ing

Scans code for security vulnerabilities including injection attacks, authentication flaws, exposed secrets, insecure dependencies, and data exposure. Use when…

Audit npm dependencies for security vulnerabilities, outdated packages, and unused dependencies. Use when checking for security issues, updating packages, or…

Use when preparing ANY app for App Store submission, responding to App Review rejections, or running a pre-submission audit. Covers privacy manifests, metadata…

Security vulnerability scanner and OWASP compliance auditor for codebases. Dependency scanning (npm audit, pip-audit), secret detection (high-entropy strings,…

Use this skill when conducting authorized penetration tests, vulnerability assessments, or security audits within proper engagement scope. Triggers on pentest methodology, vulnerability scanning, OWASP testing guide, Burp Suite, reconnaissance, exploitation, reporting, and any task requiring structured security assessment within authorized engagements or CTF competitions.

Use this skill when implementing web accessibility, adding ARIA attributes, ensuring keyboard navigation, or auditing WCAG compliance. Triggers on accessibility, a11y, ARIA roles, screen readers, keyboard navigation, focus management, color contrast, alt text, semantic HTML, and any task requiring WCAG 2.2 compliance or inclusive design.

Discord API for servers and messages. Use when user mentions "Discord",

BlockBeats Skill covers over 1,500 information sources, including AI-driven insights, Hyperliquid on-chain data, and Polymarket market analytics. It also…

Local-evidence production readiness audit for shipped apps, pre-launch reviews, post-merge checks, and "what breaks in prod?" questions without sending repo…

Expert Harbor container registry administrator specializing in registry operations, vulnerability scanning with Trivy, artifact signing with Notary, RBAC, and…

Use when implementing content marketing strategies on Xiaohongshu, building brand through valuable content, nurturing audiences with educational material,…

Reconstruct and narrate the current development context from contextual commits. Run at session start, when resuming work, or when switching branches. Produces a brief, conversational summary of where things stand.

Compliance review and testing: evaluate your application against HIPAA, SOC 2, PCI-DSS, and GDPR technical requirements with browser-based validation and YAML…

Generate diagrams from natural language using EdrawMax AI APIs. Supports four diagram types: flowchart (流程图), infographic (信息图), Gantt chart (甘特图), and mind…

Hardens API security with rate limiting, input validation, authentication, and protection against common attacks. Use when users request "API security",…

Expert in AT-SPI2 (Assistive Technology Service Provider Interface) for Linux desktop automation. Specializes in accessible automation of GTK/Qt applications…

Check email deliverability and DNS configuration. Use when: diagnosing email delivery issues; setting up new email domains; auditing email authentication;…

Security review and penetration testing: evaluate your application against OWASP Top 10, authentication security, HTTP headers, CORS, CSP, supply chain risks,…

Detect hardcoded values, magic numbers, and leaked secrets. TRIGGERS - hardcode audit, magic numbers, PLR2004, secret scanning.

Brain knowledge base operations. The core read/write cycle: brain-first lookup, read-enrich-write loop, source attribution, ambient enrichment, back-linking. Read this before any brain interaction.