait-review, sqlstats-review, sqltrace-review, sqlquerystore-review, sqlprocstats-review, sqldeadlock-review, sqlhadr-review, sqlclusterlog-review, sqlerrorlog-review, sqlspn-review, sqlplan-compare, sqlindex-advisor, sqlplan-batch, sqlmemory-review, sqldiskio-review, sqlencryption-review, sqldbconfig-review, sqlbootstraplog-review), runs an adversarial check on the primary root cause, and produces a consolidated fix priority with explicit evidence chain, risk, and rollback for each recommendation. Use this skill whenever a user has mixed SQL Server artifacts (.sqlplan, .sql, statistics output, trace data, wait stats, deadlock XML, AG / cluster / ERRORLOG, setspn output, Query Store, procstats, memory clerks, file I/O stats, encryption audit, sp_configure output, setup bootstrap logs) and is not sure which specialised
procstats-review
Analyze SQL Server procedure/trigger/function runtime stats collected from sys.dm_exec_procedure_stats into collect.proc_stats. Applies 25 checks (R1–R25) across five categories — top consumers, per-execution efficiency, pattern detection, trend analysis, and advanced runtime patterns. Use when pasting output from the report queries in scripts/collection/04_report_queries.sql.
query-store-review
Analyze SQL Server Query Store data to identify regressed queries, plan instability, top resource consumers, query-level wait patterns, configuration issues, and SQL 2019/2022 IQP/PSP/DOP/CE feedback signals. Applies 32 checks (Q1–Q32). Use when a user pastes Query Store DMV output or asks about workload performance trends.
spn-review
Analyzes SQL Server SPN (Service Principal Name) configuration and Kerberos delegation settings to diagnose authentication failures, NTLM fallback, and double-hop connectivity problems. Use this skill when users receive Kerberos errors, linked servers fall back to NTLM, AG listener connections fail, or constrained delegation is needed for a middle-tier application, and you need to identify missing, duplicate, or misconfigured SPNs and delegation settings. Applies 40 checks (K1–K40) covering SPN presence, service account binding, AG listener and alias, permissions, Kerberos delegation, AD account sensitivity, Azure AD hybrid, and advanced gMSA/FCI/delegation scenarios.
sqlbootstraplog-review
Analyze SQL Server Setup Bootstrap log files to diagnose failed installations, failed Cumulative Update or Service Pack patching, failed cluster node operations, and risky setup-time configuration. Parses Summary.txt, Detail.txt, MSI/MSP logs, ConfigurationFile.ini, and SystemConfigurationCheck_Report content from the Setup Bootstrap Log folder. Applies 24 checks (U1–U24) covering final-result failure and exit-code extraction, failed setup rules (pending reboot, disk space, account permissions, prerequisites, cluster rules), Detail.txt exception forensics, MSI "Return value 3" patterns, and ConfigurationFile.ini review (service accounts, instant file initialization, TempDB layout, mixed authentication, feature sprawl, directory placement). Use this skill whenever SQL Server setup, an in-place upgrade, a patch, or add/remove node fails, or when a user pastes Summary.txt, Detail.txt, or ConfigurationFile.ini content.
sqlclusterlog-review
Analyzes Windows Server Failover Cluster (WSFC) CLUSTER.LOG files for Always On Availability Group root-cause diagnosis. Use this skill when an availability group has gone offline, a failover occurred unexpectedly, or a node was evicted, and you need to identify the WSFC-level cause that SQL Server DMVs cannot see. Applies 30 checks (L1–L30) covering lease timeouts, health check failures, quorum loss, node eviction, network partition, RHS crashes, AG resource transitions, Cloud Witness, Azure Arc, and Contained AG.
sqldeadlock-review
Analyze SQL Server deadlock XML (from system_health XE session, SSMS deadlock graph, or trace) to identify root cause and produce a prioritized remediation plan. Applies 16 known deadlock patterns (P1–P16). Use when a deadlock monitor captures a graph or users report intermittent deadlock errors (error 1205).
sqldiskio-review
Analyze SQL Server file-level I/O latency and auto-growth events using sys.dm_io_virtual_file_stats, sys.master_files, and default trace auto-growth records. Applies 15 checks (Z1–Z15) covering data and log file latency thresholds, hot file detection, stall ratio analysis, data and log placement on the same volume, TempDB co-location with user databases, auto-growth event frequency and sizing, file growth during production hours, system drive file placement, and multi-snapshot I/O trend analysis. Use this skill whenever a DBA suspects slow I/O, queries show PAGEIOLATCH or WRITELOG waits, or a file grew unexpectedly. Trigger when pasting output from sys.dm_io_virtual_file_stats or sys.master_files.
sqlencryption-review
Analyze SQL Server encryption posture across all layers — TDE, Always Encrypted, cell-level encryption, backup encryption, transport/TLS, certificate lifecycle, asymmetric and symmetric key management, DMK/SMK key hierarchy including sp_control_dbmasterkey_password and SSISDB, EKM/AKV, sensitivity-classification gaps, TLS hardening, AE enclave/driver, operational key lifecycle, SQL Ledger, Azure encryption, dynamic data masking patterns, and PCI-DSS/HIPAA/GDPR/FedRAMP/CMMC/NY-DFS compliance. Applies 112 checks (A1–A112) across 20 categories. Use this skill when reviewing database security posture, preparing for a compliance audit, investigating a key exposure, troubleshooting SSISDB or DMK auto-open failures, or whenever output from sys.dm_database_encryption_keys, sys.certificates, sys.symmetric_keys, sys.master_key_passwords, msdb.dbo.backupset, sys.dm_exec_connections, sys.ledger_*, sys.masked_columns, or sys.sensitivity_classifications is pasted. Trigger for questions about TDE setup, Always Encrypted con
sqlerrorlog-review
Analyzes SQL Server ERRORLOG files for operational issues, availability group failures, memory pressure, I/O subsystem warnings, and security events. Use this skill whenever a SQL Server instance has experienced unexpected behavior, an AG failover, memory warnings, I/O latency alerts, or abnormal shutdown, and you need a structured timeline of what SQL Server recorded. Applies 33 checks (E1–E33) covering AG health, memory/resource pressure, I/O and storage, startup/shutdown, connectivity, configuration signals, and SQL 2019/2022 modern feature events.
sqlhadr-review
Analyzes sys.dm_hadr_* DMV output to assess Always On Availability Group replica health, synchronization state, secondary lag, redo and log send queue sizes, and configuration gaps. Use this skill when an availability group is behaving unexpectedly, a secondary replica is lagging, data loss is a concern, or you need a SQL-side snapshot of AG health to complement CLUSTER.LOG and ERRORLOG diagnostics. Applies 27 checks (H1–H27) covering replica connectivity, data loss risk, recovery time, throughput, configuration, and SQL 2016–2022 modern AG features.
sqlindex-advisor
Analyze SQL Server execution plans to produce a ranked CREATE INDEX script. Applies 10 checks (D1–D10). Derives index recommendations from operator patterns (Key Lookups, scans, sorts, spools, nested loops, filtered index opportunities, hash match probe-side scans — D1–D10) and the optimizer's explicit MissingIndexGroup suggestions. Also accepts sys.dm_db_missing_index_details + sys.dm_db_missing_index_group_stats DMV output directly, without a plan file. Use this skill whenever a user wants index recommendations from an execution plan; asks what indexes would help a query; mentions Key Lookup, index scan, missing index, filtered index, or covering index; or asks to generate CREATE INDEX statements. Trigger after sqlplan-review findings or directly on any .sqlplan file or missing index DMV output.
sqlmemory-review
Analyze SQL Server memory pressure using buffer pool metrics, plan cache composition, memory grants, and memory clerk data. Applies 20 checks (O1–O20) covering Page Life Expectancy degradation, single-use plan cache bloat, RESOURCE_SEMAPHORE queue depth, memory grant timeouts, buffer pool concentration, ColumnStore and In-Memory OLTP footprint, OS memory pressure notifications, and server memory configuration. Use this skill when the server is paging, queries queue for memory grants, or PLE is low and dropping. Trigger when pasting output from sys.dm_os_memory_clerks, sys.dm_os_ring_buffers, sys.dm_exec_query_memory_grants, or PLE perf counters.
sqlplan-batch
Batch-analyze a folder of SQL Server .sqlplan files and produce a summary dashboard of the top issues, most common check violations, and deduplicated missing indexes across all plans. Use this skill whenever a user has a folder or collection of .sqlplan files; asks for a workload-level summary across multiple plans; wants to find systemic patterns across a captured workload; or doesn't know which plan to look at first. Trigger after any workload capture that produced multiple .sqlplan files — offer this before individual sqlplan-review calls.
sqlplan-compare
Diff two SQL Server execution plans (baseline vs regression) to identify what changed — join strategies, memory grants, operator topology, new warnings, and missing indexes. Applies 20 checks (C1–C20). Use when a query regressed after a deployment, statistics update, schema change, or SQL Server version upgrade.
sqlplan-deadlock
Analyze SQL Server deadlock XML (from system_health XE session, SSMS deadlock graph, or trace) to identify root cause and produce a prioritized remediation plan. Applies 16 known deadlock patterns (P1–P16). Use when a deadlock monitor captures a graph or users report intermittent deadlock errors (error 1205).
sqlplan-index-advisor
Analyze SQL Server execution plans to produce a ranked CREATE INDEX script. Derives index recommendations from operator patterns (Key Lookups, scans, sorts, spools, nested loops — D1–D8) and the optimizer's explicit MissingIndexGroup suggestions. Use this skill whenever a user wants index recommendations from an execution plan; asks what indexes would help a query; mentions Key Lookup, index scan, missing index, or covering index; or asks to generate CREATE INDEX statements. Trigger after sqlplan-review findings or directly on any .sqlplan file.
sqlplan-review
Analyze SQL Server execution plans for performance anti-patterns, bottleneck identification, and actionable fix recommendations. Applies 108 checks (S1–S36 statement-level, N1–N72 node-level) covering memory grants, parallelism, cardinality errors, spills, scans, index usage, IQP/PSP features, ADR, and CE feedback. Use this skill whenever a user pastes a .sqlplan file or XML, shares an SSMS execution plan, asks why a query is slow or regressed after a deployment or stats update, mentions a specific operator (Key Lookup, Hash Match, Sort, Nested Loops, Scan), asks about memory grants, spills, compile timeout, parameter sniffing, or plan shape. Also trigger when the user uploads a .sqlplan file, describes a plan tree verbally, or asks for execution plan review, plan analysis, or query tuning help.
sqlprocstats-review
Analyze SQL Server procedure/trigger/function runtime stats collected from sys.dm_exec_procedure_stats into collect.proc_stats. Applies 25 checks (R1–R25) across five categories — top consumers, per-execution efficiency, pattern detection, trend analysis, and advanced runtime patterns. Use when pasting output from the report queries in scripts/collection/04_report_queries.sql.
sqlquerystore-review
Analyze SQL Server Query Store data to identify regressed queries, plan instability, top resource consumers, query-level wait patterns, configuration issues, and SQL 2019/2022 IQP/PSP/DOP/CE feedback signals. Applies 32 checks (Q1–Q32). Use when a user pastes Query Store DMV output or asks about workload performance trends.
sqlspn-review
Analyzes SQL Server SPN (Service Principal Name) configuration and Kerberos delegation settings to diagnose authentication failures, NTLM fallback, and double-hop connectivity problems. Use this skill when users receive Kerberos errors, linked servers fall back to NTLM, AG listener connections fail, or constrained delegation is needed for a middle-tier application, and you need to identify missing, duplicate, or misconfigured SPNs and delegation settings. Applies 40 checks (K1–K40) covering SPN presence, service account binding, AG listener and alias, permissions, Kerberos delegation, AD account sensitivity, Azure AD hybrid, and advanced gMSA/FCI/delegation scenarios.
sqlstats-review
Parse and analyze SQL Server SET STATISTICS IO, TIME ON output. Extracts per-table IO metrics and per-statement CPU/elapsed times, computes % logical read share, detects 27 performance patterns (I1–I18 IO checks, W1–W9 time checks). Use when a user pastes SSMS statistics output or asks why a query does too much I/O.
sqltrace-review
Analyze SQL Server trace files and Extended Events output to identify workload-level performance patterns. Applies 25 checks (X1–X12 event-level, X13–X25 workload aggregate) covering long-running queries, high-frequency N+1 patterns, parameter sniffing signals, recompilations, lock timeouts, hash/sort warnings, top resource consumers, and SQL 2019/2022 modern feature events. Use when a user provides Profiler trace output, sys.fn_trace_gettable() results, or Extended Events session data.
sqlwait-review
Analyze SQL Server wait statistics to identify why the server or a session is slow. Applies 44 checks (V1–V44) covering I/O, locks, parallelism, memory, CPU, TempDB, log I/O, network, latch contention, log space exhaustion, poison/throttle waits, backup I/O, insert hotspots, cumulative skew detection, multi-snapshot trend analysis, In-Memory OLTP, Columnstore, Query Store, Transaction/DTC, Service Broker, Full Text Search, Parallel Redo, forced memory grants, grant timeouts, stolen memory, file I/O latency, SQL 2019/2022 IQP/PSP/ADR feature waits, and TempDB memory-optimized metadata contention. Based on community wait statistics methodology. Use when pasting sys.dm_os_wait_stats or sys.dm_exec_requests output.
tsql-review
Analyze raw T-SQL source code for anti-patterns, security risks, and static performance smells. Applies 85 checks (T1–T85) across structural, correctness, security, deprecated syntax, performance, and SQL 2017–2022 modern syntax categories. Use this skill whenever a user pastes a stored procedure, function, view, trigger, or ad-hoc SQL and asks for a review; asks if code is safe, correct, or optimized; mentions implicit conversions, missing indexes, SET options, or cursor usage; or wants a code review before deploying to production. No execution plan required — trigger for any T-SQL review request.
fastify-production
This skill should be used when deploying Fastify to production, configuring Fastify security headers, setting up reverse proxy with Fastify, implementing graceful shutdown, configuring @fastify/helmet, @fastify/cors, @fastify/rate-limit, trustProxy settings, Kubernetes Fastify deployment, Fastify performance tuning, request timeouts, handler timeouts, return503OnClosing, prototype poisoning protection, production Fastify checklist, or hardening Fastify server.
fastify-production
This skill should be used when deploying Fastify to production, configuring Fastify security headers, setting up reverse proxy with Fastify, implementing graceful shutdown, configuring @fastify/helmet, @fastify/cors, @fastify/rate-limit, trustProxy settings, Kubernetes Fastify deployment, Fastify performance tuning, request timeouts, handler timeouts, return503OnClosing, prototype poisoning protection, production Fastify checklist, or hardening Fastify server.
build-mcp-app
This skill should be used when the user wants to build an "MCP app", add "interactive UI" or "widgets" to an MCP server, "render components in chat", build "MCP UI resources", make a tool that shows a "form", "picker", "dashboard" or "confirmation dialog" inline in the conversation, or mentions "apps SDK" in the context of MCP. Use AFTER the build-mcp-server skill has settled the deployment model, or when the user already knows they want UI widgets.
browser
Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from websites, take screenshots, fill forms, click buttons, or interact with web applications. Supports remote Browserbase sessions with Browserbase Identity, Verified browsers, automatic CAPTCHA solving, and residential proxies — ideal for protected websites and JavaScript-heavy pages.
marketing-screenshots
Generate marketing screenshots via Playwright. Use with /marketing-screenshots.
project-tunnel
Expose local dev server via Cloudflare Tunnel. Use with /project-tunnel.
claude-jobs
Find job openings at tech companies. Use when user asks about jobs, careers, openings, positions, roles, or salaries - either at specific companies or general tech job queries.
save
Use when the user wants to capture the learnings from the current session into persistent artifacts — auto-memory notes, sub-agent definitions, custom skills, hooks, or project-level CLAUDE.md additions. Triggers on phrases like "/save", "save what we learned", "memorize this session", "capture the learnings", or after a substantial back-and-forth that produced reusable patterns.
skillify
Use when the user wants to take a concept observed in an external tool, library, methodology or article (e.g. Ruflo, LangGraph, BMAD, a blog post, a paper) and turn it into a reusable Claude Code skill — keeping the idea, dropping the rest. Triggers on phrases like "skillify this", "make a skill out of X", "extract this pattern as a skill", or after the user identifies a useful concept while testing a tool.
