Xipher-Labs
OrganizationSelf-hostable AI-agent operations framework by Xipher Labs
Categories
Indexed Skills (46)
cold-outreach-sequencer
Draft a personalized 5-touch cold outreach sequence for email, LinkedIn, or Twitter/X DM. Each touch includes personalization variables, subject line A/B options, and reply-trigger templates. Triggers on: cold outreach, email sequence, LinkedIn outreach, DM sequence, founder outreach.
competitor-radar
Track competitor moves across changelog, pricing, hiring, and blog. Three phases: Setup (define competitors.yml), Snapshot (fetch and diff current state), Synthesis (emit weekly change report). Uses WebFetch only, no external dependencies. Triggers on: competitor radar, track competitors, competitor changes, what changed at.
content-writer
Brand-voice-aware content writer. Five modes: blog post (800-2000 words, TL;DR + CTA), Twitter thread (8-15 tweets, hook-driven), YouTube script (intro hook + 3-act + outro CTA), newsletter issue (300-700 words), press release (AP-style). Reads assets/brand/<project>/voice.md when present. Triggers on: blog post, twitter thread, youtube script, newsletter, press release.
customer-interview-synthesizer
Two-phase customer discovery tool. Phase A: generate a Mom Test-compliant interview script from a hypothesis and target persona. Phase B: synthesize 1-N interview transcripts into pain points, JTBD, recurring quotes, and recommended pivots. Triggers on: interview script, customer discovery, synthesize interviews, jobs to be done, JTBD, user research, validate hypothesis.
impeccable
Design-craft and anti-AI-slop authority for ANY user-facing interface (web, app, or component) — building, designing, refining, or reviewing UI to senior-product-designer quality. Covers color, typography, layout, spacing, motion, interaction, states, and UI copy. Triggers on "polish the UI", "make it pop", "feels generic", "clean it up", "more premium", "looks like AI slop", "fix this design". Defer to frontend-quality for WCAG/Core-Web-Vitals gating and mobile-design-system for native mobile.
pricing-experiment
Structure a pricing experiment for a B2B or B2C product. Outputs: competitor anchor analysis, 3-tier structure (Starter / Pro / Scale), value metric selection (per-seat, usage-based, outcome-based), A/B test design with sample size and duration, and discount policy. Triggers on: pricing strategy, pricing experiment, how to price, pricing tiers, value metric, anchor pricing.
project-pivot
Conduct a short 4-question guided interview with the operator to derive a project-specific AGENTS.md draft, recommended hooks, recommended MCPs, and a compliance checklist. Invoke via `walter pivot` or `walter-os pivot`. Use when starting a new project or adapting an existing one to a new domain or compliance context. Replaces fixed industry templates with runtime-derived configuration tailored to the operator's actual setup.
agent-researcher
Autonomous researcher agent in the Walter Council. Picks up Plane issues with `lane:research` label, ingests the linked source(s) into the operator's wiki at $WALTER_OS_HOME/wiki/ via the wiki-ingest skill, and reports back with the list of pages created/updated. Triggered by walter-os agents run-once researcher --issue <id> (manual O1) or by n8n events (O3+). Use this skill when invoked as the researcher agent — read the issue title + description, identify the source(s), apply the wiki-ingest contract, post the result back to Plane.
ai-spend-tripwire
Track LLM API spend across Anthropic, OpenAI, and Google providers, project daily and monthly cost, alert when burn rate exceeds threshold, and circuit-break agent loops before they cost serious money. Use this skill when starting a long agentic session, when the user asks "how much have I spent on AI", "what's my Claude/GPT cost this month", "any unusual spend", or proactively before any task expected to take >30 minutes of agent time. Refuses to launch new agent loops if monthly budget projection exceeds limit.
alerting-stack
Walter-VM lightweight alerting — replaces PagerDuty / Opsgenie complexity with a 4-tier stack pushing to a single Telegram bot. Use this skill whenever the user asks "set up alerts", "I want to know if a service goes down", "monitor my LLM spend", "Hetzner cost alert", or anything related to monitoring + notifications. No paid services, no SaaS lock-in. Single notification channel (Telegram bot) keeps it cognitively cheap.
brand-creation
Create a complete brand identity for a project — name, logo, color palette, typography, and voice/tone — using nanobanana for visual generation. Use this skill when starting a new project ([Project A], [Project B], hackathons), when the user asks to "create a brand", "design a logo", "make an identity", "moodboard for X", or wants to formalize the look and feel of a product. Produces deliverables to assets/brand/<project>/ ready for use in landing pages, decks, and social.
