Raishin
UserCurated marketplace of AI skills, agents, and rules for cloud, zero-trust, and compliance-aware engineering - works with Claude Code, Codex, Cursor, Copilot, and more.
Categories
Indexed Skills (63)
alibaba-ack-container-platform-operator
Operate ACK clusters (managed/dedicated/serverless), ACR container registries, ASM service mesh, and container workload placement. Guide ACK type selection, OIDC workload identity, and image vulnerability posture.
alibaba-actiontrail-audit-analyst
Query Alibaba Cloud ActionTrail management API call history, build governance audit reports, create SLS-based compliance evidence trails, and detect anomalous admin activity patterns.
alibaba-analyticdb-realtime
Operate AnalyticDB for MySQL and PostgreSQL, Hologres real-time OLAP analytics, and DAS real-time diagnostics for sub-second interactive analytics workloads.
alibaba-certificate-manager-issuer-review
Review Alibaba Cloud SSL Certificate Service — DV/OV/EV certificate lifecycle, auto-renewal configuration, certificate deployment to SLB/ALB/CDN/OSS, domain validation status, CAA record compliance, and expiry monitoring.
alibaba-change-impact-advisor
Pre-change blast radius analysis for Alibaba Cloud — Resource Directory OU scope mapping, RAM policy cascade effects, VPC peering and CEN impact, SLB backend pool changes, RDS connection pool disruption, and safe change sequencing.
alibaba-cost-anomaly-watch-coordinator
Detect and coordinate response to Alibaba Cloud cost anomalies — MaxCompute CU vs on-demand billing mismatch, ECS spot instance interruption cascades, CDN traffic spike billing, OSS API request cost explosions, budget alert → DingTalk notification → remediation playbook.
alibaba-cost-finops-analyst
Analyze Alibaba Cloud spend via Cost Manager, optimize Savings Plans and Reserved Instance coverage, design resource tagging strategy, investigate budget drift, and right-size over-provisioned ECS, RDS, and MaxCompute resources.
alibaba-daily-operations-briefing-coordinator
Coordinate the daily Alibaba Cloud operations standup — cost delta from Cost Manager, ActionTrail anomaly review, ACK pod failure triage, quota utilization warnings, Security Center finding review, and action item assignment.
alibaba-devops-cicd-operator
Build CI/CD pipelines with RDC (Research and Development Collaboration), Cloud Build, Flow pipeline automation, ACR (Container Registry) image lifecycle, and environment promotion strategies.
alibaba-ecs-compute-operator
Operate ECS instances, Auto Scaling groups, ECI serverless containers, and Cloud Assistant O&M automation. Handle instance lifecycle, image management, placement groups, spot/preemptible instances, and scheduled scaling.
alibaba-event-driven-architecture-review
Review Alibaba Cloud EventBridge, MNS (Message Notification Service), RocketMQ, and MSE event-driven designs — dead-letter queues, message ordering, idempotency, retry storm prevention, schema registry, and consumer group lag monitoring.
alibaba-function-serverless-operator
Deploy and operate Function Compute 3.0, SAE (Serverless App Engine) applications, and EDAS microservice apps. Guide the serverless vs. PaaS vs. container platform choice for each workload type.
alibaba-iac-change-safety-review
Review Terraform and ROS (Resource Orchestration Service) changes targeting Alibaba Cloud — blast radius analysis, resource deletion detection, cross-stack dependency impact, Resource Directory scope, and rollback plan completeness.
alibaba-kms-secret-lifecycle-steward
Audit and govern Alibaba Cloud KMS key lifecycles, Certificate Manager, SSM (Secrets Manager), and HSM key operations. Ensure encryption-at-rest coverage and rotation compliance across CMKs, envelope encryption, and certificate lifecycle.
alibaba-landing-zone-architect
Design Alibaba Cloud landing zone — Resource Management org tree, Cloud SSO, Control Policy (SCP equivalent), multi-account governance baseline, billing account structure, and ActionTrail centralization.