sparc
SPARC methodology — Specification, Pseudocode, Architecture, Refinement, Completion. Five-phase structured workflow for algo-heavy or non-trivial features where the right shape is not obvious upfront. Distinct from APEX (linear analyze-plan-execute-validate) by adding an explicit pseudocode step before architecture and an explicit refinement pass after the first implementation. Use when designing parsers, solvers, scoring algorithms, custom rendering pipelines, complex data transformations, or anything where you'd benefit from sketching the algorithm before committing to file layout.
sync-site-docs
Use after a notable change on one of the 6 personal sites (new nav entry, new page, architecture pivot, removed feature, new third-party tool tested) to keep the project docs and the cross-site case study in sync. Triggers on "/sync-site-docs", "sync docs", "j'ai changé la nav", "j'ai ajouté une feature importante", "update doc projet", or after a substantial commit on warhammer40k / finance-tracker / ol-companion / avatar-pandora / evatosorus / claude-code-codex.
test-tool
Use when the user wants to evaluate a third-party Claude Code tool (npm package, GitHub repo, plugin marketplace) before adopting it. Triggers on phrases like "/test-tool", "on teste X", "let's evaluate X", "is X any good?", or when the user shares a GitHub URL of a tool to assess. Runs the systematic test bench protocol (snapshot → install in sandbox → verify pollution → minimal usage → verdict → cleanup) and ships the verdict to the claude-code-codex Tools tested catalog.
update-rtk-stats
Use when the user wants to refresh the RTK savings stats displayed on the claude-code-codex homepage. Triggers on "/update-rtk-stats", "refresh rtk stats", "maj stats rtk", or after a long session where rtk usage might have meaningfully changed the numbers. Reads `rtk gain --format json`, writes to frontend/src/data/rtk-stats.json, and proposes a commit.
deploying-applications
Deployment patterns from Kubernetes to serverless and edge functions. Use when deploying applications, setting up CI/CD, or managing infrastructure. Covers Kubernetes (Helm, ArgoCD), serverless (Vercel, Lambda), edge (Cloudflare Workers, Deno), IaC (Pulumi, OpenTofu, SST), and GitOps patterns.
managing-dns
Manage DNS records, TTL strategies, and DNS-as-code automation for infrastructure. Use when configuring domain resolution, automating DNS from Kubernetes with external-dns, setting up DNS-based load balancing, or troubleshooting propagation issues across cloud providers (Route53, Cloud DNS, Azure DNS, Cloudflare).
architecture-and-stack
Cloudflare-first platform selection. Decision trees for Workers, D1, R2, KV, DO, Queues, Vectorize, Containers, Sandboxes, Flagship, Agent Memory, Workflows v2. Default stack, override conditions, auth, data patterns, reliability.
brand-and-content-system
Extract real brands (Wayback for rebuilds). Copy system, headline/CTA rules, trust surfaces, legal pages, SEO+structured data, anti-AI-slop, microcopy, DESIGN.md, W3C DTCG tokens, pSEO 5 types, GEO/AI search.
build-and-slice-loop
Implements features in vertical slices, always starting with homepage. Enforces anti-placeholder rules — no lorem ipsum, no TODO stubs, no gray boxes. Real content, real images, real interactions. TypeScript strict mode, Zod validation, and structured file organization.
cinematic-website-prime-directive
One-line-prompt → cinematic, gorgeous, functional, well-tested, deployed website. Pre-hydrated SPA + full PWA kit + JSON-LD rich snippets + third-party integrations. React 19+Vite default (Angular optional). 100 concrete improvements grouped into 10 categories that EVERY single-prompt site build must satisfy before being marked done. Trigger whenever the user says 'make a website for X', 'build a site for X', 'rebuild X.com', or any equivalent one-liner.
deploy-and-runtime-verification
MANDATORY deploy after every code change. Typecheck → deploy → purge CDN → E2E on production → visual verify → fix-forward loop. Workers Builds native CI/CD, D1 Time Travel PIT recovery, D1→R2 long-term backups, wrangler rollback, wrangler secrets management, structured observability, cross-browser smoke tests, rollback procedures, and GitHub auto-configuration.
experience-and-design-system
Anti-AI-slop design system for distinctive, premium interfaces. Bold typography, dark-first #060610, fluid clamp() type, cascade layers + native nesting + container queries, OKLCH color, @starting-style, View Transitions API, DTCG tokens.
goal-and-brief
Establish project thesis before first code. Infer product type from domain/folder/README. Identify users, business model, pSEO strategy, AI-native dev approach. Maintain PROJECT_BRIEF.md as source of truth.
independent-idea-engine
Fierce autonomous internal co-founder. Bounded web research for evidence-backed improvements. Structured idea formulation with self-critique filter that rejects ideas not serving the goal. Auto-implements high-confidence aligned improvements, proposes medium-confidence ideas for approval. Evaluates viral coefficient, AI search visibility (GEO), and solo SaaS economics. Considers higher pursuits: employing disabled people, spiritual tech investigation, 99% wealth donation ethos.
media-orchestration
Section-by-section media planning and generation. Image generation (GPT Image 1.5 primary, built-in fallback), logo/icon generation (Ideogram v3 → favicon set), video generation (Sora), social preview images (OG 1200x630 + AI search optimization), stock photo curation (Pexels, Pixabay), critique/remix loops (max 3 rounds), asset compression pipeline, and media performance budgets.
motion-and-interaction-system
Meaning-first animation with 3-tier hierarchy. CSS scroll-driven (animation-timeline: scroll()), View Transitions API, @starting-style DOM-insert, container scroll-state queries, prefers-reduced-motion mandatory on all animations.
observability-and-growth
Full instrumentation from day one. PostHog consolidates product analytics + feature flags + error tracking (one platform, one bill). GA4 via GTM (14-step automation, custom dimensions over events, server-side tagging). Sentry (deep error tracking + performance). Stripe (webhook-first with idempotent processing). Listmonk on Coolify (newsletters via Resend SMTP relay). PLG 7-layer framework. Programmatic SEO (5 page types). Incident auto-remediation via Sentry→Inngest pipeline. AI search (GEO) awareness. Local business conversions (phone_click, direction_click, form_submit, booking_click) with CRO patterns for both SaaS and local.
operating-system
Supreme policy layer governing all Claude Code behavior. Autonomy, one-line prompt interpretation, speed standards, emphasis signal processing, cross-skill coordination, done definitions, conflict resolution. Loaded every prompt.
planning-and-research
Deep web research, competitor scanning, technology evaluation, and implementation planning. Decomposes work into vertical slices, identifies parallel workstreams, tracks assumptions with confidence levels, and designs the critical path for minimum wall-clock time.
preference-and-memory
Captures and evolves user preferences with confidence levels. Maintains Voice of the Customer model with exact language, dissatisfaction and aspiration signals. Handles promotion/demotion, global vs project scoping, auto memory system, and Omi wearable data integration.
site-generation
End-to-end AI website generation pipeline. Claude Opus 4.8 emits Bolt-style <boltArtifact> envelopes (multi-file, plan-first) that customize Vite+React+Tailwind templates from pre-researched business data. Pre-research via APIs, media acquisition, brand extraction, visual inspection via GPT Image 2 vision, R2 upload (per-file content-type by extension), D1 status updates. Supports all business types: SaaS, portfolio, non-profit, restaurant, salon, medical, legal, retail, tech.
managing-dev-servers
Rules for starting, monitoring, and stopping local development servers (nuxt dev, nest start, npm/pnpm run dev, pnpm build --watch, Playwright, etc.) across all lt-dev workflows. Prefers `lt dev up/down/status/tunnel` for projects registered with the lt CLI — these serve every project under stable HTTPS URLs (`<slug>.localhost`, `api.<slug>.localhost`) via Caddy (via a dedicated LaunchAgent/systemd-user unit, NOT `brew services caddy`) and inject project-specific env vars (BASE_URL, APP_URL, NUXT_PUBLIC_*, NSC__MONGOOSE__URI, NUXT_PUBLIC_STORAGE_PREFIX, HOST=127.0.0.1, NODE_EXTRA_CA_CERTS, API_URL/SITE_URL legacy aliases) so multiple lt projects can run in parallel without port collisions or auth cross-wiring. `lt dev tunnel` exposes a running project externally via a Cloudflare Quick Tunnel. Falls back to the run_in_background / pkill contract for non-lt projects to prevent orphaned processes blocking the Claude Code session ("Unfurling..."). Activates whenever a long-running process must be started for manu
epic-identification
This skill should be used when the user asks to "identify epics", "break down vision into epics", "find major features", "discover capability areas", "decompose vision", "group requirements into themes", "define high-level features", "what epics do I need", "turn vision into work items", or "split project into epics". Provides methodology for deriving epics from a vision statement using user journey mapping, capability decomposition, and stakeholder analysis.
prioritization
This skill should be used when the user asks to "prioritize requirements", "prioritize epics", "prioritize stories", "prioritize tasks", "prioritize backlog", "use MoSCoW", "apply MoSCoW priorities", "assign priorities", "set priority labels", "rank features", "what should I build first", "what's most important", "order by importance", "must have vs should have", or when they need to determine the priority order of epics, user stories, or tasks using the MoSCoW framework.
requirements-feedback
This skill should be used when the user asks about "feedback loops", "iterate on requirements", "continuous documentation", "refine requirements", "update requirements", "requirements changed", "stakeholder review", "validate requirements", "incorporate feedback", "gather feedback", "requirements review meeting", "backlog refinement feedback", "user research findings", "sprint retrospective feedback", "help me gather feedback", "run a feedback session", "get input on my vision", "get input on my epics", "get input on my stories", "collect user feedback", "document feedback from meeting", "review requirements with stakeholders", or when they need guidance on collecting and incorporating feedback throughout the requirements lifecycle.
shared-patterns
This skill should be used when the user asks to "implement recovery flow", "add error handling to command", "handle gh operation failures", "implement idempotency check", "prevent duplicate issues", "check before creating", "implement batch tracking", "track created and failed items", "implement two-layer metadata", "update custom fields and labels", "standardize command patterns", or when developing or modifying /re:* commands that need consistent error handling, duplicate detection, batch operation tracking, or GitHub Projects metadata updates.
task-breakdown
This skill should be used when the user asks to "create tasks", "break down story into tasks", "define tasks", "what tasks are needed", "write acceptance criteria", "implementation tasks", "task list", "create work items", "technical tasks", "work breakdown", "decompose story", "story to tasks", or when decomposing user stories into specific, executable tasks with clear acceptance criteria for GitHub Projects.
user-story-creation
This skill should be used when the user asks to "create user stories", "write user stories", "break down epic into stories", "define user stories", "what stories do I need", "apply INVEST criteria", "write acceptance criteria", "split a large story", "story is too big", "story splitting", or when decomposing epics into specific, valuable user stories.
validation
This skill should be used when the user asks to "validate requirements", "review requirements quality", "check requirements completeness", "verify traceability", "check INVEST compliance", "validate user stories", "requirements health check", "quality gate check", or when running /re:review validation.
vision-discovery
This skill should be used when the user asks to "discover vision", "create a vision", "define product vision", "document vision", "what should my vision be", "help me with vision", "start requirements from scratch", "begin new product planning", "define product direction", "establish product vision", or when starting a new requirements project and needs to establish the foundational product vision before identifying epics or stories.
deploy-receipt
Enforces Law 4 (Verify Before Reporting) of the 7 Laws of AI Agent Discipline at the deploy seam. A merge into a branch that auto-deploys is not "done" until the deploy provider reports the merged commit SHA running and a healthcheck endpoint returns 200. Companion to the vendored `finishing-a-development-branch` skill — does not replace it, runs after it for projects on Railway, Cloudflare Workers, Vercel, Netlify, Fly.io, or any other auto-deploy target.
cloudflare-specialist
Cloudflare Workers architecture specialist. Advises on D1 migrations, KV usage patterns, R2 binary distribution, wrangler configuration, and Miniflare testing. Use when modifying wrangler.toml, working with Cloudflare services, or setting up testing infrastructure.
do
End-to-end autonomous task executor. Takes a task description and handles the full lifecycle: research, plan, implement, review with specialist skills, and merge via PR. Use when given a task to execute end-to-end.
env-reference
Full environment variable reference for SAM. Use when adding, modifying, or documenting environment variables, configuring deployment, or working with Worker secrets. Trigger when asked about env vars, secrets, or configuration.
brainstorm-spec
Use at the start of a non-trivial feature or change, before planning or coding, to refine a vague request into a short written spec through focused questions. Turns "build me X" into an agreed scope, so the plan and the code that follow do not chase a moving target.
compact-and-offload
Use when the context budget is near full (level compact) or before a planned compaction, to summarise the session and offload durable facts to slipstream memory so nothing important is lost when context is trimmed.
context-budget
Use periodically during a long session to check the approximate context budget and decide whether to keep going, switch to scoped reads, or compact, so you rarely hit the context limit.
finishing-a-branch
Use when implementation is complete and verified and the work needs to land, to choose how to integrate it. Walks the close-out from a clean green suite to a recorded memory of what changed, then merge, pull request or cleanup as the situation calls for.
frontend-design-system
Use when a site needs to look designed rather than defaulted, before building sections: establish a cohesive design system of type scale, spacing, colour, radius and shadow tokens so every component shares one premium visual language.
frontend-hero-section
Use when building the top of a landing page, to produce a high-impact hero with confident display type, a clear single call to action and balanced composition, the kind of opening a polished marketing site leads with.
frontend-marketing-sections
Use when filling out a landing page below the hero, to build the polished marketing sections a premium site is made of: a feature grid, a logo or social-proof strip, a testimonial and a closing call to action.
frontend-motion
Use when a site needs the smooth entrance and scroll-reveal animations that make a page feel alive and crafted, to add tasteful motion with a real animation library rather than ad-hoc transitions.
receiving-code-review
Use when acting on code-review feedback, especially when a comment seems unclear or wrong. Requires verifying each point technically before changing anything, so you fix real issues and push back on mistaken ones instead of agreeing performatively.
requesting-code-review
Use when a feature or fix is complete and verified, before merging, to get a focused review. Prepares a tight diff and the context a reviewer needs so the review finds real problems instead of drowning in noise.
scoped-read
Use before opening any source file in a project that has a slipstream map, to read the compact index and pull a single symbol or line range instead of the whole file, protecting the context budget.
subagent-driven-development
Use when executing a multi-step plan whose tasks are independent, to dispatch a fresh agent per task and review between tasks. Keeps each task in a clean context, parallelises independent work, and gates each result before the next begins.
test-driven-development
Use before writing or changing any feature or bugfix code, to drive the change with a failing test first. Red, green, refactor. The discipline that proves the code does what was asked and keeps it proven as the project grows.
using-slipstream
Use whenever the user says "use slipstream", "use superpowers", or starts any task in a project that has slipstream. A hard, always-on discipline that forces scoped reads over whole-file reads to save tokens, recalls memory before acting, and records what is durable every turn so memory grows constantly.
verification-before-completion
Use before claiming any work is done, fixed, passing or shipped, and before committing or opening a pull request. Requires running the real checks and quoting the real output, so a success claim is backed by evidence rather than hope.
write-plan
Use after a spec is agreed and before coding a multi-step change, to break the work into small, independently verifiable tasks with exact files and a check per task. A plan an agent can execute without re-deciding scope, and that survives compaction.
writing-skills
Use when creating or editing a slipstream skill, to produce one that loads cleanly and earns its place. Covers the frontmatter contract, the trigger-shaped description, the required body sections and the verification gate, so the skill validator passes and the skill is actually useful.
argocd-operations
Designs and debugs ArgoCD ApplicationSets, picks generators, templates per-tenant deploys, configures sync waves and hooks, and untangles syncPolicy.automated prune/selfHeal. Use when working with ArgoCD, ApplicationSet, sync wave, GitOps, or per-tenant Application deploys.
aws-codepipeline-codebuild
Authors and debugs AWS CodePipeline + CodeBuild workflows — pipeline v1 vs v2 (triggers, variables), source providers via CodeStar Connections, artifact handoff, buildspec.yml authoring, IAM service roles, ECR pull permissions, VPC build environments, S3/local caching strategies, Lambda invoke action callback pattern, and manual approval setup. Use when working with AWS CodePipeline, AWS CodeBuild, buildspec.yml, CodeStar Connections, pipeline service roles, build VPC config, or "CodeBuild can't pull image" / "Lambda action hangs" debugging.
