Django
BackendCommonly used with
Skills using Django (276)
code-to-prd
Reverse-engineer any codebase into a complete Product Requirements Document (PRD). Analyzes routes, components, state management, API integrations, and user interactions to produce business-readable documentation detailed enough for engineers or AI agents to fully reconstruct every page and endpoint. Works with frontend frameworks (React, Vue, Angular, Svelte, Next.js, Nuxt), backend frameworks (NestJS, Django, Express, FastAPI), and fullstack applications. Trigger when users mention: generate PRD, reverse-engineer requirements, code to documentation, extract product specs from code, document page logic, analyze page fields and interactions, create a functional inventory, write requirements from an existing codebase, document API endpoints, or analyze backend routes.
django-pro
Master Django 5.x with async views, DRF, Celery, and Django Channels. Build scalable web applications with proper architecture, testing, and deployment.
cortex-integrate
Design and implement an AI feature integration — model selection, architecture pattern, system prompt, data flow, error handling, cost estimate. Use when asked to "add AI to this", "LLM integration", "add Claude/GPT", or "AI-powered feature".
azure-monitor-opentelemetry-py
Azure Monitor OpenTelemetry Distro for Python. Use for one-line Application Insights setup with auto-instrumentation.
django-perf-review
Django performance code review. Use when asked to "review Django performance", "find N+1 queries", "optimize Django", "check queryset performance", "database performance", "Django ORM issues", or audit Django code for performance problems.
django-pro
Master Django 5.x with async views, DRF, Celery, and Django Channels. Build scalable web applications with proper architecture, testing, and deployment.
python-development-python-scaffold
You are a Python project architecture expert specializing in scaffolding production-ready Python applications. Generate complete project structures with modern tooling (uv, FastAPI, Django), type hint
python-patterns
Python development principles and decision-making. Framework selection, async patterns, type hints, project structure. Teaches thinking, not copying.
security-scanning-security-sast
Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks
spec-miner
Reverse-engineering specialist that extracts specifications from existing codebases. Use when working with legacy or undocumented systems, inherited projects, or old codebases with no documentation. Invoke to map code dependencies, generate API documentation from source, identify undocumented business logic, figure out what code does, or create architecture documentation from implementation. Trigger phrases: reverse engineer, old codebase, no docs, no documentation, figure out how this works, inherited project, legacy analysis, code archaeology, undocumented features.
development
开发语言能力索引。Python、Go、Rust、TypeScript、Java、C++、Shell。当用户提到编程、开发、代码、语言时路由到此。
hypothesis-testing
Property-based testing with Hypothesis for discovering edge cases and validating invariants. Use when implementing comprehensive test coverage, testing complex logic with many inputs, or validating mathematical properties and invariants across input domains. Triggered by: hypothesis, property-based testing, @given, strategies, generative testing.
django-view-generator
Generate django view generator operations. Auto-activating skill for Backend Development. Triggers on: django view generator, django view generator Part of the Backend Development skill category. Use when working with django view generator functionality. Trigger with phrases like "django view generator", "django generator", "django".
building-vulnerability-dashboard-with-defectdojo
Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication, metrics tracking, and Jira ticketing workflows.
exploiting-mass-assignment-in-rest-apis
Discover and exploit mass assignment vulnerabilities in REST APIs to escalate privileges, modify restricted fields, and bypass authorization controls by injecting unexpected parameters in API requests.
implementing-api-rate-limiting-and-throttling
Implements API rate limiting and throttling controls using token bucket, sliding window, and fixed window algorithms to protect against brute force attacks, credential stuffing, resource exhaustion, and API abuse. The engineer configures per-user, per-IP, and per-endpoint rate limits using Redis-backed counters, API gateway plugins, or application middleware, and implements proper HTTP 429 responses with Retry-After headers. Activates for requests involving rate limiting implementation, API throttling setup, request quota management, or API abuse prevention.
implementing-runtime-application-self-protection
Deploy Runtime Application Self-Protection (RASP) agents to detect and block attacks from within application runtime, covering OpenRASP integration, attack pattern detection, and security policy configuration for Java and Python web applications.
testing-api-for-mass-assignment-vulnerability
Tests APIs for mass assignment (auto-binding) vulnerabilities where clients can modify object properties they should not have access to by including additional parameters in API requests. The tester identifies writable endpoints, adds undocumented fields to request bodies (role, isAdmin, price, balance), and checks if the server binds these to the data model without filtering. Part of OWASP API3:2023 Broken Object Property Level Authorization. Activates for requests involving mass assignment testing, parameter binding abuse, auto-binding vulnerability, or API over-posting.
database-migrations
Database migration best practices for schema changes, data migrations, rollbacks, and zero-downtime deployments across PostgreSQL, MySQL, and common ORMs (Prisma, Drizzle, Django, TypeORM, golang-migrate). Use when planning or implementing database schema changes.
codebase-onboarding
Analyze an unfamiliar codebase and generate a structured onboarding guide with architecture map, key entry points, conventions, and a starter CLAUDE.md. Use when joining a new project or setting up Claude Code for the first time in a repo.
django-verification
Verification loop for Django projects: migrations, linting, tests with coverage, security scans, and deployment readiness checks before release or PR.
database-migrations
Database migration best practices for schema changes, data migrations, rollbacks, and zero-downtime deployments across PostgreSQL, MySQL, and common ORMs (Prisma, Drizzle, Kysely, Django, TypeORM, golang-migrate).
python-patterns
Python development principles and decision-making. Framework selection, async patterns, type hints, project structure. Teaches thinking, not copying.
skill-security-auditor
Security auditing for code, configs, and infrastructure. Use when the user wants to audit or improve security: scan for vulnerabilities (SQL injection, XSS, command injection, path traversal), detect hardcoded secrets and credentials, review auth and authorization, check dependencies for known CVEs, audit config files for insecure defaults, or generate security reports. Trigger on "security audit", "vulnerability scan", "code review for security", "find secrets", "check for vulnerabilities", "OWASP", "CVE", or questions about code security.
azure-monitor-opentelemetry-py
Azure Monitor OpenTelemetry Distro for Python. Use for one-line Application Insights setup with auto-instrumentation. Triggers: "azure-monitor-opentelemetry", "configure_azure_monitor", "Application Insights", "OpenTelemetry distro", "auto-instrumentation".
odoo-rpc-api
Expert on Odoo's external JSON-RPC and XML-RPC APIs. Covers authentication, model calls, record CRUD, and real-world integration examples in Python, JavaScript, and curl.
django-access-review
django-access-review
django-expert
Use when building Django web applications or REST APIs with Django REST Framework. Invoke when working with settings.py, models.py, manage.py, or any Django project file. Creates Django models with proper indexes, optimizes ORM queries using select_related/prefetch_related, builds DRF serializers and viewsets, and configures JWT authentication. Trigger terms: Django, DRF, Django REST Framework, Django ORM, Django model, serializer, viewset, Python web.
pytest-testing
Expert pytest framework for Python unit, integration, and functional testing
ln-654-resource-lifecycle-auditor
Checks session scope mismatch, missing cleanup, pool config, error path leaks, resource holding. Use when auditing resource lifecycle.
ln-723-seed-data-generator
Generates seed data from ORM schemas or entity definitions to any target format. Use when populating databases for development.
ln-730-devops-setup
Sets up Docker, CI/CD, and environment configuration with auto-detection. Use when adding DevOps infrastructure to a project.
fullstack-dev
Full-stack backend architecture and frontend-backend integration guide. TRIGGER when: building a full-stack app, creating REST API with frontend, scaffolding backend service, building todo app, building CRUD app, building real-time app, building chat app, Express + React, Next.js API, Node.js backend, Python backend, Go backend, designing service layers, implementing error handling, managing config/auth, setting up API clients, implementing auth flows, handling file uploads, adding real-time features (SSE/WebSocket), hardening for production. DO NOT TRIGGER when: pure frontend UI work, pure CSS/styling, database schema only.
perplexity-search
AI-powered web search, research, and reasoning via Perplexity
analyzing-projects
Analyzes codebases to understand structure, tech stack, patterns, and conventions. Use when onboarding to a new project, exploring unfamiliar code, or when asked "how does this work?" or "what's the architecture?"
django-patterns
Django architecture patterns, REST API design with DRF, ORM best practices, caching, signals, middleware, and production-grade Django apps.
django-security
Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations.
django-tdd
Django testing strategies with pytest-django, TDD methodology, factory_boy, mocking, coverage, and testing Django REST Framework APIs.
api-test-suite-builder
Use when the user asks to generate API tests, create integration test suites, test REST endpoints, or build contract tests.
senior-fullstack
Fullstack development toolkit with project scaffolding for Next.js, FastAPI, MERN, and Django stacks, code quality analysis with security and complexity scoring, and stack selection guidance. Use when the user asks to "scaffold a new project", "create a Next.js app", "set up FastAPI with React", "analyze code quality", "audit my codebase", "what stack should I use", "generate project boilerplate", or mentions fullstack development, project setup, or tech stack comparison.
ai-slop-remover
Removes AI-generated code smells from a SINGLE file while preserving functionality. For multiple files, call in PARALLEL per file.
code-review
Perform code reviews following Sentry engineering practices. Use when reviewing pull requests, examining code changes, or providing feedback on code quality. Covers security, performance, testing, and design review.
github-copilot-starter
Set up complete GitHub Copilot configuration for a new project based on technology stack
generating-orm-code
This skill enables Claude to generate ORM models and database schemas. It is triggered when the user requests the creation of ORM models, database schemas, or wishes to generate code for interacting with databases. The skill supports various ORMs including TypeORM, Prisma, Sequelize, SQLAlchemy, Django ORM, Entity Framework, and Hibernate. Use this skill when the user mentions terms like "ORM model", "database schema", "generate entities", "create migrations", or specifies a particular ORM framework like "TypeORM entities" or "SQLAlchemy models". It facilitates both database-to-code and code-to-database schema generation.