alibaba-live-ack-rollout-guard
Gate ACK deployment mutations, node pool scaling, and cluster version upgrades against rollback posture and workload disruption budget. Prevents irreversible cluster version upgrades from proceeding without PodDisruptionBudget verification, node drain confirmation, and explicit operator approval.
alibaba-live-cost-budget-action-guard
Gate live financial authority actions — budget threshold changes, Savings Plan purchases, and Reserved Instance commitments. These are committed spend or can trigger immediate service suspension.
alibaba-live-kms-key-mutation-guard
Gate KMS key deletion and disable operations. All data encrypted with a deleted CMK (OSS SSE-KMS, ECS encrypted disks, RDS/PolarDB TDE) becomes permanently and irrecoverably inaccessible. This guard enforces complete CMK dependency audits, deletion window confirmation, and explicit operator approval before any key state mutation.
alibaba-live-oss-bucket-policy-guard
Gate OSS bucket ACL and policy mutations — public-read/write ACL exposes data to internet crawlers within seconds; CN-* cross-border replication requires DSL Article 31 assessment.
alibaba-live-ram-policy-change-guard
Gate RAM policy/role mutations against the Alibaba Cloud account hierarchy. RAM AdministratorAccess assignment, policy deletion with active STS tokens, and Resource Directory Control Policy changes carry account-wide or org-wide blast radius. This guard enforces blast-radius assessment, STS token impact analysis, and explicit authority approval before any policy mutation is executed.
alibaba-live-rds-polardb-mutation-guard
Gate RDS/PolarDB instance deletion, spec downgrade, and backup policy removal — database deletion without verified backup is permanently destructive.
alibaba-load-balancer-traffic-engineer
Traffic engineering for Alibaba Cloud load balancers — CLB (Classic, legacy), ALB (Application Load Balancer, Layer 7 advanced routing), NLB (Network Load Balancer, Layer 4 high throughput), and GA (Global Accelerator) — type selection, health check design, WAF integration, and traffic distribution.
alibaba-maestro
Alibaba Cloud Maestro routing skill. Classify the user's Alibaba Cloud task, select the narrowest specialist agent or the right team of specialists from the catalog, and dispatch them — single specialist for focused tasks, parallel team (max 4) for multi-domain tasks. Never auto-dispatch live-guard agents. China-region aware — flags when workloads are in mainland China regions and applicable regulatory frameworks (MLPS 2.0, DSL, PIPL) differ from international regions.
alibaba-maxcompute-dataworks-analyst
Manage MaxCompute CU package governance, DataWorks scheduling, Quick BI reporting, and PAI ML platform. Optimize query cost and job scheduling efficiency for big data workloads.
alibaba-migration-architect
Plan Alibaba Cloud migrations using SMC (Server Migration Center), DTS (Data Transmission Service) for data sync, OSSImport for object storage migration, and design cutover sequencing with rollback paths.
alibaba-mse-microservice-engine
Configure and operate Alibaba MSE (Microservice Engine) — Nacos service discovery and configuration management, Sentinel rate limiting and circuit breaking, Seata distributed transactions, and ARMS APM for microservices observability.
alibaba-network-architect
Design Alibaba Cloud network topology — VPC peering, CEN for multi-VPC/multi-region connectivity, Express Connect for private circuits, SLB/ALB/NLB/CLB load balancer selection, and Smart Access Gateway for branch offices.
alibaba-observability-incident-responder
Respond to Alibaba Cloud incidents using CloudMonitor alarms, SLS log analytics, ARMS APM distributed tracing, and alert governance for ECS, RDS, ACK, and network services.
alibaba-oss-data-perimeter-governor
Govern Alibaba Cloud OSS data perimeters — bucket ACL and policy conflict resolution, Block Public Access configuration, cross-account access via RAM role, VPC endpoint binding for private access, WORM (Object Lock), and MLPS 2.0 data residency compliance.