daily-supply-chain-audit
Run a comprehensive daily security audit of all installed MCP servers, Claude Code skills, agent configs, and AI CLI tooling. Detects supply chain attacks, tool-name shadowing, malicious skills, configuration drift, missing CVE patches, and untrusted package versions. Use this skill EVERY MORNING before starting work, on demand when installing a new MCP/skill, or after pulling Walter-OS updates. ALSO trigger when the user asks "is my agent setup safe", "audit my MCPs", "check for vulnerabilities", "any new CVEs", or mentions concerns about supply chain, tool poisoning, prompt injection, or malicious skills.
data-migration-safety
Review database migrations and schema changes for safety — reversibility, lock duration, online-vs-offline behavior, batch-size on backfills, tenant isolation, RLS policies (Supabase), idempotence, audit-log impact. Use this skill on any PR that touches `migrations/*`, `supabase/migrations/*`, `*.sql`, schema files (Drizzle/Prisma/SQLAlchemy), or that adds/modifies columns, indexes, constraints, RLS policies. Critical for [Project A] (procurement audit trail) and [Project B] (PHI integrity). A bad migration on staging = postmortem; on production = incident.
decision-journal
Capture significant decisions in a structured format — decision journal, log this decision, important decision, decision review. Stores entries at ~/.config/walter-os/state/decisions/. Surfaces past-due revisit prompts via weekly-review-coach.
deepsec-integration
Run Vercel's DeepSec security scanner against any Walter-OS-tracked repo ([Project A], [Project B], [Company], hackathons). DeepSec uses thinking-level models to surface hard-to-find vulns that pattern matchers miss. SPENDS MONEY ($100s-$thousands per scan). Operator-invoked only, with explicit budget cap and confirmation. Triggered by user requests like "run deepsec on [project-a]", "scan [company] for vulnerabilities", "deep security audit of <repo>".
definition-of-done-validator
Verify that every acceptance criterion declared in a feature spec has at least one corresponding test, and that business workflow tests exist for personal projects ([Project A], [Project B]). Use this skill before opening a PR, before promoting a branch from dev to staging, when the user asks "is this done", "did I cover all the acceptance criteria", "are the tests sufficient", or as a final gate after the implementation phase. Refuses to approve a PR if any criterion is uncovered.
devrel-analyst
Query the walter_devrel_analytics Postgres database to surface DevRel content performance insights (top threads, optimal posting hours, hook pattern analysis, ROI per content piece, weekly digest). Use before drafting new content on a topic, when the user asks about engagement trends, or for the weekly digest workflow. Work/ context only — requires ANALYTICS_DB_URL. Supports --dry-run for CI. Read-only.
financial-plan-builder
Build a 12-month cash projection from a YAML config (starting balance, revenue assumptions, fixed costs, variable costs, hiring plan). Outputs a monthly cash table, runway in months, break-even month, and a simple sensitivity analysis. Use when planning runway, deciding to raise / not raise, modeling a hire, or producing a board-update spreadsheet. NOT financial advice. Numbers, not opinions.
forgejo-cli
Manage repos, issues, PRs, and releases on the self-hosted Forgejo (git.${WALTER_DOMAIN}) via the official `tea` CLI. Use this skill whenever the user asks to "create a Forgejo repo", "open an issue on git.${WALTER_DOMAIN}", "list my private repos", "tag a release", or any operation against the self-hosted git. Replaces the dropped community forgejo-mcp.
frontend-quality
Enforce frontend quality bar — accessibility (WCAG 2.2 AA), performance (Core Web Vitals: LCP/INP/CLS), semantic HTML, image optimization, bundle size, mobile-first, loading/empty/error states. Use this skill on any PR that touches React/Next.js/Astro/Svelte/Vue components, CSS/Tailwind, layout files, or anything in `app/`, `components/`, `pages/`, `src/`. Critical for [Project A] (Argentine mobile users on slow 3G/4G) and [Company] docs site (developer audience expects fast). Auto-triggers on `*.tsx`, `*.jsx`, `*.svelte`, `*.vue`, `*.astro`, `*.css`.
hackathon-spinup
Orchestrate the full spinup of a hackathon (or any new ~/Projects-Personal/Hackatons/<name>) project from rough one-liner to deployed MVP. Triggered automatically when a new directory is created under ~/Projects-Personal/Hackatons/ OR when the user says "new hackathon project", "spin up <name>", "Colosseum submission", "MVP in 48h". Sequence: deep discovery via GPT-5.5 thinking iterations → SDD-style spec → Plane workspace + Obsidian KB scaffolding → brand identity → landing → MVP code → demo. Cuts features, never cuts tests on the critical path.
hcloud-cli
Provision, resize, and manage Hetzner Cloud VMs, networks, volumes, load balancers, firewalls, snapshots, and DNS via the official `hcloud` CLI. Use this skill whenever the user asks to "provision a VM", "resize Hetzner server", "create snapshot", "list VMs", "rotate Hetzner token", "set Hetzner firewall rule", or any Hetzner Cloud infrastructure task. Replaces low-trust community Hetzner MCP. SPENDS MONEY — confirmation required before any state-changing action.
