Google Cloud
CloudCommonly used with
Skills using Google Cloud (533)
firebase-mobile
Firebase backend services integration for mobile apps
generating-gcp-diagrams
Generates DrawIO XML diagrams for Google Cloud Platform architectures from text descriptions or images. Analyzes existing .drawio files to extract GCP components. Use for GCP architecture diagrams, cloud infrastructure documentation, or when converting GCP diagram images to editable DrawIO format.
google-play-console
Google Play Store publishing and management expertise
sql-query-optimizer
Analyzes and optimizes SQL queries across different data warehouse platforms (Snowflake, BigQuery, Redshift, Databricks) with platform-specific recommendations.
cloud-architect
Expert cloud architect specializing in AWS/Azure/GCP multi-cloud infrastructure design, advanced IaC (Terraform/OpenTofu/CDK), FinOps cost optimization, and modern architectural patterns.
cloud-devops
Cloud infrastructure and DevOps workflow covering AWS, Azure, GCP, Kubernetes, Terraform, CI/CD, monitoring, and cloud-native development.
data-engineer
Build scalable data pipelines, modern data warehouses, and real-time streaming architectures. Implements Apache Spark, dbt, Airflow, and cloud-native data platforms.
pydantic-ai
Build production-ready AI agents with PydanticAI — type-safe tool use, structured outputs, dependency injection, and multi-model support.
sql-pro
Master modern SQL with cloud-native databases, OLTP/OLAP optimization, and advanced query techniques. Expert in performance tuning, data modeling, and hybrid analytical systems.
stable-diffusion-image-generation
State-of-the-art text-to-image generation with Stable Diffusion models via HuggingFace Diffusers. Use when generating images from text prompts, performing image-to-image translation, inpainting, or building custom diffusion pipelines.
abridge-deploy-integration
Deploy Abridge clinical AI integration to HIPAA-compliant cloud infrastructure. Use when deploying to GCP Cloud Run, AWS ECS, or Azure Container Apps with healthcare-grade secrets management and compliance controls. Trigger: "deploy abridge", "abridge production deploy", "abridge Cloud Run", "abridge AWS deploy", "abridge HIPAA infrastructure".
adk-agent-builder
Build production-ready AI agents using Google's Agent Development Kit with AI assistant integration, React patterns, multi-agent orchestration, and comprehensive tool libraries. Use when appropriate context detected. Trigger with relevant phrases based on skill purpose.
adk-deployment-specialist
Deploy and orchestrate Vertex AI ADK agents using A2A protocol. Manages AgentCard discovery, task submission, Code Execution Sandbox, and Memory Bank. Use when asked to "deploy ADK agent" or "orchestrate agents". Trigger with phrases like 'deploy', 'infrastructure', or 'CI/CD'.
adk-engineer
Execute software engineer specializing in creating production-ready ADK agents with best practices, code structure, testing, and deployment automation. Use when asked to "build ADK agent", "create agent code", or "engineer ADK application". Trigger with relevant phrases based on skill purpose.
adobe-deploy-integration
Deploy Adobe-powered applications to Vercel, Cloud Run, and Adobe App Builder with proper credential injection and health monitoring. Use when deploying Adobe API integrations to production platforms. Trigger with phrases like "deploy adobe", "adobe Vercel", "adobe Cloud Run", "adobe App Builder deploy", "adobe production deploy".
adobe-multi-env-setup
Configure Adobe OAuth credentials and API access across development, staging, and production environments with separate Developer Console projects, secret managers, and environment-specific scoping. Trigger with phrases like "adobe environments", "adobe staging", "adobe dev prod", "adobe environment setup", "adobe config by env".
adobe-security-basics
Apply Adobe security best practices for OAuth credentials, secret rotation, I/O Events webhook signature verification, and least-privilege scoping. Use when securing API credentials, implementing webhook validation, or auditing Adobe security configuration. Trigger with phrases like "adobe security", "adobe secrets", "secure adobe", "adobe credential rotation", "adobe webhook signature".
alchemy-deploy-integration
Deploy Alchemy-powered Web3 applications to Vercel, Cloud Run, and AWS. Use when deploying dApps with server-side Alchemy SDK access, configuring API key secrets, or setting up RPC proxy endpoints. Trigger: "deploy alchemy", "alchemy Vercel", "alchemy Cloud Run", "alchemy production deploy", "dApp deploy".
algolia-deploy-integration
Deploy Algolia-powered apps to Vercel, Fly.io, and Cloud Run with proper API key management and InstantSearch frontend integration. Trigger: "deploy algolia", "algolia Vercel", "algolia production deploy", "algolia Cloud Run", "algolia Fly.io", "algolia InstantSearch".
anth-architecture-variants
Choose and implement Claude API architecture patterns for different scales: serverless, microservice, event-driven, and edge deployment. Trigger with phrases like "anthropic architecture", "claude serverless", "claude microservice design", "edge claude deployment".
anth-deploy-integration
Deploy Claude API integrations to production cloud environments. Use when deploying Claude-powered services to Docker, Cloud Run, ECS, or Kubernetes with proper secret management and health checks. Trigger with phrases like "deploy anthropic", "claude production deploy", "ship claude integration", "anthropic cloud deployment".
apollo-deploy-integration
Deploy Apollo.io integrations to production. Use when deploying Apollo integrations, configuring production environments, or setting up deployment pipelines. Trigger with phrases like "deploy apollo", "apollo production deploy", "apollo deployment pipeline", "apollo to production".
apollo-security-basics
Apply Apollo.io API security best practices. Use when securing Apollo integrations, managing API keys, or implementing secure data handling. Trigger with phrases like "apollo security", "secure apollo api", "apollo api key security", "apollo data protection".
assemblyai-deploy-integration
Deploy AssemblyAI integrations to Vercel, Cloud Run, and Fly.io platforms. Use when deploying AssemblyAI-powered transcription services to production, configuring platform-specific secrets, or setting up webhook endpoints. Trigger with phrases like "deploy assemblyai", "assemblyai Vercel", "assemblyai production deploy", "assemblyai Cloud Run", "assemblyai Fly.io".
attio-deploy-integration
Deploy Attio integrations to Vercel, Fly.io, Railway, and Cloud Run with proper secrets, health checks, and webhook endpoint configuration. Trigger: "deploy attio", "attio Vercel", "attio production deploy", "attio Cloud Run", "attio Fly.io", "attio Railway".
bamboohr-deploy-integration
Deploy BambooHR integrations to Vercel, Fly.io, and Cloud Run platforms. Use when deploying BambooHR-powered applications to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy bamboohr", "bamboohr Vercel", "bamboohr production deploy", "bamboohr Cloud Run", "bamboohr Fly.io".
bamboohr-prod-checklist
Execute BambooHR production deployment checklist and rollback procedures. Use when deploying BambooHR integrations to production, preparing for launch, or implementing go-live procedures with BambooHR API. Trigger with phrases like "bamboohr production", "deploy bamboohr", "bamboohr go-live", "bamboohr launch checklist", "bamboohr prod ready".
brightdata-deploy-integration
Deploy Bright Data integrations to Vercel, Fly.io, and Cloud Run platforms. Use when deploying Bright Data-powered applications to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy brightdata", "brightdata Vercel", "brightdata production deploy", "brightdata Cloud Run", "brightdata Fly.io".
canva-deploy-integration
Deploy Canva Connect API integrations to Vercel, Fly.io, and Cloud Run. Use when deploying Canva-powered applications to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy canva", "canva Vercel", "canva production deploy", "canva Cloud Run", "canva Fly.io".
clade-deploy-integration
Deploy Claude-powered applications to Vercel, Fly.io, and Cloud Run Use when working with deploy-integration patterns. with proper secrets management and streaming support. Trigger with "deploy anthropic", "claude production deploy", "anthropic vercel", "deploy claude app".
clari-core-workflow-a
Build a Clari forecast export pipeline to your data warehouse. Use when exporting forecast calls, quota data, and CRM totals from Clari to Snowflake, BigQuery, or a local database. Trigger with phrases like "clari forecast export", "clari data pipeline", "clari to snowflake", "clari to bigquery", "export clari data".
clari-deploy-integration
Deploy Clari export pipelines to production with Airflow, Cloud Functions, or Lambda. Use when scheduling automated exports, deploying to cloud platforms, or setting up serverless Clari sync. Trigger with phrases like "deploy clari", "clari airflow", "clari lambda", "clari cloud function", "clari scheduled export".
clari-install-auth
Configure Clari API authentication with API key and set up export access. Use when connecting to the Clari API, generating API tokens, or configuring forecast data exports. Trigger with phrases like "install clari", "setup clari api", "clari auth", "clari api key", "configure clari".
clay-deploy-integration
Deploy Clay-powered applications to Vercel, Cloud Run, or Docker with proper secrets management. Use when deploying Clay webhook receivers, enrichment pipelines, or CRM sync services to production infrastructure. Trigger with phrases like "deploy clay", "clay Vercel", "clay production deploy", "clay Cloud Run", "clay Docker", "host clay integration".
clay-security-basics
Apply Clay security best practices for API keys, webhook secrets, and data access control. Use when securing Clay integrations, rotating API keys, auditing access, or implementing webhook authentication. Trigger with phrases like "clay security", "clay secrets", "secure clay", "clay API key security", "clay webhook security".
clickhouse-deploy-integration
Deploy ClickHouse-backed applications to Vercel, Fly.io, and Cloud Run with connection pooling, secrets, and health checks. Use when deploying applications that connect to ClickHouse Cloud, configuring platform secrets, or setting up deployment pipelines. Trigger: "deploy clickhouse app", "clickhouse Vercel", "clickhouse Cloud Run", "clickhouse production deploy", "clickhouse Fly.io".
clickhouse-multi-env-setup
Configure ClickHouse across dev, staging, and production with environment-specific settings, secrets management, and infrastructure-as-code patterns. Use when setting up per-environment ClickHouse instances, managing connection configs, or deploying to multiple environments. Trigger: "clickhouse environments", "clickhouse dev staging prod", "clickhouse multi-env", "clickhouse environment config", "clickhouse staging setup".
clickup-deploy-integration
Deploy ClickUp API integrations to Vercel, Fly.io, and Cloud Run with secure secrets management and health checks. Trigger: "deploy clickup", "clickup Vercel", "clickup production deploy", "clickup Cloud Run", "clickup Fly.io", "clickup hosting".
cohere-deploy-integration
Deploy Cohere-powered applications to Vercel, Fly.io, and Cloud Run. Use when deploying Cohere API v2 apps to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy cohere", "cohere Vercel", "cohere production deploy", "cohere Cloud Run", "cohere Fly.io".
cohere-multi-env-setup
Configure Cohere across development, staging, and production environments. Use when setting up multi-environment deployments, configuring per-environment API keys, model selection, and rate limit strategies. Trigger with phrases like "cohere environments", "cohere staging", "cohere dev prod", "cohere environment setup", "cohere config by env".
cohere-prod-checklist
Execute Cohere production deployment checklist and rollback procedures. Use when deploying Cohere integrations to production, preparing for launch, or implementing go-live procedures for Cohere-powered apps. Trigger with phrases like "cohere production", "deploy cohere", "cohere go-live", "cohere launch checklist".
customerio-deploy-pipeline
Deploy Customer.io integrations to production cloud platforms. Use when deploying to Cloud Run, Vercel, AWS Lambda, or Kubernetes with proper secrets management and health checks. Trigger: "deploy customer.io", "customer.io cloud run", "customer.io kubernetes", "customer.io lambda", "customer.io vercel".
customerio-security-basics
Apply Customer.io security best practices. Use when implementing secure credential storage, PII handling, webhook signature verification, or GDPR/CCPA compliance. Trigger: "customer.io security", "customer.io pii", "secure customer.io", "customer.io gdpr", "customer.io webhook verify".
data-analyst
Data exploration and analysis partner for Product Managers. Use when the user needs to query databases, analyze metrics, create dashboards, or extract insights from data. Triggers include "query", "analyze data", "metrics", "BigQuery", "SQL", "dashboard", "what does the data say", or when working with quantitative information.
databricks-multi-env-setup
Configure Databricks across development, staging, and production environments. Use when setting up multi-environment deployments, configuring per-environment secrets, or implementing environment-specific Databricks configurations. Trigger with phrases like "databricks environments", "databricks staging", "databricks dev prod", "databricks environment setup", "databricks config by env".
deepgram-deploy-integration
Deploy Deepgram integrations to production environments. Use when deploying to cloud platforms, configuring containers, or setting up Deepgram in Docker/Kubernetes/serverless. Trigger: "deploy deepgram", "deepgram docker", "deepgram kubernetes", "deepgram production deploy", "deepgram cloud run", "deepgram lambda".
deepgram-migration-deep-dive
Deep dive into migrating to Deepgram from other transcription providers. Use when migrating from AWS Transcribe, Google Cloud STT, Azure Speech, OpenAI Whisper, AssemblyAI, or Rev.ai to Deepgram. Trigger: "deepgram migration", "switch to deepgram", "migrate transcription", "deepgram from AWS", "deepgram from Google", "replace whisper with deepgram".
elevenlabs-deploy-integration
Deploy ElevenLabs TTS applications to Vercel, Fly.io, and Cloud Run. Use when deploying ElevenLabs-powered apps to production, configuring platform-specific secrets, or setting up serverless TTS. Trigger: "deploy elevenlabs", "elevenlabs Vercel", "elevenlabs Cloud Run", "elevenlabs Fly.io", "elevenlabs serverless", "host TTS API".
evernote-deploy-integration
Deploy Evernote integrations to production environments. Use when deploying to cloud platforms, configuring production, or setting up deployment pipelines. Trigger with phrases like "deploy evernote", "evernote production deploy", "release evernote", "evernote cloud deployment".
evernote-security-basics
Implement security best practices for Evernote integrations. Use when securing API credentials, implementing OAuth securely, or hardening Evernote integrations. Trigger with phrases like "evernote security", "secure evernote", "evernote credentials", "evernote oauth security".
exa-deploy-integration
Deploy Exa integrations to Vercel, Docker, and Cloud Run platforms. Use when deploying Exa-powered applications to production, configuring platform-specific secrets, or building search API endpoints. Trigger with phrases like "deploy exa", "exa Vercel", "exa production deploy", "exa Cloud Run", "exa Docker".
figma-deploy-integration
Deploy Figma-powered applications to Vercel, Cloud Run, and Fly.io. Use when deploying webhook receivers, design token APIs, or Figma-connected web apps to production platforms. Trigger with phrases like "deploy figma", "figma Vercel", "figma production deploy", "figma Cloud Run".
firebase-vertex-ai
Execute firebase platform expert with Vertex AI Gemini integration for Authentication, Firestore, Storage, Functions, Hosting, and AI-powered features. Use when asked to "setup firebase", "deploy to firebase", or "integrate vertex ai with firebase". Trigger with relevant phrases based on skill purpose.
firecrawl-deploy-integration
Deploy Firecrawl integrations to Vercel, Cloud Run, and Docker platforms. Use when deploying Firecrawl-powered applications to production, configuring platform-specific secrets, or setting up self-hosted Firecrawl. Trigger with phrases like "deploy firecrawl", "firecrawl Vercel", "firecrawl production deploy", "firecrawl Cloud Run", "firecrawl Docker".
fireflies-deploy-integration
Deploy Fireflies.ai webhook receivers and GraphQL clients to Vercel, Docker, and Cloud Run. Use when deploying Fireflies.ai-powered applications to production, configuring platform-specific secrets, or hosting webhook endpoints. Trigger with phrases like "deploy fireflies", "fireflies Vercel", "fireflies production deploy", "fireflies Cloud Run", "fireflies Docker".
framer-deploy-integration
Deploy Framer integrations to Vercel, Fly.io, and Cloud Run platforms. Use when deploying Framer-powered applications to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy framer", "framer Vercel", "framer production deploy", "framer Cloud Run", "framer Fly.io".
gcp-examples-expert
Generate production-ready Google Cloud code examples from official repositories including ADK samples, Genkit templates, Vertex AI notebooks, and Gemini patterns. Use when asked to "show ADK example" or "provide GCP starter kit". Trigger with relevant phrases based on skill purpose.
genkit-production-expert
Build production Firebase Genkit applications including RAG systems, multi-step flows, and tool calling for Node.js/Python/Go. Deploy to Firebase Functions or Cloud Run with AI monitoring. Use when asked to "create genkit flow" or "implement RAG". Trigger with relevant phrases based on skill purpose.
glean-deploy-integration
Deploy Glean custom connectors as scheduled jobs on Cloud Run, Lambda, or Fly.io. Trigger: "deploy glean connector", "glean connector hosting", "schedule glean indexing".
glean-reference-architecture
Enterprise architecture: Source Systems -> Connectors (Cloud Run/Lambda, event-driven or scheduled) -> Glean Indexing API -> Glean Search Index -> Client API (Search + Chat) -> Your Apps (Slack bot, portal, internal tools). Trigger: "glean reference architecture", "reference-architecture".
grammarly-deploy-integration
Deploy Grammarly integrations to Vercel, Fly.io, and Cloud Run platforms. Use when deploying Grammarly-powered applications to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy grammarly", "grammarly Vercel", "grammarly production deploy", "grammarly Cloud Run", "grammarly Fly.io".
granola-observability
Monitor Granola adoption, meeting analytics, and build custom dashboards. Use when tracking team meeting patterns, measuring adoption, building analytics pipelines, or creating executive reports. Trigger: "granola analytics", "granola metrics", "granola monitoring", "granola adoption", "meeting insights".
groq-deploy-integration
Deploy Groq integrations to Vercel, Cloud Run, and containerized platforms. Use when deploying Groq-powered applications to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy groq", "groq Vercel", "groq production deploy", "groq Cloud Run", "groq Docker".
hootsuite-deploy-integration
Deploy Hootsuite integrations to Vercel, Fly.io, and Cloud Run platforms. Use when deploying Hootsuite-powered applications to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy hootsuite", "hootsuite Vercel", "hootsuite production deploy", "hootsuite Cloud Run", "hootsuite Fly.io".
hubspot-deploy-integration
Deploy HubSpot integrations to Vercel, Fly.io, and Cloud Run platforms. Use when deploying HubSpot-powered applications, configuring platform secrets, or setting up deployment pipelines with HubSpot access tokens. Trigger with phrases like "deploy hubspot", "hubspot Vercel", "hubspot Cloud Run", "hubspot Fly.io", "hubspot production deploy".
hubspot-multi-env-setup
Configure HubSpot across development, staging, and production environments. Use when setting up per-environment HubSpot portals, configuring separate access tokens, or implementing environment isolation for HubSpot integrations. Trigger with phrases like "hubspot environments", "hubspot staging", "hubspot dev prod", "hubspot test account", "hubspot config by env".
ideogram-deploy-integration
Deploy Ideogram integrations to Vercel, Cloud Run, and Docker platforms. Use when deploying Ideogram-powered applications to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy ideogram", "ideogram Vercel", "ideogram production deploy", "ideogram Cloud Run", "ideogram Docker".
instantly-deploy-integration
Deploy Instantly.ai webhook receivers and API integrations to cloud platforms. Use when deploying to Vercel, Cloud Run, or Fly.io, or setting up production webhook endpoints. Trigger with phrases like "deploy instantly", "instantly cloud run", "instantly vercel", "instantly webhook deployment", "instantly production deploy".
instantly-reference-architecture
Implement Instantly.ai reference architecture with best-practice project layout. Use when designing new Instantly integrations, planning multi-campaign systems, or building an outreach automation platform. Trigger with phrases like "instantly architecture", "instantly project structure", "instantly reference design", "instantly system design", "instantly integration layout".
intercom-deploy-integration
Deploy Intercom integrations to Vercel, Fly.io, and Cloud Run with proper secrets. Use when deploying Intercom-powered applications to production, configuring platform-specific secrets, or setting up webhook endpoints. Trigger with phrases like "deploy intercom", "intercom Vercel", "intercom production deploy", "intercom Cloud Run", "intercom Fly.io".
intercom-multi-env-setup
Configure Intercom across development, staging, and production workspaces. Use when setting up multi-environment deployments, configuring per-environment access tokens, or implementing workspace isolation. Trigger with phrases like "intercom environments", "intercom staging", "intercom dev prod", "intercom environment setup", "intercom workspace isolation".
klaviyo-deploy-integration
Deploy Klaviyo integrations to Vercel, Fly.io, and Cloud Run platforms. Use when deploying Klaviyo-powered applications to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy klaviyo", "klaviyo Vercel", "klaviyo production deploy", "klaviyo Cloud Run", "klaviyo Fly.io".