alibaba-oss-storage-steward
Manage OSS lifecycle policies, bucket policy and ACL governance, NAS/CPFS shared file storage, cross-region replication, and access control hardening for Alibaba Cloud object and file storage.
alibaba-polardb-rds-dba
Operate PolarDB (MySQL/PG/Oracle) clusters and RDS instances — DAS diagnostics, database proxy, Global Database Network, backup strategy, and performance tuning.
alibaba-ram-iam-review
Audit Alibaba Cloud RAM users, groups, roles, and policies; review STS token lifecycle and scope; assess Resource Directory permission boundaries; review Control Policy statements for org-wide gaps or over-privilege.
alibaba-registry-artifact-governor
Govern Alibaba Cloud Container Registry (ACR) — Enterprise Edition vs Personal Edition selection, image vulnerability scanning, namespace IAM least privilege, image retention policies, cross-region replication, and supply chain security posture.
alibaba-resilience-bcdr-review
Review Alibaba Cloud workload HA and BCDR designs — RDS High-Availability Edition failover, PolarDB Global Database Network, ACK multi-zone, ECS disaster recovery cross-region, RTO/RPO target analysis, and HBR (Hybrid Backup Recovery) coverage.
alibaba-security-center-hardening
Harden Alibaba Cloud security posture via Security Center (threat detection, vulnerability scanning, baseline checks), WAF, Anti-DDoS Pro, Cloud Firewall, and Network Traffic Analysis (NTA).
alibaba-serverless-production-readiness
Review Function Compute 3.0 (FC3), SAE (Serverless App Engine), and EDAS for production readiness — cold start optimization, VPC binding, RAM role injection, ARMS distributed tracing, security group rules, concurrency limits, and SLA-readiness.
alibaba-solution-architect
Design Alibaba Cloud solutions — product selection (PolarDB vs RDS, ACK vs ASK vs SAE, MaxCompute vs AnalyticDB), architecture patterns, landing zone design, and disaster recovery strategies aligned to the Alibaba Well-Architected Framework.
alibaba-support-incident-coordinator
Coordinate Alibaba Cloud support incidents — case creation with correct severity (紧急/高/中/低), Enterprise Support SLA enforcement, account manager escalation path, status page monitoring for CN-* and international, internal stakeholder communication, and post-incident evidence packaging.
alibaba-ticket-triage-escalation-coordinator
Triage Alibaba Cloud operational alerts, incidents, and support tickets — P0/P1/P2/P3 classification, Alibaba Cloud Support SLA enforcement, account manager escalation, DingTalk war room coordination, evidence collection from CloudMonitor and SLS, and safe escalation paths.
alibaba-waf-cost-optimization-review
Assess Alibaba Cloud cost posture: ECS instance family rightsizing, Savings Plans and Reserved Instance coverage, Preemptible Instance adoption, cost allocation tagging, OSS storage tiering, analytics pricing, and idle resource elimination.
alibaba-waf-reliability-review
Assess Alibaba Cloud workload reliability: multi-AZ ECS topology, SLB/ALB/NLB load balancing, Auto Scaling health policies, RDS/PolarDB HA failover, backup and cross-region DR, and Cloud Monitor/ARMS observability coverage.
alibaba-waf-security-review
Assess Alibaba Cloud workload security posture: RAM least-privilege, VPC isolation, KMS/HSM encryption, Cloud Security Center threat detection, ActionTrail audit, WAF/Anti-DDoS web protection, and Chinese regulatory compliance (MLPS 2.0, DSL, PIPL).
argo-rollouts-progressive-delivery-review
Use this skill when reviewing Argo Rollouts progressive delivery configuration. Trigger when the user asks about canary or blue-green Rollout strategy correctness, AnalysisTemplate success/failure conditions, traffic weighting provider alignment, canaryService isolation, PDB deadlock risk with Rollout maxSurge settings, automated rollback posture, or manual vs automated promotion configuration.