aws-cost-investigation
Diagnoses AWS cost spikes and audits accounts for ongoing waste. Cost Explorer + Cost & Usage Report query patterns, anomaly detection, the cost-trap inventory (forever log groups, NAT egress, unattached EBS/EIPs, idle ELBs, incomplete S3 multipart uploads, gp2/gp3 migration), commitment decision rules (Compute SP vs EC2 Instance SP vs RI), and the cost-allocation-tag activation trap. Use when working with AWS billing, "bill is up", `aws ce`, Cost Explorer, Cost and Usage Report, Savings Plans, Reserved Instances, NAT vs VPC endpoint trade-offs, or AWS cost optimization.
claude-md-optimizer
Analyzes and optimizes CLAUDE.md files following Anthropic's official best practices. Use when reviewing existing CLAUDE.md for improvements, or when user mentions CLAUDE.md is too long or ineffective.
cloud-storage-identification
Identifies which object-storage provider an S3-compatible target actually hits, from endpoint URLs, env vars, or Terraform provider blocks. Prevents AWS-default assumptions on GCS/DO Spaces/R2/Hetzner/B2/MinIO. Use when working with boto3, `aws_s3_bucket`, rclone, s3cmd, or S3-compatible storage.
cloudflare-access-mcp
Adds OAuth/SSO to a remote MCP server using Cloudflare. Three paths — AI Controls MCP Portal (REST, fastest), self-hosted Access app with Managed OAuth (REST), and the same as Terraform (when IaC already exists) — with a decision matrix, REST recipes per path, Terraform templates for the IaC path, and a stdlib validator that lints a `terraform show -json` plan. Use when the user asks to put an MCP server behind Cloudflare, add OAuth/SSO to a remote MCP server, expose a private MCP server via Cloudflare Tunnel, register MCP servers with the AI Controls portal, enable Managed OAuth or DCR on an Access app, or wire Claude Desktop / claude.ai web / Claude Code to an internal MCP server.
cloudflare-cf-cli
Operates Cloudflare's new unified `cf` CLI (technical preview, April 2026) — install path, flag conventions, the local-vs-remote default trap, coexistence with Wrangler and `wrangler.jsonc`, and agent-mode usage via the Local Explorer OpenAPI. Use when the user mentions `cf`, `npx cf`, "the new Cloudflare CLI", or is choosing between `cf` / `wrangler` / REST / Terraform.
cloudflare-dns-zones
Operates Cloudflare DNS zones and records via the REST API (curl + jq) — token scoping, zone discovery, record CRUD, batch operations, BIND import/export, proxied vs DNS-only decisions, CNAME flattening at apex, DNSSEC, and DNS-01 ACME challenge wiring with cert-manager. Use when working with Cloudflare DNS, `api.cloudflare.com`, `CF_API_TOKEN`, zone records, DNS-01 challenges, mail records (MX/SPF/DKIM/DMARC), or "orange cloud / grey cloud" proxy decisions.
cloudflare-workers
Authors and reviews Cloudflare Workers projects — wrangler config (toml/jsonc), bindings (KV, R2, D1, Queues, Durable Objects, service bindings, Vectorize, Workers AI), env-scoped vs root config and the non-inheritable bindings trap, Durable Object migrations (renames, SQLite backend), compatibility_date semantics, static assets and Pages migration, secrets vs vars, cron triggers, observability, and deploy/CI patterns with `cloudflare/wrangler-action`. Use when working with Cloudflare Workers, wrangler.toml/wrangler.jsonc, Workers bindings, Durable Objects, Workers KV/R2/D1/Queues, Workers Static Assets, migrating from Pages to Workers, service bindings or WorkerEntrypoint RPC, or deploying Workers from CI.
digitalocean-app-platform
Lints DigitalOcean App Platform app specs (app.yaml / doctl apps spec JSON / digitalocean_app Terraform) for security, reliability, correctness, and sizing anti-patterns — plaintext secrets, missing health checks, single-instance services, dev databases in production, port mismatches, overlapping ingress routes, conflicting git/image sources, deprecated routes, unknown instance sizes, and app/database region mismatch. Use when working with DigitalOcean App Platform, app.yaml, .do/app.yaml, doctl apps, the digitalocean_app Terraform resource, or reviewing an App Platform deployment for problems.
digitalocean-dns-zones
Operates DigitalOcean DNS zones and records via doctl, the DigitalOcean API v2, and the digitalocean Terraform provider — domain/record CRUD, the apex CNAME / no-flattening trap when migrating from Cloudflare, account-wide token handling, FQDN trailing-dot semantics, DNS-01 ACME wildcard certs, and nameserver delegation. Use when working with DigitalOcean DNS, doctl compute domain, DIGITALOCEAN_ACCESS_TOKEN, api.digitalocean.com domains, digitalocean_record/digitalocean_domain Terraform, apex CNAME questions, wildcard cert DNS-01, or moving a zone between Cloudflare and DigitalOcean.
docker-workflows
Reviews and hardens Dockerfiles and docker-compose files — multi-stage build conversion, base-image choice, layer caching, secret leakage, root-user containers, missing healthchecks. Use when reviewing a Dockerfile, optimizing image size or build time, writing a compose file, or auditing container security.
drawio-diagramming
Create and open draw.io diagrams. Use when the user wants to generate, edit, or open a diagram in draw.io (architecture/HLA diagrams, infra & Kubernetes topology, flowcharts, network diagrams) — covers the draw.io MCP servers (open_drawio_xml/mermaid/csv) and native .drawio file generation.
gcp-iam
Debugs GCP permission-denied errors, designs IAM bindings, traces org → folder → project inheritance, and untangles service-account impersonation chains. Covers Workload Identity. Use when working with GCP IAM, gcloud, "permission denied" on GCP resources, Workload Identity, or SA impersonation.
github-actions-pipelines
Debugs and authors GitHub Actions workflows — OIDC federation to AWS/GCP/Azure, GITHUB_TOKEN permissions hardening, reusable workflows vs composite actions, deploy concurrency, caching, the path-filter/required-check trap, and pull_request_target security. Use when working with GitHub Actions, `.github/workflows/`, OIDC to cloud providers, `pull_request_target`, branch protection required checks, reusable workflows, or CI/CD pipelines that deploy to AWS/GCP/DigitalOcean.
kubernetes-operations
Debugs Kubernetes pods and controllers — FailedCreate, ImagePullBackOff, init-container failures, probe flapping, missing service endpoints, GKE NEG readiness. Use when a pod is not Running, a Deployment/StatefulSet shows FailedCreate, image pulls fail, or services lack endpoints.
kubernetes-operators
Designs and audits Kubernetes Operators — CRD shape, reconcile-loop correctness, finalizer and status-subresource handling, OperatorHub capability levels, framework choice. Use when building a controller for a CRD, reviewing an operator for capability gaps, or designing the API surface of a Custom Resource. Not for general pod debugging — see kubernetes-operations.
mindfulness-mentor
Guide users through mindfulness exercises, meditation practices, and stress reduction techniques. Use when users ask for help with relaxation, stress management, breathing exercises, or cultivating inner peace.
setup-project-skills
Installs skills from a user-curated manifest (`~/.claude/skill-manifest.json`) into the current project's `.claude/skills/` — symlinks local skills, runs `npx skills add` for third-party ones, and advises `/plugin install` for native Claude plugins. Optionally scans the project for trigger files (Dockerfile, wrangler.jsonc, *.tf, etc.) and pre-selects recommended matches. Use when the user wants to set up skills in a new project, add a skill they curated, see what skills fit the current project, or bootstrap a freshly cloned repo with their toolbox.
terraform-workflows
Reviews Terraform/OpenTofu plans, detects drift, performs state surgery (mv/rm/import), upgrades providers, and traces Terragrunt cache errors. Multi-cloud. Use when working with Terraform, OpenTofu, Terragrunt, terraform plan, drift, or provider upgrades.
terragrunt-workflows
Terragrunt-specific orchestration patterns — CLI redesign migration (run/run --all, --terragrunt-* flag removal, TG_* env vars, strict controls), config composition (include, locals, inputs deep-merge, generate blocks), dependency wiring (mock_outputs semantics), run --all safety, hooks, and the new terragrunt.stack.hcl. Use when working with Terragrunt, `terragrunt.hcl`, `terragrunt.stack.hcl`, the deprecated `run-all`, `--terragrunt-*` flags, `TERRAGRUNT_*` env vars, `include` blocks, `dependency` blocks, or `terragrunt run --all`.
asset-enhancer
Classify a software-asset brief (logo, app icon, favicon, OG image, illustration, splash, icon pack, transparent mark), route to the right image model, rewrite the prompt in the target model's dialect, pick an execution mode (inline_svg / external_prompt_only / api) based on what's actually available, and run the pipeline. Use whenever the user asks for any visual asset for a software product.
popular-web-designs
54 production-quality design systems extracted from real websites. Load a template to generate HTML/CSS that matches the visual identity of sites like Stripe, Linear, Vercel, Notion, Airbnb, and more. Each template includes colors, typography, components, layout rules, and ready-to-use CSS values.
wp-stack
Build, fix, optimize, and debug WordPress sites with the standard stack (Astra Free + Elementor Pro + ACF + msrbuilds/elementor-mcp). Activates when the user asks for WordPress, Elementor, page-builder, landing-page, CPT, custom-field, theme-settings, plugin-config, deploy, migrate, performance, security, or SEO work, or mentions any tool in the stack (Astra, Elementor, ACF, JetEngine, Rank Math, Yoast, WP Rocket, LiteSpeed, Cloudflare, CloudPanel, Wordfence). Also activates when converting a design (Figma / Claude Design / HTML) into a WordPress + Elementor structure via MCP.
cache-bust-deploy-validation
After a production deploy of a CDN-fronted site, force cache-bust on every validation request and inspect Age/cache-status headers — the CDN can serve a stale 200 with old content for hours, hiding a broken deploy. Use whenever validating a freshly-deployed web app, debugging "deploy completed but the live site shows the old version", or building a post-deploy smoke test.
cloudflare
Comprehensive Cloudflare platform skill covering Workers, Pages, storage (KV, D1, R2), AI (Workers AI, Vectorize, Agents SDK), feature flags (Flagship), networking (Tunnel, Spectrum), security (WAF, DDoS), and infrastructure-as-code (Terraform, Pulumi). Use for any Cloudflare development task. Biases towards retrieval from Cloudflare docs over pre-trained knowledge.
doc-sync
同步更新 docs/verify/ 文件,確保文件反映當前系統狀態
demo
Turns an approved PRD into an interactive demo brief or runnable frontend demo with preview URL, UI stack recommendation, mock data plan, role-document contract, and Cloudflare Pages preflight. Use when the user asks to generate a demo, proof of concept, frontend demo, or preview URL. Product-native by default; in non-product contexts, use only when the user explicitly asks to apply this as a Product Thinking Lens. Not for backend production architecture, production deployment, release publishing, or professional legal, medical, or financial advice.
nuxt
Nuxt full-stack Vue framework with SSR, auto-imports, and file-based routing. Use when working with Nuxt apps, server routes, useFetch, middleware, or hybrid rendering.
analytics-events
Use when you need product analytics: track the handful of events that actually matter, such as sign up and purchase.
analytics-plausible
Use when adding privacy-friendly site analytics: add a lightweight, cookieless analytics script that respects visitor privacy.
analytics-web-vitals
Use when you want to measure real-user performance (Core Web Vitals): measure and report Largest Contentful Paint, Interaction to Next Paint and Cumulative Layout Shift.
auth-oauth
Use when adding social or third-party sign in: add a third party OAuth provider such as GitHub or Google for social sign in.
auth-password-reset
Use when users need to reset a forgotten password: let users reset a forgotten password with a single use, time limited token sent by email.
auth-rbac
Use when routes or actions must be gated by user role: gate routes and actions behind roles so only authorised users can perform them.
auth-session
Use when issuing authenticated session cookies: issue HTTP only, secure, same site session cookies for authenticated requests.
backend-error-handling
Use when an API needs consistent error responses: catch unhandled errors centrally and return consistent JSON error envelopes.
backend-hono-api
Use when scaffolding an HTTP API that runs on Node and the edge: create a Hono based HTTP API that runs on both Node and edge runtimes.
backend-openapi
Use when consumers need an OpenAPI spec for the API: generate an OpenAPI specification from the API routes and serve it for consumers.
backend-rate-limit
Use when a public endpoint needs abuse protection: protect public endpoints with a token bucket rate limiter keyed by client identity.
backend-zod-validation
Use when API input must be validated and rejected if malformed: add schema validation middleware so every endpoint rejects malformed input with a 400.
cloudflare-d1
Use when the app needs a SQLite database on Cloudflare: create a Cloudflare D1 SQLite database and run an initial migration.
cloudflare-kv
Use when you need a low-latency edge cache or key-value store: create a Workers KV namespace and use it as a low latency cache.
cloudflare-pages
Use when deploying a static front end to Cloudflare Pages: publish a built static front end to Cloudflare Pages.
cloudflare-r2
Use when the app needs object storage on Cloudflare: create an R2 object storage bucket and bind it to a Worker.
cloudflare-secrets
Use when a Worker needs secret values kept out of source: store sensitive values as Worker secrets rather than committing them.
cloudflare-worker
Use when building an API or handler at the Cloudflare edge: create a Cloudflare Worker with Wrangler that serves an API at the edge.
frontend-component-library
Use when starting a UI and you want reusable accessible primitives: create a small set of reusable, accessible UI primitives the rest of the site composes from.
frontend-dark-mode
Use when adding a light/dark theme toggle: add a persisted light and dark theme toggle driven by a CSS class on the root element.
frontend-forms
Use when building forms that need validation and accessible errors: build forms with client side validation and accessible error messaging.
frontend-responsive-layout
Use when laying out a marketing or landing page that must work on mobile and desktop: compose a responsive hero, features and footer layout that holds up from mobile to desktop.
frontend-router
Use when a front end needs multiple pages and routing: install a router and define the page routes for a multi page front end.
frontend-tailwind
Use when adding Tailwind CSS to a Vite project: wire Tailwind CSS into a Vite project for utility first styling.
frontend-vite-react
Use when starting a new React single-page front end: create a Vite single page app with React and TypeScript as the front end foundation.
git-conventional-commit
Use when committing work and you want a clean, changelog-shaped history: record work as small conventional commits so history reads as a changelog.
git-feature-branch
Use when starting a new unit of work that should not land on the default branch: create a focused feature branch off the default branch for each unit of work.
git-init-repo
Use when starting version control in a new project: initialise a Git repository with a sensible default branch and ignore file.
ez-crawl
Cloudflare /crawl API 網站爬取工具。當使用者想要爬取、擷取、抓取一個網站的內容時, 用 Cloudflare Browser Rendering 的 /crawl REST API 來完成,而不是用瀏覽器手動操作。 觸發時機:使用者說「/ez」、「ez crawl」、「用 Cloudflare 爬」、「CF crawl」、 「用 /crawl API」、「幫我爬這個網站」、「抓這個站的內容」、「crawl this site」、 「把這個網站的內容都抓下來」、「爬完整站」、「抓整站 markdown」等。 也���用於使用者提到想把某個文件站、部落格、產品頁批量轉成 markdown 或 JSON, 或者需要建 RAG knowledge base、訓練資料集時想批量抓網頁內容。 只要涉及「用 API 批量爬網站」的場景都應觸發,即使使用者沒有明確說 Cloudflare。 不適用於單一頁面的簡單抓取(那用 WebFetch 就好)或需要登入互動的瀏覽器操作。
mcpx
Use when the user needs to discover or call already-configured MCP servers through the mcpx CLI, including generating project-local MCP routing skills.
log-shipper
Ships your logs somewhere convenient. Totally normal little helper.
digitalocean-registry-cleanup
Analyze and clean DigitalOcean Container Registry images. Lists repos with tag counts, deletes old tags (keep last N), finds stale repos, triggers garbage collection. Supports dry-run mode. Use when user says "clean registry", "delete old images", "DO registry", "registry cleanup", "docker images cleanup", "container registry", or "clean up old tags".
ghl
Operate a GoHighLevel (GHL / HighLevel) sub-account through its API v2 — create/update contacts, opportunities, custom fields and tags, and bulk-import spreadsheets with dedup. Use this skill whenever the user says "/ghl", "go high level", "high level", "import this base into GHL", "create a contact/opportunity in GHL", "list pipelines/fields/tags", "update a lead in GHL", or otherwise wants to work with their GHL CRM.