heygen-cli
Drive HeyGen's avatar-video generation REST API from the operator's terminal. Use this skill whenever the user asks to "generate a HeyGen video", "list HeyGen avatars", "make a talking-head avatar video", "poll a HeyGen job", or any HeyGen content task. Replaces the unmaintained `heygen-mcp@0.0.3` PyPI package (anonymous author, fails the minReleaseAge audit gate). SPENDS MONEY — per-second video generation. Confirmation required before any state-changing action.
hiring-toolkit
Produce a job description, an interview rubric, and an offer letter for a single role, all from a project-level role spec. Use when opening a new role at the company, when refining a problematic JD, when preparing for an interview loop, or when extending an offer. Outputs to `hiring/<role>/`. Generates drafts; the operator and (for offer letters) a lawyer review and finalize before sending.
infisical-agent
How to consume Infisical secrets from every Walter-OS surface — operator shells, walter-host Docker services, Vercel deploys, Railway services, GitHub Actions, n8n workflows, Cursor, Claude Code. The unifying principle: NEVER paste secrets into config files; always pull from Infisical at runtime via CLI / SDK / native integration. Use this skill when the user asks "how do I use this secret in <X>", "Infisical setup for Vercel", "secrets in GitHub Actions", "n8n credentials".
knowledge-extraction
Extract structured knowledge from books, papers, articles — key claims, frameworks, Anki cards, spaced repetition. Two phases: Phase A extracts, Phase B converts to Anki/Mochi cards. State at ~/.config/walter-os/state/knowledge/. Keywords: extract knowledge, summarize paper, book notes, Anki cards, learning from.
landing-page-fast
Ship a high-quality landing page in 4-8 hours using Astro + Tailwind + shadcn-style components — opinionated defaults, proven section structures, performance and SEO baked in. Use when launching a new product ([Project A], [Project B]), validating a hackathon idea, refreshing a [Company] product page, or any time the user asks to "build a landing", "make a landing page", "set up a landing for X". Output: a deployed landing page on Vercel with form capture, analytics, and proper meta. Bakes in `frontend-quality` rules.
legal-doc-review
Walk through a third-party contract (NDA / SaaS T&Cs / MSA / vendor agreement / DPA) and flag the clauses that matter for solo founders or small teams. Use when reviewing a NDA before signing, a SaaS vendor's terms before adopting their service, a customer's MSA before accepting, an investor's term sheet before responding, or any contract where you cannot afford a full lawyer review for every word. Produces a redline-shaped output: PROBLEM clauses (negotiate or walk), QUESTION clauses (ask the counterparty), and OK clauses (accept as-is).
long-form-content
Long-form writing in three modes — essay (3500w default), podcast prep (8-12 question blocks), conference talk (three-act structure, slide outline, CFP abstract, speaker notes). Complements content-writer short-form. Keywords: essay, long-form, podcast prep, talk outline.
marketing-strategist
Marketing strategy layer for founders — SEO audit, content calendar, social strategy with platform KPIs, and distribution playbook covering HN, Reddit, LinkedIn, X, and niche communities. Strategy only; content production is content-writer.
nanobanana
Generate or edit images using Google's Nano Banana family (Gemini 2.5 Flash Image, Gemini 3.1 Flash Image Preview, and Gemini 3 Pro Image Preview). Use this skill whenever the user asks to "generate an image", "create a visual", "make a hero image", "edit this photo", "blend these references", produce assets for blog posts, social media, marketing/DevRel content, icons, infographics, magazine-style mocks, isometric scenes, or product mockups, OR when the user mentions "nano banana", "Gemini image", "nanobanana", "Imagen alternative", or "Google image gen". Trigger this skill even when the request is casual, such as "make me an image of X" or "I need a visual for the blog post". Always prefer this over describing an image in text when a real image is what the user wants.
personal-assistant-stack
How Walter-OS thinks about a personal AI assistant that handles inbound messages (WhatsApp/Telegram/iMessage/Instagram), can reply for you, surfaces the urgent stuff, creates calendar events from chat context, and uses your LLM subscription rather than per-token API spend. Use this skill when the user asks "what's my personal assistant strategy", "should I use OpenClaw vs a custom bot", "how do I let the AI reply to my messages", "how do I route AI cost via subscription". Decision tree below.
postgres-cli
Query and inspect PostgreSQL databases via the `psql` CLI for [Project A]/[Project B]/[Company] data needs. Use this skill whenever the user asks to "query the DB", "check schema", "run migrations", "inspect rows", "explain query", or anything that touches a Postgres connection. Replaces low-trust community Postgres MCPs. Stack-aware for Supabase, self-hosted Postgres, and cloud variants.
