全部能力

Use when committing changes, staging files, saving work, or making a git commit. Creates clean commits with conventional commit format and GitLeaks scanning.

Create a test user (with explicit permission) to audit what authenticated users can access vs anonymous users. Detects IDOR, cross-user access, and privilege…

Brand monitoring and mention tracking via the Brand.dev API. Use when asked to monitor brand mentions, track sentiment, find PR opportunities, detect logo usage, or analyze brand presence online. Trigger phrases: "brand monitoring", "mention tracking", "brand sentiment", "PR opportunities", "logo detection", "brand.dev", "brand mentions", "media monitoring".

Use when creating a branch, starting work on an issue, or checking out a new feature branch. Validates branch naming and links to GitHub issues automatically.

Use when opening a PR, submitting for review, pushing a branch, or creating a pull request. Pushes and creates GitHub PRs with auto-assignment and description.

PR triage: audit open PRs, deep review selected ones, draft and post review comments. Args: "all" to review all, PR numbers to focus (e.g. "42 57"), "en"/"fr" for language, no arg = audit only in French.

Use when setting up a project, adding linting, formatting, git hooks, or TypeScript. Installs Biome, Husky, commitlint, lint-staged, and GitLeaks for JS/TS.

Use when reviewing file names, renaming files, fixing naming conventions, or auditing exports. Enforces consistent casing and suffix patterns.

Implement secure authentication and authorization using Clerk. Use this skill when you need to authenticate users, protect routes, check permissions, implement…

Use when interacting with Backlog project management service - creating issues, listing pull requests, managing projects, checking notifications, or any…

Comprehensive skill for working with Azure DevOps REST API across all services including Boards (work items, queries, backlogs), Repos (Git, pull requests,…

Query Garmin Connect fitness and health data including activities, athlete stats, sleep, heart rate, stress, and body battery. Use when the user asks about…

Use when the user asks to perform security audits, penetration testing, vulnerability scanning, OWASP Top 10 checks, or offensive security assessments. Covers…

Prismic integration. Manage Repositories. Use when the user wants to interact with Prismic data.

Expert assistance for next-forge — a production-grade Turborepo template for Next.js SaaS apps. Triggers on questions about next-forge installation, setup,…

Analyzes codebases to identify refactoring opportunities based on Martin Fowler's catalog of code smells and refactoring techniques. Detects duplicated code, high coupling, complex conditionals, primitive obsession, long functions, and other structural issues. Produces a structured refactoring report with prioritized findings saved to docs/_refacs/. Use when auditing code quality, preparing for a refactoring sprint, or reviewing architectural health. Don't use for style/formatting issues, performance optimization, or security audits.

Interact with Bitget Wallet API for crypto market data, token info, swap quotes, RWA (real-world asset) stock trading, and security audits. Use when the user…

Scans source code, configuration files, and git history for hardcoded credentials, API keys, and tokens. Use when auditing repositories for security leaks or…

Use this skill when conducting authorized penetration tests, vulnerability assessments, or security audits within proper engagement scope. Triggers on pentest methodology, vulnerability scanning, OWASP testing guide, Burp Suite, reconnaissance, exploitation, reporting, and any task requiring structured security assessment within authorized engagements or CTF competitions.

Local-evidence production readiness audit for shipped apps, pre-launch reviews, post-merge checks, and "what breaks in prod?" questions without sending repo…