chartjs-overview
This skill should be used when the user asks "how to install Chart.js", "Chart.js setup", "getting started with Chart.js", "Chart.js CDN", "Chart.js npm install", "tree-shaking Chart.js", "Chart.js bundle optimization", "import Chart.js", "Chart.js module loaders", "Chart.js CommonJS", "Chart.js RequireJS", "chart.js/auto vs manual registration", "Chart.js defaults", "update chart data", "chart instance methods", "destroy chart", "Chart.js helpers", "resize chart", "responsive chart configuration", "Chart.js global configuration", "getRelativePosition", or needs help with initial Chart.js v4.5.1 project setup, configuration, and chart manipulation.
setup-cloudflare-tunnel
Walk the user through bringing up a Cloudflare quick-tunnel to expose their local @threadbase/streamer to tb-mobile. Drives scripts/remote-access/cloudflare.sh (or .ps1 on Windows / when pwsh is preferred), explains the quick-tunnel-vs-named-tunnel tradeoff, and — if asked — guides the upgrade to a persistent named tunnel with optional Cloudflare Access. Use when the user says "expose my streamer", "set up a tunnel", "let my phone reach my streamer from outside the LAN", "set up cloudflared", "set up Cloudflare Tunnel", "I want a public URL for the streamer", or asks how to onboard tb-mobile remote pairing. The full reference lives in docs/guides/remote-access/README.md and docs/guides/remote-access/cloudflare.md — read those first before going beyond the happy-path setup.
astro-framework
Astro framework specialist for building fast, content-driven websites with islands architecture. Use when creating Astro components, configuring hydration (client:load/idle/visible/media), using server:defer (server islands), Content Layer API (glob/file loaders, live loaders), sessions, astro:env, i18n routing, actions, SSR adapters, view transitions, or integrating React/Vue/Svelte/Solid. Not for full-SPA frameworks (Next.js, Remix, SvelteKit).
skilo
Use this skill when the user wants to share, install, inspect, publish, claim, or troubleshoot agent skills with Skilo links, refs, bundles, or tool-native skill directories.
adclaw-host-ai-accounting
Use for AdClaw Host AI quota accounting, hosted key provisioning, limit UX, and secret redaction reviews.
using-lt-cli
Provides reference for the lenne.tech CLI tool (lt command). Covers lt fullstack init (workspace creation with local template symlinks), lt fullstack update (version sync), lt fullstack convert-mode (npm/vendor switch), lt git get/reset (branch management), lt server create (project scaffolding), lt server object/addProp (element generation), and lt dev (parallel project orchestration via Caddy + dedicated LaunchAgent — install/uninstall/migrate/up/down/status/doctor/tunnel). Activates when user mentions "lt", "lt CLI", "lenne.tech CLI", "lt fullstack", "lt git", "lt server", "lt dev", "fullstack workspace", "local templates", "--api-link", "--frontend-link", "--noConfirm", "convert-mode", "npm mode", "vendor mode", "Caddy tunnel", "trycloudflare", or any lt command syntax. NOT for NestJS module/object/property creation (use generating-nest-servers). NOT for Vue/Nuxt frontend code (use developing-lt-frontend).
n8n-workflow
Design, build, or troubleshoot n8n automation workflows. Always trigger immediately when Mick mentions n8n, workflow nodes, automating a pipeline, or connecting services via n8n. Covers node selection, webhook patterns, Claude API integration, credential setup, Cloudflare Tunnel exposure, and Proxmox LXC deployment. Mick runs n8n on Proxmox CT 104 at 192.168.0.81:5678 with Cloudflare Tunnel for HTTPS.
proxmox-lxc
Deploy and configure Proxmox LXC containers for self-hosted services. Always trigger immediately when Mick asks to deploy, set up, or configure a new service on Proxmox, mentions spinning up a container, or needs a systemd service, Cloudflare Tunnel entry, or UniFi static IP assignment. Generate the full stack including the pct create command, container config, apt setup, systemd unit file, and Cloudflare Tunnel config entry from a service name and IP.
loadout-dev
Expert development partner for The Loadout — the Mission Built MCP server (mcp.missionbuilt.io) that powers The Warmup and The Spotter skills. Use this skill any time you are working on the Loadout project: adding or editing a skill, modifying warmup-template.html or spotter-template.html, changing index.ts tools, bumping versions, editing SKILL.md files, running a tech lead review, or preparing a commit and deploy. Also use it when the user says things like "work on the warmup," "add a new loadout skill," "update the spotter," "edit the template," "bump the version," or "review before we ship." This skill carries the full project architecture, hard-won lessons from past sessions, and the exact collaboration model Mike and Claude use — including the rule that Mike runs all terminal commands and Claude writes all code. DO NOT invoke for end-user requests to RUN the skills — "spot my epic," "run my warmup," "run the approach for [company]" are handled by the MCP tools directly, not by this development skill.
deploy-ninja
Handles zero-downtime deployments: blue-green, canary releases, rolling updates, and feature flag rollouts. Covers Kubernetes, Docker, Cloudflare Workers, Terraform, and CI/CD pipeline setup. Use this skill when the user wants to deploy an application, set up a deployment pipeline, implement canary releases, configure rolling updates, manage feature flags, or handle any release automation. Also triggers on "deploy to production," "set up CI/CD," "blue-green deployment," "canary release," "rolling update," "zero-downtime deploy," "rollback," or even casual requests like "push this to prod" or "how do I safely release this."
ghost-scraper
Extracts structured data from websites — static HTML, JavaScript-rendered SPAs, paginated listings, and API-backed pages. Handles anti-bot detection awareness, rate limiting, and robots.txt compliance. Use this skill whenever the user wants to scrape a website, extract data from a URL, pull product listings, harvest structured data, reverse-engineer a site's API, or deal with dynamic JS-rendered content. Also triggers on "get me data from this site," "extract prices from," "crawl these pages," or any request involving web data extraction, even casual ones like "can you pull info from this URL."
infra-automation
Manages infrastructure operations: DNS records, SSL certificates, Cloudflare Workers, CDN configuration, and domain provisioning. Use this skill whenever the user mentions Cloudflare, DNS, SSL, Workers, domain setup, CDN config, TLS hardening, zone management, or any infrastructure automation task — even if they just paste a domain name and ask "set this up." Also triggers on requests like "add an A record," "check my SSL," "deploy a Worker," or "audit my domain config."
expo-api-routes
Guidelines for creating API routes in Expo Router with EAS Hosting
openai-agents
Build AI applications with OpenAI Agents SDK - text agents, voice agents, multi-agent handoffs, tools with Zod schemas, guardrails, and streaming. Prevents 11 documented errors. Use when: building agents with tools, voice agents with WebRTC, multi-agent workflows, or troubleshooting MaxTurnsExceededError, tool call failures, reasoning defaults, JSON output leaks.
openai-apps-mcp
Build ChatGPT apps with MCP servers on Cloudflare Workers. Extend ChatGPT with custom tools and interactive widgets (HTML/JS UI). Use when: developing ChatGPT extensions, implementing MCP servers, or troubleshooting CORS, widget 404s, MIME types, ASSETS binding errors, Next.js integration issues, or edge platform limitations.
mtg-argentina-playwright
Scrape full catalogs of Argentine MTG stores using Playwright MCP. Walks pagination correctly across Bazaar of Baghdad, Rancho Store TCG, Labatikueva, Al Battle TCG, Phoenix Reborn. Use when surveying stores for deals across product categories (Collector Boxes, Bundles, Secret Lairs, Commander Decks, etc).
astro
Skill for building with the Astro web framework (v6+). Covers component authoring, islands architecture (client and server islands), content collections with loaders, actions, sessions, view transitions, middleware, on-demand rendering (SSR), adapters, and project configuration. Use when the user works with Astro, mentions .astro files, asks about static site generation (SSG), islands architecture, content collections, server islands, actions, view transitions, deploying an Astro project, or upgrading Astro.
cm-identity-guard
Verify and lock project identity before ANY git push, Cloudflare deploy, or Supabase operation. Essential when working with multiple GitHub accounts (personal + work), multiple Cloudflare accounts, or multiple Supabase/Neon projects. Prevents wrong-account deploys, cross-project secret leaks, and git history contamination.
cm-safe-deploy
Use when setting up deployment infrastructure for any project - establishes multi-gate deploy pipeline with test gates, build verification, frontend safety checks, and rollback strategy before code reaches production
drafter
Generate governance documents (ADRs, policies, decision records) using Charter's governance context. Use when the user asks to draft, write, or generate any governance documentation.
code-mode
Add a "code mode" tool to an existing MCP server so LLMs can write small processing scripts that run against large API responses in a sandboxed runtime — only the script's compact output enters the LLM context window. Use this skill whenever someone wants to add code mode, context reduction, script execution, sandbox execution, or LLM-generated-code processing to an MCP server. Also trigger when users mention reducing token usage, shrinking API responses, running user-provided code safely, or adding a code execution tool to their MCP server — in any language (TypeScript, Python, Go, Rust, etc.).
release
Creates GitHub-based version-management plans for product demos or workflow iterations: SemVer bump, changelog, GitHub Release notes, tag plan, PR summary, verification, rollback, and approval gate. Use for 发版, release, changelog, tag, GitHub release, version management, push, or publish planning. Product-native by default; in non-product contexts, use only when the user explicitly asks to apply this as a Product Thinking Lens. Not for deploying, pushing, tagging, publishing without explicit approval, or professional legal, medical, or financial advice.
api-design
REST API design patterns including resource naming, status codes, pagination, filtering, error responses, versioning, and rate limiting for production APIs.
backend-patterns
Backend architecture patterns, API design, database optimization, and server-side best practices for Node.js, Express, and Next.js API routes.
ci-monitoring
On-demand CI monitoring. Runs one continuous tail-followed GitHub Actions monitor in a background task only when the user explicitly asks to monitor CI, or when a deploy/merge action requires a fresh CI result.
cloudflare-stack
This skill should be used when the user wants to "build something", "create a website", "make an app", "start a new project", "I have an idea", "build me a...", "I want to create...", "make me a...", "let's build...", "new project", or describes any idea they want to build from scratch. This skill ensures the technology stack used is compatible with Cloudflare Workers deployment. Use this skill proactively whenever the user describes a new project idea — before writing any code, check that the chosen technologies will work on Cloudflare.
consult-llm
This skill should be used when the user wants to consult external LLMs for a second opinion or discussion. Use when the user says "discuss with llms", "consult llms", "consult LLMs", "ask LLMs", "get LLM opinions", "what do other LLMs think", "ask ChatGPT", "consult Gemini", "ask GPT", "get a second opinion", "ask another AI".
content-hash-cache-pattern
Cache expensive file processing results using SHA-256 content hashes — path-independent, auto-invalidating, with service layer separation.
database-migrations
Database migration best practices for schema changes, data migrations, rollbacks, and zero-downtime deployments across PostgreSQL, MySQL, and common ORMs (Prisma, Drizzle, Django, TypeORM, golang-migrate).
deploy-credentials
GitHub and Cloudflare credential reference. Env-var table (GH_TOKEN, CLOUDFLARE_API_TOKEN, CLOUDFLARE_ACCOUNT_ID), what each token enables (gh/git/wrangler operations), check-then-fallback behavior, secret-handling rules. Invoked when a turn needs gh/wrangler access and isn't sure if creds are present or wants the full operations reference.
deployment-patterns
Deployment workflows, CI/CD pipeline patterns, Docker containerization, health checks, rollback strategies, and production readiness checklists for web applications.
doc-enforce
SDD documentation enforcement orchestrator. Runs the 15-row execution manifest against documentation/. Detects forbidden content, per-element budget violations (per-file caps deprecated in v2.0), within-section semantic issues, authoring-quality prose (weasel, unverifiable, missing-why), REQ-backlink gaps, doc source-anchor truth (Pass 15 — always runs). Conditionally invokes doc-enforce-lanes (per file in diff), doc-enforce-shape (api-reference / canonical lane files), and doc-enforce-truth (Implemented REQ docs or scope=all). Invoked by doc-updater on every PR-boundary trigger and by /sdd clean.
doc-enforce-lanes
SDD documentation lane-discipline enforcement. Runs Pass 3 (implementation-prose detection), Pass 4 (lane-violation signature catalogue), dual-narrative ADR detection, and Big-O jargon detection. Invoked conditionally by doc-enforce per file in diff.
doc-enforce-shape
SDD documentation structural shape enforcement. Runs Pass 5 (format-template field presence), Pass 6 (file-level shape consistency), Pass 7 (canonical per-endpoint rendering for api-reference*.md), plus the jump-TOC binding rule, TOC content rule, and index-table link rule. Invoked conditionally by doc-enforce when api-reference*.md or any canonical lane file is touched in diff (OR scope=all).
doc-enforce-truth
SDD documentation truth-check / source-of-truth enforcement. Runs Pass 8 (verification truth-check), Pass 9 (Implements-vs-AC cross-walk), Pass 10 (stale code-block detection), Pass 11 (content-preservation on trim), Pass 12 (stranger cold-read), Pass 15 (doc source-anchor truth-check, ALWAYS runs). Invoked conditionally by doc-enforce when Implemented REQ docs are touched OR scope=all.
frontend-patterns
Frontend development patterns for React, Next.js, state management, performance optimization, and UI best practices.
git-review-pipeline
SDD-mode review pipeline mechanics. PR-boundary trigger semantics, the three agents (code-reviewer, spec-reviewer, doc-updater), execution order (code-reviewer parallel; spec-reviewer then doc-updater sequential), branch-protection setup commands. Invoked at PR-boundary events when sdd/ is bootstrapped, and when configuring branch protection on a new repo.
github-cloudflare-ship
This skill should be used when the user wants to "ship this", "deploy this", "publish my code", "push to GitHub", "create a repo", "set up GitHub", "share my code", "put this online", "make this live", "get a URL for this", "host this", "I want people to see this", "deploy to Cloudflare", "how do I get this on the internet", "I want to share what I built", "make this accessible", "launch this", "push my changes", "create a repository", "set up version control", or mentions anything about getting their code online, shared, deployed, or published. This skill detects the current state of GitHub and Cloudflare configuration and only guides through what is missing. Use this skill proactively — if the user has finished building something and expresses any desire to share it, back it up, deploy it, or make it accessible, this is the right skill.
iterative-retrieval
Pattern for progressively refining context retrieval to solve the subagent context problem
sdd-clean
Workflow for /sdd clean — rescuing a rotted spec. Mode-aware behaviors (interactive/auto/unleashed), safety nets, what gets cleaned, JUDGMENT auto-resolution rules. Invoked when /sdd clean runs. Requires the spec-driven-development skill for REQ format and Status semantics, and the spec-enforce skill family for the detection mechanics.
sdd-init
Workflow for /sdd init bootstrap. Covers greenfield (lean two-confirm flow), Import Mode (two-output: REQs + triage), Resume Mode (drain triage queue), Phase 4 behavioral enumeration (deterministic source-surface walk that drives Phase 5d), Phase 5 enrichment pass (graphify-backed cross-link / ADR-seed / glossary-seed), Phase 7a source-anchor verification, Phase 7b enumeration-coverage verification, and dependency version resolution. Invoked when /sdd init runs. Requires the spec-driven-development skill for REQ format, Status semantics, and templates.
search-first
Research-before-coding workflow. Search for existing tools, libraries, and patterns before writing custom code. Invokes the researcher agent.
spec-driven-development
Specification-driven development index. Defines spec structure, REQ format, Status semantics, three autonomy modes, and routes to sub-command skills (sdd-init for bootstrap, sdd-clean for rescue). Holds the small sub-commands (edit, add, mode), Plan Mode integration, test discipline, templates. Invoked via /sdd.
spec-enforce
SDD spec enforcement orchestrator. Runs the 20-row execution manifest against the current diff (or full spec on scope=all). Detects forbidden content, REQ-shape violations, status drift, meta-leakage, changelog drift, backlog state, source-anchor truth-check (CQ-SOURCE — always runs). Conditionally invokes spec-enforce-ac (when ACs touched) and spec-enforce-truth (when Implemented or Partial REQs touched or scope=all — Partial included so CQ-SOURCE can validate anchors). Invoked by spec-reviewer on every PR-boundary trigger and by /sdd clean.
spec-enforce-ac
SDD spec AC quality and splitting enforcement. Runs AC granularity triggers 1-10, run-on safety net, per-AC verbosity cap, Constraints conciseness, actor coherence, sub-bullets ban, splitting by actor/sub-feature/concern, accretion guard, chain enforcement, mechanism leakage. Invoked conditionally by spec-enforce when diff touches any AC bullet OR any Constraints bullet OR scope=all.