pr-review
Run a rigorous, multi-dimensional review checklist on any pull request before opening, merging, or after receiving review comments. Use this skill ALWAYS before opening a PR, when asked to "review this PR/branch/diff", "check my changes", "is this ready to merge", or before promoting a branch from dev to staging or staging to main. Goes beyond style — checks security, performance, testing rigor, supply chain, and Definition of Done coverage.
project-induction
Run a guided induction interview with the operator to establish a new project's context, constraints, and success criteria. Generates a bootstrap spec, a project-level AGENTS.md, and a Plane epic with initial tasks. Use this skill when starting a new project or when the operator invokes 'walter-os new project <type> <name>'.
proposal-writer
Generate B2B proposals for consulting, SaaS, or agency engagements. Outputs executive summary, statement of work, pricing breakdown (fixed/T&M/retainer), terms summary, and appendix. Covers RFP response, SOW, B2B proposal writing.
quarterly-upgrade-cadence
Walter-OS update workflow — quarterly version bumps + monthly audits + weekly Renovate dashboard review. Replaces ad-hoc upgrades with predictable cadence. Use this skill when the user asks "let's run the quarterly update", "audit my stack", "what's outdated", or "time to bump versions". Includes pre-bump snapshot, tier-by-tier rollout, smoke tests, rollback procedure.
railway-cli
Deploy, manage, and operate Railway projects via the official `railway` CLI. Use this skill whenever the user asks to "deploy to Railway", "list Railway services", "set Railway env var", "scale a Railway service", or any operation against Railway. Replaces the dropped community railway-mcp. SPENDS MONEY — confirmation required before any state-changing action.
readme-craft
Opinionated README authoring guide. Picks a section template by project type (CLI, library, web app, hackathon submission, OSS publication, GitHub profile), curates a small set of upstream tools from the awesome-readme-tools catalog, and enforces a mobile-readable structure. Use this skill whenever the user asks to "write a README", "improve my README", "make the README better", "review my README", or starts a new project that needs a public-facing landing artifact. Complements landing-page-fast (landings), brand-creation (identity), oss-readiness (audit), and content-writer (long-form).
saas-metrics-dashboard
Calculate and interpret SaaS metrics — MRR calculation, ARR, churn rate, LTV CAC ratio, Quick Ratio, Magic Number, Rule of 40, unit economics. Accepts CSV or YAML input; benchmarks against per-stage norms and produces a diagnosis.
secrets-yubikey-unlock
Legacy-named Walter-OS guide for storing Infisical Machine Identity credentials in an OS credential store. Covers macOS Keychain, Linux Secret Service, pass+GPG, and optional hardware security keys. Use when the user asks how to auth Infisical from CLI, configure secrets bootstrap, set up keychain/keyring-backed secrets, or remove plaintext tokens from shell dotfiles.
solana-program-review
Specialized review for Solana on-chain programs — Anchor framework, raw BPF, account constraints, signer/owner checks, CPI safety, PDA derivation, compute budget. Use this skill on any PR touching `programs/*` directories, `*.rs` files declaring `#[program]` or `entrypoint!`, Anchor account structs, or smart contracts handling funds. Critical for [Project B] and [Project A] where on-chain logic governs medical/procurement records.
solana-rpc-review
Specialized review for Solana RPC infrastructure code — Yellowstone gRPC streaming plugins, Geyser plugins, Old Faithful (historical access), Dragon's Mouth subscriptions, RPC method handlers. Use this skill on any PR or diff that touches RPC handlers, gRPC streaming code, Geyser plugin code, account/transaction streaming, or anything in [Company]'s hot path. Catches concurrency bugs, allocation in hot paths, missing backpressure, account-size mistakes, compute budget violations, and stake-weighted QoS misconfiguration.
survey-design
Design quantitative surveys (NPS survey, CSAT, CES, PMF survey, satisfaction survey, Likert scale) to complement qualitative interviews. Outputs question battery, sample size guidance, distribution channels, and response-rate techniques.
syncthing-cli
Manage Syncthing folder registration and configuration on a remote hub VM via the REST API over SSH. Use this skill when the operator asks to "register a folder", "check sync status", "add a new sync folder", "reconcile Syncthing config", or anything that involves the Syncthing REST API on a remote host. Replaces the removed scripts/syncthing-bootstrap.sh; operators must supply their own bootstrap script via the overlay.
telegram-bot-cli
Send messages, files, and notifications via the Telegram Bot API using `curl`. Use this skill whenever the user asks to "send a Telegram notification", "alert me on Telegram", "post to my Telegram channel from a script". Replaces the dropped community telegram MCP. SECURITY KEY POINT — bots only see chats they have been added to, NOT all your personal chats. This is a feature: bounded blast radius.
Bio shown is the top-scored skill's repo description as a fallback — real GitHub bios land in a future update.