klaviyo-multi-env-setup
Configure Klaviyo across development, staging, and production environments. Use when setting up multi-environment deployments, configuring per-environment API keys, or implementing environment-specific Klaviyo configurations. Trigger with phrases like "klaviyo environments", "klaviyo staging", "klaviyo dev prod", "klaviyo environment setup", "klaviyo config by env".
langchain-deploy-integration
Deploy LangChain applications to production with LangServe, Docker, and cloud platforms (Cloud Run, AWS Lambda). Trigger: "deploy langchain", "langchain production deploy", "langchain docker", "langchain cloud run", "LangServe".
langfuse-deploy-integration
Deploy Langfuse with your application across different platforms. Use when deploying Langfuse to Vercel, AWS, GCP, or Docker, or integrating Langfuse into your deployment pipeline. Trigger with phrases like "deploy langfuse", "langfuse Vercel", "langfuse AWS", "langfuse Docker", "langfuse production deploy".
langfuse-multi-env-setup
Configure Langfuse across development, staging, and production environments. Use when setting up multi-environment deployments, configuring per-environment keys, or implementing environment-specific Langfuse configurations. Trigger with phrases like "langfuse environments", "langfuse staging", "langfuse dev prod", "langfuse environment setup", "langfuse config by env".
lindy-multi-env-setup
Configure Lindy AI across development, staging, and production environments. Use when setting up isolated workspaces, per-environment secrets, or environment-specific agent configurations. Trigger with phrases like "lindy environments", "lindy staging", "lindy dev prod", "lindy environment setup", "lindy workspace isolation".
linear-deploy-integration
Deploy Linear-integrated applications and track deployments. Use when deploying to production, linking deploys to issues, or setting up deployment tracking with Vercel/Railway/Cloud Run. Trigger: "deploy linear integration", "linear deployment", "linear vercel", "track linear deployments", "linear deploy tracking".
linear-multi-env-setup
Configure Linear across development, staging, and production environments. Use when setting up per-environment API keys, secret management, or environment-specific Linear configurations. Trigger: "linear environments", "linear staging", "linear dev prod", "linear environment setup", "multi-environment linear".
linear-prod-checklist
Production readiness checklist for Linear integrations. Use when preparing to deploy, reviewing production requirements, or auditing existing Linear deployments. Trigger: "linear production checklist", "deploy linear", "linear production ready", "linear go live", "linear launch".
linktree-prod-checklist
Prod Checklist for Linktree. Trigger: "linktree prod checklist".
linktree-security-basics
Security Basics for Linktree. Trigger: "linktree security basics".
lokalise-deploy-integration
Deploy Lokalise integrations to Vercel, Netlify, and Cloud Run platforms. Use when deploying apps with Lokalise translations to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy lokalise", "lokalise Vercel", "lokalise production deploy", "lokalise Netlify", "lokalise Cloud Run".
lokalise-incident-runbook
Execute Lokalise incident response procedures with triage, mitigation, and postmortem. Use when responding to Lokalise-related outages, investigating errors, or running post-incident reviews for Lokalise integration failures. Trigger with phrases like "lokalise incident", "lokalise outage", "lokalise down", "lokalise on-call", "lokalise emergency", "translations broken".
lokalise-multi-env-setup
Configure Lokalise across development, staging, and production environments. Use when setting up multi-environment deployments, configuring per-environment secrets, or implementing environment-specific Lokalise configurations. Trigger with phrases like "lokalise environments", "lokalise staging", "lokalise dev prod", "lokalise environment setup", "lokalise config by env".
lokalise-security-basics
Apply Lokalise security best practices for API tokens and access control. Use when securing API tokens, implementing least privilege access, or auditing Lokalise security configuration. Trigger with phrases like "lokalise security", "lokalise secrets", "secure lokalise", "lokalise API token security".
lucidchart-prod-checklist
Prod Checklist for Lucidchart. Trigger: "lucidchart prod checklist".
maintainx-deploy-integration
Deploy MaintainX integrations to production environments. Use when deploying to cloud platforms, configuring production environments, or automating deployment pipelines for MaintainX integrations. Trigger with phrases like "deploy maintainx", "maintainx deployment", "maintainx cloud deploy", "maintainx kubernetes", "maintainx docker".
maintainx-multi-env-setup
Configure multiple MaintainX environments (dev, staging, production). Use when setting up environment-specific configurations, managing multiple MaintainX accounts, or implementing environment promotion. Trigger with phrases like "maintainx environments", "maintainx staging", "maintainx dev prod", "maintainx multi-environment", "maintainx config".
maintainx-prod-checklist
Production deployment checklist for MaintainX integrations. Use when preparing to deploy a MaintainX integration to production, verifying production readiness, or auditing existing deployments. Trigger with phrases like "maintainx production", "deploy maintainx", "maintainx go-live", "maintainx production checklist", "maintainx launch".
maintainx-reference-architecture
Production-grade architecture patterns for MaintainX integrations. Use when designing system architecture, planning integrations, or building enterprise-scale MaintainX solutions. Trigger with phrases like "maintainx architecture", "maintainx design", "maintainx system design", "maintainx enterprise", "maintainx patterns".
mindtickle-prod-checklist
Prod Checklist for MindTickle. Trigger: "mindtickle prod checklist".
mindtickle-security-basics
Security Basics for MindTickle. Trigger: "mindtickle security basics".
miro-deploy-integration
Deploy Miro REST API v2 integrations to Vercel, Fly.io, and Cloud Run with proper OAuth token management and webhook configuration. Trigger with phrases like "deploy miro", "miro Vercel", "miro production deploy", "miro Cloud Run", "miro Fly.io".
mistral-deploy-integration
Deploy Mistral AI integrations to Vercel, Docker, and Cloud Run platforms. Use when deploying Mistral AI-powered applications to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy mistral", "mistral Vercel", "mistral production deploy", "mistral Cloud Run", "mistral Docker".
mistral-multi-env-setup
Configure Mistral AI across development, staging, and production environments. Use when setting up multi-environment deployments, configuring per-environment secrets, or implementing environment-specific Mistral AI configurations. Trigger with phrases like "mistral environments", "mistral staging", "mistral dev prod", "mistral environment setup".
navan-data-sync
Implement incremental sync strategies for Navan BOOKING and TRANSACTION data with ETL pipeline patterns. Use when setting up production data pipelines, debugging sync drift, or adding real-time event processing. Trigger with "navan data sync", "navan incremental sync", "navan ETL pipeline".
navan-prod-checklist
Use when validating production readiness for a Navan API integration — credential rotation, alerting, rate limits, SSO, SCIM, and compliance audit trails. Trigger with "navan prod checklist" or "navan production readiness".
notion-multi-env-setup
Configure Notion integrations across development, staging, and production environments. Use when setting up multi-environment deployments, managing per-environment tokens, or implementing environment-specific Notion configurations. Trigger with phrases like "notion environments", "notion staging", "notion dev prod", "notion environment setup", "notion config by env".
openevidence-prod-checklist
Prod Checklist for OpenEvidence. Trigger: "openevidence prod checklist".
palantir-deploy-integration
Deploy Palantir Foundry integrations to cloud platforms with secrets management. Use when deploying Foundry-powered applications to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy palantir", "foundry deploy", "palantir production deploy", "foundry Cloud Run".
palantir-multi-env-setup
Configure Palantir Foundry across development, staging, and production environments. Use when setting up multi-environment Foundry deployments, managing per-environment credentials, or implementing environment-specific configurations. Trigger with phrases like "palantir environments", "foundry staging", "foundry dev prod", "palantir environment setup".
palantir-security-basics
Apply Palantir Foundry security best practices for credentials, scopes, and access control. Use when securing API tokens, implementing least privilege access, or auditing Foundry security configuration. Trigger with phrases like "palantir security", "foundry secrets", "secure palantir", "palantir API key security", "foundry scopes".
perplexity-deploy-integration
Deploy Perplexity Sonar API integrations to Vercel, Cloud Run, and Docker. Use when deploying Perplexity-powered applications to production, configuring platform-specific secrets, or setting up edge functions. Trigger with phrases like "deploy perplexity", "perplexity Vercel", "perplexity production deploy", "perplexity Cloud Run", "perplexity Docker".
posthog-deploy-integration
Deploy PostHog to Vercel, Docker (self-hosted), and Cloud Run. Covers Next.js reverse proxy, server-side capture in edge functions, self-hosted PostHog setup, and platform-specific environment configuration. Trigger: "deploy posthog", "posthog Vercel", "posthog production deploy", "posthog Cloud Run", "posthog self-hosted", "posthog Docker".
research-to-deploy
Researches infrastructure best practices and generates deployment-ready configurations, Terraform modules, Dockerfiles, and CI/CD pipelines. Use when the user needs to deploy services, set up infrastructure, or create cloud configurations based on current best practices. Trigger with phrases like "research and deploy", "set up Cloud Run", "create Terraform for", "deploy this to AWS", or "generate infrastructure configs".
salesforce-deploy-integration
Deploy Salesforce-connected applications to Heroku, Vercel, and Cloud Run with proper credential management. Use when deploying Salesforce-powered applications to production, configuring platform-specific secrets, or setting up Heroku Connect. Trigger with phrases like "deploy salesforce app", "salesforce Heroku", "salesforce production deploy", "salesforce Cloud Run", "Heroku Connect".
salesforce-multi-env-setup
Configure Salesforce across Developer, Sandbox, and Production environments with proper org management. Use when setting up multi-environment deployments, configuring per-environment credentials, or implementing sandbox-to-production promotion flows. Trigger with phrases like "salesforce environments", "salesforce sandbox", "salesforce dev prod", "salesforce org management", "salesforce sandbox types".
salesloft-deploy-integration
Deploy SalesLoft integrations to Vercel, Fly.io, and Cloud Run. Use when deploying SalesLoft-powered apps to production, configuring platform secrets, or setting up webhook endpoints. Trigger: "deploy salesloft", "salesloft Vercel", "salesloft Cloud Run".
salesloft-prod-checklist
Production readiness checklist for SalesLoft API integrations. Use when deploying SalesLoft integrations to production, preparing for launch, or validating go-live requirements. Trigger: "salesloft production", "deploy salesloft", "salesloft go-live checklist".
schema-optimization-orchestrator
Multi-phase schema optimization workflow orchestrator. Creates session directories, spawns phase agents sequentially, validates outputs, aggregates results. Trigger: "run schema optimization", "optimize schema workflow", "execute schema phases"
serpapi-deploy-integration
Deploy SerpApi-powered search features to production platforms. Use when deploying search APIs, configuring backend proxies, or setting up SerpApi in serverless environments. Trigger: "deploy serpapi", "serpapi Vercel", "serpapi production deploy".
shopify-deploy-integration
Deploy Shopify apps to Vercel, Fly.io, Railway, and Cloud Run with proper environment configuration. Use when deploying Shopify-powered applications to production, configuring platform-specific secrets, or setting up hosting. Trigger with phrases like "deploy shopify", "shopify hosting", "shopify Vercel", "shopify production deploy", "shopify Fly.io".
snowflake-deploy-integration
Deploy Snowflake-powered applications with proper connection management and secrets. Use when deploying apps that query Snowflake, configuring connection pools for serverless/container platforms, or managing Snowflake credentials in production. Trigger with phrases like "deploy snowflake", "snowflake serverless", "snowflake production deploy", "snowflake Cloud Run", "snowflake Lambda".
snowflake-migration-deep-dive
Execute migration to Snowflake from Redshift, BigQuery, or on-prem databases with data transfer, schema conversion, and validation strategies. Use when migrating to Snowflake from another platform, planning data transfers, or re-platforming existing data warehouses to Snowflake. Trigger with phrases like "migrate to snowflake", "snowflake migration", "redshift to snowflake", "bigquery to snowflake", "snowflake replatform".
speak-deploy-integration
Deploy Speak language learning features to Vercel, Cloud Run, or containerized environments. Use when implementing deploy integration, or managing Speak language learning platform operations. Trigger with phrases like "speak deploy integration", "speak deploy integration".
validator-expert
Validate production readiness of Vertex AI Agent Engine deployments across security, monitoring, performance, compliance, and best practices. Generates weighted scores (0-100%) with actionable remediation plans. Use when asked to validate a deployment, run a production readiness check, audit security posture, or verify compliance for Vertex AI agents. Trigger with "validate deployment", "production readiness", "security audit", "compliance check", "is this agent ready for prod", "check my ADK agent", "review before deploy", or "production readiness check". Make sure to use this skill whenever validating ADK agents for Agent Engine.
vertex-agent-builder
Build and deploy production-ready generative AI agents using Vertex AI, Gemini models, and Google Cloud infrastructure with RAG, function calling, and multi-modal capabilities. Use when appropriate context detected. Trigger with relevant phrases based on skill purpose.
vertex-engine-inspector
Inspect and validate Vertex AI Agent Engine deployments including Code Execution Sandbox, Memory Bank, A2A protocol compliance, and security posture. Generates production readiness scores. Use when asked to inspect, validate, or audit an Agent Engine deployment. Trigger with "inspect agent engine", "validate agent engine deployment", "check agent engine config", "audit agent engine security", "agent engine readiness check", "vertex engine health", or "reasoning engine status".
webflow-deploy-integration
Deploy Webflow-powered applications to Vercel, Fly.io, and Google Cloud Run with proper secrets management and Webflow-specific health checks. Trigger with phrases like "deploy webflow", "webflow Vercel", "webflow production deploy", "webflow Cloud Run", "webflow Fly.io".
webflow-multi-env-setup
Configure Webflow across development, staging, and production environments with per-environment API tokens, site IDs, and secret management via Vault/AWS/GCP. Trigger with phrases like "webflow environments", "webflow staging", "webflow dev prod", "webflow environment setup", "webflow config by env".
webflow-prod-checklist
Execute Webflow production deployment checklist — token security, rate limit hardening, health checks, circuit breakers, gradual rollout, and rollback procedures. Use when deploying Webflow integrations to production or preparing for launch. Trigger with phrases like "webflow production", "deploy webflow", "webflow go-live", "webflow launch checklist", "webflow production ready".
business-analyst
Master modern business analysis with AI-powered analytics, real-time dashboards, and data-driven insights. Build comprehensive KPI frameworks, predictive models, and strategic recommendations.
cloud-architect
Expert cloud architect specializing in AWS/Azure/GCP multi-cloud infrastructure design, advanced IaC (Terraform/OpenTofu/CDK), FinOps cost optimization, and modern architectural patterns.
cloud-devops
Cloud infrastructure and DevOps workflow covering AWS, Azure, GCP, Kubernetes, Terraform, CI/CD, monitoring, and cloud-native development.
cloud-penetration-testing
Conduct comprehensive security assessments of cloud infrastructure across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
cloudflare-workers-expert
Expert in Cloudflare Workers and the Edge Computing ecosystem. Covers Wrangler, KV, D1, Durable Objects, and R2 storage.
cred-omega
CISO operacional enterprise para gestao total de credenciais e segredos.
data-engineer
Build scalable data pipelines, modern data warehouses, and real-time streaming architectures. Implements Apache Spark, dbt, Airflow, and cloud-native data platforms.
database-admin
Expert database administrator specializing in modern cloud databases, automation, and reliability engineering.
firebase
Firebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules are your last line of defense, and they're often wrong.
gcp-cloud-run
Specialized skill for building production-ready serverless applications on GCP. Covers Cloud Run services (containerized), Cloud Run Functions (event-driven), cold start optimization, and event-driven architecture with Pub/Sub.
hybrid-cloud-architect
Expert hybrid cloud architect specializing in complex multi-cloud solutions across AWS/Azure/GCP and private clouds (OpenStack/VMware).
monte-carlo-validation-notebook
Generates SQL validation notebooks for dbt PR changes with before/after comparison queries.
multi-cloud-architecture
Decision framework and patterns for architecting applications across AWS, Azure, and GCP.
network-engineer
Expert network engineer specializing in modern cloud networking, security architectures, and performance optimization.
pydantic-ai
Build production-ready AI agents with PydanticAI — type-safe tool use, structured outputs, dependency injection, and multi-model support.
sql-pro
Master modern SQL with cloud-native databases, OLTP/OLAP optimization, and advanced query techniques. Expert in performance tuning, data modeling, and hybrid analytical systems.
terraform-module-library
Production-ready Terraform module patterns for AWS, Azure, and GCP infrastructure.
cc-skill-project-guidelines-example
Project Guidelines Skill (Example)
blog-google
Google API integration for blog performance: PageSpeed Insights, CrUX Core Web Vitals with 25-week history, Search Console performance, URL Inspection, Indexing API, GA4 organic traffic, NLP entity analysis for E-E-A-T, YouTube video search for embedding, and Google Ads Keyword Planner. Progressive feature availability based on credential tier (API key, OAuth/service account, GA4, Ads). Shares config with claude-seo at ~/.config/claude-seo/google-api.json. Use when user says "google data", "page speed", "core web vitals", "search console", "indexation", "GA4", "keyword research", "nlp entities", "blog performance", "youtube search", "google api setup".
seo-google
Google SEO APIs: Search Console (Search Analytics, URL Inspection, Sitemaps), PageSpeed Insights v5, CrUX field data with 25-week history, Indexing API v3, and GA4 organic traffic. Provides real Google field data for Core Web Vitals, indexation status, search performance, and organic traffic trends. Use when user says "search console", "GSC", "PageSpeed", "CrUX", "field data", "indexing API", "GA4 organic", "URL inspection", "google api setup", "real CWV data", "impressions", "clicks", "CTR", "position data", "LCP", "INP", "CLS", "FCP", "TTFB", or "Lighthouse scores".
cost-optimizer-cloud-data-platforms
Analyzes and optimizes costs for cloud data platforms
incremental-model-strategy-selector
Selects and configures optimal incremental model strategies
scd-implementation-generator
Generates Slowly Changing Dimension implementations across platforms
bigquery-ml-model-creator
Create bigquery ml model creator operations. Auto-activating skill for GCP Skills. Triggers on: bigquery ml model creator, bigquery ml model creator Part of the GCP Skills skill category. Use when working with bigquery ml model creator functionality. Trigger with phrases like "bigquery ml model creator", "bigquery creator", "bigquery".
bigquery-scheduled-query
Manage bigquery scheduled query operations. Auto-activating skill for GCP Skills. Triggers on: bigquery scheduled query, bigquery scheduled query Part of the GCP Skills skill category. Use when working with bigquery scheduled query functionality. Trigger with phrases like "bigquery scheduled query", "bigquery query", "bigquery".
bigquery-table-creator
Create bigquery table creator operations. Auto-activating skill for GCP Skills. Triggers on: bigquery table creator, bigquery table creator Part of the GCP Skills skill category. Use when working with bigquery table creator functionality. Trigger with phrases like "bigquery table creator", "bigquery creator", "bigquery".
bigquery-view-generator
Generate bigquery view generator operations. Auto-activating skill for GCP Skills. Triggers on: bigquery view generator, bigquery view generator Part of the GCP Skills skill category. Use when working with bigquery view generator functionality. Trigger with phrases like "bigquery view generator", "bigquery generator", "bigquery".
cloud-function-generator
Generate cloud function generator operations. Auto-activating skill for GCP Skills. Triggers on: cloud function generator, cloud function generator Part of the GCP Skills skill category. Use when working with cloud function generator functionality. Trigger with phrases like "cloud function generator", "cloud generator", "cloud".
cloud-logging-sink-setup
Configure cloud logging sink setup operations. Auto-activating skill for GCP Skills. Triggers on: cloud logging sink setup, cloud logging sink setup Part of the GCP Skills skill category. Use when working with cloud logging sink setup functionality. Trigger with phrases like "cloud logging sink setup", "cloud setup", "cloud".
cloud-monitoring-alert
Monitor cloud monitoring alert operations. Auto-activating skill for GCP Skills. Triggers on: cloud monitoring alert, cloud monitoring alert Part of the GCP Skills skill category. Use when monitoring systems or services. Trigger with phrases like "cloud monitoring alert", "cloud alert", "cloud".
cloud-run-service-config
Configure cloud run service config operations. Auto-activating skill for GCP Skills. Triggers on: cloud run service config, cloud run service config Part of the GCP Skills skill category. Use when configuring systems or services. Trigger with phrases like "cloud run service config", "cloud config", "cloud".