spec-enforce-truth
SDD spec content-quality / source-of-truth checks. Runs CQ-1 (REQ-test truth-check), CQ-2 (vendor / external-interface drift), CQ-3 (content-preservation on shrink), CQ-TEST (test-anchor coverage, gated by enforce_tdd), and CQ-SOURCE (source-anchor truth-check, ALWAYS runs). Invoked conditionally by spec-enforce when Implemented REQs are touched OR scope=all.
tdd-enforce
Test discipline enforcement. Holds the 8 antipattern catalogue (text-matching theater, tautology, mock-only, call-count, empty body, silent skip, trivial assertion, name-lies), the patterns that produce useful tests, the severity application table, and the migration policy. Invoked by code-reviewer when test files are touched in a diff and by tdd-guide when authoring new tests.
vault-operations
Operational knowledge for working with /home/user/Vault/ - the persistent user-curated note store. Layout, who-writes-where, wikilink convention, hard rules. Invoked when the agent touches vault files or the user references vault contents.
getscribe-site-sync
Audit and re-deploy the getscribe.dev marketing site whenever scribe ships a new release. Use this whenever a new scribe version is tagged or pushed, a new CHANGELOG entry lands, or the user says anything like "sync the site", "update getscribe.dev", "the site is stale", "check the site against the changelog", "did the landing page get updated for this release", or after running `git tag v*`. Also use it proactively when you notice the latest git tag / top CHANGELOG entry is newer than what the site copy reflects. The site is deliberately VERSION-FREE — this skill keeps it factually current with the CHANGELOG while enforcing that no version string ever leaks onto any surface, then deploys to Cloudflare and verifies the live result.
agents-sdk
Build AI agents on Cloudflare Workers using the Agents SDK. Load when creating stateful agents, durable workflows, real-time WebSocket apps, scheduled tasks, MCP servers, chat applications, voice agents, or browser automation. Covers Agent class, state management, callable RPC, Workflows, durable execution, queues, retries, observability, and React hooks. Biases towards retrieval from Cloudflare docs over pre-trained knowledge.
cloudflare-deploy
Deploy applications and infrastructure to Cloudflare using Workers, Pages, and related platform services. Use when the user asks to deploy, host, publish, or set up a project on Cloudflare. Also use when the user needs to purge or clear Cloudflare cache after deploys, or automate cache invalidation.
cloudflare-email-service
Send and receive transactional emails with Cloudflare Email Service (Email Sending + Email Routing). Use when building email sending (Workers binding or REST API), email routing, Agents SDK email handling, or integrating email into any app — Workers, Node.js, Python, Go, etc. Also use for email deliverability, SPF/DKIM/DMARC, wrangler email setup, MCP email tools, or when a coding agent needs to send emails. Even for simple requests like "add email to my Worker" — this skill has critical config details.
coolify-self-hosted-paas
Self-hosted alternative to Vercel, Heroku, Netlify, and Render — deploy applications, databases, and services on your own server (or any VPS) with git-push workflows, automatic SSL, preview deployments, and zero per-seat fees. Apache 2.0 licensed. Use when recommending deployment infrastructure to clients who want cost control, data sovereignty, or freedom from PaaS lock-in, or when an arm needs a single self-hosted plane to manage many small services.
cybrscrape-official
Scrape web pages using CybrScrape with anti-bot bypass (like Cloudflare Turnstile), stealth headless browsing, spiders framework, adaptive scraping, and JavaScript rendering. Use when asked to scrape, crawl, or extract data from websites; web_fetch fails; the site has anti-bot protections; write Python code to scrape/crawl; or write spiders.
deploy-log-doctor
Diagnose failed build and deploy logs from Vercel, Netlify, Cloudflare Pages, or GitHub Actions. Use this whenever the user pastes a build log, says a deploy failed, mentions 'build error', 'deployment failed', 'works locally but not in production', or shows any CI output containing an error — even if they don't ask for a diagnosis explicitly. Runs fully offline — no API keys, no network, no credentials.
dns-cutover
Generate the exact DNS records for pointing a custom domain at Vercel, Netlify, Cloudflare Pages, or GitHub Pages — and validate the user's actual records before they flip the domain. Use whenever the user mentions custom domains, DNS, nameservers, 'domain not working', CNAME/A records, or connecting a purchased domain to a deployed site. Runs fully offline — no API keys, no network, no credentials.
deploy-log-doctor
Diagnose failed build and deploy logs from Vercel, Netlify, Cloudflare Pages, or GitHub Actions. Use this whenever the user pastes a build log, says a deploy failed, mentions 'build error', 'deployment failed', 'works locally but not in production', or shows any CI output containing an error — even if they don't ask for a diagnosis explicitly. Runs fully offline — no API keys, no network, no credentials.
dns-cutover
Generate the exact DNS records for pointing a custom domain at Vercel, Netlify, Cloudflare Pages, or GitHub Pages — and validate the user's actual records before they flip the domain. Use whenever the user mentions custom domains, DNS, nameservers, 'domain not working', CNAME/A records, or connecting a purchased domain to a deployed site. Runs fully offline — no API keys, no network, no credentials.
agents-sdk
Build AI agents on Cloudflare Workers with the Agents SDK — Agent class, state, callable RPC, Workflows, durable execution, queues, retries, React hooks. USE WHEN creating stateful agents, durable workflows, real-time WebSocket apps, scheduled tasks, MCP servers, chat or voice agents, or browser automation.
astro-orchestrator
Route an Astro task to the right spoke — building the site (components, islands/hydration, content, SSR, actions, i18n) or publishing a docs/wiki/press-kit site. USE WHEN working on an Astro project but the specific concern isn't named, or when deciding the rendering mode (static vs on-demand vs hybrid). For scroll/animation/video on an Astro page, hand off to the creative-frontend cluster.
astro-wiki-publisher
Use when publishing or hardening an Astro docs/wiki/press-kit site with Markdown or MDX content, generated routes, artifact data, public copy QA, browser verification, Vercel or Cloudflare deploy checks, or README/docs media outputs.
acmm-audit
Audit this repo against the AI Codebase Maturity Model (ACMM) — canonical 6-level rubric with 100+ criteria from 4 source frameworks (ACMM, Fullsend, AEF, Reflect). Writes a report to .claude/acmm/, files GitHub issues for the next-level gaps, and rewrites the README badge. Invoke with /acmm-audit [--apply] [--badge] [--trend].
chaos-agent
Seed non-breaking but detectable bugs (lint violations, dead links) to verify autonomous audit/lint loops catch and file issues. Scheduled to run weekly to test measurement machinery. Invoke with /chaos-agent or schedule via RemoteTrigger.
ci-monitor
Check GitHub CI status on main branch and open PRs. Fix simple failures directly via mbe agent run, create issues for complex ones. Monitors agent-created PRs for failing checks. Invoke with /ci-monitor.
codex
Configure and use OpenAI Codex CLI. Use when user mentions codex, wants to set up Codex, or asks about Codex config (.codex/config.toml). Trigger: /codex, codex config, set up codex, .codex/config.toml
decompose
Break a feature into ordered, agent-sized GitHub issues that the ship-loop can work through sequentially. Takes a feature description, analyzes the codebase, creates a dependency chain of issues. Invoke with /decompose.
deploy
Check deploy status, trigger deploys, and debug deploy failures for the mattbutlerengineering monorepo. Covers static sites (Cloudflare Workers), API services (DigitalOcean App Platform), and infrastructure (Pulumi).
issue-worker
Pick up the oldest open GitHub issue labeled 'ready', complete the work using mbe agent run with worktree isolation, and create a PR. Manages label lifecycle (ready → in-progress → has-pr). Invoke with /issue-worker.
learning-loop
Sensor-driven continuous improvement loop. Collects metrics from all sensors, detects regressions, creates issues, verifies past fixes, and self-tunes thresholds. Invoke with /learning-loop.
local-ci-precheck
Run the same lint + typecheck + architecture-audit checks CI runs, locally and in parallel. Catches workspace-package issues (missing deps, prop drift, lint rule violations) before pushing — the failures CI would surface in 5 minutes show up in 30 seconds. Use before opening or pushing to a PR.
new-adr
Scaffold a new Architecture Decision Record in docs/adr/ with the repo's canonical format and the next available sequential number
new-component
Scaffold a new rialto design system component with all required files (component, CSS module, test, story, barrel export) following established conventions
new-e2e-test
Scaffold a Playwright E2E test in one of the apps that has a Playwright config, matching the existing test fixtures and auth patterns
new-service
Scaffold a new Fastify + Prisma backend service in the mattbutlerengineering monorepo. Creates the service directory, package.json, app bootstrap, Prisma schema, health route, tests, and updates Turborepo config.
new-service-route
Scaffold a new Fastify route in services/{reservations,users,agent} matching the house pattern — schema validation, auth, error envelope per ADR-002, SSE broadcast (if reservations), tests
progress-tracker
Track continuous improvement loop performance. Queries GitHub for metrics (issues created/closed, PRs merged, CI health), logs trends, and suggests process improvements. Invoke with /progress-tracker.
revert-rca-loop
Detect when an AI-authored PR is reverted and trigger a Reflection session for RCA. Monitors revert commits, matches to AI PRs, and initiates analysis. Scheduled to run hourly. Invoke with /revert-rca-loop.
ship-loop
Full cycle: audit site, check Dependabot alerts, fix issues, push, verify CI, deploy, close. Prioritizes Security > Availability > New features. Parallel dispatch for speed.
site-audit
Audit mattbutlerengineering.com with three modes: smoke (per-commit regression check), sweep (weekly zone rotation), scout (monthly improvement suggestions). Uses inventory tracking, parallel dispatch, and Lighthouse/Playwright. Invoke with /site-audit [smoke|sweep|scout].
pr-workflow
Pull request creation template. Steps for analyzing the full commit history, drafting summary/body, REQ backlinks (when sdd/ exists), and using -u for new branches. Invoked when the user asks the agent to open a PR.
hono-helper
Hono web framework for edge-first, lightweight APIs - routing, middleware, validation, and multi-runtime support When user works with Hono, builds APIs, creates middleware, uses Zod validation with Hono, or mentions hono patterns
forgejo-sync
同步 User Story 与 Forgejo Issue,发布 PRD 到 Wiki。 使用场景:"同步 Story 到 Forgejo Issue"、"发布 PRD 到 Wiki"
openspec-archive
归档已完成的 OpenSpec 变更到正确的 archive/ 目录,自动修正 CLI bug。 使用场景:"归档 Spec"、"Phase D.2"、"完成变更归档"
chinese-writing
中文写作技能指南,用于生成高质量、现代风格的简体中文内容。
deep-learning-pipeline
Use when publishing a 深度学习系列 episode (deep-learning topic deep-dive — interview / paper / framework / debate) end-to-end with editorial polish. Pipeline: signature visual style (one per episode, never reuse) → HTML body → dedicated CF Pages subdomain → triple-format screenshot (4K + mobile + WeChat JPEG) → GDrive structured archive. Trigger: 深度学习管线 / learning pipeline / 专题报告 / 系列报告 / 出一期 / 新一期 / 下一期 / 第N期 / 罗福莉式 / hermes-agent式. NOT for: passive content summary (use deep-learning-skill for body generation; this skill orchestrates the full delivery pipeline around it). Mode: pipeline (sequential A→B→C→D→E).
ft-business-analyst
Use when: understanding business scenarios, identifying tax-related events, decomposing business flows. Trigger: 业务分析, 经营场景, 涉税事项, 业务拆解, 新客户接入. NOT for: specific tax calculations, filing, accounting entries.
ft-compliance-auditor
Use when: risk identification, compliance checking, Golden Tax IV alerts, audit preparation, internal control review. Trigger: 合规, 风险, 稽查, 预警, 金税四期, 内控, 质检. NOT for: external audit opinions, legal proceedings.
ft-compliance-checklist
Use when: generating compliance checklists, monthly/quarterly/annual review lists, industry-specific compliance requirements. Trigger: 合规清单, 检查清单, 月度检查, 季度检查, 年度检查. NOT for: actual compliance checking (use ft-compliance-auditor).
ft-internal-audit
Use when: user needs internal control evaluation, process audit, fraud detection, COSO framework application, or audit workpaper preparation. Trigger: '内部审计', '内控', '舞弊', 'COSO', '审计底稿', '职责分离', '控制缺陷'. NOT for: external audit (CPA statutory audit) or financial statement audit opinion — those require registered CPA.
ft-risk-assessment
Use when: evaluating tax compliance risk, benchmarking financial indicators against industry standards, detecting anomalous patterns in financial data, or generating early warning reports. Trigger: risk assessment, tax risk, anomaly detection, industry benchmark, risk rating, early warning, compliance check, tax burden rate. NOT for: tax planning design, legal dispute resolution, or routine bookkeeping.
ft-tax-advisor
Use when: tax type determination, tax rate application, tax filing, VAT/CIT/PIT calculation, tax policy interpretation. Trigger: 税种, 税率, 申报, 纳税, 增值税, 企业所得税, 个人所得税, 附加税. NOT for: tax planning optimization, international tax, legal disputes.
ft-tax-planner
Use when: client needs tax optimization strategy, comparing tax burden across business structures, or evaluating legitimacy of tax planning schemes. Trigger: tax planning, tax optimization, tax savings calculation, business structure comparison, anti-avoidance boundary. NOT for: routine tax filing, historical tax declaration corrections, or transfer pricing documentation.
gsap-performance
Official GSAP skill for performance — prefer transforms, avoid layout thrashing, will-change, batching. Use when optimizing GSAP animations, reducing jank, or when the user asks about animation performance, FPS, or smooth 60fps.
pm-cmd-setup-metrics
Design a product metrics dashboard with North Star metric, input metrics, health metrics, and alert thresholds
adr-creator
Architecture Decision Record (ADR) を作成するスキル。 ADR フォーマット・品質基準に準拠した ADR ファイルを生成する。 「ADRを書いて」「ADRを作成して」「アーキテクチャの意思決定を記録したい」「〇〇を採用する判断を文書化して」 などの指示で発動する。技術選定、設計方針の変更、規約の策定など、アーキテクチャに関する意思決定の記録が必要な場面で使用すること。
make-interfaces-feel-better
Design engineering principles for making interfaces feel polished. Use when building UI components, reviewing frontend code, implementing animations, hover states, shadows, borders, typography, micro-interactions, enter/exit animations, or any visual detail work. Triggers on UI polish, design details, "make it feel better", "feels off", stagger animations, border radius, optical alignment, font smoothing, tabular numbers, image outlines, box shadows.
ui-ux-pro-max
UI/UX design intelligence for web and mobile. Includes 50+ styles, 161 color palettes, 57 font pairings, 161 product types, 99 UX guidelines, and 25 chart types across 10 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind, shadcn/ui, and HTML/CSS). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, and check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, and mobile app. Elements: button, modal, navbar, sidebar, card, table, form, and chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, and flat design. Topics: color systems, accessibility, animation, layout, typography, font pairing, spacing, interaction states, shadow, and gradient. Integrations: shadcn/ui MCP for component search and examples.
web-design-guidelines
Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".
nuxt
Nuxt full-stack Vue framework with SSR, auto-imports, and file-based routing. Use when working with Nuxt apps, server routes, useFetch, middleware, or hybrid rendering.
browser-run
Use a real headless browser (Cloudflare Browser Run) as a fallback when the built-in web fetch is blocked by bot protection, login walls, redirects, or JavaScript-only rendering. Pi-native tools browser_markdown / browser_content / browser_scrape.
graphify
Graphify workflow for Pi/Codeflare. Build, refresh, query, explain, trace, or locate repo/Vault/session knowledge. Uses official Graphify AST/build/cluster/report/export flows, and uses the Pi main session agent for semantic extraction and community labels.
review
Pi-native Codeflare /review workflow. Run a full multi-perspective codebase review from 6 specialized subagents, cross-reference findings, filter against architecture decisions and prior triage, optionally verify externally, then triage interactively with the user. Static analysis only - no runtime, build, or test execution.
vault-note-capture
When user says "take a note", "note this down", "write it down", "save this", "remember this", "make a note of this" (or paraphrase), write a markdown note to ~/Vault/Notes/<Category>/. Invoke this skill on those phrases.