app-builder
App scaffolding: Next.js, Vite, Nuxt, Astro, FastAPI, Django, Laravel, RN, Flutter. Triggers: scaffold, bootstrap, new project, starter, dashboard, mobile app.
codeql
Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality + security-experimental suites) and "important only" (high-precision security findings) scan modes. Also handles creating data extension models and processing CodeQL SARIF output.
stripe-integration-expert
Stripe Integration Expert
sharedtech-stack-detection
检测项目技术栈的通用方法,通过分析配置文件识别语言、框架、工具链
django-patterns
Django architecture patterns, REST API design with DRF, ORM best practices, caching, signals, middleware, and production-grade Django apps.
django-security
Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations.
django-tdd
Django testing strategies with pytest-django, TDD methodology, factory_boy, mocking, coverage, and testing Django REST Framework APIs.
find-docs
Retrieves up-to-date documentation, API references, and code examples for any developer technology. Use this skill whenever the user asks about a specific library, framework, SDK, CLI tool, or cloud service -- even for well-known ones like React, Next.js, Prisma, Express, Tailwind, Django, or Spring Boot. Your training data may not reflect recent API changes or version updates. Always use for: API syntax questions, configuration options, version migration issues, "how do I" questions mentioning a library name, debugging that involves library-specific behavior, setup instructions, and CLI tool usage. Use even when you think you know the answer -- do not rely on training data for API details, signatures, or configuration options as they are frequently outdated. Always verify against current docs. Prefer this over web search for library documentation and API details.
independent-developer-micro-saas-master
独立开发者与微型 SaaS — 单人或极小团队 (≤3 人) 构建可持续订阅收入的软件产品商业, 有别于自由职业/咨询、企业级 SaaS 和开源维护: (a) 产品发现与验证 (自己的痒 vs 市场优先 Nugent/Walling; 着陆页冒烟测试; 先接 Stripe 再写代码; JTBD 访谈适配独立开发者场景; Reddit/HN/X/社区痛点挖掘; Mom Test 验证框架; 公开构建作为验证机制); (b) 独立开发者技术架构 (无聊技术论 McKinley; 单体优先; serverless vs VPS 在 ≤$100/月预算下的取舍; Rails/Django/Laravel/Next.js 等框架的出货速度选型; 托管服务优先于自建; Supabase/PlanetScale/Neon 数据库即服务; Clerk/Auth0 认证即服务; Stripe/Paddle/LemonSqueezy 支付; Vercel/Fly.io/Railway 部署; AI 辅助编码 Cursor/Copilot 作为力量倍增器); (c) 无营销团队的分发与增长 (SEO 作为微型 SaaS 护城河; Product Hunt 发布; AppSumo 终身授权利弊; 冷邮件; Twitter/X 公开构建; IndieHackers 社区分发; 集成市场 Shopify/WordPress/Zapier/Slack 应用目录; 联盟计划; 一人内容营销); (d) 定价与变现 (SaaS 定价心理学; freemium vs 免费试用 vs 纯付费; 按席位 vs 按用量 vs 固定费率; 年付折扣; 老用户保价; 微型 SaaS 流失率控制; MRR/ARR/LTV/CAC 在微型规模的含义; $10K MRR 里程碑心理学); (e) 独立创始人心智模型与生活设计 (default alive vs default dead Graham; 拉面盈利 Levels; 生活方式生意 vs 增长生意的光谱; 独立开发者倦怠预防; 时间管理与上下文切换成本; 地理套利与远程优先; 一次构建反复销售的资产思维; 社区作为支持网络 IndieHackers/WIP/MicroConf); (f) 法务与运营基础 (公司注册地选择 LLC/Ltd/GmbH 税效; Stripe Atlas vs Firstbase
developing-software
Software development knowledge reference covering Python, Go, Rust, TypeScript, Java, C++, and Shell. Use when writing code, debugging, or following language-specific best practices.
light-system-design
后端系统设计与数据库能力。当任务涉及系统架构、数据库设计、接口设计、权限/日志/异常/性能/部署时使用。设计 ER 图、数据表结构、接口文档、用户权限、数据流转、模块划分、API 规范、数据库索引、安全策略、部署方案,尤其适合科研系统、管理系统、数据分析平台、可视化平台、竞赛作品与软著项目。
light-tool-selection
工具选择与多工具协同。根据任务自动判断适合用什么工具——搜索、Python、R、MATLAB、LaTeX、Word、Excel、PowerPoint、Visio、Origin、数据库、Git、前端/后端框架、绘图工具、文献管理工具等(常驻,所有任务后台生效)。不盲目用工具,而是按实际任务选最高效、最稳定、最专业的实现方式。
codebase-audit
全面代码库审计 — 自适应并行深度分析(前后端契约、数据完整性、异常处理/安全、架构/技术债、配置/缓存),输出按严重程度排序的统一报告和修复路线图。Use when user asks to audit, analyze, or review an entire codebase for design issues, find hidden bugs, check architecture health, or asks '全面审查', '代码库审计', '分析设计问题', 'audit codebase', 'health check', '有哪些问题'. Also trigger when user asks to find silent degradation, data flow breakpoints, type mismatches between frontend and backend, or wants to understand technical debt across a project.
backend
Backend development patterns for services, error handling, logging, caching. Use when building backend services, APIs, or microservices.
python-env
Fast Python environment management with uv (10-100x faster than pip). Triggers on: uv, venv, pip, pyproject, python environment, install package, dependencies.
hunt-host-header
Hunt Host Header Injection — password reset poisoning → ATO, web cache poisoning via unkeyed Host/X-Forwarded-Host, routing-based SSRF (Host picks upstream → cloud metadata/internal services), path-override SSRF/ACL-bypass (X-Original-URL/X-Rewrite-URL), OAuth redirect_uri/issuer poisoning, and absolute-URL link poisoning in emails. High to Critical when it reaches ATO or mass cache poisoning. Built on public Host-header research (PortSwigger 'Practical web cache poisoning' + James Kettle, and the classic password-reset-poisoning class). Use on any forgot-password flow, CDN/reverse-proxy-fronted app, OAuth/OIDC endpoint, or absolute-URL-in-email feature.
hunt-sqli
Hunting skill for sqli vulnerabilities. Built from 12 public bug bounty reports including modern NoSQL injection (Rocket.Chat CVE-2021-22911 MongoDB $regex, Mongoose ORM CVE-2024-53900 $where bypass), modern ORM raw-fragment SQLi (Django CVE-2024-42005, Sequelize GHSA-wrh9-cjv3-2hpw), second-order SOQL injection (HackerOne Salesforce), time-based blind SQLi in GraphQL resolvers, and SQLi on OIDC-proxy backends. Use when hunting SQLi / NoSQLi on any target.
perplexity-search
AI-powered web search, research, and reasoning via Perplexity
python-dev
Opinionated Python development setup with uv + ty + ruff + pytest + just. Use when creating new Python projects, setting up pyproject.toml, configuring linting, type checking, testing, or build tooling. Triggers on "python project", "uv init", "pyproject.toml", "ruff config", "ty check", "pytest setup", "justfile", "python linting", "python formatting", "type checking python".
api-endpoint
Use when creating an API endpoint or HTTP route handler — detects the project stack and routes to the matching carve-out (laravel-api-endpoint, nextjs-patterns, symfony-workflow).
pm-tech
Use when: 需要与技术团队对接技术方案、评估技术可行性、制定技术架构、评估第三方服务 Do NOT use when: 技术方案已由技术团队确定、仅需功能描述无需技术评估
codebase-audit
全面代码库审计 — 自适应并行深度分析(前后端契约、数据完整性、异常处理/安全、架构/技术债、配置/缓存),输出按严重程度排序的统一报告和修复路线图。Use when user asks to audit, analyze, or review an entire codebase for design issues, find hidden bugs, check architecture health, or asks '全面审查', '代码库审计', '分析设计问题', 'audit codebase', 'health check', '有哪些问题'. Also trigger when user asks to find silent degradation, data flow breakpoints, type mismatches between frontend and backend, or wants to understand technical debt across a project.
bm25
Ranked content search over any text corpus using BM25 (via xhluca/bm25s). Corpus-agnostic: works on cloned repos, project knowledge stores, uploaded files/archives, and any local directory. Stateless — builds an in-memory index each invocation, no cache, no persistence. Use when you need ranked multi-word content search beyond grep, or when picking the "most relevant files for these terms" across a corpus. Triggers on "rank these documents", "search this corpus", "find content about X", "which files are most about Y", or multi-word concept queries against a known body of text.
api-design-rest
When creating or extending an HTTP API for client consumption.
error-handling-architecture
When designing how a system recovers from and reports failures.
authentication-setup
Design and implement authentication and authorization systems. Use when setting up user login, JWT tokens, OAuth, session management, or role-based access control. Handles password security, token management, SSO integration.
azure-monitor-opentelemetry-py
Azure Monitor OpenTelemetry Distro for Python. Use for one-line Application Insights setup with auto-instrumentation. Triggers: "azure-monitor-opentelemetry", "configure_azure_monitor", "Application Insights", "OpenTelemetry distro", "auto-instrumentation".
backend-atomic-commit
Pedantic backend pre-commit and atomic commit Skill for Django/Optimo-style repos. Enforces local AGENTS.md / CLAUDE.md, pre-commit hooks, .security/* helpers, and Monty’s backend engineering taste – with no AI signatures in commit messages.
backend-pr-workflow
Pedantic Diversio backend dev workflow Skill that enforces ClickUp-linked branch/PR naming, PR hygiene, safe Django migrations, and downtime-safe schema changes for Django4Lyfe-style backends.
