全部能力

Enable and configure Kibana audit logging for saved object access, logins, and space operations. Use when setting up Kibana audit, filtering events, or correlating Kibana and ES audit logs.

Implements OAuth 2.0/2.1 authorization flows in Fastify applications — configures authorization code with PKCE, client credentials, device flow, refresh token…

Google Workspace Reseller: Manage Workspace subscriptions.

通过 k-skill-proxy 代理调用 Naver 搜索 Open API 的新闻搜索(news.json)接口，获取最新新闻文章的标题、发布时间、链接和摘要并进行保守整理。用户无需单独申请 API 密钥即可直接调用。

飞书 OAuth 认证和 User Access Token 管理（Device Flow，RFC 8628）。 支持一键创建飞书应用（config create-app）、按域精细申请权限（--domain --recommend）、 auth check 预检 scope、auth login 登录、Token 自动刷新。 当用户请求"登录飞书"、"获取 Token"、"OAuth 授权"、"auth login"、"认证"、 "搜索需要什么权限"、"Token 过期了"、"刷新 Token"、"创建应用"、"create-app"、 "缺少权限"、"99991672"、"99991679"时使用。 当其他飞书技能（toolkit/msg/read 等）遇到 User Access Token 相关问题时，也应参考此技能。

Reconcile App Store Connect subscriptions and in-app purchases with RevenueCat products, entitlements, offerings, and packages using asc and RevenueCat MCP.…

Use this skill for code reviews using the Codex CLI from a Claude-hosted session. Activates on mentions of codex review, code review with codex, codex check,…

Dune CLI for querying blockchain and on-chain data via DuneSQL, searching decoded contract tables, managing saved queries, managing visualizations, managing…

Skill for exploring and understanding the recovered Claude Code 2.1.88 TypeScript source code, including its CLI architecture, command system, MCP integration,…

在需要使用 gh CLI 处理 GitHub 开放 Pull Request 的审查或 issue 评论时使用。

Expert patterns for HubSpot CRM integration including OAuth

JWT and OAuth token attack playbook. Use when validating token trust, signing algorithms, key handling, claim abuse, bearer flows, and OAuth account-binding weaknesses.

Business logic vulnerability playbook. Use when reasoning about workflows, race conditions, price manipulation, coupon abuse, state machines, and multi-step authorization gaps.

Generate engaging, localized App Store release notes (What's New) from git log, bullet points, or free text using canonical metadata under `./metadata`.…

多源内容智能处理器：支持微信公众号、网页、YouTube、PDF、Markdown等，自动上传到 NotebookLM 并生成播客/PPT/思维导图等多种格式

Open redirect playbook. Use when URL parameters, form actions, or JavaScript sinks control navigation targets and may redirect users to attacker-controlled destinations.

Insecure deserialization playbook. Use when Java, PHP, or Python applications deserialize untrusted data via ObjectInputStream, unserialize, pickle, or similar mechanisms that may lead to RCE, file access, or privilege escalation.

Creates Elastic Cloud Serverless projects (Elasticsearch, Observability, or Security) via the REST API, saves credentials to file, and bootstraps a scoped Elasticsearch API key. Use when creating a new serverless project, provisioning a search or observability environment, or spinning up a new Elastic Cloud project.

Configure search result boosting in GrepAI. Use this skill to prioritize certain paths and penalize others.

Comprehensive security auditor for OpenClaw skills. Checks for typosquatting, dangerous permissions, prompt injection,