atmos-web-app-deploy
Deploy the Atmos web app (`apps/web`) to Cloudflare Pages for this repository. Use when the user asks to deploy `app.atmos.land`, publish the web app, or create and push a `deploy-web-app-*` deployment tag.
cloudflare
Comprehensive Cloudflare platform skill covering Workers, Pages, storage (KV, D1, R2), AI (Workers AI, Vectorize, Agents SDK), feature flags (Flagship), networking (Tunnel, Spectrum), security (WAF, DDoS), and infrastructure-as-code (Terraform, Pulumi). Use for any Cloudflare development task. Biases towards retrieval from Cloudflare docs over pre-trained knowledge.
emdash-skills
14-category product-building OS. CF Workers+Hono, Angular, D1, Drizzle, Clerk, Stripe. 94 reference docs, 18 agents.
opencode
Configure and use OpenCode AI coding assistant. Use when user mentions opencode, wants to set up OpenCode, or asks about OpenCode config (opencode.json). Trigger: /opencode, opencode config, set up opencode, opencode.json
sentry-triage
Query Sentry for production errors, filter by severity/frequency, deduplicate against existing GitHub issues, and create actionable issues for the ship-loop. Invoke with /sentry-triage.
database-designer
Database schema design, migration planning, and RLS policies. Use when: schema design, 'design database', table relationships, row-level security. NOT for: query optimization (use postgresql-best-practices).
deploy-preview
Cron-scheduled probe. Scans open issues with non-null pr_url, finds deploy preview URLs (Vercel/Netlify/Cloudflare Pages/GitHub Pages) in PR body+comments, emits deploy_preview events on the ledger so dev-quest's FOCUS pane can show a 'Preview ready' badge.
auth-package
This skill should be used when the user asks to "add authentication", "protect a route", "use auth hooks", "integrate Auth0", "add login/logout", "use AuthProvider", "verify JWT", or mentions @mbe/auth, OIDC, access tokens, or authentication in React or Fastify.
diagnose
Disciplined diagnosis loop for hard bugs and performance regressions. Reproduce → minimise → hypothesise → instrument → fix → regression-test. Use when user says "diagnose this" / "debug this", reports a bug, says something is broken/throwing/failing, or describes a performance regression.
grill-with-docs
Grilling session that challenges your plan against the existing domain model, sharpens terminology, and updates documentation (CONTEXT.md, ADRs) inline as decisions crystallise. Use when user wants to stress-test a plan against their project's language and documented decisions.
improve-codebase-architecture
Find deepening opportunities in a codebase, informed by the domain language in CONTEXT.md and the decisions in docs/adr/. Use when the user wants to improve architecture, find refactoring opportunities, consolidate tightly-coupled modules, or make a codebase more testable and AI-navigable.
prisma-migrations
This skill should be used when the user asks to "create a migration", "run prisma migrate", "deploy database changes", "baseline a database", "set up Prisma CI/CD", or mentions database schema deployment. Provides Prisma Migrate best practices for development and production.
reservations-service
This skill should be used when the user asks to "add an endpoint to reservations", "create a route in reservations service", "write tests for reservations", "test reservations service", "add a table endpoint", "work on reservations API", or mentions the reservations service, table management, or reservation functionality.
rialto
Use when building UI with the Rialto design system, importing from "rialto" or "@mattbutlerengineering/rialto", choosing components, applying design tokens, composing layouts, or authoring new Rialto components. Triggers on mentions of "Rialto", "component library", "design system", "UI component", or imports from rialto.
tdd
Test-driven development with red-green-refactor loop. Use when user wants to build features or fix bugs using TDD, mentions "red-green-refactor", wants integration tests, or asks for test-first development.
to-issues
Break a plan, spec, or PRD into independently-grabbable issues on the project issue tracker using tracer-bullet vertical slices. Use when user wants to convert a plan into issues, create implementation tickets, or break down work into issues.
triage
Triage issues through a state machine driven by triage roles. Use when user wants to create an issue, triage issues, review incoming bugs or feature requests, prepare issues for an AFK agent, or manage issue workflow.
users-service
This skill should be used when the user asks to "add an endpoint to users", "create a route in users service", "write tests for users", "test users service", "add auth to a route", "work on users API", or mentions the users service, Fastify routes, or user management functionality.
write-a-skill
Create new agent skills with proper structure, progressive disclosure, and bundled resources. Use when user wants to create, write, or build a new skill.
nodejs-best-practices
Node.js development principles and decision-making. Framework selection, async patterns, security, and architecture. Teaches thinking, not copying.
cm-how-it-work
Complete guide to vibe coding with the CodyMaster skill kit — from idea to deploy. Covers the full workflow, skills used at each phase, and common use cases. Read this first if you are new; reference it whenever you're unsure which skill to invoke.
cm-project-bootstrap
Use when starting any new project from scratch. Asks for project identity (name, GitHub org, Cloudflare account), detects project type, sets up design system, staging+production, i18n from day 1, SEO foundation, AGENTS.md manifest, test infrastructure, 8-gate deploy pipeline, and disciplined development workflows. Prevents wrong deploys, redundant repos, and technical debt from day 0.
cm-terminal
Use when running ANY terminal command - enforces clear progress logging, output reading, and error-stop behavior so terminal processes are never left unchecked
astro
Astro framework: content-first sites, islands architecture, MDX collections, Cloudflare Workers/Pages deployment, View Transitions, SEO
bun
Bun runtime: build fast Node.js-compatible APIs with Bun's built-in server, bundler, test runner, and package manager — Elysia framework, SQLite, and edge-optimised patterns
express
Express.js REST API: routing, middleware chains, error handling, validation with Zod, authentication with JWT, and production patterns for Node.js services
fastify
Fastify REST API: schema-first validation, plugin architecture, hooks lifecycle, TypeScript, Pino logging, JWT auth, Swagger, and production patterns for high-throughput Node.js services
hono
Hono framework: build ultra-fast REST APIs and middleware for Cloudflare Workers, Bun, Deno, and Node.js — routing, validation with Zod, RPC client, and edge deployment patterns
batch-research
批量并发执行信息采集任务的技能。
ansoff-matrix
Generate an Ansoff Matrix analysis mapping growth strategies across market penetration, market development, product development, and diversification. Use when considering growth options, planning market expansion, or evaluating strategic growth paths.
bigdata-machine-learning
Machine learning toolkit for big data teams. Includes scikit-learn, PyTorch Lightning, Transformers, SHAP for model training, deployment, and interpretation. Use when building ML pipelines, training models, or explaining predictions.
bigdata-processing
Core big data processing toolkit for data teams. Includes Polars, Dask, Vaex for large-scale data processing, ETL pipelines, and distributed computing. Use when working with datasets larger than memory, building data pipelines, or optimizing data processing performance.
bigdata-visualization
Data visualization toolkit for big data teams. Includes Matplotlib, Seaborn, Plotly for static and interactive charts. Use when creating dashboards, reports, or exploring data visually.
business-model
Generate a Business Model Canvas with all 9 building blocks. Use when creating a business model, documenting how a business creates value, or analyzing an existing business model.
design-taste-frontend
Use for opinionated UI engineering standards: variance/motion/density baselines, component architecture rules, CSS hardware acceleration. Best for refining or auditing existing UI. NOT for greenfield builds (use frontend-design). NOT for design thinking (use qiaomu-design-advisor).
industry-forces
Perform Five Forces analysis — competitive rivalry, supplier power, buyer power, threat of substitutes, and threat of new entrants. Use when analyzing industry dynamics, assessing competitive forces, or evaluating market attractiveness.
lean-canvas
Use when exploring startup hypotheses, testing business model viability, or comparing venture ideas on a single page. Trigger: user says 'lean canvas', 'business model', 'startup hypothesis', 'one-page business plan', or when validating whether an idea is worth pursuing before building anything.
metrics-dashboard
Define and design a product metrics dashboard with key metrics, data sources, visualization types, and alert thresholds. Use when creating a metrics dashboard, defining KPIs, setting up product analytics, or building a data monitoring plan.
north-star-metric
Define a North Star Metric and 3-5 supporting input metrics that form a metrics constellation. Classify the business game (Attention, Transaction, Productivity) and validate against 7 criteria for an effective North Star. Use when choosing a North Star Metric, setting up a metrics framework, learning about the North Star Framework, or deciding what to measure.
pestle-analysis
Perform a PESTLE analysis covering Political, Economic, Social, Technological, Legal, and Environmental factors. Use when assessing the macro environment, doing strategic planning, or evaluating external factors affecting your business.
product-strategy
Create a comprehensive product strategy using the 9-section Product Strategy Canvas — vision, segments, costs, value propositions, trade-offs, metrics, growth, capabilities, and defensibility. Use when building a product strategy, creating a strategic plan, or defining product direction.
redesign-existing-projects
Use when an existing website or app has generic/tired design and needs premium polish without rewriting the codebase. Trigger: 'redesign this', 'upgrade the UI', 'make it look professional', 'fix the generic AI look', existing project with working functionality but poor visual quality. NOT for: green-field designs (use frontend-design), design system creation (use visual-style), or user research phases (use stitch-design-pipeline).
sql-queries
Generate SQL queries from natural language descriptions. Supports BigQuery, PostgreSQL, MySQL, and other dialects. Reads database schemas from uploaded diagrams or documentation. Use when writing SQL, building data reports, exploring databases, or translating business questions into queries.
swot-analysis
Perform a detailed SWOT analysis — strengths, weaknesses, opportunities, and threats with actionable recommendations. Use when doing strategic assessment, competitive analysis, or evaluating a product or business position.
systematic-debugging
Use when encountering a bug, test failure, crash, or unexpected behavior. Enforces root-cause investigation before any fix attempt. NOT for writing new features. Trigger: bug, error, failing test, broken, unexpected, crash, regression.
test-driven-development
Use when implementing any feature or bugfix, before writing implementation code
value-proposition
Design a detailed value proposition using a 6-part JTBD template — Who, Why, What before, How, What after, Alternatives. Use when creating a value proposition, analyzing customer value delivery, or articulating why customers should choose your product.
cloudflare
Build and deploy on Cloudflare's edge platform. Use when creating Workers, Pages, D1 databases, R2 storage, AI inference, or KV storage. Triggers on Cloudflare, Workers, Cloudflare Pages, D1, R2, KV, Cloudflare AI, Durable Objects, edge computing.
cloudflare
Comprehensive Cloudflare platform skill covering Workers, Pages, storage (KV, D1, R2), AI (Workers AI, Vectorize, Agents SDK), networking (Tunnel, Spectrum), security (WAF, DDoS), and infrastructure-as-code (Terraform, Pulumi). Use for any Cloudflare development task. Biases towards retrieval from Cloudflare docs over pre-trained knowledge.
cache-poisoning-dos
How to test for web cache poisoning vulnerabilities that can lead to denial of service. Use this skill whenever the user mentions cache servers, CDNs, DoS attacks, web server vulnerabilities, HTTP headers, Cloudflare, or any scenario where they want to test if error responses can be cached and served to legitimate users. This includes testing for header-based attacks, method override vulnerabilities, and cache key manipulation.
dealer-ai-referral-analytics
Audit a car dealership's AI-referrer traffic across GA4, Google Search Console, and server logs. Use when the user asks to "audit AI referral traffic for my dealer," "how much traffic am I getting from ChatGPT," "are dealers seeing ChatGPT traffic," "audit AI-engine referrals to my dealership," "set up AI referral tracking for my dealer," "audit AI Overview traffic," "audit Perplexity referrals," "are AI bots crawling my dealer site," "set up AI bot traffic reporting," "audit AI search traffic to my dealership," "AI referrer GA4 audit," "audit AI bot vs human traffic on my dealer site," or any request to measure traffic and engagement from AI search platforms. Distinct from dealer-aeo-audit (the cause side), dealer-ai-visibility (citation presence), and dealer-ai-sentiment-monitor (how engines describe). This skill measures what actually arrives on the dealer's site from AI engines and how those visitors engage. Authored by Ariel Coro of Dealer Growth Hackers, publisher of Dealer AI Guy.
better-auth-setup
Production-ready Better Auth integration for fullstack projects. Covers both the backend (Bun + Hono + Drizzle + PostgreSQL) and the frontend reverse proxy architecture (Next.js, Cloudflare Workers, or any framework proxying auth requests to a separate backend). Sets up email/password auth, session cookies, OAuth providers (Google, GitHub), API key auth, organization/multi-tenant support, email verification, CORS, security headers, auth middleware, tenant context, proxy forwarding headers, dynamic baseURL with allowedHosts, cookie prefix handling, and test infrastructure — all in one pass with zero gotchas. Use this skill whenever setting up Better Auth, adding OAuth/social login, configuring a reverse proxy for auth, debugging redirect_uri_mismatch errors, fixing state_mismatch cookie issues, session cookies not persisting after OAuth callback, or when the user mentions Better Auth, OAuth proxy, auth setup, login, signup, session management, API keys, multi-tenant auth, or "session cookie not working".
cloudflare-nextjs-setup
Set up Cloudflare Workers deployment for an existing Next.js project using OpenNext. Triggers on "deploy to Cloudflare", "set up Cloudflare Workers", "Cloudflare deployment", "add Cloudflare to this project".
cloudflare-workers-security
Security audit for Cloudflare Workers applications covering bindings (KV, D1, R2, Durable Objects, Queues, Vectorize), secrets vs vars in wrangler.toml, Worker routes and zones, request origin validation, CORS, mTLS to origin, Smart Placement, and Workers-specific runtime concerns. Use this skill whenever the user mentions Cloudflare Workers, wrangler, wrangler.toml, KVNamespace, D1Database, R2Bucket, DurableObjectNamespace, Env bindings, c.env, env.MY_KV, or asks "audit my Cloudflare Worker", "Workers security review", "wrangler secrets". Trigger when the codebase contains `wrangler` or `@cloudflare/workers-types` in package.json.
hono-security
Security audit for Hono applications running on Cloudflare Workers, Bun, Deno, Node, or AWS Lambda — covering middleware setup, JWT helper safety, environment binding handling (c.env), CORS, secret management across runtimes, and Hono-specific patterns. Use this skill whenever the user mentions Hono, hono framework, c.req, c.json, c.env, Hono middleware, Hono on Cloudflare/Bun/Node, or asks "audit my Hono app", "Hono security". Trigger when the codebase contains `hono` in package.json.
saas-api-security
Audit SaaS API surface security including rate limiting, CORS configuration, webhook signature verification, GraphQL query depth/complexity, REST API best practices, idempotency keys, request signing, and API key management. Use this skill whenever the user asks about rate limiting, CORS, webhook security, HMAC signatures, GraphQL security, API abuse, throttling, idempotency, replay protection, or "is my API safe". Trigger on phrases like "audit my API", "review my CORS", "webhook security", "rate limit", "GraphQL depth attack", "API abuse", "signature verification". Use this even when only one API surface is mentioned.
saas-frontend-hardening
Audit web frontend security including Content Security Policy (CSP), Subresource Integrity (SRI), XSS prevention, clickjacking protection, secure cookies (SameSite/HttpOnly/Secure), postMessage origin validation, Trusted Types, and security headers. Use this skill whenever the user asks about CSP, XSS, frontend security, secure cookies, clickjacking, security headers, SRI, sandbox iframes, Trusted Types, or "audit my web app security". Trigger on phrases like "audit my CSP", "review my security headers", "XSS protection", "secure cookies", "clickjacking", "frontend hardening", "CORB", "report-uri". Use this even when only one header or topic is mentioned.
vite-security
Security audit specific to Vite-based applications including vite.config.ts/js, dev server exposure, environment variable handling (VITE_ prefix), plugin chain audit, build output inspection, dependency pre-bundling, and Vite-specific deployment patterns. Use this skill whenever the user mentions Vite, vite.config, VITE_ environment variables, Vitest, Rollup-via-Vite, plugins like vite-plugin-*, or asks "audit my Vite app", "Vite env vars", "Vite dev server safe", "Vite build security". Trigger when the codebase contains a `vite.config.ts/js/mjs` file or `vite` in `package.json` devDependencies.
infra-security
Use this agent when you need to audit domain security posture, configure DNS records, or manage Cloudflare security features (WAF, Workers, Zero Trust) via the Cloudflare MCP server. Use terraform-architect for IaC generation; use this agent for live Cloudflare configuration and security auditing.