backend-ralph-plan
Create a structured plan directory with Ralph Wiggum Loop integration for backend Django projects. Generates PLAN.md (task index), task files, and RALPH-PROMPT.md (the actual prompt for ralph-loop). Use for rigorous, iterative implementation requiring quality gates and verification.
backend-testing
Write comprehensive backend tests including unit tests, integration tests, and API tests. Use when testing REST APIs, database operations, authentication flows, or business logic. Handles Jest, Pytest, Mocha, testing strategies, mocking, and test coverage.
bruno-api
Generate comprehensive API endpoint documentation from Bruno (.bru) files by mapping requests to a Django4Lyfe/Diversio-style backend implementation (Django REST Framework or Django Ninja), including auth/permissions, multi-tenant filtering, request/response schemas, and line-numbered code references. Use for single endpoints, directory scans of .bru files, or when writing docs to a specific output path.
database-migration-helper
Creates database migration files following project conventions for Prisma, Sequelize, Alembic, Knex, TypeORM, and other ORMs. Use when adding tables, modifying schemas, or when user mentions database changes.
django-pro
Master Django 5.x with async views, DRF, Celery, and Django Channels. Build scalable web applications with proper architecture, testing, and deployment. Use PROACTIVELY for Django development, ORM optimization, or complex Django patterns.
error-tracking-integrator
Adds comprehensive error tracking with Sentry, Rollbar, or similar services including error boundaries, context, and breadcrumbs. Use when user requests error monitoring or mentions production debugging.
internationalization-helper
Extracts hardcoded strings for i18n, manages translation files, and ensures locale coverage. Use when working with multi-language apps, translations, or user mentions i18n, localization, or languages.
mixpanel-analytics
MixPanel analytics tracking implementation and review Skill for Django4Lyfe optimo_analytics module. Implements new events following established patterns and reviews implementations for PII protection, schema design, and code quality.
monty-code-review
Hyper-pedantic code review skill that emulates Monty's Django4Lyfe backend engineering philosophy and review style. Use this when reviewing or refactoring Python/Django code in this backend repo and you want a strict, correctness-first, multi-tenant-safe, deeply nitpicky review.
pr-description-writer
Generates comprehensive, reviewer-friendly PR descriptions with visual diagrams, summary tables, collapsible sections, and structured test plans. Optimized for readability without sacrificing detail.
python-patterns
Python development principles and decision-making. Framework selection, async patterns, type hints, project structure. Teaches thinking, not copying.
security-scanning-security-sast
Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks
mir-backend-python
Make It Right (Python runtime tier). CPython/PyPy runtime reliability footguns that are shared across EVERY Python backend framework (FastAPI, Django, Flask, Celery) — distinct from the generic backend gates and from any one framework's mechanics. Covers: the GIL (threads give no CPU parallelism), async-vs-sync 'coloring', blocking the event loop, choosing asyncio vs threads vs multiprocessing vs a worker queue, fork-safety of connection pools, serverless cold starts, and dropped-task exceptions. TRIGGER when the backend runtime is Python — sits between mir-backend (generic) and the framework module (e.g. mir-backend-python-fastapi). SKIP for Node/JVM/Go/Rust/.NET/Ruby/PHP/BEAM runtimes (each has its own mir-backend-<runtime> tier), and for framework-library mechanics (those live in the framework module).
mir-backend-python-django
Make It Right (Django module). Django 5 + Django REST Framework specific reliability augmentation. Use alongside the mir-backend skill when the target stack is Django — it carries the mechanical footguns that the framework-agnostic skill deliberately omits: ORM N+1 with select_related/prefetch_related, queryset laziness and caching semantics, migration safety on populated tables (NOT NULL / index locking), transaction.atomic() and on_commit() boundaries, mass assignment through ModelForm and DRF serializers, async views with the Django 4.1+ async ORM, and signal side-effect traps. TRIGGER only when the Python backend stack is Django — building, reviewing, or debugging a Django view, model, serializer, migration, or admin. Always loads TOGETHER WITH mir-backend (the gates) and mir-backend-python (CPython runtime concerns: GIL, async/sync, fork-safety, cold start); this module only adds Django/DRF library mechanics. SKIP for FastAPI, Flask, or any non-Django stack (those get their own mir-backend-python-<framew
mir-backend-python-fastapi
Make It Right (FastAPI module). FastAPI + Async SQLAlchemy 2.0 + Postgres + Alembic + Redis specific reliability augmentation. Use alongside the mir-backend skill when the target stack is FastAPI — it carries the mechanical footguns that the framework-agnostic skill deliberately omits: async session lifecycle and scope, Pydantic v2 validation boundaries, Depends()-based auth and authorization, BackgroundTasks vs a real queue, async N+1 with selectinload, greenlet/sync-driver-in-async traps, Alembic migration safety on populated tables, and Redis idempotency/locking patterns. TRIGGER only when the Python backend stack is FastAPI — building, reviewing, or debugging a FastAPI endpoint, dependency, SQLAlchemy session, or Alembic migration. Always loads TOGETHER WITH mir-backend (the gates) and mir-backend-python (CPython runtime concerns: GIL, async/sync, fork-safety, cold start); this module only adds FastAPI/SQLAlchemy library mechanics. SKIP for Django, Flask, or any non-FastAPI stack (those get their own mir-
mir-backend-python-flask
Make It Right (Flask module). Flask 3 specific reliability augmentation. Use alongside the mir-backend skill when the target stack is Flask — it carries the mechanical footguns that the framework-agnostic skill deliberately omits: app/request context misuse (current_app/request/g outside context), missing input validation and object-level authorization, SQLAlchemy session scoping and teardown, app-factory pattern and circular import avoidance, offloading heavy work to Celery/RQ, config/secret safety (debug=True RCE, SECRET_KEY), and Alembic migration safety via Flask-Migrate. TRIGGER only when the Python backend stack is Flask — building, reviewing, or debugging a Flask route, blueprint, extension, SQLAlchemy session, or migration. Always loads TOGETHER WITH mir-backend (the gates) and mir-backend-python (CPython runtime concerns: GIL, async/sync, fork-safety, cold start); this module only adds Flask library mechanics. SKIP for Django, FastAPI, or any non-Flask stack (those get their own mir-backend-python-<f
hunt-ssti
Hunt server-side template injection (SSTI) across Jinja2 (Flask/Django), Twig (Symfony), Freemarker (Java), ERB (Rails), Spring, Velocity, Mako, Thymeleaf, Smarty. Detection probes use double-curly and dollar-curly math expressions evaluated server-side. Once an engine is fingerprinted, escalate to RCE via the engine-specific class-walker, callback-registrar, or Execute-utility patterns documented in disclosed reports. Detection patterns: error messages reveal engine, blank or numeric eval reveals expression mode. Targets: email templates, PDF/report generators, CMS preview features, error pages with user input. Use when hunting RCE via template rendering, when content shows engine fingerprints, when finding endpoints that compose strings with user input before render.
codeql
Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality + security-experimental suites) and "important only" (high-precision security findings) scan modes. Also handles creating data extension models and processing CodeQL SARIF output.
besser-dev
Contributor guide for developing BESSER itself (https://github.com/BESSER-PEARL/BESSER). Use this skill whenever the user is working *inside* the BESSER source tree — adding a new generator (the most common contribution), adding a new metamodel or sub-DSL under `besser/BUML/metamodel/`, writing pytest tests for generators or metamodels, writing JSON↔BUML converters for the web editor, building Sphinx documentation under `docs/source/`, registering a generator in `SUPPORTED_GENERATORS`, or preparing a pull request to BESSER. Trigger on phrases like "add a new generator", "register in the web editor", "GeneratorInterface", "json_to_buml", "buml_to_json", "write tests for my generator", "build the docs", "open a PR to BESSER", or any work that touches `besser/generators/`, `besser/BUML/metamodel/`, `besser/utilities/web_modeling_editor/`, or `tests/`. Prefer this skill over besser-user when the user is contributing *to* BESSER rather than *using* BESSER to build something else.
besser-generators
Operational reference for BESSER code generators — covers per-generator options, generated file layout, regeneration/overwrite behavior, safe customization patterns, template overrides, and debugging generation failures. Use this skill whenever the user is configuring or running a BESSER generator (PythonGenerator, PydanticGenerator, SQLAlchemyGenerator, SQLGenerator, BackendGenerator, RESTAPIGenerator, DjangoGenerator, WebAppGenerator, ReactGenerator, BAFGenerator, QiskitGenerator, JSONSchemaGenerator, RDFGenerator, TerraformGenerator, PytorchGenerator, TFGenerator, FlutterGenerator, JavaGenerator), wondering "where does the output go", "will my edits survive regeneration", "how do I add custom endpoints to a generated FastAPI app", or "how do I switch the database dialect". Trigger on questions about generator parameters (`http_methods`, `nested_creations`, `dbms`, `containerization`, `backend_type`, `shots`, `generation_mode`), generated file paths, template overrides, or how to extend generated code witho
besser-troubleshooting
Diagnose and fix BESSER errors fast. Use this skill whenever the user is staring at a Python traceback, ImportError, ModuleNotFoundError, ValueError, TypeError, AttributeError, jinja2.TemplateNotFoundError, subprocess.CalledProcessError, or any other failure originating from BESSER (besser.BUML, besser.generators, besser.utilities). Covers installation failures (`pip install besser` errors, native dependency build failures for psycopg2/pyodbc/oracledb, Python version mismatches, Windows venv path quirks), import errors (`String` vs `StringType`, missing `bocl==0.3.1`, `antlr4-python3-runtime` version mismatch), model construction errors (spaces or hyphens in names, duplicate enum literals, invalid multiplicities, generalization-to-self, more than one is_id per class), generator crashes (Invalid DBMS, Django subprocess failures, missing GUIModel for WebApp, silent SQLGenerator failures, invalid Qiskit backend), Docker and deployment problems (port conflicts, docker-compose vs docker compose, missing system lib
besser-user
Build software with BESSER, the low-code model-driven platform. Use this skill whenever the user is creating a B-UML domain model (classes, attributes, associations, enumerations, generalizations), running any BESSER generator (Django, FastAPI, SQLAlchemy, Pydantic, React, WebApp, BAF, Qiskit, etc.), modeling state machines or chatbot agents, designing GUI models for web apps, or working with the BESSER web editor at editor.besser-pearl.org. Trigger on imports from `besser.BUML` or `besser.generators`, mentions of B-UML, DomainModel, BinaryAssociation, GUIModel, or any BESSER generator class — even if the user does not say "BESSER" by name. Prefer this skill over generic Python, Django, or FastAPI guidance whenever the project uses BESSER for modeling. For per-generator deep dives (output paths, options, customization patterns), defer to the besser-generators skill; for errors and diagnostics, defer to besser-troubleshooting.