argocd-gitops-review
Use this skill for Argo CD GitOps review across Application, AppProject, ApplicationSet, sync windows, RBAC, sync impersonation, and Argo CD Agent multi-cluster topologies. Trigger when the user asks whether an Argo CD configuration is safe for production, whether automated sync should be enabled, whether prune+selfHeal is appropriate, whether AppProject scope is too wide, or how to enforce least-privilege sync identity.
aws-agentcore
Build, test, migrate, integrate, and deploy Amazon Bedrock AgentCore agents. Use for AgentCore runtime, local development, import/migration, deployment, Memory, Gateway/MCP tools, Identity, Observability, Browser, Code Interpreter, policy, and harness-vs-code-path decisions. Load references only when that component is needed.
aws-api-edge-delivery-review
Review AWS API and edge delivery posture across API Gateway, CloudFront, AWS WAF, Shield, ALB, custom domains, TLS policies, authentication, authorization, throttling, quotas, caching, origin protection, logging, and abuse controls. Use when public APIs, web entry points, or edge delivery can affect security and availability.
aws-bedrock-agent-security-governor
Review Amazon Bedrock agents, AgentCore, Guardrails, knowledge bases, action groups, memory, MCP/tool integrations, prompt-injection and prompt-leakage defenses, PII handling, encryption, logging, observability, and least-privilege IAM. Use for AWS-native GenAI and agent security posture.
aws-change-impact-advisor
Assess AWS change impact using change sets, deployment blast radius, rollback readiness, dependency mapping, risk, go/no-go context, approval context, and stakeholder communication. Prefer this for non-destructive pre-change advisory work; prefer IaC or platform-specific skills for deep implementation review.
accounting-maestro
Route accounting questions to the narrowest specialist in the catalog. Use when you do not already know the specialist needed. Not for direct accounting answers; Maestro classifies, dispatches, and synthesizes only. Dispatches single agent for focused tasks, parallel team (max 3) for multi-domain tasks. Never auto-dispatches any write-capable agent — requires explicit human confirmation before routing to any agent with ledger or ERP write access.
business-combinations-advisor
Multi-jurisdiction business combinations reference framework covering acquisition accounting, purchase price allocation, goodwill, and post-combination integration under ASC 805 and IFRS 3.
close-cycle-advisor
Multi-jurisdiction financial close cycle reference framework covering month-end, quarter-end, and year-end close. Provides regulatory filing deadlines by jurisdiction (SEC, EU TD, UK DTR, TSE/FSA, CSRC, SEBI, ASX, HKEX), record-to-report process steps, reconciliation standards, intercompany elimination requirements (ASC 810/IFRS 10), FX translation methodology (ASC 830/IAS 21), deferred tax computation (ASC 740/IAS 12), and GAAP variant comparison tables across US GAAP, IFRS, UK FRS 102, German HGB, JGAAP, CAS, and Ind AS. Advisory only — all outputs require external auditor verification for local statutory purposes.
consolidation-intercompany-advisor
Multi-jurisdiction consolidation scope and intercompany elimination reference framework covering ASC 810 / IFRS 10 control models, VIE (Variable Interest Entity) primary beneficiary analysis, NCI measurement, equity method accounting (ASC 323 / IAS 28), intercompany eliminations (sales, profit-in-inventory, debt, interest, dividends), deferred tax on IC eliminations (ASC 740 / IAS 12), and adversarial group reporting scenarios across US GAAP, IFRS, German HGB, JGAAP, CAS, and Ind AS.
equity-compensation-advisor
Multi-jurisdiction equity-based compensation reference framework covering stock options, RSUs, ESPPs, and performance awards under ASC 718 and IFRS 2.
fixed-assets-advisor
Multi-jurisdiction fixed assets, depreciation, and impairment reference framework covering PP&E, intangibles, right-of-use assets, and goodwill under US GAAP and IFRS.