cloud-scheduler-job-creator
Create cloud scheduler job creator operations. Auto-activating skill for GCP Skills. Triggers on: cloud scheduler job creator, cloud scheduler job creator Part of the GCP Skills skill category. Use when working with cloud scheduler job creator functionality. Trigger with phrases like "cloud scheduler job creator", "cloud creator", "cloud".
cloud-sql-instance-setup
Configure cloud sql instance setup operations. Auto-activating skill for GCP Skills. Triggers on: cloud sql instance setup, cloud sql instance setup Part of the GCP Skills skill category. Use when working with cloud sql instance setup functionality. Trigger with phrases like "cloud sql instance setup", "cloud setup", "cloud".
cloud-tasks-queue-setup
Cloud Tasks Queue Setup - Auto-activating skill for GCP Skills. Triggers on: cloud tasks queue setup, cloud tasks queue setup Part of the GCP Skills skill category.
firebase-rules-generator
Generate firebase rules generator operations. Auto-activating skill for GCP Skills. Triggers on: firebase rules generator, firebase rules generator Part of the GCP Skills skill category. Use when working with firebase rules generator functionality. Trigger with phrases like "firebase rules generator", "firebase generator", "firebase".
firestore-index-creator
Create firestore index creator operations. Auto-activating skill for GCP Skills. Triggers on: firestore index creator, firestore index creator Part of the GCP Skills skill category. Use when working with firestore index creator functionality. Trigger with phrases like "firestore index creator", "firestore creator", "firestore".
firewall-rule-generator
Generate firewall rule generator operations. Auto-activating skill for GCP Skills. Triggers on: firewall rule generator, firewall rule generator Part of the GCP Skills skill category. Use when working with firewall rule generator functionality. Trigger with phrases like "firewall rule generator", "firewall generator", "firewall".
flexport-deploy-integration
Deploy Flexport logistics integrations to Vercel, Fly.io, and Cloud Run. Use when deploying shipment tracking dashboards, webhook receivers, or supply chain automation services to production infrastructure. Trigger: "deploy flexport", "flexport hosting", "flexport Cloud Run".
gcs-bucket-config
Configure gcs bucket config operations. Auto-activating skill for GCP Skills. Triggers on: gcs bucket config, gcs bucket config Part of the GCP Skills skill category. Use when configuring systems or services. Trigger with phrases like "gcs bucket config", "gcs config", "gcs".
gcs-lifecycle-policy
Manage gcs lifecycle policy operations. Auto-activating skill for GCP Skills. Triggers on: gcs lifecycle policy, gcs lifecycle policy Part of the GCP Skills skill category. Use when working with gcs lifecycle policy functionality. Trigger with phrases like "gcs lifecycle policy", "gcs policy", "gcs".
gke-cluster-config
Configure gke cluster config operations. Auto-activating skill for GCP Skills. Triggers on: gke cluster config, gke cluster config Part of the GCP Skills skill category. Use when configuring systems or services. Trigger with phrases like "gke cluster config", "gke config", "gke".
hex-deploy-integration
Deploy Hex integrations to Vercel, Fly.io, and Cloud Run platforms. Use when deploying Hex-powered applications to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy hex", "hex Vercel", "hex production deploy", "hex Cloud Run", "hex Fly.io".
hex-reference-architecture
Implement Hex reference architecture with best-practice project layout. Use when designing new Hex integrations, reviewing project structure, or establishing architecture standards for Hex applications. Trigger with phrases like "hex architecture", "hex best practices", "hex project structure", "how to organize hex", "hex layout".
iam-binding-creator
Create iam binding creator operations. Auto-activating skill for GCP Skills. Triggers on: iam binding creator, iam binding creator Part of the GCP Skills skill category. Use when working with iam binding creator functionality. Trigger with phrases like "iam binding creator", "iam creator", "iam".
memorystore-config
Configure memorystore config operations. Auto-activating skill for GCP Skills. Triggers on: memorystore config, memorystore config Part of the GCP Skills skill category. Use when configuring systems or services. Trigger with phrases like "memorystore config", "memorystore config", "memorystore".
persona-deploy-integration
Deploy Persona verification service to cloud platforms. Use when working with Persona identity verification. Trigger with phrases like "persona deploy-integration", "persona deploy-integration".
pubsub-subscription-config
Configure pubsub subscription config operations. Auto-activating skill for GCP Skills. Triggers on: pubsub subscription config, pubsub subscription config Part of the GCP Skills skill category. Use when configuring systems or services. Trigger with phrases like "pubsub subscription config", "pubsub config", "pubsub".
pubsub-topic-setup
Configure pubsub topic setup operations. Auto-activating skill for GCP Skills. Triggers on: pubsub topic setup, pubsub topic setup Part of the GCP Skills skill category. Use when working with pubsub topic setup functionality. Trigger with phrases like "pubsub topic setup", "pubsub setup", "pubsub".
service-account-manager
Manage service account manager operations. Auto-activating skill for GCP Skills. Triggers on: service account manager, service account manager Part of the GCP Skills skill category. Use when working with service account manager functionality. Trigger with phrases like "service account manager", "service manager", "service".
vertex-ai-deployer
Deploy vertex ai deployer operations. Auto-activating skill for ML Deployment. Triggers on: vertex ai deployer, vertex ai deployer Part of the ML Deployment skill category. Use when deploying applications or services. Trigger with phrases like "vertex ai deployer", "vertex deployer", "deploy vertex ai er".
vertex-ai-endpoint-config
Configure vertex ai endpoint config operations. Auto-activating skill for GCP Skills. Triggers on: vertex ai endpoint config, vertex ai endpoint config Part of the GCP Skills skill category. Use when configuring systems or services. Trigger with phrases like "vertex ai endpoint config", "vertex config", "vertex".
vertex-ai-pipeline-creator
Create vertex ai pipeline creator operations. Auto-activating skill for GCP Skills. Triggers on: vertex ai pipeline creator, vertex ai pipeline creator Part of the GCP Skills skill category. Use when working with vertex ai pipeline creator functionality. Trigger with phrases like "vertex ai pipeline creator", "vertex creator", "vertex".
vpc-network-setup
Configure vpc network setup operations. Auto-activating skill for GCP Skills. Triggers on: vpc network setup, vpc network setup Part of the GCP Skills skill category. Use when working with vpc network setup functionality. Trigger with phrases like "vpc network setup", "vpc setup", "vpc".
auditing-cloud-with-cis-benchmarks
This skill details how to conduct cloud security audits using Center for Internet Security benchmarks for AWS, Azure, and GCP. It covers interpreting CIS Foundations Benchmark controls, running automated assessments with tools like Prowler and ScoutSuite, remediating failed controls, and maintaining continuous compliance monitoring against CIS v5 for AWS, v4 for Azure, and v4 for GCP.
auditing-gcp-iam-permissions
Auditing Google Cloud Platform IAM permissions to identify overly permissive bindings, primitive role usage, service account key proliferation, and cross-project access risks using gcloud CLI, Policy Analyzer, and IAM Recommender.
building-cloud-siem-with-sentinel
This skill covers deploying Microsoft Sentinel as a cloud-native SIEM and SOAR platform for centralized security operations. It details configuring data connectors for multi-cloud log ingestion, writing KQL detection queries, building automated response playbooks with Logic Apps, and leveraging the Sentinel data lake for petabyte-scale threat hunting across AWS, Azure, and GCP security telemetry.
conducting-cloud-incident-response
Responds to security incidents in cloud environments (AWS, Azure, GCP) by performing identity-based containment, cloud-native log analysis, resource isolation, and forensic evidence acquisition adapted for ephemeral cloud infrastructure. Activates for requests involving cloud incident response, AWS security incident, Azure compromise, GCP breach, cloud forensics, or cloud identity compromise.
conducting-cloud-penetration-testing
This skill outlines methodologies for performing authorized penetration testing against AWS, Azure, and GCP cloud environments. It covers understanding the shared responsibility model for testing scope, leveraging cloud-specific attack tools like Pacu and ScoutSuite, exploiting IAM misconfigurations, testing for SSRF to cloud metadata services, and reporting findings aligned to MITRE ATT&CK Cloud matrix.
configuring-identity-aware-proxy-with-google-iap
Configuring Google Cloud Identity-Aware Proxy (IAP) to enforce per-request identity verification for Compute Engine, App Engine, Cloud Run, and GKE services using access levels, context-aware policies, and programmatic access with service accounts.
detecting-cloud-threats-with-guardduty
This skill teaches security teams how to deploy and operationalize Amazon GuardDuty for continuous threat detection across AWS accounts and workloads. It covers enabling protection plans for S3, EKS, EC2 runtime monitoring, and Lambda, interpreting finding severity levels, and building automated response workflows using EventBridge and Lambda.
detecting-compromised-cloud-credentials
Detecting compromised cloud credentials across AWS, Azure, and GCP by analyzing anomalous API activity, impossible travel patterns, unauthorized resource provisioning, and credential abuse indicators using GuardDuty, Defender for Identity, and SCC Event Threat Detection.
detecting-serverless-function-injection
Detects and prevents code injection attacks targeting serverless functions (AWS Lambda, Azure Functions, Google Cloud Functions) through event source poisoning, malicious layer injection, runtime command execution, and IAM privilege escalation via function modification. The analyst combines static analysis of function code, CloudTrail event correlation, runtime behavior monitoring, and IAM policy auditing to identify injection vectors across the expanded serverless attack surface including API Gateway, S3, SQS, DynamoDB Streams, and CloudWatch event triggers. Activates for requests involving Lambda security assessment, serverless injection detection, function event poisoning analysis, or serverless privilege escalation investigation.
hunting-for-living-off-the-cloud-techniques
Hunt for adversary abuse of legitimate cloud services for C2, data staging, and exfiltration including abuse of Azure, AWS, GCP services, and SaaS platforms.
implementing-api-threat-protection-with-apigee
Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0, SpikeArrest, and Advanced API Security for OWASP Top 10 defense.
implementing-azure-defender-for-cloud
Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across VMs, containers, databases, and storage, configure security recommendations, and set up adaptive security controls with automated remediation.
implementing-beyondcorp-zero-trust-access-model
Implementing Google's BeyondCorp zero trust access model to eliminate implicit trust from the network perimeter, enforce identity-aware access controls using IAP, Access Context Manager, and Chrome Enterprise Premium for VPN-less secure application access.
implementing-cloud-dlp-for-data-protection
Implementing Cloud Data Loss Prevention (DLP) using Amazon Macie, Azure Information Protection, and Google Cloud DLP API to discover, classify, and protect sensitive data across cloud storage, databases, and data pipelines.
implementing-gcp-binary-authorization
Implement GCP Binary Authorization to enforce deploy-time security controls that ensure only trusted, attested container images are deployed to Google Kubernetes Engine and Cloud Run.
implementing-gcp-organization-policy-constraints
Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy, restricting risky configurations and ensuring compliance at organization, folder, and project levels.
implementing-gcp-vpc-firewall-rules
Implementing and auditing GCP VPC firewall rules to enforce network segmentation, restrict ingress and egress traffic, apply hierarchical firewall policies across the organization, and monitor firewall rule effectiveness using VPC Flow Logs.
implementing-google-workspace-admin-security
Implements comprehensive Google Workspace security hardening including admin console configuration, phishing-resistant MFA enforcement, DLP policies, email authentication (SPF/DKIM/DMARC), OAuth app control, and external sharing restrictions. Activates for requests involving Google Workspace hardening, G Suite security configuration, or cloud office security administration.
implementing-security-monitoring-with-datadog
Implements security monitoring using Datadog Cloud SIEM, Cloud Security Management (CSM), and Workload Protection to detect threats, enforce compliance, and respond to security events across cloud and hybrid infrastructure. Covers Agent deployment, log source ingestion, detection rule creation, security dashboards, and automated notification workflows. Activates for requests involving Datadog security setup, Cloud SIEM configuration, CSM threat detection, or security monitoring dashboards.
implementing-zero-trust-in-cloud
This skill guides organizations through implementing zero trust architecture in cloud environments following NIST SP 800-207 and Google BeyondCorp principles. It covers identity-centric access controls, micro-segmentation, continuous verification, device trust assessment, and deploying Identity-Aware Proxy to eliminate implicit network trust in AWS, Azure, and GCP environments.
implementing-zero-trust-network-access
Implementing Zero Trust Network Access (ZTNA) in cloud environments by configuring identity-aware proxies, micro-segmentation, continuous verification with conditional access policies, and replacing traditional VPN-based access with BeyondCorp-style architectures across AWS, Azure, and GCP.
implementing-zero-trust-with-beyondcorp
Deploy Google BeyondCorp Enterprise zero trust access controls using Identity-Aware Proxy (IAP), context-aware access policies, device trust validation, and Access Context Manager to enforce identity and posture-based access to GCP resources and internal applications.
managing-cloud-identity-with-okta
This skill covers implementing Okta as a centralized identity provider for cloud environments, configuring SSO integration with AWS, Azure, and GCP, deploying phishing- resistant MFA with Okta FastPass, managing lifecycle automation for user provisioning and deprovisioning, and enforcing adaptive access policies based on device posture and risk signals.
performing-agentless-vulnerability-scanning
Configure and execute agentless vulnerability scanning using network protocols, cloud snapshot analysis, and API-based discovery to assess systems without installing endpoint agents.
performing-cloud-forensics-investigation
Conduct forensic investigations in cloud environments by collecting and analyzing logs, snapshots, and metadata from AWS, Azure, and GCP services.
performing-cloud-incident-containment-procedures
Execute cloud-native incident containment across AWS, Azure, and GCP by isolating compromised resources, revoking credentials, preserving forensic evidence, and applying security group restrictions to prevent lateral movement.
performing-gcp-security-assessment-with-forseti
Performing comprehensive security assessments of Google Cloud Platform environments using Forseti Security, Security Command Center, and gcloud CLI to audit IAM policies, firewall rules, storage permissions, and compliance against CIS GCP Foundations Benchmark.
performing-serverless-function-security-review
Performing security reviews of serverless functions across AWS Lambda, Azure Functions, and GCP Cloud Functions to identify overly permissive execution roles, insecure environment variables, injection vulnerabilities, and missing runtime protections.
remediating-s3-bucket-misconfiguration
This skill provides step-by-step procedures for identifying and remediating Amazon S3 bucket misconfigurations that expose sensitive data to unauthorized access. It covers enabling S3 Block Public Access at account and bucket levels, auditing bucket policies and ACLs, enforcing encryption, configuring access logging, and deploying automated remediation using AWS Config and Lambda.
securing-aws-iam-permissions
This skill guides practitioners through hardening AWS Identity and Access Management configurations to enforce least privilege access across cloud accounts. It covers IAM policy scoping, permission boundaries, Access Analyzer integration, and credential rotation strategies to reduce the blast radius of compromised identities.
securing-serverless-functions
This skill covers security hardening for serverless compute platforms including AWS Lambda, Azure Functions, and Google Cloud Functions. It addresses least privilege IAM roles, dependency vulnerability scanning, secrets management integration, input validation, function URL authentication, and runtime monitoring to protect against injection attacks, credential theft, and supply chain compromises.
zarr-python
Chunked N-D arrays for cloud storage. Compressed arrays, parallel I/O, S3/GCS integration, NumPy/Dask/Xarray compatible, for large-scale scientific computing pipelines.
sl_capture
How to capture new reusable patterns into ktx's semantic layer - when a measure, segment, or join belongs in the catalog and how to write it generically so it stays small and useful over time. Loaded by the post-turn memory-agent only. The research agent does not write to the SL.
cloud-cost-analysis
Multi-cloud cost analysis and optimization expertise for FinOps practices
cloud-cost-estimator
Estimate cloud costs across AWS, Azure, and GCP with pricing comparison
cloud-readiness-assessor
Assess application readiness for cloud migration with 6Rs classification and cloud-native compliance checking
cloud-security-testing
Multi-cloud security assessment and penetration testing capabilities. Execute Prowler/ScoutSuite assessments, analyze IAM policies, identify cloud misconfigurations, test permissions, and enumerate cloud resources across AWS/GCP/Azure.
feast-feature-store
Feature store management skill for online/offline feature serving, feature registration, and training-serving consistency.
gcp-cloud
GCP-specific infrastructure and services expertise for cloud operations and architecture
gcp-security-scanner
GCP security configuration scanning and hardening using Security Command Center, Forseti, and ScoutSuite
multi-cloud-security-posture
Unified cloud security posture management across AWS, Azure, and GCP with normalized metrics and CIS benchmark comparison
product-analytics
Deep integration with product analytics platforms for metrics, funnels, retention, and experimentation. Query Amplitude/Mixpanel/Heap data, generate retention curves, calculate conversion metrics, and build dashboard configurations.
terraform-analyzer
Specialized skill for analyzing Terraform configurations. Supports parsing, security scanning (tfsec, checkov), cost estimation (infracost), drift detection, and plan visualization across AWS, Azure, and GCP.
cloud-penetration-testing
This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms.
gcp-cloud-run
Specialized skill for building production-ready serverless applications on GCP. Covers Cloud Run services (containerized), Cloud Run Functions (event-driven), cold start optimization, and event-driven architecture with Pub/Sub.
adk-infra-expert
Terraform infrastructure specialist for Vertex AI ADK Agent Engine production deployments. Provisions Agent Engine runtime, Code Execution Sandbox, Memory Bank, VPC-SC, IAM, and secure multi-agent infrastructure. Triggers: "deploy adk terraform", "agent engine infrastructure", "adk production deployment", "vpc-sc agent engine"
firestore-operations-manager
Manages Firebase/Firestore operations including CRUD, queries, batch processing, A2A agent communication, MCP server integration, and Cloud Run service coordination. Activates when you request "firestore operations", "create firestore document", "query firestore", "A2A agent communication", "MCP server setup", "agent-to-agent messaging", or "Cloud Run firestore integration". Handles both basic database operations for regular users and advanced A2A framework patterns for AI agents.
genkit-infra-expert
Terraform infrastructure specialist for deploying Genkit applications to production. Provisions Firebase Functions, Cloud Run services, GKE clusters, monitoring, and CI/CD for Genkit AI workflows. Triggers: "deploy genkit terraform", "genkit infrastructure", "firebase functions terraform", "cloud run genkit"
gh-actions-validator
Automatically validates and enforces GitHub Actions best practices for Vertex AI and Google Cloud deployments. Expert in Workload Identity Federation (WIF), Vertex AI Agent Engine deployment pipelines, security validation, and CI/CD automation. Triggers: "create github actions", "deploy vertex ai", "setup wif", "validate github workflow", "gcp deployment pipeline"
gws-install
Quick install of the Google Workspace CLI (gws) on an additional machine using existing OAuth credentials. Requires client_secret.json from a previous gws-setup. Use whenever the user wants to install gws on a new computer, reinstall after a fresh OS, configure a second workstation, or says 'install gws', 'gws on new machine', 'set up gws again'.
gws-setup
Set up the Google Workspace CLI (gws) from scratch. Guides through GCP project creation, OAuth credentials, authentication, and installing 90+ agent skills for Claude Code. Use whenever the user wants to set up gws for the first time, configure Google Workspace API access, install the Google Workspace CLI, or troubleshoot gws auth issues.
firebase-apk-scanner
Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use when analyzing APK files for Firebase vulnerabilities, performing mobile app security audits, or testing Firebase endpoint security. For authorized security research only.
cloud-penetration-testing
This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms.
sl_capture
How to capture new reusable patterns into KTX's semantic layer - when a measure, segment, or join belongs in the catalog and how to write it generically so it stays small and useful over time. Loaded by the post-turn memory-agent only. The research agent does not write to the SL.
obt-design-optimizer
Designs and optimizes One Big Table (OBT) patterns
cc-skill-project-guidelines-example
Project Guidelines Skill (Example)
distribution-channels
When the user wants to plan product distribution via marketplaces, app stores, or third-party platforms. Also use when the user mentions "distribution channels," "marketplace listing," "app store listing," "Figma plugin," "Chrome extension marketplace," "AWS Marketplace," "Shopify app," "GPTs store," "app distribution," or "third-party marketplace." For channel mix, use integrated-marketing.
performing-gcp-penetration-testing-with-gcpbucketbrute
Perform GCP security testing using GCPBucketBrute for storage bucket enumeration, gcloud IAM privilege escalation path analysis, and service account permission auditing
terraform-engineer
Use when implementing infrastructure as code with Terraform across AWS, Azure, or GCP. Invoke for module development (create reusable modules, manage module versioning), state management (migrate backends, import existing resources, resolve state conflicts), provider configuration, multi-environment workflows, and infrastructure testing.