repo-snapshot
Produce a repository snapshot — folder tree, top files by LOC, dependency surface, contributor map, framework detection — for handoff or onboarding.
write-path-mapping
Map the write path of a project across multiple frameworks — entry points, validation, auth, persistence, side-effects. Outputs report, Mermaid diagrams, JSON sidecar. Flags unauth writes, missing RLS, cache gaps. Use for write path, mutation audit, RLS audit.
project-init
Expert-guided project setup with 6 phases
lazy-agent-loader
Load agent definitions on-demand to reduce context usage. Only loads full agent when needed.
django-expert
Use when building Django web applications or REST APIs with Django REST Framework. Invoke when working with settings.py, models.py, manage.py, or any Django project file. Creates Django models with proper indexes, optimizes ORM queries using select_related/prefetch_related, builds DRF serializers and viewsets, and configures JWT authentication. Trigger terms: Django, DRF, Django REST Framework, Django ORM, Django model, serializer, viewset, Python web.
logging-scaffold
One-shot scaffold dropping in a structured logger for the project's primary backend language; wires JSON output, sensible defaults, example call sites
development
开发语言能力索引(Python/Go/Rust/TypeScript/Java/C++/Shell)。
neo-python
Use this skill when writing, reviewing, debugging, or architecting Python 3.10+ code, including type hints, structural pattern matching, dataclasses, async/task groups, packaging-aware project structure, testability, and maintainability.
newebpay-checkout
Implements NewebPay MPG checkout integration including AES256 encryption, form submission, and payment callback handling. Use when integrating payment gateway, creating checkout flows, or building 藍新金流 payment pages.
payuni-checkout
Implements PAYUNi UPP checkout integration including AES256 encryption, form submission, and payment callback handling. Use when integrating payment gateway, creating checkout flows, or building 統一金流 payment pages.
openstack-horizon
OpenStack Horizon web dashboard skill. Use when deploying, customizing, or troubleshooting the OpenStack web UI. Covers panel customization, session management, multi-domain support, theme branding, TLS configuration, and common dashboard failure modes including login issues, missing panels, and static asset problems.
analyzing-projects
Analyzes codebases to understand structure, tech stack, patterns, and conventions. Use when onboarding to a new project, exploring unfamiliar code, or when asked "how does this work?" or "what's the architecture?"
code-review
Perform code reviews following Sentry engineering practices. Use when reviewing pull requests, examining code changes, or providing feedback on code quality. Covers security, performance, testing, and design review.
codebase-mapping
Repository structure and dependency analysis for understanding a codebase's architecture. Use when needing to (1) generate a file tree or structure map, (2) analyze import/dependency graphs, (3) identify entry points and module boundaries, (4) understand the overall layout of an unfamiliar codebase, or (5) prepare for deeper architectural analysis.
migration-generator
Create database migrations from model changes, schema diffs, and migration best practices.
project-scaffolder
Quick project setup with templates, best practices, and complete configuration for various framew...
project-scaffolding
IDE-grade project scaffolding wizard for creating new projects with comprehensive configuration. Supports 70+ project types: HTML/CSS websites, React, Next.js, Vue, Astro, Remix, React Native, Flutter, Expo, FastAPI, Django, Express, NestJS, Go/Gin, Rust/Axum, Spring Boot, Hono, Elysia, Chrome Extensions, VS Code Extensions, Tauri desktop apps, serverless functions, and more. Provides WebStorm/PyCharm-level project creation with interactive SDK selection, framework configuration, database setup, and DevOps tooling. Use when: creating a new project, setting up a framework application, initializing a codebase, scaffolding boilerplate, building extensions, creating mobile/desktop/web apps, setting up monorepos, or making static websites/landing pages.
python-development-python-scaffold
You are a Python project architecture expert specializing in scaffolding production-ready Python applications. Generate complete project structures with modern tooling (uv, FastAPI, Django), type hint
query-builder
Interactive database query builder for generating optimized SQL and NoSQL queries.
schema-alignment
Detect and report drift between database schema and code data models. Works with SQLAlchemy, Django ORM, Prisma, TypeORM, and other ORMs. Generic across any project.
seed-data-generator
Generate realistic test data for database development, testing, and demos.
tester
Comprehensive testing skill for GabeDA application - designs test strategies (UAT, integration, smoke, unit), creates tests for frontend (React/Playwright) and backend (Django/pytest), executes tests, analyzes results, and generates detailed reports with findings. Stores reports in ai/testing/ and tests in appropriate project folders.
vibe-security
Security intelligence for code analysis. Detects SQL injection, XSS, CSRF, authentication issues, crypto failures, and more. Actions: scan, analyze, fix, audit, check, review, secure, validate, sanitize, protect. Languages: JavaScript, TypeScript, Python, PHP, Java, Go, Ruby. Frameworks: Express, Django, Flask, Laravel, Spring, Rails. Vulnerabilities: SQL injection, XSS, CSRF, authentication bypass, authorization issues, command injection, path traversal, insecure deserialization, weak crypto, sensitive data exposure. Topics: input validation, output encoding, parameterized queries, password hashing, session management, CORS, CSP, security headers, rate limiting, dependency scanning.
design-prd
Generate Product Requirements Documents through structured conversation for any project. Auto-detects tech stack, existing features, and data model from the codebase. Uses Firecrawl to research competitor products and UX patterns, Context7 to check framework capabilities for feasibility, and Supabase MCP to verify data model feasibility. Produces actionable PRDs with technical feasibility sections informed by real codebase analysis. Use when starting a new feature, documenting requirements, creating specs before implementation, or needing clarity on scope and success criteria.
route-tester
Framework-agnostic HTTP API route testing patterns, authentication strategies, and integration testing best practices. Supports REST APIs with JWT cookie authentication and other common auth patterns.
pdlc-adopt
旧项目接入 PDLC
python-expert
Python gotchas and decision criteria. Covers async pitfalls, FastAPI/Django patterns, and type hint traps.
genesis-backend
Agente Backend do Genesis. Implementa a camada de API, serviços, repositórios e domínio. Adapta-se automaticamente à linguagem e framework escolhidos pelo architect: Python/FastAPI, Python/Django, Node/NestJS, Node/Express, Go/Gin, Java/Spring Boot, Ruby/Rails, PHP/Laravel. Segue os padrões do patterns.md do projeto.
genesis-scout
Agente Scout do Genesis. Mapeia projetos existentes antes de qualquer geração de código. Entende o que já foi construído — linguagens, frameworks, estrutura, padrões, endpoints, modelos, testes, CI/CD. Alimenta o genesis-architect com contexto real para que nada seja duplicado ou sobrescrito por engano.
qa-check
Auto-detects the project's tech stack, then audits for Accessibility, Performance, and Code Quality. Works across WordPress/PHP, Python, Node/JS, and static web projects.
python-project-setup
Sets up Python projects with modern tooling including pyproject.toml, linting with ruff, formatting, type checking with mypy or pyright, testing with pytest, and pre-commit hooks. Triggers on: "setup Python project", "create Python package", "python project structure", "pyproject.toml".
flask-debug-cross-worktree-edit-stale
Diagnose "I edited the template / view / CSS but Flask debug-mode keeps serving the old version" when running a local dev server (Flask, Django runserver, Rails server, etc.) from one git worktree while editing files in a sibling worktree of the same repo. Use when: (1) you have multiple `git worktree` checkouts of the same repo (typical with `.claude/worktrees/<feature>` directories), (2) a dev server is running in worktree A serving its working tree, (3) you're making edits in worktree B because branch X is checked out at A and you can't `git checkout X` in B too, (4) `curl http://127.0.0.1:PORT/page` returns byte-identical responses despite your edits, (5) you're tempted to blame Jinja bytecode cache, Flask `@_ttl_cache`, or browser caching. Root cause is filesystem-level: each git worktree has its own independent working tree on disk; Flask is reading worktree A's files, not worktree B's. Cache-busting tricks (`touch app.py`, browser hard refresh, restart Flask) won't help. Sister skill to `flask-debug-tt
security-sweep
Scan codebase for security vulnerabilities, hardcoded secrets, injection flaws, misconfigurations, and attack surfaces. Use when user wants a security audit, vulnerability scan, or to find security issues.
global-tech-stack
Understand and apply project-specific technology choices including frameworks, languages, databases, testing tools, and third-party services to maintain consistency across the stack. Use this skill when making technology decisions, adding new dependencies, choosing libraries/frameworks, configuring build tools, setting up databases, implementing authentication, or integrating third-party services. Apply when working with framework-specific code, package managers, ORM configurations, testing setups, deployment configurations, or any task that requires knowledge of the project's chosen technologies to ensure architectural consistency and avoid introducing conflicting tools or patterns.
