ing

当用户想要创建、优化或审核 API 介绍/概览页面时。当用户提到"API 页面"、"API 落地页"、"/api…"时也适用。

Comprehensive checklist for conducting thorough code reviews covering functionality, security, performance, and maintainability

Implement comprehensive security audit logging for compliance, forensics, and SIEM integration. Use when building audit trails, compliance logging, or security monitoring systems.

Tailwind CSS 4 patterns and best practices. Trigger: When styling with Tailwind (className, variants, cn()), especially when dynamic styling or CSS variables are involved (no var() in className).

Automatically fix broken OpenCLI adapters when commands fail. Load this skill when an opencli command fails — it guides you through diagnosing the failure via…

Optimize for search engine visibility and ranking. Use when asked to "improve SEO", "optimize for search", "fix meta tags", "add structured data", "sitemap…

Create, modify, and organise Grafana dashboards including panels, variables, transformations,

Use when working with iOS/macOS Keychain Services (SecItem queries, kSecClass, OSStatus errors), biometric authentication (LAContext, Face ID, Touch ID),…

Run loan, investment, NPV, retirement, savings, and risk calculations with schedules and charts. Use for deterministic financial modeling tasks.

在执行 /clear、/compact、恢复会话或上下文丢失后使用。在分支上下文过时或未知时使用。在现有工作树中开始工作时使用。

使用 JWT、OAuth 2.0、API 密钥和会话管理实现安全的 API 认证。适用于保护 API、管理令牌或实现用户认证流程的场景。

在 Arize 上处理 LLM-as-judge 评估工作流，包括创建/更新评估器、在 span 或 experiment 上运行评估、管理任务等。

Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel…

Django REST Framework patterns. Trigger: When implementing generic DRF APIs (ViewSets, serializers, routers, permissions, filtersets). For Prowler API specifics (RLS/RBAC/Providers), also use prowler-api.

Audit claude-skills with systematic 9-phase review: standards compliance, official docs verification, code accuracy, cross-file consistency, and version drift detection. Use when investigating skill issues, major updates detected, skill not verified >90 days, or before marketplace submission.

Master essential security scanning tools for network discovery, vulnerability assessment, web application testing, wireless security, and compliance…

Electron development guidelines for building cross-platform desktop applications with JavaScript/TypeScript

Claims-based authorization for agents and operations. Grant, revoke, and verify permissions for secure multi-agent coordination. Use when: permission management, access control, secure operations, authorization checks. Skip when: open access, no security requirements, single-agent local work.

Checks unreachable code, unused imports/variables/functions, commented-out code, unsupported patterns. Use when auditing dead code.

Generate comprehensive PR descriptions following repository templates