sl_capture
How to capture new reusable patterns into KTX's semantic layer - when a measure, segment, or join belongs in the catalog and how to write it generically so it stays small and useful over time. Loaded by the post-turn memory-agent only. The research agent does not write to the SL.
stable-diffusion-image-generation
State-of-the-art text-to-image generation with Stable Diffusion models via HuggingFace Diffusers. Use when generating images from text prompts, performing image-to-image translation, inpainting, or building custom diffusion pipelines.
firebase
Firebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules are your last line of defense, and they're often wrong. Firestore queries are limited, and you learn this after you've designed your data model. This skill covers Firebase Authentication, Firestore, Realtime Database, Cloud Functions, Cloud Storage, and Firebase Hosting. Key insight: Firebase is optimized for read-heavy, denormalized data. I
zarr-python
Chunked N-D arrays for cloud storage. Compressed arrays, parallel I/O, S3/GCS integration, NumPy/Dask/Xarray compatible, for large-scale scientific computing pipelines.
gws-events-subscribe
Google Workspace Events: Subscribe to Workspace events and stream them as NDJSON.
gws-gmail-watch
Gmail: Watch for new emails and stream them as NDJSON.
gws-modelarmor-create-template
Google Model Armor: Create a new Model Armor template.
vertex-infra-expert
Terraform infrastructure specialist for Vertex AI services and Gemini deployments. Provisions Model Garden, endpoints, vector search, pipelines, and enterprise AI infrastructure. Triggers: "vertex ai terraform", "gemini deployment terraform", "model garden infrastructure", "vertex ai endpoints"
azure-cloud-migrate
Assess and migrate cross-cloud workloads to Azure with migration reports and code conversion. Supports AWS Lambda→Functions and GCP Cloud Run→Container Apps. WHEN: migrate Lambda to Azure Functions, migrate AWS to Azure, Lambda migration assessment, convert serverless to Azure, migration readiness report, migrate from AWS, migrate from GCP, Cloud Run to Container Apps, Cloud Run migration assessment.
data-warehouse-experimentation
Running experiments out of the data warehouse instead of via dedicated experiment platforms. SQL-based assignment, exposure logging discipline, metric definitions in dbt models, statistical analysis in SQL or Python, variance reduction with CUPED, sequential testing, and the operational tradeoffs vs platforms like Statsig and Optimizely. Triggers on warehouse-native experimentation, run experiments in BigQuery, run experiments in Snowflake, dbt experiments, SQL t-test, CUPED variance reduction, exposure log, sample ratio mismatch, sequential testing, mSPRT, doubly robust estimation, build vs buy experimentation. Also triggers when the team is choosing between platform and warehouse, building warehouse-native experiment infrastructure, auditing one, or running an experiment with a custom metric the platform cannot handle.
gif-search
Search and download GIFs from Tenor using curl. No dependencies beyond curl and jq. Useful for finding reaction GIFs, creating visual content, and sending GIFs in chat.
stable-diffusion-image-generation
State-of-the-art text-to-image generation with Stable Diffusion models via HuggingFace Diffusers. Use when generating images from text prompts, performing image-to-image translation, inpainting, or building custom diffusion pipelines.
tech-stack-evaluator
Technology stack evaluation and comparison with TCO analysis, security assessment, and ecosystem health scoring. Use when comparing frameworks, evaluating technology stacks, calculating total cost of ownership, assessing migration paths, or analyzing ecosystem viability.
cloud-security
Use when assessing cloud infrastructure for security misconfigurations, IAM privilege escalation paths, S3 public exposure, open security group rules, or IaC security gaps. Covers AWS, Azure, and GCP posture assessment with MITRE ATT&CK mapping.
gcp-cloud-architect
Design GCP architectures for startups and enterprises. Use when asked to design Google Cloud infrastructure, deploy to GKE or Cloud Run, configure BigQuery pipelines, optimize GCP costs, or migrate to GCP. Covers Cloud Run, GKE, Cloud Functions, Cloud SQL, BigQuery, and cost optimization.
google-workspace-cli
Google Workspace administration via the gws CLI. Install, authenticate, and automate Gmail, Drive, Sheets, Calendar, Docs, Chat, and Tasks. Run security audits, execute 43 built-in recipes, and use 10 persona bundles. Use for Google Workspace admin, gws CLI setup, Gmail automation, Drive management, or Calendar scheduling.
secrets-vault-manager
Use when the user asks to set up secret management infrastructure, integrate HashiCorp Vault, configure cloud secret stores (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager), implement secret rotation, or audit secret access patterns.
watcher-creator
Guide for creating agent-deck watchers conversationally. This skill should be used when users want to set up a new watcher (webhook, ntfy, github, slack, gmail) to route events to a conductor. It walks the user through selecting an adapter type, gathering required settings, generating watcher.toml and clients.json entries, and emits the exact `agent-deck watcher create` command to run.
alphafold-database
Access AlphaFold's 200M+ AI-predicted protein structures. Retrieve structures by UniProt ID, download PDB/mmCIF files, analyze confidence metrics (pLDDT, PAE), for drug discovery and structural biology.
claude-opus-4-5-migration
Migrate prompts and code from Claude Sonnet 4.0, Sonnet 4.5, or Opus 4.1 to Opus 4.5. Use when the user wants to update their codebase, prompts, or API calls to use Opus 4.5. Handles model string updates and prompt adjustments for known Opus 4.5 behavioral differences. Does NOT migrate Haiku 4.5.
denario
Multiagent AI system for scientific research assistance that automates research workflows from data analysis to publication. This skill should be used when generating research ideas from datasets, developing research methodologies, executing computational experiments, performing literature searches, or generating publication-ready papers in LaTeX format. Supports end-to-end research pipelines with customizable agent orchestration.
devops-iac-engineer
Implements infrastructure as code using Terraform, Kubernetes, and cloud platforms. Designs scalable architectures, CI/CD pipelines, and observability solutions. Provides security-first DevOps practices and site reliability engineering guidance.
opentargets-database
Query Open Targets Platform for target-disease associations, drug target discovery, tractability/safety data, genetics/omics evidence, known drugs, for therapeutic target identification.
senior-computer-vision
World-class computer vision skill for image/video processing, object detection, segmentation, and visual AI systems. Expertise in PyTorch, OpenCV, YOLO, SAM, diffusion models, and vision transformers. Includes 3D vision, video analysis, real-time processing, and production deployment. Use when building vision AI systems, implementing object detection, training custom vision models, or optimizing inference pipelines.
senior-data-engineer
World-class data engineering skill for building scalable data pipelines, ETL/ELT systems, and data infrastructure. Expertise in Python, SQL, Spark, Airflow, dbt, Kafka, and modern data stack. Includes data modeling, pipeline orchestration, data quality, and DataOps. Use when designing data architectures, building data pipelines, optimizing data workflows, or implementing data governance.
senior-data-scientist
World-class data science skill for statistical modeling, experimentation, causal inference, and advanced analytics. Expertise in Python (NumPy, Pandas, Scikit-learn), R, SQL, statistical methods, A/B testing, time series, and business intelligence. Includes experiment design, feature engineering, model evaluation, and stakeholder communication. Use when designing experiments, building predictive models, performing causal analysis, or driving data-driven decisions.
senior-ml-engineer
World-class ML engineering skill for productionizing ML models, MLOps, and building scalable ML systems. Expertise in PyTorch, TensorFlow, model deployment, feature stores, model monitoring, and ML infrastructure. Includes LLM integration, fine-tuning, RAG systems, and agentic AI. Use when deploying ML models, building ML platforms, implementing MLOps, or integrating LLMs into production systems.
senior-prompt-engineer
World-class prompt engineering skill for LLM optimization, prompt patterns, structured outputs, and AI product development. Expertise in Claude, GPT-4, prompt design patterns, few-shot learning, chain-of-thought, and AI evaluation. Includes RAG optimization, agent design, and LLM system architecture. Use when building AI products, optimizing LLM performance, designing agentic systems, or implementing advanced prompting techniques.
zarr-python
Chunked N-D arrays for cloud storage. Compressed arrays, parallel I/O, S3/GCS integration, NumPy/Dask/Xarray compatible, for large-scale scientific computing pipelines.
arize-ai-provider-integration
INVOKE THIS SKILL when creating, reading, updating, or deleting Arize AI integrations. Covers listing integrations, creating integrations for any supported LLM provider (OpenAI, Anthropic, Azure OpenAI, AWS Bedrock, Vertex AI, Gemini, NVIDIA NIM, custom), updating credentials or metadata, and deleting integrations using the ax CLI.
bigquery-pipeline-audit
Audits Python + BigQuery pipelines for cost safety, idempotency, and production readiness. Returns a structured report with exact patch locations.
google-cloud-agent-sdk-master
Automatic activation for ALL Google Cloud Agent Development Kit (ADK) and Agent Starter Pack operations - multi-agent systems, containerized deployment, RAG agents, and production orchestration. **TRIGGER PHRASES:** - "adk", "agent development kit", "agent starter pack", "multi-agent", "build agent" - "cloud run agent", "gke deployment", "agent engine", "containerized agent" - "rag agent", "react agent", "agent orchestration", "agent templates" **AUTO-INVOKES FOR:** - Agent creation and scaffolding - Multi-agent system design - Containerized agent deployment - RAG (Retrieval-Augmented Generation) implementation - CI/CD pipeline setup for agents - Agent evaluation and monitoring
managing-container-registries
This skill enables Claude to manage container registries, including ECR, GCR, and Harbor. It should be used when the user needs to create, configure, or manage container image registries. It helps generate production-ready configurations, implement best practices, and ensure a security-first approach. Use this skill when the user mentions terms like "container registry," "ECR," "GCR," "Harbor," "image repository," or requests assistance with managing container images. It's also helpful for generating configuration code for DevOps pipelines related to container registries.
optimizing-cloud-costs
This skill enables Claude to analyze and optimize cloud costs. It identifies areas for potential savings, generates cost reports, and suggests configuration changes to reduce expenses. Use this skill when the user asks to "optimize cloud costs", "reduce cloud spending", "generate a cost report", or similar requests related to cloud resource expenses. It is especially useful when the user provides details about their cloud environment (e.g., AWS, Azure, GCP). The skill leverages best practices for cost optimization and provides production-ready configurations.
vertex-ai-media-master
Automatic activation for ALL Google Vertex AI multimodal operations - video processing, audio generation, image creation, and marketing campaigns. **TRIGGER PHRASES:** - "vertex ai", "gemini multimodal", "process video", "generate audio", "create images", "marketing campaign" - "imagen", "video understanding", "multimodal", "content generation", "media assets" **AUTO-INVOKES FOR:** - Video processing and understanding (up to 6 hours) - Audio generation and transcription - Image generation with Imagen 4 - Marketing campaign automation - Social media content creation - Ad creative generation - Multimodal content workflows
dashboard-brief
Convert a business question into a complete dashboard specification. Use when asked to design a dashboard, create a dashboard spec or brief, plan a BI report, or define what charts and metrics a dashboard should include. Produces a structured spec with metrics, dimensions, chart types, filters, and layout guidance.
sql-query-explainer
Explains, optimises, writes, and documents SQL queries. Use when asked to explain a SQL query, optimise slow SQL, translate SQL to plain English for non-technical stakeholders, write a query from a natural language description, or produce query documentation. Produces plain-English explanations, annotated optimised queries, or a data dictionary covering output shape, assumptions, and known limitations. Works across PostgreSQL, MySQL, BigQuery, Snowflake, and standard SQL.
sql-queries
Generate SQL queries from natural language descriptions. Supports BigQuery, PostgreSQL, MySQL, and other dialects. Reads database schemas from uploaded diagrams or documentation. Use when writing SQL, building data reports, exploring databases, or translating business questions into queries.
add-gmail
Add Gmail integration to NanoClaw. Can be configured as a tool (agent reads/sends emails when triggered from WhatsApp) or as a full channel (emails can trigger the agent, schedule tasks, and receive replies). Guides through GCP OAuth setup and implements the integration.
multi-cloud-architecture
Design multi-cloud architectures using a decision framework to select and integrate services across AWS, Azure, GCP, and OCI. Use when building multi-cloud systems, avoiding vendor lock-in, or leveraging best-of-breed services from multiple providers.
python-background-jobs
Python background job patterns including task queues, workers, and event-driven architecture. Use when implementing async task processing, job queues, long-running operations, or decoupling work from request/response cycles.
cloud-gcp
Use this skill when architecting on Google Cloud Platform, selecting GCP services, or implementing data and compute solutions. Triggers on Cloud Run, BigQuery, Pub/Sub, GKE, Cloud Functions, Cloud Storage, Firestore, Spanner, Cloud SQL, IAM, VPC, and any task requiring GCP architecture decisions or service selection.
fedramp
Expert guidance for FedRAMP certification and compliance. Use this skill whenever a user asks about FedRAMP authorization, ATO (Authority to Operate), cloud security for federal government, NIST SP 800-53 controls, CSP compliance, or any of the core FedRAMP document types: SSP, SAP, SAR, POA&M, CIS/CRM workbooks. Also trigger for questions about FedRAMP impact levels (Low, Moderate, High, LI-SaaS), FedRAMP 20x, OSCAL, 3PAO assessments, continuous monitoring (ConMon), gap assessments, system boundary definition, FedRAMP readiness, or architecture reviews for federal cloud. When in doubt, use this skill — it covers the full FedRAMP lifecycle from readiness through continuous monitoring.
gcp-to-aws
Migrate workloads from Google Cloud Platform to AWS. Triggers on: migrate from GCP, GCP to AWS, move off Google Cloud, migrate Terraform to AWS, migrate Cloud SQL to RDS, migrate GKE to EKS, migrate Cloud Run to Fargate, Google Cloud migration. Runs a 5-phase process: discover GCP resources from Terraform files, clarify migration requirements, design AWS architecture, estimate costs, and plan execution.
azure-cloud-migrate
Assess and migrate cross-cloud workloads to Azure with migration reports and code conversion. Supports AWS Lambda→Functions and GCP Cloud Run→Container Apps. WHEN: migrate Lambda to Azure Functions, migrate AWS to Azure, Lambda migration assessment, convert serverless to Azure, migration readiness report, migrate from AWS, migrate from GCP, Cloud Run to Container Apps, Cloud Run migration assessment.
omniroute-tts
Text-to-speech via OmniRoute using OpenAI /v1/audio/speech format with auto-fallback across OpenAI TTS, ElevenLabs, Azure Neural, Google Cloud TTS. Use when the user wants spoken audio output from text.
alphafold-database
Access AlphaFold's 200M+ AI-predicted protein structures. Retrieve structures by UniProt ID, download PDB/mmCIF files, analyze confidence metrics (pLDDT, PAE), for drug discovery and structural biology.
denario
Multiagent AI system for scientific research assistance that automates research workflows from data analysis to publication. This skill should be used when generating research ideas from datasets, developing research methodologies, executing computational experiments, performing literature searches, or generating publication-ready papers in LaTeX format. Supports end-to-end research pipelines with customizable agent orchestration.
opentargets-database
Query Open Targets Platform for target-disease associations, drug target discovery, tractability/safety data, genetics/omics evidence, known drugs, for therapeutic target identification.
senior-computer-vision
World-class computer vision skill for image/video processing, object detection, segmentation, and visual AI systems. Expertise in PyTorch, OpenCV, YOLO, SAM, diffusion models, and vision transformers. Includes 3D vision, video analysis, real-time processing, and production deployment. Use when building vision AI systems, implementing object detection, training custom vision models, or optimizing inference pipelines.
senior-data-scientist
World-class data science skill for statistical modeling, experimentation, causal inference, and advanced analytics. Expertise in Python (NumPy, Pandas, Scikit-learn), R, SQL, statistical methods, A/B testing, time series, and business intelligence. Includes experiment design, feature engineering, model evaluation, and stakeholder communication. Use when designing experiments, building predictive models, performing causal analysis, or driving data-driven decisions.
senior-ml-engineer
World-class ML engineering skill for productionizing ML models, MLOps, and building scalable ML systems. Expertise in PyTorch, TensorFlow, model deployment, feature stores, model monitoring, and ML infrastructure. Includes LLM integration, fine-tuning, RAG systems, and agentic AI. Use when deploying ML models, building ML platforms, implementing MLOps, or integrating LLMs into production systems.
senior-prompt-engineer
World-class prompt engineering skill for LLM optimization, prompt patterns, structured outputs, and AI product development. Expertise in Claude, GPT-4, prompt design patterns, few-shot learning, chain-of-thought, and AI evaluation. Includes RAG optimization, agent design, and LLM system architecture. Use when building AI products, optimizing LLM performance, designing agentic systems, or implementing advanced prompting techniques.
drawio-logical-diagrams
Creates professional logical flow diagrams and logical system architecture diagrams using draw.io XML format (.drawio files). Use when creating: (1) logical flow diagrams showing data/process flow between system components, (2) logical architecture diagrams representing system structure without cloud provider specifics, (3) BPMN process diagrams, (4) UML diagrams (class, sequence, activity), (5) data flow diagrams (DFD), (6) decision flowcharts, or (7) system interaction diagrams. This skill focuses on generic/abstract representations, not AWS/Azure-specific architectures (use aws-drawio-architecture-diagrams for cloud diagrams).
headless-claude-code
Reference guide for running Claude Code in headless, container, and CI environments — covers auth strategies, interactive mode pitfalls, tmux orchestration, root user workarounds, and git auth without SSH agents or keychains
project-guidelines-example
Example template for project-specific skill files covering architecture, patterns, testing, and deployment.
gcloud-usage
This skill should be used when user asks about "GCloud logs", "Cloud Logging queries", "Google Cloud metrics", "GCP observability", "trace analysis", or "debugging production issues on GCP".
building-cloud-siem-with-sentinel
This skill covers deploying Microsoft Sentinel as a cloud-native SIEM and SOAR platform for centralized security operations. It details configuring data connectors for multi-cloud log ingestion, writing KQL detection queries, building automated response playbooks with Logic Apps, and leveraging the Sentinel data lake for petabyte-scale threat hunting across AWS, Azure, and GCP security telemetry.
conducting-cloud-incident-response
Responds to security incidents in cloud environments (AWS, Azure, GCP) by performing identity-based containment, cloud-native log analysis, resource isolation, and forensic evidence acquisition adapted for ephemeral cloud infrastructure. Activates for requests involving cloud incident response, AWS security incident, Azure compromise, GCP breach, cloud forensics, or cloud identity compromise.
fallow
Codebase intelligence for JavaScript and TypeScript. Free static layer reports quality, changed-code risk, cleanup opportunities (unused files, exports, types, dependencies), code duplication, circular dependencies, complexity hotspots, architecture boundary violations, feature flag patterns, and opt-in security candidates. Runtime coverage merges production execution data into the same health report for hot-path review, cold-path deletion confidence, and stale-flag evidence, with a single local capture available by default and continuous/cloud runtime monitoring available as an optional mode. 122 framework plugins, zero configuration, sub-second static analysis. Use when asked to analyze code health, audit PR risk, find cleanup opportunities or unused code, detect duplicates, check circular dependencies, audit complexity, check architecture boundaries, detect feature flags, surface security candidates, clean up the codebase, auto-fix issues, merge runtime coverage, or run fallow.