office-call-skill
Build and evolve a single high-fidelity counselor system for real student-counselor communication rehearsal, distillation, correction, and reality-sync practice.
stacks
Stack-specific skills organized by technology category (backend, frontend, infrastructure, mobile)
code-documenter
Use when adding docstrings, creating API documentation, or building documentation sites. Invoke for OpenAPI/Swagger specs, JSDoc, doc portals, tutorials, user guides.
django-expert
Use when building Django web applications or REST APIs with Django REST Framework. Invoke for Django models, ORM optimization, DRF serializers, viewsets, authentication with JWT.
define-technologies
Capture the technology choices for the project — languages, frameworks, data stores, auth, and key libraries. Stack-neutral; presents options with tradeoffs. Use when the project-builder agent is gathering technology information.
analyzing-projects
Analyzes codebases to understand structure, tech stack, patterns, and conventions. Use when onboarding to a new project, exploring unfamiliar code, or when asked "how does this work?" or "what's the architecture?"
web-backend-spec
Augment a sprint's SPEC.md with a Backend section (API contract, data model changes, authn/authz, validation, observability, contract test plan) tailored to the detected stack (Express/Fastify/Next/FastAPI/Django/Go/Rails/etc). Coordinator-only — does not write production code. Pauses for user confirmation. Run before /magi:tasks.
python-patterns
Python development principles and decision-making. Framework selection, async patterns, type hints, project structure. Teaches thinking, not copying.
codebase-navigator
Token-efficient codebase navigation skill. Use this whenever the user wants to explore, understand, or find anything in their codebase — folder structure, entry points, config files, where a feature lives, or a specific file by name/purpose. Triggers on: "navigate my codebase", "explore the project", "find the file for X", "where is the code for Y", "show me the structure", "what's the entry point", "find config files", "understand this repo". Prefer this over raw `view` calls on directories.
nexus-debugging
Use when something is failing, regressing, or behaving unexpectedly and the goal is root-cause analysis, narrowest fix, and verification. Covers CI/CD, tests, runtime, deployment, and tooling failures. Output should be RCA + fix + prevention, not design options. When in doubt, use this skill.
claude-code-starter
Analyze a project's tech stack and generate comprehensive Claude Code configuration files (.claude/ directory with CLAUDE.md, skills, agents, rules, and commands). Use when setting up Claude Code for a new or existing repository.
skill-fastapi-api
Padrões DARE para APIs REST em Python + FastAPI + Pydantic + uvicorn. Routers, dependency injection, Pydantic v2 schemas, async SQLAlchemy 2.0, autenticação OAuth2 + JWT, rate limit com slowapi, pytest + httpx, OpenAPI auto-gerado.
setup
Initialize a project with the SpecRails workflow. Generates project-specific data files: .specrails/config.yaml, personas, memory directories, backlog config, and CLAUDE.md snippet. Does NOT copy logic files — the sr plugin already provides all agents, skills, and commands.
tenet-api-contract
Audits API consistency: schemas, errors, status codes, pagination, versioning, and idempotency.
tenet-database-migrations
Audits migration safety: destructive changes, indexes, rollbacks, transactions, locks, and backfills.
boilerplate
Generate framework-specific boilerplate code
django-skills
Django framework patterns, best practices, and implementation guides
data-breach-blast-radius
Proactive blast radius analysis before a breach: sensitive data inventory, flow tracing, regulatory fine estimation (GDPR/CCPA/HIPAA), hardening roadmap. Triggers: /data-breach-blast-radius, breach impact.
dev-owasp
Run full OWASP Top 10 security audit. Use with /dev-owasp.
ralph
Autonomous agent loop for completing features. Use when asked to 'use ralph', 'ralph this', or to autonomously implement a feature end-to-end. Creates prd.json with user stories, then executes them one by one until complete.
auth-bypass
Detect authentication and authorization bypass vulnerabilities including missing auth middleware, JWT algorithm confusion, IDOR, and session fixation.
target-recon
Target discovery methodology for finding high-quality npm/PyPI/GitHub packages to audit for vulnerabilities, with evaluation criteria and search strategies.
newebpay
Provides NewebPay integration overview and guides users to the appropriate skill. Use when starting NewebPay integration, setting up environment, or needing general guidance about 藍新金流.
payuni
Provides PAYUNi integration overview and guides users to the appropriate skill. Use when starting PAYUNi integration, setting up environment, or needing general guidance about 統一金流.
deploy-checklist
Generate pre-deployment checklist based on project type. Trigger: user says "部署前检查"、"发版检查"、"deploy checklist"、"预发布检查" before release.
python-service-creator
Python 后端服务脚手架生成器。自然语言描述 → 完整 Python 项目目录。 触发场景:用户要求"创建 FastAPI 服务"、"搭建 Python 后端"、"初始化 Flask 项目"、"生成 Python API"。 关键词:fastapi, flask, django, python backend, python api, python service, uvicorn。
implementing-navigation
Implements navigation patterns and routing for both frontend (React/TS) and backend (Python) including menus, tabs, breadcrumbs, client-side routing, and server-side route configuration. Use when building navigation systems or setting up routing.
implementing-search-filter
Implements search and filter interfaces for both frontend (React/TypeScript) and backend (Python) with debouncing, query management, and database integration. Use when adding search functionality, building filter UIs, implementing faceted search, or optimizing search performance.
webhook-receiver
Receive inbound webhooks with no web framework - a tiny stdlib HTTP server that verifies an HMAC signature in constant time and queues each payload to disk for a worker to process. Use for receive a webhook, handle an incoming POST, trigger a script from a webhook, verify a webhook signature, or stripe/github/telegram webhook intake.
cc-scan
Scan the current project's codebase and proactively recommend the highest-value Claude Code automations (hooks, skills, subagents, MCP servers, plugins, settings). Use when the user has a project but does NOT yet know what to set up — "what Claude Code automations should I add?", "set up Claude Code for this project", "what hooks/skills should I use?". Read-only analysis; hands any chosen recommendation to /cc for a full live-docs blueprint and a ready-to-paste setup prompt.
perseus-logic
Business logic, race conditions, and AI security analysis
api-contract-audit
Static OpenAPI contract audit - endpoint drift (spec vs code), schema drift, status-code mismatch, breaking-change detection vs previous spec version, versioning consistency, security scheme alignment, deprecation markers, Richardson Maturity L0-L3 scoring. Framework auto-gen for FastAPI, NestJS, Express+swagger-jsdoc, Next.js route handlers, Django REST.
dependency-scan
Phase 1 mandatory dependency scan. Runs all 6 checks in a single invocation - route hrefs, component import consumers, shared type/utility consumers, test file references, FK references, access control policies. Returns a structured report per check with exact file paths and line numbers. Invoke once with the full list of affected entities. Never invoke for single-check queries - use Grep directly for those.
doc-audit
Static documentation drift audit - relative-link resolution, code-block syntax, CDK placeholder residuals, slash-command name match, skill-count consistency, ADR marker freshness, stack-specific doc sync (Next.js / Django / Swift).
ui-audit
Audit UI for design token compliance and component adoption. Static grep-based analysis against the sitemap's page and component files. Requires a design system with semantic tokens.
project-context
Provides project context (tech stack, conventions, key rules) to subagents. Not a user command - loaded by the orchestrator when dispatching review subagents.
uv-deps
Maintain Python packages through security audits or dependency updates using an isolated git worktree and uv. Use for security audits, CVE fixes, vulnerability checks, dependency updates, package upgrades, outdated packages, bump versions, fix Python vulnerabilities, check for Python CVEs, audit Python packages, update pyproject.toml dependencies, modernize Python deps, or when user types /uv-deps with or without specific package names or glob patterns.
project-stats
Generate a comprehensive project statistics report with language breakdown, git activity, test coverage, dependencies, and infrastructure detection. Automatically compares with the previous report to show growth trends and deltas. Use this skill whenever the user asks for project statistics, project report, project health, codebase overview, how big is the project, project summary, project metrics, project status report, repo stats, repo report, monorepo stats, lines of code, LOC count, code metrics, health check report — even if they just say "stats", "relatorio", "relatório do projeto", "estatísticas", "como está o projeto", "tamanho do projeto", or "project overview". This skill works on ANY git project regardless of language or framework.
deploy
Deploys your app to DigitalOcean or AWS — generates Nginx config, SSL, systemd service, and step-by-step server setup for Ubuntu/CentOS
python
Python project wizard — FastAPI, Django, Flask, Celery, Jupyter — with proper pyenv/venv setup, DB, Docker, and deploy options
database-migrations
Database migration best practices for schema changes, data migrations, rollbacks, and zero-downtime deployments across PostgreSQL, MySQL, and common ORMs (Prisma, Drizzle, Kysely, Django, TypeORM, golang-migrate).
api-contract-init
Generate API_CONTRACT.md by scanning existing routes and controllers
deploy-django-app
Deploy a Django app behind nginx using a gunicorn unix socket (wrapper-dir layout). Reference recipe — derive a per-host user skill from it.
api-test-suite-builder
Use when the user asks to generate API tests, create integration test suites, test REST endpoints, or build contract tests.
senior-fullstack
Fullstack development toolkit with project scaffolding for Next.js, FastAPI, MERN, and Django stacks, code quality analysis with security and complexity scoring, and stack selection guidance. Use when the user asks to "scaffold a new project", "create a Next.js app", "set up FastAPI with React", "analyze code quality", "audit my codebase", "what stack should I use", "generate project boilerplate", or mentions fullstack development, project setup, or tech stack comparison.