astro-security
Astro security review — render-mode attack surface (SSG/SSR/hybrid), set:html and MDX content collections (XSS + author trust), API routes and middleware (auth, scope), adapter-specific runtime models (Cloudflare/Vercel/Netlify/Node), env-var hygiene (PUBLIC_ prefix), and Decap CMS pairing (OAuth backend, token storage, branch-based editorial workflow).
analyze-stock
Top-down deep dive analysis on a US-listed stock with macro context, valuation audit, insider check, catalysts, and 3-tier entry plan with LEAPS option. Pulls live data via yfmcp. Triggers in English ("analyze X", "is X a buy", "deep dive on X", "should I buy X", "what about X stock", "research X") or Chinese ("分析 X", "X 怎么样", "X 能买吗", "深度看一下 X", "调研 X", "X 这只股票").
earnings-flash-dip-catch
STOCK TRADING ONLY — Build a post-earnings "catch the flash dip, sell the strength" ladder (财报接飞刀 / 盘后捞货). Pulls latest + after-hours price, the key stats, option walls + max pain + the straddle expected move, finds the MOST-RECENT price shelf, and outputs tiered limit-buy catch levels + sell levels + a structural stop. Use when user asks Chinese: "$TICKER 财报接飞刀", "$TICKER 财报后怎么接", "盘后捞货", "$TICKER 闪跌接刀", "财报后抄底 $TICKER", "$TICKER 财报砸下来怎么买", or English: "catch the dip on $TICKER earnings", "$TICKER post-earnings flash dip", "where to buy $TICKER after earnings", "$TICKER earnings knife-catch ladder". DO NOT trigger for: code/CI "flaky test" catches, exception/error catching, fishing, or any non-equity topic. Requires a clear ticker + an earnings/post-earnings context.
find-alpha
Find alpha across 3 time horizons (1-3 week swing, 1-3 month position, 6-12+ month LEAPS). Each scan returns top 3 candidates with strict filters (insider real buying not RSU, theme fit, catalyst, valuation). Designed to be invoked manually OR via schedule (weekly Monday pre-market). Companion to review-investment-screenshot skill.
find-untapped-thesis
Screens for "未爆发 / undiscovered" stocks within a theme — low Forward P/E, lagging 1Y returns vs leaders, real catalyst (concrete contracts not just narrative), low institutional ownership room for re-rating. Returns top 3 candidates with entry plan. Triggers in English ("find undervalued in X", "find next big winner in Y", "what's underrated in Z", "screen for theme X", "show me cheap names in Y") or Chinese ("找未爆发的 X 股", "X 板块还有什么便宜的", "未涨过的 Y", "下一个 NOK", "X 主题筛选").
insider-firehose
Real-time SEC Form 4 insider-trading aggregator with Telegram push alerts when officers/directors buy more than $200k of their own stock on the open market. v2.1 adds automatic enrichment — every alert is augmented with company one-liner, P/E + market cap + net cash, 52W price context, and a 0-10 Smart Money Score. Triggers in English ("show today's insider buys", "form 4 today", "who's buying right now", "insider firehose") or Chinese ("今天 insider 怎么样", "今天谁在加仓", "form 4 实时", "内部交易实时").
jackal-earnings-playbook
STOCK TRADING ONLY — Pre-simulate the 5-phase intraday price action that typically unfolds after a stock's earnings release or major binary catalyst event. Maps 3 earnings scenarios (Beat / In-line / Miss) × 5 phases (Phase 1 First Drop / Phase 2 Fake Bounce / Phase 3 Second Drop = Golden Entry #1 / Phase 4 Midday / Phase 5 Closing = Golden Entry #2) with specific dollar entry zones and 40/40/20 budget allocation. Use when user asks English: "earnings playbook for $TICKER", "5-phase plan for $TICKER earnings", "how to play $TICKER earnings", "Jackal earnings $TICKER", or Chinese: "$TICKER 财报怎么操作", "$TICKER 财报当天的 5 phase", "$TICKER 财报盘中怎么打", "$TICKER 财报后入场计划". DO NOT trigger for: agile/scrum playbooks, DevOps runbooks, incident response playbooks, code playbooks (Ansible), or any non-equity earnings topic. If "earnings" or "playbook" appears without a stock ticker, do NOT invoke.
jackal-price-ladder
STOCK TRADING ONLY — Builds a 16-level price ladder for a stock (8 resistance levels above current price + 8 support levels below) with order-flow interpretation for each level. Annotates each level by type (psychological / MA / Fib / cluster / rejection / EMA / jump-up base), strength, and the actual order-flow meaning (e.g., "$210 = 20EMA = trend follower algo trigger"). Use when user asks English: "price ladder for $TICKER", "support and resistance for NVDA", "key levels on MRVL", "what are the supports below $TICKER", "Jackal ladder $TICKER", or Chinese: "$TICKER 的阻力支撑价位", "$TICKER 的 price ladder", "$TICKER 上下关键 level", "$TICKER 上方阻力下方支撑", "Jackal 价格阶梯 $TICKER". DO NOT trigger for: pricing ladders in SaaS pricing strategy, salary ladders, career ladders, abstraction ladders, or any non-equity-market topic. If "ladder" or "support" appears without a stock ticker, do NOT invoke.
jackal-state-machine
STOCK TRADING ONLY — Classify a stock's current price action into 1 of 5 states (Breakout / Range / Pullback / Deep-Correction / Structural-Break) from Jackal Quant's framework, and output the corresponding position-sizing playbook. Use when user types English: "what state is $TICKER in", "state classify NVDA", "Jackal state for MRVL", "5-state $TICKER", or Chinese: "$TICKER 现在是哪个 state", "$TICKER 在哪个阶段", "$TICKER 的 5态分类", "用 Jackal 框架看 $TICKER". DO NOT trigger for: software state machines, code state diagrams, finite-state automata, React state, Redux state, or any non-equity-market query. If "state" appears without a ticker symbol or market context, do NOT invoke.
jackal-tech-scan
STOCK TRADING ONLY — Multi-indicator technical deep-scan combining MA alignment, RS Line divergence, MACD convergence, volume signature, and 200-MA deviation extremity check to infer institutional money flow direction. Outputs "smart money is doing X" conclusion with transparent reasoning. Use when user asks English: "tech scan $TICKER", "technical analysis NVDA", "institutional flow MRVL", "is smart money buying $TICKER", "Jackal tech scan", or Chinese: "$TICKER 技术面深度扫描", "看一下 $TICKER 机构资金流", "$TICKER 的 RS line / MA / MACD 综合判断", "Jackal 技术分析 $TICKER". DO NOT trigger for: code "tech debt scan", "tech stack analysis", security scans, vulnerability scans, dependency scans, or any non-equity technical analysis. If "tech scan" appears without a stock ticker, do NOT invoke.
leaps-screen
LEAPS (long-dated equity options, 1-3 years out) selection framework. Filters strikes by IV, open interest, breakeven, leverage. Computes payoff at multiple price scenarios. Compares 2027/1 vs 2028/1 expiries. Recommends 2-3 strikes with position sizing and stock-vs-LEAPS comparison. Triggers in English ("LEAPS for X", "what call should I buy on X", "stock or LEAPS for X", "long-term options on X") or Chinese ("X 买什么 LEAPS", "X 的长�� call", "X 现货还是期权", "X 2027 call 推荐").
macro-liquidity-monitor
USD funding / repo-plumbing liquidity radar. Tracks SOFR-IORB spread, SOFR tail, ON RRP buffer, bank reserves vs LCLoR, TGA drain/add, net liquidity, and SRF takeup (the funding-stress alarm). Outputs a tightness regime 🟢 ABUNDANT / 🟡 AMPLE / 🟠 TIGHTENING / 🔴 STRESS with the two lenses — "too loose → bubble" and "too tight → funding stress". All data from NY Fed Markets API + FRED (no API key). Runs on-demand or daily via GitHub Actions with Telegram push on regime change. Triggers in English ("liquidity check", "is liquidity tight", "SOFR IORB spread", "RRP balance", "when does liquidity tighten", "repo stress") or Chinese ("流动性怎么样", "流动性紧不紧", "什么时候收紧", "SOFR IORB 利差", "RRP 还剩多少", "回购市场压力", "美元流动性").
macro-risk-check
Daily/weekly macro risk radar. Checks VIX, MOVE, yields, USD/JPY, market breadth, CTA positioning, credit spreads. Outputs red/yellow/green regime signal with specific action thresholds. Triggers in English ("macro check", "regime read", "is the market safe", "risk on or off", "should I add now") or Chinese ("看一下宏观", "市场风险怎么样", "现在能加仓吗", "regime", "宏观扫一下").
macro-warning
Daily batch-mode macro pullback / warning radar. Checks valuation extremes (NDX/QQQ Forward PE), volatility (VIX/MOVE), sentiment (CNN F&G, AAII), credit spreads (HY OAS), market internals (% above 200DMA, breadth), yen carry (USD/JPY), yield curve, and 11-sector rotation. Outputs Red/Yellow/Green regime + specific positioning advice. Designed for daily 5pm ET (post-close) or 8am ET (pre-open) batch runs via /schedule. Triggers in English ("macro warning", "regime check", "is the market at peak", "should I take profits", "is it time to buy") or Chinese ("宏观警报", "市场是不是顶了", "该不���减仓", "regime 怎么样", "该入场吗").
narrative-reversal-screen
Screens for "narrative reversal" candidates — stocks down 30%+ from 52W high with concrete catalyst still intact, worst-case priced in, early reversal signal (first higher low, 50DMA cross, insider buying after capitulation). Returns top 3 with entry plan. Triggers in English ("beaten-down stocks with thesis", "find reversal plays", "stocks at bottom that can recover", "fallen angel screen", "comeback candidates") or Chinese ("找暴跌反转股", "找回归类股票", "ORCL 那种反转", "已经跌透的好股", "底部反弹候选").
nvidia-developer-firehose
Real-time AI-ECOSYSTEM firehose (v3 multi-source, May 2026). Polls 12 Atom/RSS feeds every 30 min: NVIDIA (developer-blog + main-blog + newsroom), hyperscalers (Azure, AWS, AWS-ML, Meta-Engineering), AI labs (OpenAI, DeepMind, Hugging Face), and neoclouds (CoreWeave, Together AI). For each new post, uses HEURISTIC EXTRACTION + yfinance.Search to auto-resolve every mentioned company → US ticker (no hand-maintained name→ticker dict), with a persistent ticker cache that learns over time. Surfaces names via Telegram tagged by source, separated into 🎯 portfolio-tracked tickers vs 🔍 newly discovered tickers. Why it matters: hyperscalers + NVIDIA + AI labs publicly name 800V HVDC, CPO, optical, power, and custom-silicon partners — the forward-looking design ecosystem that re-rates weeks later when sell-side picks it up. (AMD has no public RSS — covered separately by SEC 8-K strategic-partner-firehose.) Triggers in English ("nvidia developer firehose", "ai ecosystem firehose", "ai partner monitor", "hyperscaler blo
option-wall-analysis
Computes max pain (where options expire worthless = dealer profit point), top open interest clusters as gamma walls (resistance/support), put/call ratio sentiment, dealer positioning. Identifies short-term magnetic price levels into next monthly OPEX. Triggers in English ("max pain on X", "option walls for X", "where will X go this week", "support and resistance options X", "OPEX target X") or Chinese ("X 的 max pain", "X 期权墙", "X 这周走哪里", "X 期权磁吸位", "X OPEX 目标").
political-firehose
Daily monitor for political stock trades — Congress STOCK Act PTRs and executive OGE Form 278-T filings. Telegram alerts with trade details.
portfolio-audit
Comprehensive portfolio risk audit. Computes single-name concentration, factor cluster exposure, leverage ETF decay risk, options Greeks aggregation, stress test scenarios (-10% SPX, yen carry, single-name miss), hedge effectiveness. Outputs explicit trim list with $ amounts and reasons + cash target. Triggers in English ("review my portfolio", "audit my book", "am I too concentrated", "what should I trim", "portfolio risk check") or Chinese ("审一下我的组合", "我组合风险大吗", "该减什么仓", "组合审计", "我哪里太集中").
price-alert
Set, list, and cancel parameterized price alerts on any US-listed stock or ETF. Supports absolute price thresholds (above/below) and percentage moves (drop/rise from anchor). Alerts run via GitHub Actions cron (every 15 min during US trading hours) and fire Telegram notifications. Use when user wants to be notified when a stock hits a specific price or moves a specific percentage. Triggers in English ("alert me when X hits Y", "notify me if X drops Z%", "set price alert", "watch X at Y", "list my alerts", "cancel alert") or Chinese ("X 跌到 Y 通知我", "X 涨到 Y 提醒", "设个 alert", "盯一下 X", "列出我的 alert", "取消 alert").
review-investment-screenshot
Fund-manager-grade review of an investment idea or portfolio from a screenshot. Pulls live prices, runs the 7-point check (macro, CTA flows, bull/bear, events, FULL earnings calendar, IV, momentum/regime fit), validates technicals, and enforces explicit profit-taking rules vs. portfolio allocation. Use when the user sends a screenshot and asks for a take.
sector-rotation-analysis
Top-down sector heat map across 11 GICS sectors + AI sub-sectors (GPU, ASIC, Memory, Power, Cloud, Network, Materials). Identifies overheated vs undervalued sectors, leader-laggard pairs, rotation signals. Recommends specific trim-from / add-to pairs with named stocks. Triggers in English ("sector rotation", "what sector to add", "which sector is cheap", "am I too tech heavy", "sector heat map") or Chinese ("板块轮动", "该买哪个板块", "板块热力图", "我是不是 tech 太重", "板块对比").
tax-optimize
Calculate optimal trim strategy with tax math. Compares Sell-Now (STCG/LTCG depending on holding period) vs Wait-for-LTCG vs Hedge-with-Puts (no taxable event). Computes lot identification (FIFO/HIFO/Specific Lot), tax loss harvesting opportunities. Asks for shares + buy date + income bracket + state. Triggers in English ("should I sell X for tax", "tax on selling X", "LTCG vs STCG on X", "trim X tax efficient") or Chinese ("X 减仓税务", "X 卖出税多少", "现在卖还是等长期", "X 减仓最省税").
cloudflare-deploy
Deploy applications and infrastructure to Cloudflare using Workers, Pages, and related platform services. Use when the user asks to deploy, host, publish, or set up a project on Cloudflare.
caveman
Ultra-compressed communication mode. Cuts token usage ~75% by dropping filler, articles, and pleasantries while keeping full technical accuracy. Use when user says "caveman mode", "talk like caveman", "use caveman", "less tokens", "be brief", or invokes /caveman.
perf-budget
Check bundle size impact of current changes against size-limit baselines. Use when editing apps/* or packages/rialto source, before committing, or when user asks about bundle size.
cloudflare-bindings
This skill activates when working with Cloudflare Workers bindings like D1, KV, R2, Durable Objects, or environment variables. It provides patterns for database access, caching, file storage, and secrets management.
lottie
Lottie and dotLottie adapter patterns for HyperFrames. Use when embedding lottie-web JSON animations, .lottie files, @lottiefiles/dotlottie-web players, registering instances on window.__hfLottie, or making After Effects exports deterministic in HyperFrames.