cybersecurity-red-team-master
红队渗透 / 攻防 — 受授权的红队作业者 + 渗透测试工程师 + 攻击型安全顾问的认知操作系统 (侦察 OSINT / 外网渗透 / 内网 AD 渗透 BloodHound + Kerberoasting + ADCS 利用 + 横向移动 / Web 应用渗透 OWASP WSTG / 移动 OWASP MASTG / 云渗透 AWS Azure GCP IAM 路径 + 容器逃逸 + K8s / C2 操作 Cobalt Strike Sliver Mythic Havoc + OPSEC / 初始访问 + AV EDR 绕过 (仅授权场景) / 无线 RF / 物理社工 / 报告与整改 / 框架 MITRE ATT&CK + D3FEND + PTES + OSSTMM + NIST 800-115 + Kill Chain / 法律伦理 CFAA + 网络安全法 + 刑法 285 286 + 数据安全法 + GDPR + 授权书 + 范围 + 交战规则 — 不含 黑产 / 未授权攻击 / 大规模 exploitation / 供应链投毒 / 未授权 DoS — 这是 重罪 + 行业封杀 + 律师吊销, 本 skill 严守 authorized-only 边界 — 也不含 蓝队 SOC + 恶意软件 即服务 / 僵尸网络 / 勒索软件作者 — 这是 cybercrime 不是 红队) (Cybersecurity Red Team / Offensive Security Operations — the cognitive operating system of authorized red team operators, penetration testers, and offensive security consultants covering (a) reconnaissance & OSINT (passive + active discovery, asset surface mapping), (b) external network pentest (perimeter, exposed services, web), (c) internal network / Active Directory pentest (AD enumeration via BloodHound, Kerbe
data-engineering-master
数据工程 — 数据平台从业者的认知操作系统, 覆盖把数据从源系统搬运成可靠 / 可查询 / 可信赖形态供分析 / ML / 数据产品消费的全生命周期 (生成 → 摄取 → 存储 → 转换 → 服务 + 安全/数据管理/DataOps/数据架构/编排/软件工程 六条暗流, Reis & Housley 框架): 摄取与集成 (批 + CDC 变更数据捕获 Debezium + EL 工具 Fivetran/Airbyte/Meltano/dlt + Kafka Connect + schema drift) / 存储与文件表格式 (对象存储数据湖 + 列存 Parquet/ORC/Arrow/Avro + 开放表格式 Apache Iceberg/Delta Lake/Apache Hudi + lakehouse + 分区/compaction) / 转换与建模 (ELT dbt/SQLMesh + Spark + 维度建模 Kimball + Inmon + Data Vault + 大宽表 OBT + 渐变维 SCD + 增量模型 + 语义/指标层) / 编排与工作流 (Apache Airflow/Dagster/Prefect/Mage/Kestra/Apache DolphinScheduler + DAG + 幂等 + 回填 backfill + 数据资产调度) / 批流与实时 (Apache Kafka/Apache Flink/Spark Structured Streaming/Kinesis/Pulsar/Redpanda + Lambda vs Kappa + watermark/窗口/exactly-once + 流式 SQL Materialize/RisingWave + 实时 OLAP ClickHouse/Apache Druid/Apache Pinot/StarRocks/Apache Doris) / 数仓与查询引擎 (Snowflake/BigQuery/Redshift/Databricks SQL/Trino/Presto/DuckDB/Polars + 存算分离 + MPP) / 数据质量测试与可观测性 (dbt tests/Great Expectations/Soda + 数据契约 + Monte Carlo data downtime + 新鲜度/量/schem
cloud-security--container-hardening
AWS/Azure/GCP security auditing, container and Kubernetes hardening, Infrastructure as Code scanning, and cloud compliance assessment
terrashark
Prevent Terraform/OpenTofu hallucinations by diagnosing and fixing failure modes: identity churn, secret exposure, blast-radius mistakes, CI drift, and compliance gate gaps. Use when generating, reviewing, refactoring, or migrating IaC and when building delivery/testing pipelines.
using-cloud-cli
Cloud CLI patterns for GCP and AWS. Use when running bq queries, gcloud commands, aws commands, or making decisions about cloud services. Covers BigQuery cost optimization and operational best practices. NOT for Terraform or Kubernetes architectural decisions (see managing-infra).
seo-google
Google SEO APIs: Search Console (Search Analytics, URL Inspection, Sitemaps), PageSpeed Insights v5, CrUX field data with 25-week history, Indexing API v3, and GA4 organic traffic. Provides real Google field data for Core Web Vitals, indexation status, search performance, and organic traffic trends. Use when user says "search console", "GSC", "PageSpeed", "CrUX", "field data", "indexing API", "GA4 organic", "URL inspection", "google api setup", "real CWV data", "impressions", "clicks", "CTR", "position data", "LCP", "INP", "CLS", "FCP", "TTFB", or "Lighthouse scores".
dev-tpu-ray
Use the legacy `scripts/ray/dev_tpu.py` workflow to allocate a temporary Ray-backed TPU VM for fast debugging, testing, and benchmark iteration. Use only when you specifically need the Ray-backed dev TPU path.
cloud-devops
Cloud infrastructure and DevOps workflow covering AWS, Azure, GCP, Kubernetes, Terraform, CI/CD, monitoring, and cloud-native development.
cloud-infrastructure
Cloud infrastructure design and deployment patterns for AWS, Azure, and GCP. Use when designing cloud architectures, implementing IaC with Terraform, optimizing costs, or setting up multi-region deployments.
gcloud
Google Cloud Platform CLI - manage GCP resources. Use when working with Compute Engine, Cloud Run, GKE, Cloud Functions, Storage, BigQuery, or other GCP services.
cloud-iam-deep
Cloud IAM red-team attack chain across AWS, Azure, GCP — focused on EXTERNAL exploitation paths and post-credential-discovery privilege analysis. Covers IAM enumeration (aws iam, az role, gcloud iam), STS/AssumeRole chaining, Azure Managed Identity abuse (via SSRF/leak), GCP service account JSON abuse, IMDSv1/v2 attacks via SSRF, K8s ServiceAccount token privilege analysis once held (token discovery / cluster exposure is owned by hunt-k8s), role-trust-policy confused-deputy, cross-account assume-role enumeration, IAM privilege escalation patterns (24+ AWS, 8+ Azure, 6+ GCP), and AWS Cognito Identity Pool unauthenticated-role attack chain (GetId → GetCredentialsForIdentity → IAM role abuse). Built for the case where recon yields a credential (key, JSON, token) and you need to know what it grants and how to escalate. Use when an AWS key / Azure secret / GCP service account JSON / K8s SA token surfaces from a code repo, JS bundle, APK, breach corpus, or SSRF chain.
hunt-ssrf
Hunting skill for ssrf vulnerabilities. Built from 15 public bug bounty reports including AWS metadata SSRF (HackerOne $25k Analytics PDF, Shopify Exchange $25k, Capital One 106M-record breach, Dropbox/HelloSign $4,913), GCP metadata SSRF (Snapchat $4k), Azure IMDS SSRF (Azure DevOps $15k chain, ChatGPT Custom Actions MSRC), DNS rebinding SSRF (Concrete CMS, GitLab UrlBlocker), gopher-protocol-to-Redis-RCE (Yahoo Mail $15k), link-preview SSRF (Reddit Matrix $6k), and headless-browser PDF-generator SSRF chains. Use when hunting SSRF on any target — OOB Collaborator confirmation mandatory for blind cases.
rbac-design
Design minimal-privilege RBAC for workloads, operators, and human access in multi-tenant clusters.
blog-google
Google API integration for blog performance: PageSpeed Insights, CrUX Core Web Vitals with 25-week history, Search Console performance, URL Inspection, Indexing API, GA4 organic traffic, NLP entity analysis for E-E-A-T, YouTube video search for embedding, and Google Ads Keyword Planner. Progressive feature availability based on credential tier (API key, OAuth/service account, GA4, Ads). Shares config with claude-seo at ~/.config/claude-seo/google-api.json. Use when user says "google data", "page speed", "core web vitals", "search console", "indexation", "GA4", "keyword research", "nlp entities", "blog performance", "youtube search", "google api setup".
wjs-uploading-video
Upload one or many videos to YouTube. Use when the user wants to "上传到 YouTube", "发 YouTube", "批量上传", "upload to YouTube", "post videos to YouTube", or to publish a finished `final/` directory of MP4s. Reads per-video metadata (title / description / tags) from a sibling `UPLOAD_META.md` file when present (the user's standard markdown format), or from command-line flags. Survives behind a SOCKS/HTTP proxy by using `requests` directly for the resumable upload (the stock `google-api-python-client` MediaFileUpload stalls under this user's proxy setup).
mprove-build-dashboard
Build Mprove Dashboard
google-tts
Convert documents and text to audio using Google Cloud Text-to-Speech. Use this skill when the user wants to: narrate a document, read aloud text, generate audio from a file, convert text to speech, create a recording of documentation or analysis, create a podcast from a document, or use Google TTS/text-to-speech. Trigger phrases: "read this aloud", "narrate this", "create a recording", "text to speech", "TTS", "convert to audio", "audio from document", "listen to this", "generate audio", "google tts", "create a podcast".
google-cloud-vision-automation
Automate Google Cloud Vision tasks via Rube MCP (Composio). Always search tools first for current schemas.
googlebigquery-automation
Automate Google BigQuery tasks via Rube MCP (Composio): run SQL queries, explore datasets and metadata, execute MBQL queries via Metabase integration. Always search tools first for current schemas.
gws
Google Workspace CLI (gws) — unified command-line tool for Gmail, Drive, Sheets, Docs, Calendar, Chat, Admin, and 40+ Google APIs. Use this skill when the user wants to interact with any Google Workspace service from the terminal or via AI agents, set up gws authentication, configure the gws MCP server, manage Google Drive files, read or send Gmail, create or query Google Sheets, edit Google Docs, manage Calendar events, or automate any Google Workspace workflow. Also activate when the user mentions 'gws', 'google workspace cli', 'google drive cli', 'gmail from terminal', 'sheets api', 'google docs api', 'gws mcp', 'workspace automation', or asks to 'list my drive files', 'send email via cli', 'read my calendar', 'update spreadsheet', 'create a google doc'. Do NOT activate for native Claude MCP integrations (claude_ai_Gmail, claude_ai_Google_Calendar) unless the user explicitly wants to use gws instead, or needs services not covered by native integrations (Sheets, Docs, Drive, Chat, Admin).
pydantic-ai-model-integration
Configure LLM providers, use fallback models, handle streaming, and manage model settings in PydanticAI. Use when selecting models, implementing resilience, or optimizing API calls.
nw-authoritative-sources
Domain-specific authoritative source databases, search strategies by topic category, and source freshness rules
nw-data-architecture-patterns
Data architecture patterns (warehouse, lake, lakehouse, mesh), ETL/ELT pipelines, streaming architectures, scaling strategies, and schema design patterns
api-credentials
Securely manages API credentials for multiple providers (Anthropic Claude, Google Gemini, GitHub). Use when skills need to access stored API keys for external service invocations.
crypt
Designing cryptographic architecture: algorithm selection, key management, E2EE, KMS integration, signature verification, and TLS configuration. Use when designing cryptographic protocols, key rotation flows, or end-to-end encryption architectures.
business-analyst
Master modern business analysis with AI-powered analytics, real-time dashboards, and data-driven insights. Build comprehensive KPI frameworks, predictive models, and strategic recommendations. Use PROACTIVELY for business intelligence or strategic analysis.
cloud-architect
Expert cloud architect specializing in AWS/Azure/GCP multi-cloud infrastructure design, advanced IaC (Terraform/OpenTofu/CDK), FinOps cost optimization, and modern architectural patterns. Masters serverless, microservices, security, compliance, and disaster recovery. Use PROACTIVELY for cloud architecture, cost optimization, migration planning, or multi-cloud strategies.
cloud-penetration-testing
This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms.
data-engineer
Build scalable data pipelines, modern data warehouses, and real-time streaming architectures. Implements Apache Spark, dbt, Airflow, and cloud-native data platforms. Use PROACTIVELY for data pipeline design, analytics infrastructure, or modern data stack implementation.
database-admin
Expert database administrator specializing in modern cloud databases, automation, and reliability engineering. Masters AWS/Azure/GCP database services, Infrastructure as Code, high availability, disaster recovery, performance optimization, and compliance. Handles multi-cloud strategies, container databases, and cost optimization. Use PROACTIVELY for database architecture, operations, or reliability engineering.
gcp-cloud-run
Specialized skill for building production-ready serverless applications on GCP. Covers Cloud Run services (containerized), Cloud Run Functions (event-driven), cold start optimization, and event-driven architecture with Pub/Sub.
genkit
Build production-ready AI workflows using Firebase Genkit. Use when creating flows, tool-calling agents, RAG pipelines, multi-agent systems, or deploying AI to Firebase/Cloud Run. Supports TypeScript, Go, and Python with Gemini, OpenAI, Anthropic, Ollama, and Vertex AI plugins.
hybrid-cloud-architect
Expert hybrid cloud architect specializing in complex multi-cloud solutions across AWS/Azure/GCP and private clouds (OpenStack/VMware). Masters hybrid connectivity, workload placement optimization, edge computing, and cross-cloud automation. Handles compliance, cost optimization, disaster recovery, and migration strategies. Use PROACTIVELY for hybrid architecture, multi-cloud strategy, or complex infrastructure integration.
looker-studio-bigquery
Design and configure Looker Studio dashboards with BigQuery data sources. Use when creating analytics dashboards, connecting BigQuery to visualization tools, or optimizing data pipeline performance. Handles BigQuery connections, custom SQL queries, scheduled queries, dashboard design, and performance optimization.
network-engineer
Expert network engineer specializing in modern cloud networking, security architectures, and performance optimization. Masters multi-cloud connectivity, service mesh, zero-trust networking, SSL/TLS, global load balancing, and advanced troubleshooting. Handles CDN optimization, network automation, and compliance. Use PROACTIVELY for network design, connectivity issues, or performance optimization.
react-components
Converts Stitch designs into modular Vite and React components using system-level networking and AST-based validation.
sql-pro
Master modern SQL with cloud-native databases, OLTP/OLAP optimization, and advanced query techniques. Expert in performance tuning, data modeling, and hybrid analytical systems. Use PROACTIVELY for database optimization or complex analysis.
hunt-cloud-misconfig
Hunt cloud / infrastructure misconfigurations. AWS: public S3 buckets (s3:GetObject anonymous), permissive bucket policies (PutObjectAcl public-write), exposed CloudFront origin, public Lambda function URL, public RDS snapshot, IAM credentials in JS bundles, AWS metadata accessible via SSRF. GCP: public GCS buckets, exposed Cloud Run services, leaked service account JSON. Azure: public blob containers, exposed Function App. (Kubernetes/Docker exposure is owned by hunt-k8s; CI/CD pipeline attacks by hunt-cicd; post-credential IAM escalation by cloud-iam-deep.) Detection: targeted dorking, certificate transparency, JS bundle secret extraction, port scan for known service ports. Validate: actual data read / write / RCE. Use when hunting cloud-native storage and compute misconfig (S3/GCS/Blob, IMDS-via-SSRF, serverless, public managed services).
opus-4-5-migration
Migrate prompts and code from Claude Sonnet 4.0, Sonnet 4.5, or Opus 4.1 to Opus 4.5. Use when the user wants to update their codebase, prompts, or API calls to use Opus 4.5. Handles model string updates and prompt adjustments for known Opus 4.5 behavioral differences. Does NOT migrate Haiku 4.5.
seo-api
SE Ranking API integration architect for developers. Covers the entire SE Ranking surface — Data API (keyword research, backlinks, domain & competitor analysis, SERP, website audit, AI Search, account) AND Project API (rank tracking, project management, keyword/competitor/backlink/group operations, marketing plan, sub-accounts, AIRT prompts). For any "how do I…" question about endpoints, parameters, JSON schemas, credit cost, rate limits, or authentication. Produces ready-to-paste cURL / Python / TypeScript / MCP-tool-call recipes, and (with explicit confirmation) wires up Project API state — create projects, add keywords, configure audits, set up AIRT prompt groups, manage backlink groups. Pulls live tool schemas from the connected SE Ranking MCP so reference data is never stale. Distinct from the other 24 SEO skills which produce analysis deliverables (briefs, audits, reports); `seo-api` produces integration recipes and wired-up state. Use when the user asks "how do I use SE Ranking API to do X", "what endp
seo-google
Direct access to Google's own SEO data via Search Console (Search Analytics, URL Inspection, Sitemaps), PageSpeed Insights v5, CrUX field data with 25-week history, Indexing API v3, GA4 organic traffic, YouTube video search, Google NLP entity/sentiment analysis, Knowledge Graph entity verification, Web Risk safety, and Google Ads Keyword Planner. Bridges crawl-based analysis (the rest of this catalogue) with Google's real-time field data — actual Chrome user metrics, real indexation status, real search performance, real organic traffic. Use when the user asks "search console", "GSC", "PageSpeed", "CrUX", "field data", "indexing API", "GA4 organic", "URL inspection", "google api setup", "real CWV data", "impressions", "clicks", "CTR", "position data", "LCP", "INP", "CLS", "FCP", "TTFB", "Lighthouse scores", "youtube SEO", "knowledge graph", "keyword planner", or "real google data".
download-platform-invoices
Harvest monthly SaaS billing invoices into normalized records and official PDF files.
google-workspace
Use browser automation for Google Workspace web UI tasks in Gmail, Calendar, Drive, Docs, and Sheets.
gws
Use the gws CLI for Google Calendar, Gmail, Drive, Sheets, Docs, Tasks, and cross-service Workspace workflows.
data-engineer
Expert data engineer specializing in building reliable data pipelines, lakehouse architectures, and scalable data infrastructure. Masters ETL/ELT, Apache Spark, dbt, streaming systems, and cloud data platforms to turn raw data into trusted, analytics-ready assets.
cloud-gcp
Use this skill when architecting on Google Cloud Platform, selecting GCP services, or implementing data and compute solutions. Triggers on Cloud Run, BigQuery, Pub/Sub, GKE, Cloud Functions, Cloud Storage, Firestore, Spanner, Cloud SQL, IAM, VPC, and any task requiring GCP architecture decisions or service selection.
data-warehousing
Use this skill when designing data warehouses, building star or snowflake schemas, implementing slowly changing dimensions (SCDs), writing analytical SQL for Snowflake or BigQuery, creating fact and dimension tables, or planning ETL/ELT pipelines for analytics. Triggers on dimensional modeling, surrogate keys, conformed dimensions, warehouse architecture, data vault, partitioning strategies, materialized views, and any task requiring OLAP schema design or warehouse query optimization.
cc-skill-project-guidelines-example
Project Guidelines Skill (Example)
tech-stack-evaluator
Comprehensive technology stack evaluation and comparison tool with TCO analysis, security assessment, and intelligent recommendations for engineering teams
google-workspace
Gmail, Calendar, Drive, Contacts, Sheets, and Docs integration via Python. Uses OAuth2 with automatic token refresh. No external binaries needed — runs entirely with Google's Python client libraries in the Hermes venv.
analytics-insights
Drive Google Analytics (GA4), Google Tag Manager, Google Search Console, and BigQuery from chat — tracking plans, GA4 reports, key-event (conversion) setup, custom dimensions and metrics, GTM audits, GSC performance, and GA4 BigQuery export queries. Use when the user wants an analytics audit, a GA4 report, a tracking plan, conversion setup, GTM cleanup, search-performance data, or asks "how is the site performing?" or "are my conversions firing?".
firebase
Firebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules are your last line of defense, and they're often wrong. Firestore queries are limited, and you learn this after you've designed your data model. This skill covers Firebase Authentication, Firestore, Realtime Database, Cloud Functions, Cloud Storage, and Firebase Hosting. Key insight: Firebase is optimized for read-heavy, denormalized data. I
operating-infra
Author, inspect, troubleshoot, and review infrastructure across IaC, Kubernetes, cloud resources, containers, CI/CD, and Linux hosts. Use when changing Terraform/OpenTofu, Kubernetes, Helm, Kustomize, Dockerfiles, GitHub Actions, AWS, GCP, Cloud Run, BigQuery, IAM, logs, instances, or service health. NOT for deploy/apply/rollback workflows (see deploying-infra). NOT for shell scripts or generic command pipelines (see writing-shell).
google-workspace
Gmail, Calendar, Drive, Contacts, Sheets, and Docs integration via Python. Uses OAuth2 with automatic token refresh. No external binaries needed — runs entirely with Google's Python client libraries in the Hermes venv.
monitor-scaffold
Drop in supervisor config + /healthz endpoint + restart runbook for each service in profile.monitors.targets, per supervisor (systemd / pm2 / k8s / docker-compose)
data-context-extractor
Generate or improve a company-specific data analysis skill by extracting tribal knowledge from analysts. BOOTSTRAP MODE - → Discovers schemas, asks key questions, generates initial skill with reference files ITERATION MODE - → Loads existing skill, asks targeted questions, appends/updates reference files Use when data analysts want Claude to understand their company's specific data warehouse, terminology, metrics definitions, and common query patterns.
ads-server-side-tracking
Server-side tracking pipeline audit covering server-side Google Tag Manager (sGTM), Meta CAPI Gateway, Conversions API health, event deduplication via event_id, server-side hit ratio targets, pixel debugging, and PII hashing discipline. Use when user says server-side tracking, sGTM, server-side GTM, server-side tagging, CAPI, Conversions API, CAPI Gateway, Meta Conversions API, event deduplication, event_id, pixel debug, pixel health, Pixel/CAPI audit, first-party tracking, iOS 14.5 recovery, or server-side hit ratio.