starting-a-project
Use when someone is starting a new project and unsure what stack or framework to build it with — "what should I use to build X?", "how do I start a new project?" — or asks how to deploy / put a project online. Covers the common beginner goals: a content website, an interactive app, a database-backed web app, an API, a script or automation, a phone app, a data dashboard.
analyze
Deep cross-layer consistency audit for any codebase. Traces every feature from UI to database, finds broken wiring, missing handlers, model mismatches, and security gaps. Auto-fixes critical and warning issues. Use this after building features, before releases, or whenever something feels off. Works with any tech stack.
api-surface
Maps the entire API surface of a codebase -- route definitions, middleware chains, auth requirements, request/response types, deprecated endpoints, orphaned endpoints, and cross-endpoint inconsistencies. USE THIS SKILL WHEN: - You need a complete inventory of all API endpoints in a project - Someone asks "what endpoints do we have?" or "what does our API look like?" - You are onboarding to a new backend codebase and need to understand its API - You need to find orphaned, undocumented, or deprecated endpoints - Someone asks about API inconsistencies (different response shapes, auth gaps) - You are preparing for an API review, documentation sprint, or versioning migration - You need to understand endpoint dependencies before refactoring - A project has no OpenAPI spec and you need to generate one from code - You suspect there are endpoints without authentication or rate limiting TRIGGER PHRASES: "API surface", "list all endpoints", "API inventory", "endpoint map", "orphaned endpoints", "API inconsistencies", "u
do-oop-audit
Audit Python classes and OOP code for structural anti-patterns, naming inconsistencies, and data modeling issues. Use when reviewing class design, checking model health, validating object boundaries, or after refactoring. Also triggered by 'check my classes', 'review the data model', 'are there OOP problems', 'scan for design issues', 'lint class structure', 'audit models', 'validate OOP', or 'review object hierarchy'.
code-like-djangonout
Provides Django web framework expertise including project structure, models, views, admin, Celery tasks, testing, and Python best practices. Use when generating, analyzing, refactoring, or reviewing Django/Python code.
perf-bar
Use when assessing performance or algorithmic soundness — Big-O on hot paths, N+1 queries, Supabase egress, and benchmarking hard challenges; feeds the SPIKE sub-phase and per-task review.
stacks
Use when building or maintaining a project in one of my non-default stacks — Flipper Zero FAP in C now, Django / Flask / FastAPI coming — for its architecture, build, test, formatting and release conventions. Routes to references/<stack>/. The web stack (TS / Supabase / PWA) is the pack's implicit default and has no entry here.
pattern-architect-api-endpoint
Resource-oriented REST design — the single authority for API endpoint shape decisions (paths, verbs, request / response body, status codes, error envelope, pagination, sorting, filtering, versioning, idempotency policy, rate-limit policy, trailing-slash spelling). Activate when designing, adding, or refactoring an HTTP endpoint, controller, or handler. Every decision lands in the api contract at `docs/api-contract/<entity>.yaml` which engineers implement against and reviewers verify.
pattern-engineer-python
Modern idiomatic Python: `uv` only for env/deps; PEP 8 + 88-char lines; full type annotations on every signature; EAFP with narrow `except` + `raise ... from e`; modern type hints (PEP 604/695); `Protocol` for duck-typed seams; frozen-slots `@dataclass` DTOs (Pydantic only at boundaries); `with` for resources; no mutable default args; comprehensions over C-style loops; no `import *`; no MD5/SHA1 for security; Alembic chained to head + `pytest-alembic` round-trip. Activate on `.py` files.
gitignore
Analyze the codebase to understand its languages, frameworks, and tooling, then create or update the project's .gitignore with the right entries. Use when the user asks to "fix/update/generate the .gitignore", "what should I gitignore", "add ignore rules", "stop tracking node_modules/.env/build artifacts", or wants secrets and generated files kept out of version control. Understands the repo first, avoids duplicates, and flags already-tracked files that ignoring alone won't remove.
codebase-onboarding
Analyze an unfamiliar codebase and generate a structured onboarding guide with architecture map, key entry points, conventions, and a starter CLAUDE.md. Use when joining a new project or setting up Claude Code for the first time in a repo.
deploy-planner
Deployment and DevOps agent that generates Dockerfiles, CI/CD configs, and step-by-step deployment guides for free hosting platforms. Triggers on: deploy, launch, hosting, Docker, CI/CD, production, go live, ship it.
django-patterns
Django patterns, anti-patterns, ORM gotchas, view design, migrations, settings, and review checklist for Django backend work. Use whenever the project contains `manage.py`, `settings.py`, `apps.py`, OR `pyproject.toml`/`requirements.txt`/`Pipfile` with `django` (or `Django`) listed as a dependency, OR the user asks about Django, Python web backend, ORM queries, models, views, forms, templates, migrations, admin, signals, middleware, or any work touching `.py` files in a Django app structure, even if Django is not mentioned by name.
drf-patterns
Django REST Framework patterns, serializers, viewsets, permissions, throttling, filtering, pagination, and review checklist. Use whenever the project contains `djangorestframework` in dependencies, `rest_framework` in INSTALLED_APPS, files following DRF naming patterns (`serializers.py`, `viewsets.py`, `permissions.py`), OR the user asks about DRF, Django REST, serializers, viewsets, ModelViewSet, permission_classes, throttle_classes, even if DRF is not mentioned by name.
fastapi-patterns
FastAPI patterns, Pydantic schemas, dependency injection, async correctness, response models, error handling, OpenAPI, and auth. Use whenever the project contains `fastapi` in dependencies, files importing from `fastapi`, `@app.get`/`@router.get` decorators, Pydantic BaseModel subclasses used as request/response types, OR the user asks about FastAPI, Pydantic v2, Depends(), HTTPException, OAuth2PasswordBearer, APIKeyHeader, response_model, even if FastAPI is not mentioned by name.
security-patterns
Security checklist covering XSS, injection, authentication, authorization, sessions, CSRF, CSP, secrets, dependency CVEs, input validation, and severity calls. Use whenever the project includes auth code, session handling, environment variable reads, user input handling, route handlers, server actions, middleware, or external API calls, OR the user asks about security, hardening, vulnerabilities, auth, authentication, authorization, sessions, cookies, XSS, CSRF, SQL injection, secrets, environment variables, CSP, headers, or reviews changes that touch user input, auth, or external data, even if "security" is not mentioned by name.
wcag-audit
WCAG 2.2 AA audit checklist, severity rubric, and stack adaptation for accessibility review. Use whenever the project contains UI code (`.jsx`, `.tsx`, `.vue`, `.svelte`, HTML files, Django templates), OR the user asks about accessibility, a11y, WCAG, screen readers, keyboard navigation, focus management, ARIA, contrast, semantic HTML, alt text, form labels, or audits a component, page, or template for accessibility issues regardless of stack, even if WCAG is not mentioned by name.
new-skill-proposal
<!-- Follow the CO2 naming convention: <prefix>-<stack>-<variant> e.g. specgen-django-postgres, mockgen-bootstrap, testgen-cypress -->
sql-server-best-practices
SQL Server and Azure SQL best practices for developers and DBAs. Use this skill whenever the user asks about T-SQL, stored procedures, query performance, indexes, schema design, database security, or SQL Server / Azure SQL maintenance — even if they don't say "best practices." Triggers on requests like "write a stored proc," "this query is slow," "clustered vs nonclustered index," "parameter sniffing," "WITH NOLOCK," "prevent SQL injection in MSSQL," "set up db permissions," "index rebuilds or backups," or "review this migration script." Use for any T-SQL code review, DDL review, or schema design question where the database is SQL Server or Azure SQL. Skip for MySQL, PostgreSQL, SQLite, Oracle, or any non-MSSQL database — the guidance here (RCSI, sp_Blitz, T-SQL syntax, SQL Agent, NEWSEQUENTIALID, etc.) does not apply to other platforms and could actively mislead. Also skip for ORM-only questions (Entity Framework errors, LINQ, Django migrations) where no T-SQL or SQL Server configuration is involved.
database-migrations
Database migration best practices for schema changes, data migrations, rollbacks, and zero-downtime deployments across PostgreSQL, MySQL, and common ORMs (Prisma, Drizzle, Django, TypeORM, golang-migrate).
keyword-extractor
Extract 3-7 technical English keywords from a routing query. Internal helper for route-task Stage 1; uses session credentials (no API key). Translates pt-BR/ES/ZH to EN, ignores stopwords, keeps technical terms verbatim (FTS5, sqlite3, react, B3, B4).
checking-system-logs
Use when finding bridge events, agent responses, timeouts, or errors in system logs. Triggered by requests to debug system behavior, investigate errors, or check what the agent did. Always filter by project name.
pattern-architect-data-model
Data-model shape and naming guidance: tables, columns, indexes, constraints, views, and the SQLAlchemy `MetaData` naming convention that emits predictable names. Activate when designing or reviewing a new table, model, or schema, or when asked 'how should I name this table/column/index/constraint?'. Skip for application-level query logic that doesn't change schema, and for code-first / migration / `migrate` compose / `alembic` mechanics.
backend-contract-boundary
Keep backend contracts explicit and stable; isolate internal types behind boundaries.
find-docs
使用 Context7 CLI 获取任意开发技术的最新文档、API 参考和代码示例。 当用户询问具体的库、框架、SDK、CLI 工具或云服务时都应使用本 skill (包括 React、Next.js、Prisma、Express、Tailwind、Django、Spring Boot 等常见技术)。训练数据可能无法反映近期 API 变更或版本更新。 以下场景必须优先使用:API 语法问题、配置项问题、版本迁移问题、包含库名的 “如何实现”问题、涉及库特定行为的调试、安装/初始化说明、CLI 使用方式。 即使你认为自己知道答案,也不要直接依赖训练数据来回答 API 细节、函数签名 或配置项;这��内容经常过时。请始终以最新官方文档为准。对于库文档和 API 细节, 优先使用本 skill 而不是普通网页搜索。
api-doc-generator
从代码生成API文档和OpenAPI规范,支持多种后端框架。 使用场景:为REST API项目生成OpenAPI 3.0规范、创建或更新API接口文档。
algorithmic-art
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.
canvas-design
Create beautiful visual art in .png and .pdf documents using design philosophy. You should use this skill when the user asks to create a poster, piece of art, design, or other static piece. Create original visual designs, never copying existing artists' work to avoid copyright violations.
docx
Comprehensive document creation, editing, and analysis with support for tracked changes, comments, formatting preservation, and text extraction. When Claude needs to work with professional documents (.docx files) for: (1) Creating new documents, (2) Modifying or editing content, (3) Working with tracked changes, (4) Adding comments, or any other document tasks
frontend-design
Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, artifacts, posters, or applications (examples include websites, landing pages, dashboards, React components, HTML/CSS layouts, or when styling/beautifying any web UI). Generates creative, polished code and UI design that avoids generic AI aesthetics.
mcp-builder
Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).