fx-translation-advisor
Multi-jurisdiction reference framework for foreign currency translation and remeasurement covering functional currency determination, ASC 830 / IAS 21 method selection, CTA in OCI, highly inflationary economy treatment, net investment hedge interactions, and multi-GAAP comparison across US GAAP, IFRS, German HGB, JGAAP, CAS 19, and Ind AS 21.
hedge-accounting-advisor
Multi-jurisdiction hedge accounting reference framework covering ASC 815 (US GAAP) and IFRS 9 hedge designation, effectiveness testing, OCI mechanics, IFRS 9 rebalancing, cost-of-hedging approach, discontinuation rules, embedded derivatives, and local GAAP treatments (German HGB §254, JGAAP ASBJ No.10, CAS 24, Ind AS 109). Includes fair value hedges, cash flow hedges, and net investment hedges with a multi-jurisdiction comparison table. Advisory only — all outputs require verification by qualified accountants and external auditors.
indirect-tax-einvoicing-advisor
Multi-jurisdiction indirect tax and e-invoicing reference framework covering VAT/GST compliance and mandatory electronic invoicing mandates across EU, Brazil, India, Mexico, China, UK, and Australia.
lease-accounting-advisor
Multi-jurisdiction lease accounting reference framework covering ASC 842 (US GAAP) and IFRS 16, with additional coverage of UK FRS 102 (2024 periodic review amendments effective 1 Jan 2026), German HGB, JGAAP (ASBJ Statement No. 34, effective FY beginning on/after 1 Apr 2027), CAS No. 21 (China), and Ind AS 116 (India). Covers lease identification, lessee classification (ASC 842 dual model vs. IFRS 16 single finance model), right-of-use asset and lease liability measurement, discount rates (incremental borrowing rate vs. rate implicit in lease), lessor accounting (sales-type / direct-financing / operating), short-term and low-value exemptions, lease modifications and remeasurement, and sale-leaseback transactions. Advisory only — all outputs require external auditor verification for local statutory purposes.
payroll-advisor
Multi-jurisdiction payroll accounting reference framework covering compensation expense recognition, employee benefits, pension/post-retirement obligations, and payroll tax compliance.
procure-to-pay-advisor
Multi-jurisdiction procure-to-pay accounting reference covering PO matching, AP accruals, vendor management, and related compliance.
revenue-recognition-advisor
Apply the ASC 606 / IFRS 15 five-step revenue recognition model to described arrangements. Provides the complete five-step framework with paragraph citations, judgment-area reference tables, confidence-scoring guidance, common restatement triggers, GAAP/IFRS delta checklist, and official documentation URLs. Use when analyzing revenue recognition treatment for SaaS, licenses, professional services, multi-element arrangements, and channel partnerships. Advisory only — all outputs require external auditor review for material amounts.
tax-provision-advisor
Multi-jurisdiction corporate income tax provision reference framework covering ASC 740 (US GAAP) and IAS 12 (IFRS). Covers current vs. deferred tax, temporary and permanent differences, deferred tax asset/liability recognition and measurement, valuation allowance (more-likely-than-not), uncertain tax positions (FIN 48 / ASC 740-10 two-step vs. IFRIC 23), OECD Pillar Two GloBE (IAS 12.4A mandatory temporary exception vs. ASC 740 no equivalent exception), enacted vs. substantively enacted tax rates, effective tax rate reconciliation, APB 23 / ASC 740-30 indefinite reinvestment assertion, intraperiod tax allocation, interim provision (estimated annual ETR method), and local GAAP variations (HGB, JGAAP/ASBJ, CAS 18, Ind AS 12). Advisory only — all outputs require verification by qualified tax counsel and external auditors.
vanguard-frontier-agentic-install
Install all Vanguard Frontier Agentic Codex agents and companion skills into the current user's ~/.codex home after adding or installing the plugin marketplace.
Bio shown is the top-scored skill's repo description as a fallback — real GitHub bios land in a future update.