multi-cloud-architecture
Design multi-cloud architectures using a decision framework to select and integrate services across AWS, Azure, and GCP. Use when building multi-cloud systems, avoiding vendor lock-in, or leveraging best-of-breed services from multiple providers.
terraform-module-library
Build reusable Terraform modules for AWS, Azure, and GCP infrastructure following infrastructure-as-code best practices. Use when creating infrastructure modules, standardizing cloud provisioning, or implementing reusable IaC components.
distributed-storage
Distributed storage systems design and operation for cloud platforms. Covers the GFS/HDFS block-and-master pattern, object storage (Swift/S3) with consistent hashing and eventual consistency, block storage semantics, replication vs erasure coding, the CAP theorem in practice, read-repair and anti-entropy, snapshot chains, and the GFS/BigTable/Spanner evolution. Use when designing a storage subsystem, choosing between object/block/file, or reviewing a replication and consistency strategy.
alphafold-database
Access AlphaFold's 200M+ AI-predicted protein structures. Retrieve structures by UniProt ID, download PDB/mmCIF files, analyze confidence metrics (pLDDT, PAE), for drug discovery and structural biology.
bigquery
Comprehensive guide for using BigQuery CLI (bq) to query and inspect tables in Monzo's BigQuery projects, with emphasis on data sensitivity and INFORMATION_SCHEMA queries.
denario
Multiagent AI system for scientific research assistance that automates research workflows from data analysis to publication. This skill should be used when generating research ideas from datasets, developing research methodologies, executing computational experiments, performing literature searches, or generating publication-ready papers in LaTeX format. Supports end-to-end research pipelines with customizable agent orchestration.
devops-iac-engineer
Implements infrastructure as code using Terraform, Kubernetes, and cloud platforms. Designs scalable architectures, CI/CD pipelines, and observability solutions. Provides security-first DevOps practices and site reliability engineering guidance.
firebase-development
This skill should be used when working with Firebase projects, including initializing projects, adding Cloud Functions or Firestore collections, debugging emulator issues, or reviewing Firebase code. Triggers on "firebase", "firestore", "cloud functions", "emulator", "firebase auth", "deploy to firebase", "firestore rules".
firebase-development-add-feature
This skill should be used when adding features to existing Firebase projects. Triggers on "add function", "create endpoint", "new tool", "add api", "new collection", "implement", "build feature". Guides TDD workflow with test-first development, security rules, and emulator verification.
firebase-development-debug
This skill should be used when troubleshooting Firebase emulator issues, rules violations, function errors, auth problems, or deployment failures. Triggers on "error", "not working", "debug", "troubleshoot", "failing", "broken", "permission denied", "emulator issue".
gcloud
Google Cloud Platform CLI - manage GCP resources including Compute Engine, Cloud Run, GKE, Cloud Functions, Storage, BigQuery, and more.
multi-cloud-architecture
Design multi-cloud architectures using a decision framework to select and integrate services across AWS, Azure, and GCP. Use when building multi-cloud systems, avoiding vendor lock-in, or leveraging best-of-breed services from multiple providers.
opentargets-database
Query Open Targets Platform for target-disease associations, drug target discovery, tractability/safety data, genetics/omics evidence, known drugs, for therapeutic target identification.
rn-auth
React Native authentication patterns for Expo apps. Use when implementing login flows, Google/Apple sign-in, token management, session handling, or debugging auth issues in Expo/React Native.
secret-scanner
Detect accidentally committed secrets, credentials, and sensitive information in code.
senior-computer-vision
World-class computer vision skill for image/video processing, object detection, segmentation, and visual AI systems. Expertise in PyTorch, OpenCV, YOLO, SAM, diffusion models, and vision transformers. Includes 3D vision, video analysis, real-time processing, and production deployment. Use when building vision AI systems, implementing object detection, training custom vision models, or optimizing inference pipelines.
senior-data-engineer
World-class data engineering skill for building scalable data pipelines, ETL/ELT systems, and data infrastructure. Expertise in Python, SQL, Spark, Airflow, dbt, Kafka, and modern data stack. Includes data modeling, pipeline orchestration, data quality, and DataOps. Use when designing data architectures, building data pipelines, optimizing data workflows, or implementing data governance.
senior-data-scientist
World-class data science skill for statistical modeling, experimentation, causal inference, and advanced analytics. Expertise in Python (NumPy, Pandas, Scikit-learn), R, SQL, statistical methods, A/B testing, time series, and business intelligence. Includes experiment design, feature engineering, model evaluation, and stakeholder communication. Use when designing experiments, building predictive models, performing causal analysis, or driving data-driven decisions.
senior-ml-engineer
World-class ML engineering skill for productionizing ML models, MLOps, and building scalable ML systems. Expertise in PyTorch, TensorFlow, model deployment, feature stores, model monitoring, and ML infrastructure. Includes LLM integration, fine-tuning, RAG systems, and agentic AI. Use when deploying ML models, building ML platforms, implementing MLOps, or integrating LLMs into production systems.
senior-prompt-engineer
World-class prompt engineering skill for LLM optimization, prompt patterns, structured outputs, and AI product development. Expertise in Claude, GPT-4, prompt design patterns, few-shot learning, chain-of-thought, and AI evaluation. Includes RAG optimization, agent design, and LLM system architecture. Use when building AI products, optimizing LLM performance, designing agentic systems, or implementing advanced prompting techniques.
sql-queries
Expert SQL query generation for DBX Studio. Use when writing, optimizing, or debugging SQL queries against user database connections.
sql-queries-tool
Expert SQL query generation for DBX Studio. Use when writing, optimizing, or debugging SQL queries against user database connections.
sragent
Query the Sequence Read Archive (SRA), retrieve scientific publications, and analyze genomics metadata using the SRAgent toolkit. Supports accession conversion (GSE→SRX→SRR), BigQuery metadata queries, manuscript downloads from multiple sources, and scRNA-seq technology identification. Use when working with SRA/GEO datasets, finding publications, or analyzing single-cell sequencing experiments.
tech-stack-evaluator
Comprehensive technology stack evaluation and comparison tool with TCO analysis, security assessment, and intelligent recommendations for engineering teams
terraform-module-library
Build reusable Terraform modules for AWS, Azure, and GCP infrastructure following infrastructure-as-code best practices. Use when creating infrastructure modules, standardizing cloud provisioning, or implementing reusable IaC components.
zarr-python
Chunked N-D arrays for cloud storage. Compressed arrays, parallel I/O, S3/GCS integration, NumPy/Dask/Xarray compatible, for large-scale scientific computing pipelines.
sandy-gemini-video
Use when 分析视频、看视频、视频画面分析、Gemini 分析视频、看懂视频、视频内容理解、 录屏分析、录屏质检、判断录屏能不能用、视频素材筛选、批量分析视频、分析下载的视频、 分析油管视频、YouTube 视频分析、在线分析视频、视频打分、视频评估、这段视频里发生了什么、 画面里有什么、视频符不符合要求, or any task that hinges on UNDERSTANDING WHAT HAPPENS INSIDE a video (画面 + 音频 + 时序) -- 本地录屏 / 下载的视频文件 / YouTube 在线链接皆可。 它把整段视频交给 Gemini 原生多模态(gemini-3.5-flash,非抽帧瞎猜)分析,吐回结构化评估 JSON 给 Claude 接棒决策。Make sure to use this skill whenever a task depends on what is visually or aurally inside a video -- 即使用户没明说"用 Gemini",只要需要看懂视频画面内容 (而不只是下载或拿字幕),就用本 skill。 Do not over-trigger:只下载视频不分析 -> yt-dlp;只要字幕/纯文字摘要 -> video-to-subtitle-summary; 做你自己的视频(口播稿/分镜/成片)-> 视频制作 skill;6 维博主全方位逆向 -> 下游分析 skill (它会反过来调用本 skill 做视觉/音频维度)。
add-gcal
Add Google Calendar integration to Deus. Agents can list, create, update, and delete calendar events. Guides through GCP OAuth setup, token generation, keep-alive timer, and CLI command installation.
add-gmail
Add Gmail integration to Deus. Can be configured as a tool (agent reads/sends emails when triggered from WhatsApp) or as a full channel (emails can trigger the agent, schedule tasks, and receive replies). Guides through GCP OAuth setup and implements the integration.
gcloud
Google Cloud CLI 操作
health
Cal.com Commander health check across all subsystems. TRIGGERS - calcom health, calendar bot status, cal.com diagnostics, booking bot check.
infra-deploy
Cal.com self-hosted deployment to GCP Cloud Run with Supabase PostgreSQL. Docker Compose for local dev.
setup
Full Cal.com Commander setup wizard - Cal.com API, Telegram bot, Supabase DB, GCP project, launchd services. Discovers 1Password.
deploy-from-stale-worktree-silent-rollback
Diagnose "I deployed a new Cloud Run / Docker image but a bunch of recently merged fixes regressed in production." Use when: (1) the deploy script does `gcloud builds submit ... "${SCRIPT_DIR}"` or `docker build <dir>` (build context = local filesystem, NOT a git ref), (2) the user has many git worktrees / multiple checkouts of the same repo, (3) the user reports "redeployed but the fix from PR #X isn't live" or "lots of fixes regressed after my deploy", (4) the deployed revision created at time T was authored by the user themselves (not CI). Root cause: deploy was run from a worktree whose HEAD predates the merged PRs; the build packaged stale local files, silently rolling back N commits worth of merged fixes. Provides the authoritative diagnostic (download Cloud Build source tarball + byte-diff against git history to identify the source commit) and the fix (rebuild from current main checkout, or instant traffic-switch rollback to the last known-good revision). v1.1 adds a pre-deploy preflight (5 lines from
merged-pr-not-deployed-gate-label-missing
Diagnose "I merged my PR + CI is green but the live service still doesn't show my changes." Use when: (1) a code-bearing PR has been squash-merged into main with all required status checks passing, (2) the user reports the change is still missing from the deployed environment minutes-to-hours later, (3) the repo has a `pull_request: types: [closed]` workflow gated on a label (typically `auto-deploy`, `deploy`, `ship-it`) and/or a path filter, (4) the deploy workflow's run row in `gh run list` shows `conclusion=skipped` for your PR's branch — visually identical to `success` in the run summary. Distinct from `gha-auto-deploy-never-ran-skipped-mask` (sister skill: same "skipped masks failure" symptom class but different cause — that skill is about the FIRST time the gate fires and the deploy step then hits a permission gap; THIS skill is about the routine case where the gate correctly works and the PR simply didn't satisfy it). Trigger phrases: "I can't see the changes live", "merged but not deployed", "PR shipp
subagent-external-wait-orchestrator-takeover
Avoid orchestrator-budget burn when a subagent's main work is done but it's still polling an external event (CI completion, auto-deploy GHA workflow, Cloud Build, gcloud run revision rollout, long-running test suite, etc.). Use when: (1) you've dispatched a subagent with a final-step instruction like "verify auto-deploy" / "wait for CI green" / "poll until revision active", (2) the subagent has already done its substantive work (PR merged, artifact built) and is now in a polling loop, (3) you notice repeated `<task-notification>` events from that agent with `tool_uses: 0` and short `duration_ms` (a few seconds each) — each cycle says "still waiting" or "still in progress" with zero forward progress, (4) each notification forces the orchestrator to spend a turn responding (often dozens of these before the external event completes). The subagent isn't broken — it's doing what you asked — but the polling work belongs to the ORCHESTRATOR, not a subagent. Captures the takeover pattern: dispatch the subagent for th
write-script-bigquery
MUST use when writing BigQuery queries.
google-analytics-4
Use this skill whenever the user installs, configures, or debugs Google Analytics 4, or mentions gtag.js, GTM, conversion tracking, e-commerce events, or a cookie/consent banner tied to analytics. Covers installation, event tracking, user properties, e-commerce, Consent Mode v2 for EU/UK visitors, SPA pageview tracking, and BigQuery export. Skip for other analytics products (Plausible, Mixpanel, PostHog, Segment), Universal Analytics (sunset 2024), or server-side-only tracking.
claude-opus-4-5-migration
Migrate prompts and code from Claude Sonnet 4.0, Sonnet 4.5, or Opus 4.1 to Opus 4.5. Use when the user wants to update their codebase, prompts, or API calls to use Opus 4.5. Handles model string updates and prompt adjustments for known Opus 4.5 behavioral differences. Does NOT migrate Haiku 4.5.
setup-ci
Teaches CI/CD from first principles to a non-developer, then scaffolds a working test + deploy pipeline. Handles the common hosts (GitHub Actions, GitLab CI, CircleCI, Travis, Jenkins) and common deploy targets (SSH to VM, Vercel, Netlify, Fly.io, Cloud Run, Docker registries). Asks what the operator has before generating anything — never assumes.
secrets-handling
处理密钥/凭据/token 时使用。防止泄露进代码、日志、前端。
gif-search
Search/download GIFs from Tenor via curl + jq; use when finding or sending reaction/visual GIFs.
google-workspace
Gmail, Calendar, Drive, Docs, Sheets via gws CLI or Python.
fallow
Codebase intelligence for JavaScript and TypeScript. Free static layer reports quality, changed-code risk, cleanup opportunities (unused files, exports, types, dependencies), code duplication, circular dependencies, complexity hotspots, architecture boundary violations, and feature flag patterns. Runtime coverage merges production execution data into the same health report for hot-path review, cold-path deletion confidence, and stale-flag evidence - a single local capture is free, while continuous/cloud runtime monitoring is paid. 97 framework plugins, zero configuration, sub-second static analysis. Use when asked to analyze code health, audit PR risk, find cleanup opportunities or unused code, detect duplicates, check circular dependencies, audit complexity, check architecture boundaries, detect feature flags, clean up the codebase, auto-fix issues, merge runtime coverage, or run fallow.
gcp-architecture-best-practices-reviewer
Evidence-backed review of Google Cloud Platform architecture against GCP best practices and CIS GCP Foundation Benchmark concepts. Use when reviewing Terraform, Kubernetes/GKE manifests, network topology, IAM, Cloud SQL, KMS, Cloud Storage, Secret Manager, or CI/CD config for security, reliability, cost, and compliance gaps. Read-only — produces findings only.
oli-storage-manager
A unified data management skill using 'oli' to interface with S3, GCS, Azure, and other remote storage with built-in safety guardrails.
define-deployment
Capture deployment characteristics for both production and development — hosting, IaC, CI/CD, secrets, observability, local dev environment, containerization, hot reload, and seed data. Use when the project-builder agent is gathering deployment information.
gws-events-subscribe
This skill should be used when the user says "stream Workspace events", "listen for Chat messages", "subscribe to Drive changes", "watch events from a Workspace resource", "stream events as NDJSON", or wants to create a new Workspace Events subscription and stream events in real time. Covers Pub/Sub setup, filtering by event type, and writing events to a directory.
gws-gmail-watch
This skill should be used when the user says "watch for new emails", "stream incoming Gmail", "monitor my inbox for new messages", "set up a Gmail listener", "pipe incoming emails to a script", or wants to watch a Gmail mailbox and stream new messages in real time. Covers Pub/Sub integration, label filtering, and writing messages to a directory.
gws-modelarmor-create-template
This skill should be used when the user says "create a Model Armor template", "set up a safety template", "create a jailbreak filter", "add a new content filter", "configure a Model Armor policy", or wants to create a new Google Model Armor template. Covers preset templates (jailbreak) and custom JSON-defined template configuration.
ultrasafe-threat-model-lifecycle
Pre-release simulated penetration testing from the threat modeling (STRIDE/PASTA) + incident lifecycle + disclosure timing attacker perspective. Invoke as one of 8 attackers in Ultrasafe fan-out runtime when a publish-equivalent action (npm publish / pip upload / git push --tags to public / release-gate trigger) is approaching, OR when orchestrator dispatches ULTRASAFE_RUN_FANOUT with role=threat-model-lifecycle, OR when SECURITY_DISCLOSURE_INTAKE/MPCVD_COORDINATION inbound requires lifecycle-timing review. Emits ULTRASAFE_FINDING via Constellation §13.16 (advisory mode in v0.2.x — report-only, no publish blocking). Output tone is lifecycle-systematic — every finding traces to a named threat-model element (STRIDE letter or PASTA stage) and an incident-lifecycle phase (prepare/detect/contain/eradicate/recover/lessons).
data-pipeline
ETL/ELT pipeline design. Trigger when the user wants to create data flows, transformations, or orchestration.
data-engineer
Data Engineer (/data) — designs and builds data pipelines: ETL/ELT, dbt transformations, warehouses/lakehouses (BigQuery, Snowflake, DuckDB, Postgres), streaming (Kafka, Flink), orchestration (Airflow, Dagster), and data quality. Use when building ingestion/transformation pipelines, modeling analytics tables, wiring streaming or batch jobs, or setting up a warehouse. Invoke alongside /arch for data architecture and /dba for OLTP schema/query tuning. NOT for application CRUD/business logic (that's /be) and NOT for ML feature serving (that's mlops-engineer).
gws-events-subscribe
This skill should be used when the user says "stream Workspace events", "listen for Chat messages", "subscribe to Drive changes", "watch events from a Workspace resource", "stream events as NDJSON", or wants to create a new Workspace Events subscription and stream events in real time. Covers Pub/Sub setup, filtering by event type, and writing events to a directory.
gws-gmail-watch
This skill should be used when the user says "watch for new emails", "stream incoming Gmail", "monitor my inbox for new messages", "set up a Gmail listener", "pipe incoming emails to a script", or wants to watch a Gmail mailbox and stream new messages in real time. Covers Pub/Sub integration, label filtering, and writing messages to a directory.
gws-modelarmor-create-template
This skill should be used when the user says "create a Model Armor template", "set up a safety template", "create a jailbreak filter", "add a new content filter", "configure a Model Armor policy", or wants to create a new Google Model Armor template. Covers preset templates (jailbreak) and custom JSON-defined template configuration.
chief-data-officer-advisor
Chief Data Officer advisory for startups: AI training data rights and consent provenance, data product strategy (warehouse vs lakehouse vs mesh, build-vs-buy), B2B customer-data-as-asset valuation and M&A readiness, data team org evolution. Use when deciding whether to train models on customer data, choosing data architecture, valuing data for fundraising or M&A, sequencing data hires, or when user mentions CDO, chief data officer, data strategy, data mesh, lakehouse, training data, data product, data monetization, or customer data asset. NOT a tactical data engineering skill — strategic decisions only.
google-workspace-cli
Google Workspace administration via the gws CLI. Install, authenticate, and automate Gmail, Drive, Sheets, Calendar, Docs, Chat, and Tasks. Run security audits, execute 43 built-in recipes, and use 10 persona bundles. Use for Google Workspace admin, gws CLI setup, Gmail automation, Drive management, or Calendar scheduling.
data-export
Use when the user wants to export marketing data to BigQuery, Google Sheets, or Supabase for analysis, reporting, or integration with other tools.
fastify-production
This skill should be used when deploying Fastify to production, configuring Fastify security headers, setting up reverse proxy with Fastify, implementing graceful shutdown, configuring @fastify/helmet, @fastify/cors, @fastify/rate-limit, trustProxy settings, Kubernetes Fastify deployment, Fastify performance tuning, request timeouts, handler timeouts, return503OnClosing, prototype poisoning protection, production Fastify checklist, or hardening Fastify server.
rehum-sre-advisor-craft
How Rehum advises on SRE practice — SLI/SLO definition, error budgets and burn-rate alerts, capacity planning, the no-implementation boundary, and the cite-the-framework rule. Invoke when SLO design, reliability risk review, or capacity advice is needed.
pentest-cloud
Cloud security pentest — AWS/Azure/GCP IAM analysis, lateral path, container escape pattern, serverless abuse advisory. Triggers on cloud pentest, AWS, Azure, GCP, IAM, S3 misconfig, EC2 metadata, Azure AD, GCP IAM, Pacu, ScoutSuite, Prowler, CloudGoat.
brand-manager
Set up and manage brand profiles. Use when: configuring a new brand, updating brand config, or switching brands.
full-pipeline
Run the complete end-to-end production pipeline — parse, match, compose, copy, preview, review, finalize.
generate-video
Generate short-form video clips via a 5-stage human-in-the-loop pipeline: concept, keyframes, video generation, and delivery.
setup
One-time setup for image and video generation APIs. Run this before any creative production.