Comprehensive PDF manipulation toolkit for extracting text and tables, creating new PDFs, merging/splitting documents, and handling forms. When Claude needs to fill in a PDF form or programmatically process, generate, or analyze PDF documents at scale.
pptx
Presentation creation, editing, and analysis. When Claude needs to work with presentations (.pptx files) for: (1) Creating new presentations, (2) Modifying or editing content, (3) Working with layouts, (4) Adding comments or speaker notes, or any other presentation tasks
skill-creator
Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations.
skill-installer
Install Codex skills into $CODEX_HOME/skills from a curated list or a GitHub repo path. Use when a user asks to list installable skills, install a curated skill, or install a skill from another repo (including private repos).
slack-gif-creator
Knowledge and utilities for creating animated GIFs optimized for Slack. Provides constraints, validation tools, and animation concepts. Use when users request animated GIFs for Slack like "make me a GIF of X doing Y for Slack."
theme-factory
Toolkit for styling artifacts with a theme. These artifacts can be slides, docs, reportings, HTML landing pages, etc. There are 10 pre-set themes with colors/fonts that you can apply to any artifact that has been creating, or can generate a new theme on-the-fly.
web-artifacts-builder
Suite of tools for creating elaborate, multi-component claude.ai HTML artifacts using modern frontend web technologies (React, Tailwind CSS, shadcn/ui). Use for complex artifacts requiring state management, routing, or shadcn/ui components - not for simple single-file HTML/JSX artifacts.
webapp-testing
Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.
xlsx
Comprehensive spreadsheet creation, editing, and analysis with support for formulas, formatting, data analysis, and visualization. When Claude needs to work with spreadsheets (.xlsx, .xlsm, .csv, .tsv, etc) for: (1) Creating new spreadsheets with formulas and formatting, (2) Reading or analyzing data, (3) Modify existing spreadsheets while preserving formulas, (4) Data analysis and visualization in spreadsheets, or (5) Recalculating formulas
codebase-auditor
Scan a repository against curated coding standards and produce a structured audit report, issue set, refactor plan, and sprint-based remediation roadmap. Use when the user invokes /vibe.audit or asks to review the codebase against established rules. Operates in full autopilot mode from repository scan to sprint plan output.
django_clean_arch
Use this skill when working on a Django project that follows Clean Architecture, DDD (Domain-Driven Design), or a use-case-based structure — as opposed to standard Django MTV patterns. Triggers on: any Django code involving use cases, interactors, repositories, domain models (separate from Django ORM models), application services, or when the user mentions they use Clean Architecture with Django. Also use when the user asks how to structure Django code for testability, or how to avoid business logic in views or models.
explain_codebase
Use this skill when the user wants a tour, overview, or explanation of a codebase, project structure, or specific module — to understand how it's organized and how the pieces fit together. Triggers on: "explain how this project is structured", "walk me through the codebase", "how does this code work together?", "what does each folder do?", "I'm new to this project, where do I start?", "explain the architecture", "how does X connect to Y?". Also use when a new contributor needs onboarding into the code.
trace_data_flow
Use this skill when the user needs to understand how data moves through a system — where a value comes from, how it gets transformed, where it ends up, or why it's wrong at a specific point. Triggers on: "where does this value come from?", "how does data get from X to Y?", "trace this request", "follow this through the code", "what transforms this?", "how does this end up in the database?", "I want to understand the flow". Also use when debugging a bug that requires understanding data provenance.
write_migration
Use this skill whenever the user needs to write a database schema migration — adding/removing columns, creating/dropping tables, adding indexes, changing constraints, renaming, or backfilling data. Triggers on: "add a column to", "create a migration for", "I need to change the schema", "add an index", "rename this table", "backfill data", "alter the DB". Also use when the user adds a new model field and needs a migration to match. Works across Alembic (Python/SQLAlchemy), Django migrations, SeaORM migrations (Rust), and raw SQL.
api-test-suite-builder
当需要为 REST API 批量补齐集成/契约测试时使用;扫描 Next.js/Express/FastAPI/Django REST 路由并生成覆盖鉴权、入参校验、错误码、分页、文件上传、限流的可运行测试套件(Vitest+Supertest 或 Pytest+httpx);不适用于纯前端 UI、单元测试或 GraphQL/gRPC;触发词:生成 API 测试、集成测试套件、契约测试
codebase-to-prd
当拿到现有前端/后端/全栈代码库、需要逆向产出产品需求文档(PRD)或功能清单时使用;做三阶段扫描(全局扫描→逐页深析→结构化文档生成)并产出可让工程师或 AI 完整重建每个页面与接口的业务可读 PRD(README+分页文档+枚举/接口/页面关系附录);不适用于无源码的纯需求规划、UI 视觉走查或单纯代码审查。触发词:生成PRD、逆向需求文档、代码转文档、梳理页面字段与接口
codeql
Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality + security-experimental suites) and "important only" (high-precision security findings) scan modes. Also handles creating data extension models and processing CodeQL SARIF output.
paper-fetch
Use when the user wants to download a paper PDF from a DOI (or title, resolved to a DOI first). Tries Unpaywall, arXiv, bioRxiv/medRxiv, PubMed Central, Semantic Scholar, and Sci-Hub mirrors as a last-resort fallback.
brand-guidelines
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
internal-comms
A set of resources to help me write all kinds of internal communications, using the formats that my company likes to use. Claude should use this skill whenever asked to write some sort of internal communications (status reports, leadership updates, 3P updates, company newsletters, FAQs, incident reports, project updates, etc.).
python-code
Python development best practices, PEP 8, and modern Python features
stitch
Build or verify cross-repo STITCH.md linking backend + frontends in a product group. Modes: create, verify, diff, section. Uses CODEMAPs as drift source by default. Trigger: '/stitch create <group>', '/stitch diff <group>'.
distributed-task-orchestrator
Decompose complex tasks into parallel sub-agents. Use for multi-step operations, batch processing, or when user mentions "parallel", "agents", or "orchestrate".
doc-coauthoring
Guide users through a structured workflow for co-authoring documentation. Use when user wants to write documentation, proposals, technical specs, decision docs, or similar structured content. This workflow helps users efficiently transfer context, refine content through iteration, and verify the doc works for readers. Trigger when user mentions writing docs, creating proposals, drafting specs, or similar documentation tasks.
ms-agent-framework-rag
Comprehensive guide for building Agentic RAG systems using Microsoft Agent Framework in C#. Use when creating RAG applications with semantic search, document indexing, and intelligent agent orchestration. Includes scaffolding scripts, reference implementations, and documentation for vector databases, embedding models, and multi-agent workflows.
office-to-md
Convert Office documents (Word, Excel, PowerPoint, PDF) to Markdown format. ONLY use this skill when the user explicitly requests to CONVERT, TRANSFORM or PARSE a specific office file into Markdown. Do NOT trigger for general questions, documentation reading, or discussions about files.
planning-with-files
Transforms workflow to use Manus-style persistent markdown files for planning, progress tracking, and knowledge storage. Use when starting complex tasks, multi-step projects, research tasks, or when the user mentions planning, organizing work, tracking progress, or wants structured output.
celery-patterns
Celery patterns for distributed task queues — task definitions, retry strategies, scheduling, chains/groups, monitoring, and production configuration with Redis/RabbitMQ.
database-migrations
Database migration best practices for schema changes, data migrations, rollbacks, and zero-downtime deployments. Covers Alembic, Django, and raw SQL.
deployment-patterns
Deployment workflows, CI/CD pipeline patterns, Docker containerization, health checks, rollback strategies for Python applications.
django-patterns
Django architecture patterns, REST API design with DRF, ORM best practices, caching, signals, middleware, and production-grade Django apps.
django-security
Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations.
django-tdd
Django testing strategies with pytest-django, TDD methodology, factory_boy, mocking, coverage, and testing Django REST Framework APIs.
docker-patterns
Docker and Docker Compose patterns for Python development, container security, networking, and multi-service orchestration.
redis-patterns
Redis patterns for Python — caching, sessions, pub/sub, rate limiting, distributed locks, and integration with Django/FastAPI.
codeql
Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality + security-experimental suites) and "important only" (high-precision security findings) scan modes. Also handles creating data extension models and processing CodeQL SARIF output.
lang-python
Use when writing or reviewing Python (.py/.pyi) or FastAPI/Django/Flask code — idiomatic 3.11+ style, type hints + mypy/pyright, pydantic boundary validation, error handling, and the language's top security pitfalls. Triggers on pyproject.toml, requirements.txt, ruff/black, pytest, venv/poetry/uv projects.
