全部能力

Creates comprehensive post-incident documents with timeline, root cause analysis, contributing factors, action items, and ownership. Follows SRE best practices…

Inventory all founder resources across 8 categories for a one-person company. Use when Codex needs to systematically confirm what resources the founder has —…

Complete security remediation workflow. Scans code for vulnerabilities using Snyk, fixes them, validates the fix, and optionally creates a PR. Supports both single-issue and batch mode for multiple vulnerabilities. Use this skill when: - User asks to fix security vulnerabilities - User mentions "snyk fix", "security fix", or "remediate vulnerabilities" - User wants to fix a specific CVE, Snyk ID, or vulnerability type (XSS, SQL injection, path traversal, etc.) - User wants to upgrade a vulnerable dependency - User asks to "fix all" vulnerabilities or "fix all high/critical" issues (batch mode)

DataWorks Workspace Lifecycle Management Skill. Used for creating workspaces, querying workspace information, and adding workspace members with role authorization. Triggers: "DataWorks", "workspace management", "workspace", "member authorization", "role assignment"

Pre-deployment security audit for web applications, organized by OWASP Top 10:2025 categories. Use when reviewing code before shipping, auditing an existing…

Scores and prioritizes technical debt by impact, risk, and effort. Provides ranked backlog with ROI analysis and quarterly paydown recommendations. Use for…

Turns npm audit/Snyk results into prioritized patch plans with severity assessment, safe upgrade paths, breaking change analysis, and rollback strategies. Use…

AWS S3 integration. Manage Buckets. Use when the user wants to interact with AWS S3 data.

Audits project dependencies for outdated packages, duplicates, heavy/problematic libraries, security vulnerabilities, and risky version combinations. Generates…

Creates repeatable security review checklist for PRs with required checks, common pitfalls, and automated gating. Use for "security review", "PR checklist",…

Builds phased data and system migrations using feature flags, dual writes, backfills, and validation. Includes rollback plans and risk mitigation. Use for…

Comprehensive guide for managing Cloudflare DNS with Azure integration. Use when configuring Cloudflare as authoritative DNS provider for Azure-hosted…

Implements secure authentication patterns including login/registration, session management, JWT tokens, password hashing, cookie settings, and CSRF protection.…

Use when you need to apply Java exception handling best practices — including using specific exception types, managing resources with try-with-resources,…

Comprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.

Security audit and code review checklist. Covers 30+ vulnerability types with real-world exploit cases (2021-2026) and EVMbench Code4rena patterns. Use when…

Comprehensive security vulnerability scanner for Python projects including Flask, Django, and FastAPI applications. Detects OWASP Top 10 vulnerabilities,…

Comprehensive Docker and Docker Compose validation following best practices and security standards. Use this skill when users ask to validate Dockerfiles,…

Manages Docker secrets for GitLab stack projects, ensuring secrets are never in .env or docker-compose.yml, properly stored in ./secrets directory, and…