fastify-production
This skill should be used when deploying Fastify to production, configuring Fastify security headers, setting up reverse proxy with Fastify, implementing graceful shutdown, configuring @fastify/helmet, @fastify/cors, @fastify/rate-limit, trustProxy settings, Kubernetes Fastify deployment, Fastify performance tuning, request timeouts, handler timeouts, return503OnClosing, prototype poisoning protection, production Fastify checklist, or hardening Fastify server.
data-breach-blast-radius
Proactive blast radius analysis before a breach: sensitive data inventory, flow tracing, regulatory fine estimation (GDPR/CCPA/HIPAA), hardening roadmap. Triggers: /data-breach-blast-radius, breach impact.
cloud-finops
Expert FinOps guidance covering cloud, AI, SaaS, and adjacent technology spend. Includes AI cost management, GenAI capacity planning, AI-powered FinOps automation, Anthropic billing, AWS (EC2, Bedrock, Savings Plans, CUR, commitment strategy), Azure (reservations, Savings Plans, AHB, OpenAI PTUs, portfolio liquidity), GCP (Vertex AI, Compute Engine, BigQuery), Kubernetes and container FinOps (OpenCost, Kubecost), serverless FinOps (Lambda, Functions, Cloud Run), data platforms (Kafka/MSK, Elasticsearch/OpenSearch, Redis/Valkey), multi-cloud normalization (FOCUS specification), tagging governance, SaaS management (SAM, licence optimisation, SMPs, shadow IT), AI coding tools (Cursor, Claude Code, Copilot, Windsurf, Codex), ITAM, Databricks, Snowflake, OCI, and GreenOps. Use for any query about technology cost, commitment portfolio management, rightsizing, cost allocation, SaaS sprawl, AI dev tool spend, container cost attribution, serverless optimization, multi-cloud strategy, or connecting spend to business va
gws-cli
Google Workspace CLI (gws) for managing all 18 Workspace APIs from the terminal. Use when running gws commands, listing Drive files, sending Gmail, reading Sheets, creating Calendar events, managing Tasks, querying Chat, pushing Apps Script, building cross-service automations, or when user mentions gws or Google Workspace CLI. NOT for building MCP servers (use mcp-server), NOT for general API design (use api-design), NOT for GCP infrastructure (use cicd-pipelines).
env-secrets-manager
Environment variable hygiene, secret leak detection, and credential rotation workflows. TRIGGER when: working with .env files, secret management, credential rotation, pre-commit secret scanning, or investigating leaked credentials. DO NOT TRIGGER when: general config file editing, non-secret environment setup, or infrastructure provisioning (use relevant infra skill).
fedramp
Expert guidance for FedRAMP certification and compliance. Use this skill whenever a user asks about FedRAMP authorization, ATO (Authority to Operate), cloud security for federal government, NIST SP 800-53 controls, CSP compliance, or any of the core FedRAMP document types: SSP, SAP, SAR, POA&M, CIS/CRM workbooks. Also trigger for questions about FedRAMP impact levels (Low, Moderate, High, LI-SaaS), FedRAMP 20x, OSCAL, 3PAO assessments, continuous monitoring (ConMon), gap assessments, system boundary definition, FedRAMP readiness, or architecture reviews for federal cloud. When in doubt, use this skill — it covers the full FedRAMP lifecycle from readiness through continuous monitoring.
multi-cloud-architecture
Design multi-cloud architectures using a decision framework to select and integrate services across AWS, Azure, and GCP. Use when building multi-cloud systems, avoiding vendor lock-in, or leveraging best-of-breed services from multiple providers.
terraform-module-library
Build reusable Terraform modules for AWS, Azure, and GCP infrastructure following infrastructure-as-code best practices. Use when creating infrastructure modules, standardizing cloud provisioning, or implementing reusable IaC components.
data-pipeline
【数据管道】ETL 管道设计、Airflow/dbt 模式、数据验证、监控告警。 触发时机: - 用户要求"设计数据管道"、"ETL流程" - 需要搭建 Airflow DAG - 数据转换和验证 提供完整的数据管道设计方案。
deploying-applications
Deployment patterns from Kubernetes to serverless and edge functions. Use when deploying applications, setting up CI/CD, or managing infrastructure. Covers Kubernetes (Helm, ArgoCD), serverless (Vercel, Lambda), edge (Cloudflare Workers, Deno), IaC (Pulumi, OpenTofu, SST), and GitOps patterns.
deploying-on-gcp
Implement applications using Google Cloud Platform (GCP) services. Use when building on GCP infrastructure, selecting compute/storage/database services, designing data analytics pipelines, implementing ML workflows, or architecting cloud-native applications with BigQuery, Cloud Run, GKE, Vertex AI, and other GCP services.
ingesting-data
Data ingestion patterns for loading data from cloud storage, APIs, files, and streaming sources into databases. Use when importing CSV/JSON/Parquet files, pulling from S3/GCS buckets, consuming API feeds, or building ETL pipelines.
using-document-databases
Document database implementation for flexible schema applications. Use when building content management, user profiles, catalogs, or event logging. Covers MongoDB (primary), DynamoDB, Firestore, schema design patterns, indexing strategies, and aggregation pipelines.
using-relational-databases
Relational database implementation across Python, Rust, Go, and TypeScript. Use when building CRUD applications, transactional systems, or structured data storage. Covers PostgreSQL (primary), MySQL, SQLite, ORMs (SQLAlchemy, Prisma, SeaORM, GORM), query builders (Drizzle, sqlc, SQLx), migrations, connection pooling, and serverless databases (Neon, PlanetScale, Turso).
cron-dispatch
Schedule any script to run on a recurring schedule on Windows (Task Scheduler) or Linux (cron) - register, list, and remove jobs from one command, with logging to a file and a guard against overlapping runs. Use for schedule a script, run nightly, set up a cron job, windows task scheduler, or run on a timer.
cron-dispatch
Schedule any script to run on a recurring schedule on Windows (Task Scheduler) or Linux (cron) - register, list, and remove jobs from one command, with logging to a file and a guard against overlapping runs. Use for schedule a script, run nightly, set up a cron job, windows task scheduler, or run on a timer.
docker-vps-deploy
Use when deploying a Dockerized application to a VPS (Linux server) via SSH without a container registry, generating a GitHub Actions pipeline that uses docker save, gzip compression, and rsync to transfer images. Triggers: "deploy to VPS", "rsync docker image", "docker save and load", "VPS CI/CD", "SSH deploy pipeline", "deploy without registry", "transfer docker image via SSH".
lifesight-core
Use at the start of ANY conversation that will call a Lifesight MCP tool (ask_mia, query_ad_data, search_knowledge_base, get_current_budget, list_models, set_active_workspace). Load this BEFORE the first data call. Triggers: budget optimization, iROAS / iRevenue, marketing measurement, incrementality, MMM, channel performance, "what's working", board prep, CFO reporting, anomaly detection, scenario planning — any request that touches Lifesight measurement data. Also load whenever a Lifesight tool errored, returned a wall of data, stalled mid-question, or leaked internal field names.
deploy-receipt
Enforces Law 4 (Verify Before Reporting) of the 7 Laws of AI Agent Discipline at the deploy seam. A merge into a branch that auto-deploys is not "done" until the deploy provider reports the merged commit SHA running and a healthcheck endpoint returns 200. Companion to the vendored `finishing-a-development-branch` skill — does not replace it, runs after it for projects on Railway, Cloudflare Workers, Vercel, Netlify, Fly.io, or any other auto-deploy target.
google-workspace
Gmail, Calendar, Drive, Contacts, Sheets, and Docs integration via Python. Uses OAuth2 with automatic token refresh. No external binaries needed — runs entirely with Google's Python client libraries in the Hermes venv.
bigquery-cost-audit
Use when reviewing BigQuery spend, query failure patterns, or scan inefficiencies -- identifying which jobs, users, or projects drive cost, or preparing optimization recommendations for a cost review.
data-quality
Use when adding or reviewing data quality tests for dbt models in warehouse-backed analytics projects. Covers dbt generic tests, singular tests (assert_*.sql), accepted-values macros, dbt_utils patterns, cross-system consistency tests, and warehouse-oriented validation. Use when writing data tests, creating assert_*.sql files, testing business logic, or validating referential integrity.
classroom-submit
Autonomously submit files to Google Classroom assignments end-to-end, bypassing the cross-origin Drive Picker iframe that blocks browser automation. Uploads the file to the user's Google Drive via rclone, finds the target assignment (by query or explicit IDs), attaches the Drive file, and turns in the submission — all via the Classroom REST API using OAuth 2.0. Use when asked to "submit to Classroom", "upload this to Atividade X", "entregar", "turn in on Classroom", or any variant of actually finalizing a Classroom submission from a local file.
gcp-iam
Debugs GCP permission-denied errors, designs IAM bindings, traces org → folder → project inheritance, and untangles service-account impersonation chains. Covers Workload Identity. Use when working with GCP IAM, gcloud, "permission denied" on GCP resources, Workload Identity, or SA impersonation.
github-actions-pipelines
Debugs and authors GitHub Actions workflows — OIDC federation to AWS/GCP/Azure, GITHUB_TOKEN permissions hardening, reusable workflows vs composite actions, deploy concurrency, caching, the path-filter/required-check trap, and pull_request_target security. Use when working with GitHub Actions, `.github/workflows/`, OIDC to cloud providers, `pull_request_target`, branch protection required checks, reusable workflows, or CI/CD pipelines that deploy to AWS/GCP/DigitalOcean.
t2i-prompt-dialect
Rewrite an asset brief into the exact prompt dialect of the target image model (OpenAI gpt-image-1, Google Imagen/Gemini, SDXL, Flux.1/Flux.2, Midjourney, Ideogram, Recraft). Handles negative-prompt translation, token budgets, transparency quirks, brand-palette injection, and text-in-image ceilings so that `asset_generate_*` submissions succeed on the first try.
bigquery-features
Use when asking about BigQuery-specific features, syntax, or capabilities including: STRUCT/ARRAY/UNNEST patterns, MERGE statements, BigQuery scripting (DECLARE, IF, LOOP, BEGIN/END), scheduled queries, remote functions, JSON functions, approximate aggregation (APPROX_COUNT_DISTINCT, HLL_COUNT), geography/GIS functions, BigQuery ML (CREATE MODEL), search indexes, vector search, or BI Engine. Triggers on: "UNNEST", "STRUCT", "ARRAY", "MERGE", "DECLARE", "scripting", "scheduled query", "remote function", "JSON_EXTRACT", "APPROX_COUNT", "HLL", "ST_", "CREATE MODEL", "BQML", "search index", "vector search", "BI Engine".
bigquery-query-generation
Use when generating BigQuery SQL from natural language descriptions, converting queries from other SQL dialects to BigQuery, writing new BigQuery queries from scratch, or when the user describes what data they need and expects SQL output. Triggers on: "write me a query", "generate SQL", "how do I query", "convert this to BigQuery", "I need to get data from", "create a query".
bigquery-schema-design
Use when designing BigQuery table schemas, choosing partitioning or clustering strategies, deciding between nested/repeated fields vs flat schemas, selecting table types (native, external, views, materialized views), choosing data types, or planning denormalization. Triggers on: "partition", "cluster", "STRUCT", "ARRAY", "nested fields", "table design", "schema", "materialized view", "external table", "denormalize", "data type", "TIMESTAMP vs DATETIME".
cost-guard
Compare observed app-level run-rate to per-app and per-model budgets, emit INBOX warnings on breach
finops-patterns
Provides FinOps practices for cloud cost optimization, budget management, and resource rightsizing. Use when analyzing cloud spend, optimizing costs, or when user mentions 'finops', 'cloud cost', 'rightsizing', 'budget', 'cost allocation', 'reserved instance', 'spot instance', 'showback', 'chargeback'.
gws-events-subscribe
Google Workspace Events: Subscribe to Workspace events and stream them as NDJSON.
gws-gmail-watch
Gmail: Watch for new emails and stream them as NDJSON.
gws-modelarmor-create-template
Google Model Armor: Create a new Model Armor template.
saas-auth
SaaS uygulaması için kimlik doğrulama ve oturum yönetimi kur. Google OAuth, Magic Link, e-posta/şifre veya bunların kombinasyonlarını yapılandır. Bu skill'i kullanıcı login sistemi, kayıt akışı, oturum yönetimi, korumalı route'lar veya kullanıcı profili ile ilgili bir şey istediğinde kullan. "Giriş sayfası yap", "auth ekle", "kullanıcı sistemi kur", "login/register" gibi ifadeler tetikler.
gcp-dataform-rest-api-deploy
Deploy .sqlx files to Google Cloud Dataform repositories via REST API without the Dataform CLI. Use when: (1) deploying Dataform SQL from CI/CD or scripts, (2) programmatically updating Dataform workspaces, (3) triggering Dataform invocations from Cloud Workflows or automation, (4) adding NEW .sqlx files to a Dataform repo that also hosts other production release configs (v1.1.0: requires pre-merge workspace compile + post-merge cross-check gating to avoid breaking sibling release configs), (5) hitting "Only a commitish value of main is allowed" error when trying to compile a dev branch or non-main gitCommitish, (6) needing to discover exact target names with `_loader` suffix for workflowInvocations includedTargets, (7) renaming a .sqlx file whose `name:` (target name) is unchanged — both old and new produce the same target so they can't coexist (v1.2.0: atomic write+remove in one workspace commit + Gate-3 post-push compile against EVERY release config, with rollback recipe). Covers the full lifecycle: writeF
lictor-rotate
Walks the user through rotating a leaked API key — step by step, provider-specific. Knows the exact URL to visit, the exact button to click, and how to verify the rotation worked. Supports Stripe, OpenAI, Anthropic, Google Cloud / AI Studio, GitHub, AWS, Slack, Supabase, Firebase, Postmark, and generic OAuth providers.
closing
Switch to freelance closing mode — mission qualification, scoping, quoting, and client relationship management
ai-citation-tracker
Track brand mentions, URL citations, and share-of-voice across the 2026 AI search surface — ChatGPT (with browsing), Perplexity, Claude (with search), Google Gemini, Google AI Overviews, Bing Copilot, You.com, Phind, and Microsoft Copilot. Polls a configurable query set per engine on a schedule; logs whether your brand was mentioned, whether your URL was cited, who your competitors were, and how all of that moved week over week. Outputs share-of-voice dashboards, weekly delta reports, competitor matrices, and citation-gap analysis (queries where you SHOULD be cited but aren't). Closes the single biggest gap in legacy SEO platforms — Visibly AI / Semrush / Ahrefs / Moz / Conductor all under-cover this surface in 2026, even though AI Overviews now answer 30%+ of informational queries with zero clicks. TRIGGER on "AI citation tracking", "share of voice AI", "ChatGPT citations", "Perplexity citations", "AI Overview tracking", "brand mentions in AI", "LLM visibility", "GEO tracking", "AEO measurement", "AI search
cost-analysis
Analyzes infrastructure costs at 1K-100K user scales by reading the actual codebase, auto-detecting cloud providers, modeling per-action costs, and projecting total monthly spend with optimization recommendations.
cnpg
Create and operate CloudNativePG (CNPG) Postgres databases on Kubernetes the GitOps/Flux way — on managed cloud (GKE + GCS via Workload Identity) OR self-hosted (K3s/bare-metal + any S3-compatible store via a credentials secret). Covers Cluster + ScheduledBackup manifests, barman WAL archiving, pgvector, PITR, prod→dev clones, and the NetworkPolicies a default-deny cluster needs. Use when provisioning a new app database, cloning prod into dev, enabling pgvector, wiring backups/PITR, writing CNPG NetworkPolicies, or debugging the silent "WAL archiving failed → PVC fills → Postgres CrashLoop → app can't read data" chain on CloudNativePG.
dbdesign
Design and review production database schemas, data models, ERDs, migration plans, and storage patterns. Use for OLTP schema design, OLAP/star-schema modeling, fact/dimension tables, indexes, constraints, partitioning, multi-tenant data models, CSV/JSON-to-table design, schema review, migration risk review, and database design documents across PostgreSQL, MySQL, SQLite/D1, BigQuery, and MongoDB. Does not execute DDL by default.
miudb
Query, inspect, and manage saved database connections through the Go `miudb` CLI. Use when the user asks to run SQL, list schemas, add native connections, smoke-test connections, inspect tunnel-backed databases, or produce agent-readable JSON from SQLite, Postgres, MySQL, Snowflake, or BigQuery.
sqlit
Query data from any saved database connection (BigQuery, Postgres, MySQL, MSSQL, SQLite, Snowflake, DuckDB, etc.) via the `sqlit` CLI. Use when the user asks to inspect tables, run SQL, list schemas, count rows, export data, or references a saved sqlit connection by name.
publish-chrome-extension
Republish a new release of an existing Chrome extension to the Chrome Web Store: downloads the release zip from GitHub, reviews the tracked store-listing info for staleness, uploads the zip via the Web Store API, and submits it for review. TRIGGER when: the user wants to publish, republish, or upload a new extension version to the Chrome Web Store, typically right after /release. DO NOT TRIGGER when: creating a brand-new store listing, editing store listing content (description, screenshots), or building/tagging a release (use /release for that).
programmatic-agent-runs
Govern Cursor SDK local, cloud, self-hosted, and subagent coding runs before they create branches or PRs.
annualreports
Annual security report aggregation and analysis. USE WHEN annual reports, security reports, threat reports, industry reports, update reports, analyze reports, vendor reports, threat landscape.
seo-google
Direct access to Google's own SEO data via Search Console (Search Analytics, URL Inspection, Sitemaps), PageSpeed Insights v5, CrUX field data with 25-week history, Indexing API v3, GA4 organic traffic, YouTube video search, Google NLP entity/sentiment analysis, Knowledge Graph entity verification, Web Risk safety, and Google Ads Keyword Planner. Bridges crawl-based analysis (the rest of this catalogue) with Google's real-time field data — actual Chrome user metrics, real indexation status, real search performance, real organic traffic. Use when the user asks "search console", "GSC", "PageSpeed", "CrUX", "field data", "indexing API", "GA4 organic", "URL inspection", "google api setup", "real CWV data", "impressions", "clicks", "CTR", "position data", "LCP", "INP", "CLS", "FCP", "TTFB", "Lighthouse scores", "youtube SEO", "knowledge graph", "keyword planner", or "real google data".
backup-patterns
Backup patterns for Linux servers and applications covering the 3-2-1 rule, rsync file backups, PostgreSQL dumps with pg_dump, encrypted backups with restic, retention policies, and restore testing. Use whenever the project contains shell scripts using pg_dump, rsync, or restic, a Brewfile or requirements file with restic or pgbackup tooling, cron job definitions for backups, or backup-related systemd units, OR the user asks about backups, disaster recovery, data retention, pg_dump, rsync, or restic, even if "backup" is not mentioned by name.
pipeline-architect
Designs and implements data pipelines: ETL/ELT, streaming, batch processing, schema migrations, and data warehouse architecture. Covers Kafka, Airflow, dbt, Spark, ClickHouse, BigQuery, Snowflake, Redis Streams, and more. Use this skill when the user asks about data pipelines, ETL jobs, data transformation, streaming setup, data warehouse design, CDC, schema migrations, data quality checks, or anything involving moving data from source to target. Also triggers on "build a pipeline," "migrate data from X to Y," "set up streaming," "design my data warehouse," or "data quality is bad, help me fix it."
add-dbt-model
Add a new dbt model (staging, intermediate, or marts) to an existing MDS deployment. Invoke when the user wants to transform raw data, build an analytics table, or expose a new metric in BigQuery.
add-mcp-skill
Add a new BigQuery-backed skill to the MCP server: a tool exposed to AI agents plus the .md context files that describe the underlying data. Invoke when the user wants AI agents (claude.ai, Claude Code, Cursor) to query a new domain of the warehouse.
add-source
Add a new data source (dlt pipeline, BigQuery native transfer, or on-prem database via Tailscale) to an existing Modern Data Stack. Invoke when the user wants to integrate a new SaaS, database, or Google service into the warehouse.
create-mds
Build a Modern Data Stack (Tailscale + dlt + BigQuery + dbt-core + systemd timers + optional MCP) from scratch on a new VPS for a small or medium business. Invoke when the user wants to bootstrap data integration end-to-end.
troubleshoot
Diagnose pipeline issues by reading logs and state across Airbyte, dbt, BigQuery, the VPS, and Tailscale. Invoke when verify-pipeline reports a failure, the user says 'something's broken', or a sync hasn't run.