django-security
Security audit for Django applications including settings.py (SECRET_KEY, DEBUG, ALLOWED_HOSTS), middleware order, ORM raw queries, template autoescape bypass, CSRF protection, Django Admin exposure, authentication backends, file upload handling, and Django-specific patterns. Use this skill whenever the user mentions Django, settings.py, manage.py, Django ORM, Django REST Framework, DRF, makemigrations, urls.py, views.py, or asks "audit my Django app", "Django security review", "Django settings safe". Trigger when the codebase contains `django` in `requirements.txt` / `pyproject.toml`, or `manage.py`, `settings.py`, `urls.py` files.
flask-security
Security audit for Flask applications including Jinja2 autoescape bypass, Flask-Login session handling, Flask-WTF CSRF protection, Blueprint structure, app.config secrets, SQL via Flask-SQLAlchemy, file uploads, custom decorators for auth, and Flask-specific extensions. Use this skill whenever the user mentions Flask, flask app, Blueprint, Flask-Login, Flask-WTF, Flask-SQLAlchemy, Flask-RESTful, Flask-Admin, render_template, or asks "audit my Flask app", "Flask security review". Trigger when the codebase contains `flask` in `requirements.txt` / `pyproject.toml` or `from flask import` patterns.
api-security
API security review against OWASP API Top 10 2023. Covers auth (OAuth2/JWT/API-keys), object-level authorization (BOLA/IDOR), schema validation, rate-limiting, CORS, SSRF, and GraphQL-specific concerns (introspection, query depth, batching).
django-security
Django security review — CSRF, ORM-level SQL injection (raw/extra/annotate), template injection via |safe, admin hardening, middleware ordering, settings deploy checklist, and recent Django CVE patterns.
sast-orchestrator
SAST orchestration for Semgrep, CodeQL and SonarQube. Covers tool selection, ruleset curation, PR-comment integration, noise reduction with baselines, and language-specific linters (bandit, gosec, brakeman, eslint-security) when they add coverage.
secure-coding
Language-agnostic secure-coding patterns — input validation, injection-safe APIs, authN/authZ, crypto, secrets, dependency hygiene. The default lens when no framework-specific skill applies.
security-review
Security review workflow for a PR, feature or codebase — scope, automated scans, manual OWASP/CWE pattern-check, prioritize and report. Uses secure-coding as pattern library.
integration
Bootstrap a new framework integration for apcore. Scaffolds the project with endpoint scanners, configuration system, context mapping, CLI commands, demo project, and Docker setup. Learns patterns from existing integrations (django-apcore, flask-apcore, nestjs-apcore).
django-import-enforcer
Automatically validate and fix Django import patterns to use absolute modular imports with aliases. Use when writing imports, creating new Python files, modifying existing files, or seeing import statements in code.
migration-safety-checker
This skill should be used when the user asks to "create a migration", "run makemigrations", "modify a model field", "rename a column", or mentions "schema change", "alter table", "database migration". Validates migrations are production-safe.
model-entity-validator
This skill should be used when the user asks to "create a model", "add a Django model", "create database table", "add entity", "define schema", or when writing class definitions inheriting from models.Model. Validates BaseModel inheritance pattern.
performance-optimizer
This skill should be used when the user asks to "optimize queries", "fix slow queries", "improve performance", "detect N+1", "add indexes", or when writing Django ORM queries that access related objects. Detects and fixes performance issues.
security-first-validator
This skill should be used when the user asks to "create an API endpoint", "add a view", "write a viewset", "create a serializer", or when writing Django REST Framework code. Enforces security requirements (permissions, authentication, rate limiting).
tdd-planner
This skill should be used when the user asks to "plan a feature", "prepare for dev loop", "structure TDD approach", "break down this task", "create development plan", or when generating structured prompts for iterative development. Creates dev-loop-ready plans with TDD phases, file tables, code snippets, and framework-specific guidance.
test-coverage-advisor
This skill should be used when the user asks to "write tests", "generate tests", "check coverage", "add test cases", or when completing features and saying "done", "finished", "ready for review". Suggests tests for 90%+ coverage.
backend
Patterns backend/fullstack. Se charge à l'écriture/modification de code serveur : routes, controllers, services, models, middleware, migrations, jobs, seeds, schemas. Frameworks : Express, Fastify, NestJS, Koa, Hono (Node) ; FastAPI, Django, Flask (Python) ; Laravel, Symfony, Slim (PHP) ; Rails (Ruby) ; Spring, Quarkus (Java) ; Gin, Echo, Fiber (Go) ; Actix, Axum (Rust) ; ASP.NET Core (C#). Couvre : API REST, architecture 3 couches (controller → service → repository), auth (sessions, JWT, OAuth), base de données (SQL, ORM, migrations), error handling structuré, middleware, real-time (WebSocket, SSE), file upload, validation entrées. Ne se charge PAS quand : discussion, review ou documentation sans écriture de code backend.
django-verification
Verification loop for Django projects: migrations, linting, tests with coverage, security scans, and deployment readiness checks.
distill
Turn raw task text into a tiered executable spec per TASK.schema.md. Auto-tiers by complexity (micro/standard/full). Optional --group loads CODEMAPs for cited context. Trigger: '/distill', '/distill --group=<tag> "…"'.
scitex-hub-cloud
SciTeX Hub web service integration — health monitoring, web app context, JavaScript evaluation, and browser UI control. Module-level helpers wrap CloudClient.
scitex-hub-module
Mark functions as SciTeX workspace modules with the @module decorator and collect structured outputs. Canonical home — the umbrella scitex.module re-exports from here.
scitex-hub-project
SciTeX Hub project management — CRUD plus secure MCP handlers for list, read, write, search, and execute within project sandboxes.
glitchtip
Use when deploying, configuring, integrating, or troubleshooting GlitchTip — including self-hosted installation, SDK setup, source maps, sentry-cli, uptime monitoring, alerting, environment variables, Docker Compose, Helm, social auth, and migration from Sentry
backend
Designs, builds, and reviews backend systems: APIs, databases, server-side logic, authentication, file handling, webhooks, and microservices. Triggers when the user asks to build an API, design a database schema, write server-side code, set up authentication, handle file uploads, build webhooks, design microservices, optimize queries, or work with Node.js, Python, Go, Java, or any server-side technology. Also triggers proactively when reviewing backend code for performance, scalability, or correctness issues — including N+1 queries, missing indexes, connection pool exhaustion, and missing pagination. Key capabilities: layered architecture patterns (routes/controllers/services/repositories), REST design with correct HTTP status codes, UUID-based public IDs with created_at/updated_at timestamps, JWT auth with short-lived access tokens + httpOnly refresh cookies, bcrypt password hashing at cost factor 12+, centralized error handling, structured JSON logging, parameterized queries only, and background job pattern
using-context7
Use when working with any library/framework/SDK to fetch current docs. Beats training-data memory which is stale.
using-context7
Use when working with any library/framework/SDK to fetch current docs. Beats training-data memory which is stale.
conductor-setup
Set up Conductor (conductor.build) for a repository. Creates conductor.json, setup scripts for .env symlinking, and configures dev server run commands. Use when the user asks to "set up Conductor", "configure Conductor", "add conductor.json", "create conductor config", or mentions Conductor workspaces for a new or existing repo.
dev-builder
全栈开发工程师技能包,负责根据产品需求文档和原型图实现功能代码。涵盖技术栈选择、项目初始化、功能实现、代码质量控制和功能验证。
backend-development
バックエンド開発の基礎。API設計、データベース設計、認証・認可、エラーハンドリング、セキュリティなど、堅牢なバックエンドシステム構築のベストプラクティス。
python-development
Python開発ガイド。FastAPI、Django、Flask、型ヒント、非同期処理、データ処理、パフォーマンス最適化など、Pythonアプリケーション開発のベストプラクティス。
apex-pipeline
Unified application security testing workflow — combines recon, SAST, DAST, manual hunting, validation, and reporting into a single orchestrated pipeline. Runs as an "app" with automated phase transitions. Supports web apps (React, Next.js, Django, Flask, Laravel, Spring, Rails, Express), mobile APIs, GraphQL, REST, gRPC, and microservices. Phases — Phase 0 (target intake + scope lock), Phase 1 (passive recon + tech fingerprint), Phase 2 (SAST deep scan via semgrep/grep/trufflehog), Phase 3 (DAST active probing — nuclei/ffuf/dalfox), Phase 4 (manual hunt — IDOR/SSRF/XSS/SQLi/auth-bypass/race/business-logic/LLM), Phase 5 (chain building + impact escalation), Phase 6 (7-Question Gate validation), Phase 7 (report generation). Use when starting a full security assessment on any application, when asked to "test this app", "audit this codebase", "find bugs in this project", or when you need an end-to-end security workflow that combines static and dynamic analysis with manual expertise.
docs-bootstrapper
Bootstraps documentation structure for projects. Creates initial README, architecture docs, and API documentation with project-aware templates.
synapse-applications
Build a new Synapse App as an OCI image and publish it to the Datamaker registry so the workspace can install it via the App Store. Use when the user asks to create/scaffold a Synapse App, sub-app, plugin, iframe app, or embedded dashboard, or mentions synapse-app.yaml, /plugins registry, apiVersion synapse.datamaker.io/v1, or the iframe bridge. Supports React, Vue, Next.js, Nuxt 3, Gradio, Streamlit, Static HTML, Django, FastAPI (priority in that order).
aws-serverless
Deploy any web project to AWS serverless infrastructure (S3 + CloudFront for static sites, Lambda + API Gateway for containers) at ~$1-3/month with automatic HTTPS and CI/CD
dev-builder
全栈开发工程师技能包,负责根据产品需求文档和原型图实现功能代码。涵盖技术栈选择、项目初始化、功能实现、代码质量控制和功能验证。
Integration detected automatically from skill content. Some results may be false positives.