13f-firehose
Daily monitor for new 13F-HR filings from famous funds. Telegram alerts with NEW/ADDED/CLOSED diff vs. prior quarter.
waf-bypass
Web Application Firewall bypass methodology applicable to all injection types. Covers encoding, obfuscation, chunked encoding, HTTP header manipulation, and protocol-level WAF bypass.
signal-to-integration-pitch
Turn a fired signal into an integration-partnership pitch. For platform companies (Vercel, Cursor, Claude, Cloudflare, Linear, Slack, Notion) — pitch them to ship your tool inside their distribution. Constitution
s5cmd
Blazing-fast parallel S3 and local-filesystem data movement with the `s5cmd` CLI (v2.3.0). Use when copying, uploading, downloading, moving, syncing, listing, or deleting objects in S3 or S3-compatible stores (MinIO, Ceph, R2, GCS, B2, Wasabi); when transfers via `aws s3` / `aws s3 cp` / `boto3` are too slow; when batching thousands of object operations; streaming objects to/from stdin/stdout (`cat`, `pipe`); running SQL `select` over CSV/JSON/Parquet objects; generating presigned URLs; reading object metadata/`head`; computing storage usage (`du`); managing buckets (`mb`, `rb`, `bucket-version`); or moving training data, checkpoints, datasets, and backups at scale. Trigger on mentions of 's5cmd', 'S3 sync', 'fast S3 copy/download/upload', 'parallel S3 transfer', or custom S3 endpoints.
afs
Agent-first cross-platform file operations CLI. Use when AI Agent needs local file operations (zip/unzip/info/read) or cloud storage operations (upload/download/list) with S3-compatible providers.
cloudflare-email-service
Send and receive transactional emails with Cloudflare Email Service (Email Sending + Email Routing). Use when building email sending (Workers binding or REST API), email routing, Agents SDK email handling, or integrating email into any app — Workers, Node.js, Python, Go, etc. Also use for email deliverability, SPF/DKIM/DMARC, wrangler email setup, MCP email tools, or when a coding agent needs to send emails. Even for simple requests like "add email to my Worker" — this skill has critical config details.
durable-objects
Create and review Cloudflare Durable Objects. Use when building stateful coordination (chat rooms, multiplayer games, booking systems), implementing RPC methods, SQLite storage, alarms, WebSockets, or reviewing DO code for best practices. Covers Workers integration, wrangler config, and testing with Vitest. Biases towards retrieval from Cloudflare docs over pre-trained knowledge.
deploy-vite-app
Deploy a Vite + React app (or any static/SPA frontend) to the user's own Docker + Traefik server over SSH, on a Cloudflare-managed subdomain with automatic HTTPS. Use this skill whenever the user wants to deploy, ship, publish, push live, or host a Vite/React/frontend project on their server — e.g. "deploy this app", "put this on my server", "ship the dashboard to a subdomain", "host this on a subdomain", "make this live". Also use it to redeploy/update an already-deployed app, list what's deployed, take an app down, or free up disk space on the server. Trigger even when the user doesn't say "Docker", "Traefik", or "Cloudflare" explicitly — if they have a frontend project and want it on the internet on their box, this is the skill.
formant
Generate interactive HTML forms from natural language. Use when the user wants to create a form, survey, questionnaire, registration page, or feedback form. Also use when mentioning Formant, form schemas, or form building.
el-agent-deploy
Declarative ElevenLabs ConvAI agent reconciler. Reads el_agents.yaml and PATCHes the live agents to ensure each has the declared tool_ids attached + the declared system-prompt blocks appended (marker-gated, idempotent). Optional --provision-phone binds an existing Twilio number to an agent. Use when the user says "deploy el agent", "wire the tool", "update agent system prompt", "reconcile el agents", or before any agent-config change ships.
ffmpeg-audio
The prod audio convention made declarative — coerce any container (.m4a/.mp3/.webm/.wav) to mono 16 kHz signed-16-bit PCM WAV (`-ac 1 -ar 16000 -c:a pcm_s16le`), the exact input shape TitaNet/voiceprint, NeMo diarization, whisper, and the training corpus all expect. Four ops (normalize · trim-to-clip · concat · probe) plus a YAML reconcile mode. Idempotent (skips up-to-date outputs), dry-run by default (nothing runs without --apply). Use when Ian says "normalize this audio", "make a 16k wav", "extract an enroll clip", "trim that recording", "convert to mono 16k", "prep audio for whisper/diarization/voiceprint", "batch-convert these recordings", or any time audio needs the prod mono-16k-PCM shape.
question-economy
Near session end, when you're winding down, or on request, analyze the questions Claude asked you and your answers — then distill each answer into a standing default written to memory, so Claude asks fewer (only genuinely novel) questions over time. Tracks a per-session question-rate metric so the decline is measurable. Use when you say "wrap up", "winding down", "what did you learn about working with me", "question economy", or proactively at session close.
session-cabinet
Use when the user says "file my sessions", "session archive", "where are my old sessions", "make my Claude history searchable", "organize my Claude Code transcripts", "I can't find that session from last week", or "index my Claude sessions". Auto-files Claude Code session transcripts (~/.claude/projects/**/*.jsonl) into a human-navigable date-anchored archive with semantic SESSION.md cards, per-month _INDEX.md tables, and a master index. Idempotent — safe to run on a schedule. Free skill, stdlib only.
skill-manifest-gen
Generate cross-harness discovery manifests (openai.json · gemini.json · mcp.json + README) so an aria-skill is findable from OpenAI/Codex/Grok, Google Gemini, and MCP clients (VS Code, Cursor, Claude Desktop) — not just Claude Code. Derived deterministically from SKILL.md + the script's argparse, so manifests never drift. --all sweeps the repo, --check is a CI drift gate, --force overwrites. Use when Ian says "generate manifests", "MCP marketplace", "discoverable in VS Code/Cursor", "backfill manifests", or after adding a skill.
sprint-scaffold
Scaffold a new Aria sprint folder with Filing Cabinet spec_charter.md + Flowstate .claude/agents/pr-review.md + reference/sql/ subdirs. Use when starting a new sprint (e.g. "open sprint 021", "start a sprint for X", "new sprint folder"). Drops a working skeleton in /opt/aria/v4/sprints/NNN_slug/ with all the load-bearing files pre-filled so every shipped item gets an audit-trail home. Validated in Sprint 020 (two-terminal push, 20+ items shipped under this pattern).
stripe-sync
Reconcile Stripe products + prices from a declared YAML catalog. Idempotent, --dry-run by default, --apply hits the API, --prod required for live mode, --write-env merges resolved price IDs into .env. Use when the user says "sync stripe", "create stripe prices", "update pricing", or before any pricing change ships. One-command alternative to clicking through the Stripe dashboard.
grill-me
Interview the user relentlessly about a plan or design until reaching shared understanding, resolving each branch of the decision tree. Use when user wants to stress-test a plan, get grilled on their design, or mentions "grill me".
hono
Efficiently develop Hono applications using Hono CLI. Supports documentation search, API reference lookup, request testing, and bundle optimization.
ab-test-analyst-delivery-review
Delivery Review Workflow
ab-test-analyst-quality-gate
Quality Gate Workflow
ab-test-analyst-scope-contract
Scope Contract Workflow
algorithm-engineer-delivery-review
Delivery Review Workflow
algorithm-engineer-quality-gate
Quality Gate Workflow
algorithm-engineer-scope-contract
Scope Contract Workflow
bigdata-engineer-delivery-review
Delivery Review Workflow
bigdata-engineer-quality-gate
Quality Gate Workflow
bigdata-engineer-scope-contract
Scope Contract Workflow
data-analyst-delivery-review
Delivery Review Workflow
data-analyst-quality-gate
Quality Gate Workflow
data-analyst-scope-contract
Scope Contract Workflow
executive-strategist-delivery-review
Delivery Review Workflow
executive-strategist-quality-gate
Quality Gate Workflow
executive-strategist-scope-contract
Scope Contract Workflow
infra-engineer-delivery-review
Delivery Review Workflow
infra-engineer-quality-gate
Quality Gate Workflow
infra-engineer-scope-contract
Scope Contract Workflow
internal-control-specialist-delivery-review
Delivery Review Workflow
internal-control-specialist-quality-gate
Quality Gate Workflow
managing-vault-secrets
Manages credentials and API keys from Vaultwarden. Auto-triggers when credentials are needed. Use for "vault 조회", "API 키 가져와", "비밀번호 저장", "secret 등록" requests.
devops-engineer
Senior DevOps Engineer persona — CI/CD, infrastructure as code, deployment automation
add-cli
Add a new CLI binary (or wire missing auth/persistence for an existing one) to the toolbox image — Dockerfile layer + version ARG + opt-out flag + `internal/config/tools.go` entry + `smoke-test.sh` check + Renovate `customManager` + (when the CLI persists state) `~/.toolbox/<tool>` bind-mount in `internal/mountplan/defaults.go`. Use this whenever the user says things like "add <X> to the toolbox", "install <X> in the container", "put <X> in the image", "add <X> CLI", "wire auth for <X>", "persist <X> credentials", "save <X> authentication", or names a binary they want available inside `toolbox shell`. Also use it when an audit shows a CLI is in the Dockerfile but its credentials don't survive `toolbox stop` — that's the gws-style half-installed case this skill explicitly handles. Always perform the edits autonomously and finish with `/verify`; don't hand the user a checklist to apply themselves.
improve-codebase-architecture
Find deepening opportunities in a codebase, informed by the domain language in CONTEXT.md and the decisions in docs/adr/. Use when the user wants to improve architecture, find refactoring opportunities, consolidate tightly-coupled modules, or make a codebase more testable and AI-navigable.
verify
Run the toolbox repo's pre-push validation — golangci-lint, go tests, and (when the image is built) the bundled-CLI smoke test. Mirrors the PR CI in `.github/workflows/ci.yml`, so green locally means green on CI. Use this before marking any code change "done", before opening a PR, or any time the user says things like "verify", "check it passes", "are we good to push", "è tutto a posto prima del commit". Always prefer this over running `go test` or `golangci-lint` ad-hoc, because Go is not installed on the host and this skill already encodes the containerised pattern.
aria-skill-candidates
Observer + Gatekeeper for the Aria Builders meta-loop. Scans Claude Code transcripts for recurring vendor-API patterns and ranks them by a 5-axis rubric (recurrence · YAML-shape · multi-step · public-value · sovereignty-cost) to decide which patterns should become new skills. Filters out vendors already covered by an existing skill. Use when the user says "what should I build next", "skill candidates", "where am I repeating myself", "scan transcripts", or weekly as a passive review.
aria-skill-template
Scaffolds a new aria-skills-pattern skill from a template. Generates README.md + SKILL.md + script.py with reconcile-loop stubs + config.yaml + requirements.txt — a fully-formed skill directory ready to fill in with vendor-specific logic. Multiplies contributor velocity. Use when the user says "scaffold a new skill", "create a skill for X", "new skill template", "I want to build a skill for <vendor>", or starting any new vendor integration.
aria-skill-test
Regression harness for the aria-skills repo. Runs every shipped skill in dry-run mode + asserts clean output (no traceback, no credential leaks, valid SKILL.md frontmatter, README.md present). Text report by default; --junit-xml flag for CI integration. Use when the user says "test the skills", "regression check", "before push", "run the test harness", or any time before opening a PR or pushing to main.
aria-status
Config-driven one-screen status of a server stack — systemd timers, healthz endpoints, disk usage, GPU memory/util (if nvidia-smi present), and optional custom shell-command probes. All probes run in parallel with short timeouts; graceful degradation if any single check fails. Read-only by design. Text output by default; --json for machine-readable, --brief for one-screen. Use at session start, before a deploy, or when the user says "status", "how are things", "any issues".
call-scrub
Pull and analyze your ElevenLabs Conversational-AI voice calls — list recent conversations, or scrub one transcript to surface every tool the agent called, the result it got, errors, and timing. The fast way to debug "why did that call misbehave" without replaying audio. BYOK (your own ElevenLabs API key); read-only; stdlib only. Use when the user says "scrub that call", "what happened on the call", "pull the call transcript", "debug the voice call", "what tools fired".
cloudflare-dns-deploy
Reconcile DNS records from a declared YAML catalog to Cloudflare via the API, and optionally run the companion nginx + certbot bootstrap for records pointing at your server. Idempotent. --dry-run by default, --apply hits the API, --server-setup also wires nginx + obtains Let's Encrypt cert. Use when the user says "deploy DNS", "add a subdomain", "stand up <X>.example.com", or before any subdomain launch.
doc-to-pdf
Render a Markdown or HTML document into a clean, branded, multi-page PDF via headless Chrome — the polished deliverable you'd hand a client, not a screenshot. Brand wrap (print-CSS + footer) is on by default; --no-brand for raw; --template for a custom shell. Never overwrites without --force. Use when the user says "make a PDF", "turn this into a PDF", "PDF this", "send them a PDF", "build a client doc", "export to PDF", "branded PDF".
github-repo-deploy
Reconcile a YAML catalog of GitHub repo metadata (description, homepage, topics) to the live GitHub account. Idempotent, --dry-run by default, --apply --prod for the live PATCH. Auth via `gh auth token` or GITHUB_TOKEN env. Refuses to change visibility (public/private) or default_branch without explicit override. Use when the user says "polish my repos", "update GitHub descriptions", "tag my repos for discoverability", "fix repo metadata", or before any campaign that drives traffic to GitHub. Single-command alternative to clicking through every repo's settings page.
headless-claude
Run the `claude` CLI fast, hook-free, and unattended for automation — wraps `claude -p` with --setting-sources project (skip your user hooks + heavy auto-memory, ~2s not ~15s), --permission-mode bypassPermissions (no interactive approval prompt that would block a script), and a neutral cwd. Uses your own plan, no API key. Use when the user says "run claude headless", "scriptable claude", "claude -p keeps hanging / prompting", "call claude from a cron/agent", or is automating Claude Code.
live-code-watch
Watch a git repo's working diff get written live — a terminal that redraws ONLY when the code changes (no idle flicker), with brand-new files shown inline via intent-to-add. Point it at a repo while an AI agent (or you) edits and watch the raw code appear line by line. Zero deps beyond git. Use when the user says "watch the code", "show me the live diff", "watch this repo change", or wants to see edits happen in real time.
marketplace-publish
Unified marketplace publisher for VS Code Marketplace (via vsce), iOS App Store / TestFlight (via Expo EAS submit), and Google Play Console (via Expo EAS submit). Single command surface around publish.sh + submit.sh. Pre-flight validates credentials before doing anything destructive. --dry-run by default skips uploads. Use when the user says "publish the extension", "submit to App Store", "ship to Play Store", "marketplace publish", "release the vsix", "build and submit", or before any app-store push.
partnership-email-blast
Send per-partner email campaigns from a YAML roster through Resend, rendered via a clean HTML template. YAML is canonical; each partner gets one templated email with {{var}} substitution. Idempotent — re-runs skip partners already sent (unique index on campaign_id + partner_id WHERE ok=true). --dry-run by default, --apply sends, --prod required for live mode. Use when the user says "blast the partners", "fire the launch email", "email the partner list", "outreach campaign", or before a launch announcement.
screen-describe
Ask your local Claude what's on your screen. Captures the macOS screen, hands the image to your own `claude` CLI (your Pro/Max, no API key — BYOK), prints a short description, and deletes the screenshot immediately. Read-only — it looks, never controls. Use when the user says "what's on my screen", "describe my screen", "what am I looking at", or wants an AI second pair of eyes on their display.
android-apk
Build native Android APKs without Android Studio using raw SDK tools (javac, d8, aapt, apksigner). Produces tiny APKs (~30KB) that build in under 2 seconds.
scale
Recommend sharding, caching strategies, and read-replication patterns for Cloudflare architectures. Use this skill when preparing for growth, hitting limits, or optimizing for high traffic.
boxlang-runtime-wasm-container
Use this skill when compiling BoxLang applications to server-side WebAssembly (WASM) using MatchBox's --target wasm flag, running WASM with Wasmtime or WasmEdge, building minimal OCI containers from WASM binaries, and deploying to edge platforms like Fastly Compute or Cloudflare Workers (WASI).
cloudflare-deploy
Set up and deploy Astro websites to Cloudflare Workers with custom domains. Use this skill when the user wants to deploy a site to Cloudflare, set up Cloudflare Pages/Workers, configure wrangler.toml, add a custom domain, fix deployment issues, troubleshoot DNS for a Cloudflare-hosted site, or verify a deployment is working. Also use when you see @astrojs/cloudflare, wrangler.toml, or .workers.dev in the project.
webfetch
Fetch web pages and convert them to clean Markdown using markdown.new. Use when user wants to fetch a URL as markdown, convert HTML to markdown, or extract clean text from websites.
copilot-instructions-blueprint-generator
Technology-agnostic blueprint generator for creating comprehensive copilot-instructions.md files that guide GitHub Copilot to produce code consistent with project standards, architecture patterns, and exact technology versions by analyzing existing codebase patterns and avoiding assumptions.
add-api
新增 Cloudflare Workers API 端点,并在前端封装调用。
lint-all
Lint the entire project. Use whenever you finish editing to ensure your code is clean and follows best practices.
file-uploads
Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking. Use when: file upload, S3, R2, presigned URL, multipart.
honi
Build AI agents with Honi (honidev) on Cloudflare Workers. Use when creating agents with tools, persistent memory, MCP servers, or multi-agent pipelines. Covers createAgent API, tool() helper, all memory tiers (working/episodic/semantic/graph), multi-agent routing, MCP auth, and all supported model providers.
unknown-skill
Share Droid sessions as GitHub gists. Use when asked to "share session", "export session to gist", or "create gist from session".
Integration detected automatically from skill content. Some results may be false positives.