verify-pipeline
Run a full health check across the MDS pipeline: ingestion (dlt/Airbyte) load status, BigQuery freshness per source, ingest reconciliation (source-vs-destination row counts), dbt model freshness, MCP server health, and raw-vs-staging row count integrity. Invoke when the user wants to confirm the pipeline is healthy or asks 'is everything working?'
analytics-workarounds
Analytics data access workarounds for PMs without direct tool access. Uses Zapier MCP as a data bridge from GA4, Looker, and BigQuery to Google Sheets for analysis. Use when user says "pull analytics", "GA4 workaround", "get metrics without Looker access", "analytics pipeline", or "data bridge".
modular-sql-ctes
Refactors SQL into staging, intermediate, and fact CTE layers with explicit grain and naming conventions. Use when the user asks to refactor a SQL query, clean up a model, build a dbt model, modularize a query, or mentions CTE structure, query readability, or "this SQL is hard to follow."
remotion-video-toolkit
Complete toolkit for programmatic video creation with Remotion + React. Covers animations, timing, rendering (CLI/Node.js/Lambda/Cloud Run), captions, 3D, charts, text effects, transitions, and media handling. Use when writing Remotion code, building video generation pipelines, or creating data-driven video templates.
firebase-apk-scanner
Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use when analyzing APK files for Firebase vulnerabilities, performing mobile app security audits, or testing Firebase endpoint security. For authorized security research only.
gmail-cli
Use Gmail through the authenticated Google Workspace CLI. Use when the curated Gmail connector cannot expose raw message payloads, binary attachments, unsupported MIME types, original MIME source, or exact Gmail API metadata.
spinediagrams
Generate clean architecture and system-design diagrams as SVG files. Use this skill whenever the user wants to visualise how services, systems, or components connect: migration diagrams, current-state vs target-state architectures, integration maps, data-flow diagrams, platform overviews, or any diagram that shows technology boxes with arrows between them. Triggers on phrases like: "draw a diagram", "make an architecture diagram", "show me how X connects to Y", "create a system diagram", "architecture SVG", "visualise the stack", "diagram this", or whenever the conversation has produced a list of components and integrations that would benefit from a visual. Always use this skill rather than trying to write SVG by hand.
debug
Structured production-incident investigation. Forces evidence-first hypothesis ranking before any code change. Use when given an error message, Sentry alert, failing log, or 'investigate <X>' request.
xcloud-docker-deploy
Deploy any project to xCloud hosting — auto-detects stack (WordPress, Laravel, PHP, Node.js, Next.js, NestJS, Python, Go, Rust), routes to native or Docker deployment, generates production-ready Dockerfile, docker-compose.yml, GitHub Actions CI/CD, and .env.example. Works from zero Docker setup.
boris
Claude Code workflow tips from Boris Cherny (creator of Claude Code) and the Claude Code team. Use when: setting up Claude Code, optimizing workflows, running parallel sessions, configuring CLAUDE.md, using skills/commands, subagents, hooks, MCP integrations, or learning best practices. Covers: git worktrees, plan mode, verification, permissions, Slack MCP, BigQuery, prompting tips, plugins, custom agents, sandboxing, keybindings, status lines, output styles, customization, /simplify for code quality, /batch for parallel code migrations, /loop for scheduled tasks, code review agents, /btw for mid-task questions, /effort max reasoning, remote control sessions, voice mode, setup scripts, session naming, /color, PostCompact hook, auto mode, /schedule cloud jobs, iMessage plugin, auto-memory, and auto-dream.
agent-registry
Use this skill whenever the user wants to interact with Google Cloud's Agent Registry using gcloud commands. Triggers on any mention of "agent registry", "agent-registry", "mcp-servers", "gcloud agents", "register an agent", "list agents", "create a service", "agent service", or any request to manage agents, MCP servers, endpoints, or services in Google Cloud Agent Registry. Also triggers on requests to integrate or use the Google Agent Development Kit (ADK) with the Agent Registry.
generate-image
This skill should be used when the user asks to "generate an image", "create a picture", "make an image of", "edit this image", "transform this photo", or needs AI-generated visual content using Google's Gemini image generation model.
google-workspace-convert
This skill should be used when the user asks to "convert a Google Doc to markdown", "download Google Sheets as markdown", "create a Google Doc from markdown", or needs to convert between Google Workspace files and Markdown format.
managing-deployment
Deployment and infrastructure for the site. Consult when troubleshooting deployments, modifying CI/CD, or diagnosing build issues.
xls2ymljob
Convert Excel job definitions to Starlake YAML
write-script-bigquery
MUST use when writing BigQuery queries.
vela-slides
Create presentation decks using the Vela engine. Compact DSL format — never verbose JSON. Also loads, extracts, and edits existing decks.
terraform-module-scaffolder
Scaffolds new Terraform modules with standardized structure including main.tf, variables.tf, outputs.tf, versions.tf, and README.md. This skill should be used when users want to create a new Terraform module, set up module structure, or need templates for common infrastructure patterns like VPC, ECS, S3, or RDS modules.
firebase
Firebase: Firestore database, Authentication, Realtime Database, Cloud Functions, Firebase Storage, and security rules — for web and mobile apps
modal
- User is deploying ML/AI workloads to Modal (modal.com) - Code imports `modal` or references `@app.function`, `@app.cls`, `Stub`, `App` - User needs serverless GPU compute for inference, fine-tuning,
sql-queries
Generate SQL queries from natural language descriptions. Supports BigQuery, PostgreSQL, MySQL, and other dialects. Reads database schemas from uploaded diagrams or documentation. Use when writing SQL, building data reports, exploring databases, or translating business questions into queries.
claude-code
Anthropic Claude Code orchestration through `bash.exec`. Use when the user explicitly wants to run Claude Code from shell, install or authenticate the `claude` CLI, choose model aliases such as `sonnet` or `opus`, or execute non-interactive `claude -p` workflows.
fused-integrations
Reference for using Fused's built-in integration connections inside UDFs. Covers data sources (Snowflake, BigQuery, GCS, S3, Airtable, Notion, Google Drive), compute/inference providers (Modal, Hugging Face, Baseten, Daytona, ComfyOrg, Slack), and LLM providers (Anthropic, OpenAI) — the fused.api connect helpers, secrets access, and common operations (query, write, list, invoke, infer). Use when the user is writing a UDF that reads from, writes to, or calls out to a connected service.
google-workspace
Manage Google Workspace via the `gws` CLI — Drive, Gmail, Calendar, Sheets, Docs, Chat, Admin, Tasks, Meet, Slides, Forms, Contacts, and every other Workspace API. Use when: (1) listing, uploading, downloading, or sharing files on Google Drive, (2) reading, sending, labeling, or filtering Gmail messages, (3) creating, updating, or querying Google Calendar events, (4) reading or writing Google Sheets data, (5) creating or editing Google Docs, (6) sending Google Chat messages, (7) managing Google Tasks, (8) any other Google Workspace operation. Wraps the official `gws` CLI which dynamically discovers all Workspace APIs. Outputs structured JSON suitable for agent pipelines.
iac-container-security
Audit infrastructure-as-code and container security including Terraform/OpenTofu/Pulumi configurations, Dockerfile hardening, Kubernetes manifests, base image hygiene, container scanning, secrets in IaC, IAM policies, network exposure, and runtime security context. Multi-cloud (AWS, GCP, Azure). Use this skill whenever the user asks about Terraform security, tfsec, Checkov, Trivy, Dockerfile hardening, distroless images, k8s securityContext, network policies, IAM least privilege, IaC secret scanning, or 'audit my infrastructure'. Trigger on phrases like 'scan my Dockerfile', 'review my Terraform', 'audit my k8s manifests', 'harden my containers', 'IaC security', 'base image hygiene', 'container CVEs', 'trivy scan'. Use this even when only one IaC layer is mentioned.
k8s-security
Kubernetes security review — RBAC discipline, Pod Security Standards (baseline/restricted), NetworkPolicy default-deny, admission controllers (Kyverno/Gatekeeper/VAP), External Secrets Operator, and runtime monitoring via Falco and audit logs.
spoonos-deployment-guide
Deploy SpoonOS agents to production environments. Use when containerizing agents with Docker, deploying to cloud platforms (AWS, GCP, Vercel), or setting up self-hosted infrastructure.
data-context-extractor
Generate or improve a company-specific data analysis skill by extracting tribal knowledge from analysts. BOOTSTRAP MODE - Triggers: "Create a data context skill", "Set up data analysis for our warehouse", "Help me create a skill for our database", "Generate a data skill for [company]" → Discovers schemas, asks key questions, generates initial skill with reference files ITERATION MODE - Triggers: "Add context about [domain]", "The skill needs more info about [topic]", "Update the data skill with [metrics/tables/terminology]", "Improve the [domain] reference" → Loads existing skill, asks targeted questions, appends/updates reference files Use when data analysts want Claude to understand their company's specific data warehouse, terminology, metrics definitions, and common query patterns.
sql-queries
Write correct, performant SQL across all major data warehouse dialects (Snowflake, BigQuery, Databricks, PostgreSQL, etc.). Use when writing queries, optimizing slow SQL, translating between dialects, or building complex analytical queries with CTEs, window functions, or aggregations.
google-workspace
Gmail, Calendar, Drive, Contacts, Sheets, and Docs integration via Python. Uses OAuth2 with automatic token refresh. No external binaries needed — runs entirely with Google's Python client libraries in the Hermes venv.
google-workspace
Gmail, Calendar, Drive, Contacts, Sheets, and Docs integration via Python. Uses OAuth2 with automatic token refresh. No external binaries needed — runs entirely with Google's Python client libraries in the Hermes venv.
fallow
Codebase intelligence for JavaScript and TypeScript. Free static layer reports quality, changed-code risk, cleanup opportunities (unused files, exports, types, dependencies), code duplication, circular dependencies, complexity hotspots, architecture boundary violations, feature flag patterns, and opt-in security candidates. Runtime coverage merges production execution data into the same health report for hot-path review, cold-path deletion confidence, and stale-flag evidence, with a single local capture available by default and continuous/cloud runtime monitoring available as an optional mode. 118 framework plugins, zero configuration, sub-second static analysis. Use when asked to analyze code health, audit PR risk, find cleanup opportunities or unused code, detect duplicates, check circular dependencies, audit complexity, check architecture boundaries, detect feature flags, surface security candidates, clean up the codebase, auto-fix issues, merge runtime coverage, or run fallow.
caduceus-auto-save
Automatically detect and save person-related information (names, roles, contact info, relationships, organizations) to Core Memory (Caduceus). Triggers when user mentions people with descriptive details like job titles, phone numbers, emails, responsibilities, or relationships to other people or organizations.
google-aip
Authoritative reference for Google AIP (API Improvement Proposals) — the design guidelines maintained at https://aip.dev for resource-oriented API design, naming, errors, pagination, long-running operations, versioning, and related conventions. Use this skill whenever the user is designing, reviewing, or implementing an API and any of these terms or concepts come up: AIP, aip.dev, resource names, standard methods (Get/List/Create/Update/Delete), custom methods, LRO, pagination tokens, field masks, error codes, API versioning, or 'how does Google design X'. Also trigger when a specific AIP number is mentioned (e.g. 'AIP-121', 'AIP-158'). Prefer this skill over generic API advice — the content here is the actual upstream specification.
ocr-validate
INTERNAL - OCR text validation via Cloud Vision. Used by quality-reviewer.
google-drive-operator
Analyze, restructure, and manage Google Drive shared folders. List contents, read documents, rename files, create professional documents, and organize folder hierarchies -- all through the Google Drive and Docs APIs.
sql-queries
Write correct, performant SQL across all major data warehouse dialects (Snowflake, BigQuery, Databricks, PostgreSQL, etc.). Use when writing queries, optimizing slow SQL, translating between dialects, or building complex analytical queries with CTEs, window functions, or aggregations.
write-query
Write optimized SQL for your dialect with best practices. Use when translating a natural-language data need into SQL, building a multi-CTE query with joins and aggregations, optimizing a query against a large partitioned table, or getting dialect-specific syntax for Snowflake, BigQuery, Postgres, etc.
s3-enum
AWS S3 and cloud storage enumeration methodology. Covers bucket discovery, access control testing, public data exposure, and cross-cloud (GCS, Azure Blob) equivalents.
cloud-infra-data
AWS/GCP/Azure data infrastructure — S3/GCS/ADLS partitioning, BigQuery slot management, Redshift spectrum, Snowflake warehouses, IAM roles for data access, cost optimization, and managed service selection. Use this skill whenever the user is deploying a pipeline to cloud, choosing between managed data services, configuring storage for a data lake, setting up IAM/permissions for pipelines, asking about BigQuery pricing, Redshift vs. BigQuery vs. Snowflake, S3 bucket layout, or cloud-specific performance tuning. Also trigger when the user mentions cloud costs, slow BigQuery queries, Redshift concurrency scaling, storage formats in the cloud, or cross-account data access. If it touches cloud + data together, this skill should be active.
cost-optimization-data
Query cost analysis, partition pruning, slot reservation strategies, storage tiering, and cloud data warehouse cost reduction. Use this skill whenever the cloud data bill is unexpectedly high, a specific query is scanning too much data, the team wants to understand what's driving BigQuery/Snowflake/Redshift costs, or when choosing between on-demand vs. reserved capacity. Also trigger when the user mentions bytes scanned, slot utilization, query cost, storage costs, Redshift concurrency, Snowflake credits, or when trying to set up cost alerts and budgets. If someone says "our BigQuery bill jumped" or "this query is expensive", this skill should be active immediately.
data-governance
Data lineage tracking, PII tagging, access control policies, data catalog metadata standards, retention policies, and audit logging for regulatory compliance. Use this skill whenever the company is subject to PDPA, GDPR, HIPAA, or any data privacy regulation, when an audit requires proof of who accesses what data, when PII fields need to be identified and classified in a dataset, when setting up column-level access control, or when building a data catalog. Also trigger when someone asks about data masking, anonymization, right-to-erasure workflows, role-based data access, or data lineage from source to BI tool. If the word "compliance", "audit", "PII", "sensitive data", or "regulation" appears, this skill should be active.
data-migration
Moving data between systems safely — cutover planning, backfill strategies, dual-write patterns, validation, rollback procedures, and zero-downtime migration techniques. Use this skill whenever the team is migrating from one database or warehouse to another (MySQL → Snowflake, Redshift → BigQuery, on-prem → cloud), replacing a legacy pipeline, doing a major schema change on a live table, or planning a cutover that cannot have downtime. Also trigger when the user asks about dual-write, shadow reads, data validation across systems, incremental vs. full migration, or how to safely retire an old system. If the phrase "migrate", "move data", "cutover", "legacy system", or "replace the old pipeline" appears, this skill should be active.
sql-patterns
Best-practice SQL for analytical workloads — window functions, CTEs, query optimization, partitioning strategies, and anti-patterns to avoid. Use this skill whenever the user is writing or reviewing a SQL query that goes beyond a basic SELECT, especially on BigQuery, Snowflake, Redshift, or DuckDB. Trigger on mentions of aggregations, ranking, running totals, session analysis, lag/lead comparisons, deduplication, slowly-changing lookups, or any time the user asks "how do I write a query for X". Also trigger when a query looks slow, returns wrong results, or the user asks for a code review of existing SQL.
stakeholder-reporting
Translate pipeline metrics, SLA breaches, data quality failures, and incidents into clear non-technical summaries for business stakeholders. Use this skill whenever data was late, wrong, or missing and someone needs to communicate what happened to a manager, director, or business team. Also trigger when writing incident reports, SLA breach notifications, data quality summaries, pipeline health updates, or any communication where the audience doesn't know what Airflow or BigQuery is. If the user needs to explain a technical data failure to a non-technical person, this skill should be active.
matematic-workspace-backup
Konfiguracja szyfrowanego backupu Google Workspace dla kancelarii prawnych przez gogcli + age + prywatne repo Git. Używaj gdy klient-kancelaria pyta o RODO art. 32, ciągłość Workspace, ochronę przed lockout/ransomware, lub gdy MateMatic robi audyt zgodności backup'u. Trigger keywords - "backup Workspace", "art. 32 RODO", "ciągłość Workspace", "kancelaria backup Gmail/Drive", "lockout Google", "DR drill".
interview-transcription-tw
台灣採訪錄音轉錄與引語管理工作流程 (繁體中文/台灣專用版,對應 upstream interview-transcription 的美國版)。涵蓋:錄音檔管理、Whisper 中文模型 (large-v3、台/客/原民族語)、雅婷逐字稿、台灣商用轉錄服務、引語提取、時間軸對照、查證用 quote database、轉錄品質檢核、與 source-verification-tw / fact-check-workflow-tw 整合。錄音轉逐字稿、引語對照查核、訪談檔案管理、語音檔保存時觸發。記者、查核員、研究員、法務、紀錄片工作者必備。
google-docs-markdown
Convert markdown files to formatted Google Docs via the API. Handles headings, lists, tables, code blocks, images, folder organization, and sharing. Use when you need to deliver professional documents to stakeholders via Google Drive. Trigger phrases: 'create a google doc', 'upload to google docs', 'share on google drive', 'send as google doc', 'markdown to google docs'.
authentication
Auth flows, session management, OAuth integration, domain-restricted access, and role-based access control for TopNetworks properties. Primary implementation is Better Auth 1.x with Google OAuth in route-genius. Use when implementing login, session checks, protected routes, or any access control logic.
data-context-extractor
Generate or improve a company-specific data analysis skill by extracting tribal knowledge from analysts. BOOTSTRAP MODE - Triggers: "Create a data context skill", "Set up data analysis for our warehouse", "Help me create a skill for our database", "Generate a data skill for [company]" → Discovers schemas, asks key questions, generates initial skill with reference files ITERATION MODE - Triggers: "Add context about [domain]", "The skill needs more info about [topic]", "Update the data skill with [metrics/tables/terminology]", "Improve the [domain] reference" → Loads existing skill, asks targeted questions, appends/updates reference files Use when data analysts want Claude to understand their company's specific data warehouse, terminology, metrics definitions, and common query patterns.
boxlang-configuration
Use this skill when configuring BoxLang runtime settings via boxlang.json, setting environment variables for config overrides, configuring datasources, caches, executors, modules, logging, security, or schedulers — or when helping someone understand the BoxLang configuration system.
boxlang-deployment
Use this skill when deploying BoxLang applications: CommandBox server setup, Docker containers, AWS Lambda, GitHub Actions CI/CD, BoxLang Version Manager (BVM), boxlang.json runtime config, environment variables, or Spring Boot integration.
boxlang-runtime-google-cloud-functions
Use this skill when building, testing, or deploying BoxLang applications on Google Cloud Functions Gen 2, including handler structure, FunctionRunner entry point, URI routing, environment variables, local development with the GCF invoker, and debugging.
secrets-vault-manager
Use when the user asks to set up secret management infrastructure, integrate HashiCorp Vault, configure cloud secret stores (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager), implement secret rotation, or audit secret access patterns.
sepolia-deploy
Sepolia Testnet Deployment — verifier deployment, batch submission, on-chain verification
draw-io
Create professional Draw.io (diagrams.net) XML diagrams for architecture, network flows, and system designs. Use when the user asks to create diagrams, architecture diagrams, flow charts, network diagrams, system diagrams, or mentions Draw.io/diagrams.net. Supports AWS/GCP icons, grouping, and custom styling.
google-colab-cli
Use when installing, authenticating, account switching, troubleshooting, or operating google-colab-cli for Colab VM execution, file transfer, Drive mount, GPU/TPU use, or compute-unit-sensitive sessions.
wallet-api
Query the Polymarket Wallet Hunter API and AlloyDB. Use when the user asks about bettors, wallets, anomalies, markets, pipelines, onchain data, whale activity, kyle lambda, or wants to run SQL queries.
secrets-vault-manager
Use when the user asks to set up secret management infrastructure, integrate HashiCorp Vault, configure cloud secret stores (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager), implement secret rotation, or audit secret access patterns.
submit
Submit the /solve endpoint to the NM i AI challenge platform. Use when the user wants to submit, send the endpoint, or says "submit", "submit endpoint", "send submission", "submit to ainm", "run submission".
authentication
Auth flows, session management, OAuth integration, domain-restricted access, and role-based access control for TopNetworks properties. Primary implementation is Better Auth 1.x with Google OAuth in route-genius. Use when implementing login, session checks, protected routes, or any access control logic.
Integration detected automatically from skill content. Some results may be false positives.