全部能力

Deploys smart contracts to Base using Foundry. Covers forge create commands, contract verification, testnet faucet setup via CDP, and BaseScan API key…

Manage authentication and user operations in Supabase. Use for sign up, sign in, sign out, password resets, and user management.

Cross-platform app toolkit with Rust backend and WebView frontend. Use when building or maintaining Tauri apps, configuring IPC/security, or developing plugins.

Best practices for HeyGen - AI avatar video creation API

Work with Data Commons, a platform providing programmatic access to public statistical data from global sources. Use this skill when working with demographic…

Create and manage Hetzner Cloud servers. Use when creating VPS/cloud servers, managing Hetzner infrastructure, or setting up dev/remote servers. Requires…

Expert in macOS Accessibility APIs (AXUIElement) for desktop automation. Specializes in secure automation of macOS applications with proper TCC permissions,…

Senior Project Manager for enterprise software, SaaS, and digital transformation projects. Specializes in portfolio management, quantitative risk analysis,…

REST API 安全加固，涵盖身份认证、速率限制、输入验证和安全响应头。适用于生产环境 API、安全审计、纵深防御等场景。

与 Google Calendar 交互 - 列出日历、查看事件、创建/更新/删除事件以及查找空闲时间。当用户要求以下操作时使用：查看日历、安排会议、创建事件、查找可用时间、列出即将发生的事件、删除或更新日历事件，或回复会议邀请。作为完整 Google Workspace MCP server 的轻量级替代方案，支持独立的 OAuth 认证。

A general skill for performing security reviews and auditing codebases for vulnerabilities. ALWAYS run this at the end of each task.

MUST be used whenever fixing correctness and error handling issues in a Flows app. This skill finds AND fixes bugs, missing error states, unhandled rejections,…

Manage MCP servers in Nuxt - setup, create, customize with middleware, review, and troubleshoot

Execute systematic privilege escalation assessments on Linux systems to identify and exploit misconfigurations, vulnerable services, and security weaknesses…

Review Next.js security audit patterns for App Router and Server Actions. Use for auditing NEXT_PUBLIC_* exposure, Server Action auth, and middleware matchers. Use proactively when reviewing Next.js apps. Examples: - user: "Scan Next.js env vars" → find leaked secrets with NEXT_PUBLIC_ prefix - user: "Audit Server Actions" → check for missing auth and input validation - user: "Review Next.js middleware" → verify matcher coverage for protected routes - user: "Check Next.js API routes" → verify auth in app/api and pages/api - user: "Secure Next.js headers" → audit next.config.js for security headers

Deep architectural audit focused on finding dead code, duplicated functionality, architectural anti-patterns, type confusion, and code smells. Use when user…

CRM-lite for managing GEO agency prospects and clients. Track leads through the full sales pipeline: Lead → Qualified → Proposal Sent → Won → Lost. Store audit history, notes, deal values, and generate pipeline summaries. Use when user says "prospect", "lead", "client", "pipeline", "crm", "nuovo prospect", "aggiungi cliente", or when managing the business side of GEO services.

Use when cloud Qwen speech features are needed through DashScope, especially for ASR transcription of user audio, Telegram voice-note TTS, or reusable…

SuiteScript records and fields reference. Look up field IDs, types, required status, and search capabilities for all 272 NetSuite record types. Use this when…

Use when conducting security assessments — OWASP Top 10 / API / LLM, CWE Top 25, CVSS scoring — auditing PHP/TYPO3 (v14.3 LTS: #109585, HashService removal,…