全部能力

红琥珀警示 deck — 顶/底 45° 红黑 hazard 条纹、红色删除线否定标题、L1/L2/L3 绿/琥珀/红 tier 卡片、圆点状态 alert box、policy-yaml 代码块（红左边框 + bad 关键词高亮）、红绿 checklist、Q1 事故堆叠柱状图。适合安全 / 风险 / 事故复盘 /…

Use for Core Location implementation patterns - authorization strategy, monitoring strategy, accuracy selection, background location

This skill should be used when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Use for Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.

List and test exposed PostgreSQL RPC functions for security issues and potential RLS bypass.

OpenAI Codex CLI code review with GPT-5.2-Codex, CI/CD integration

Dockerfile optimization guidelines from official Docker documentation. This skill should be used when writing, reviewing, or refactoring Dockerfiles to ensure…

Use this skill when reviewing, writing, or refactoring code for cleanliness and maintainability following Robert C. Martin's (Uncle Bob) Clean Code principles. Triggers on code review, refactoring, naming improvements, function decomposition, applying SOLID principles, writing clean tests with TDD, identifying code smells, or improving error handling. Covers Clean Code, SOLID, and test-driven development.

Reference — Comprehensive Network.framework guide covering NetworkConnection (iOS 26+), NWConnection (iOS 12-25), TLV framing, Coder protocol, NetworkListener,…

jscodeshift codemod development best practices from Facebook/Meta. This skill should be used when writing, reviewing, or debugging jscodeshift codemods.…

Audit and validate Flux CD GitOps repositories by scanning local repo files (not live clusters) — runs Kubernetes schema validation, detects deprecated Flux APIs, reviews RBAC/multi-tenancy/secrets management, and produces a prioritized GitOps report. Use when users ask to audit, analyze, validate, review, or security-check a GitOps repo.

REST API and WebSocket development with FastAPI emphasizing security, performance, and async patterns

Use this skill during code reviews to proactively investigate the codebase for duplicated functionality, reinvented wheels, or failure to reuse existing…

Systematic code refactoring skill that transforms complex, hard-to-understand code into clear, well-documented, maintainable code while preserving correctness. Applies structured refactoring patterns with validation. TRIGGER WHEN: users request "readable", "maintainable", or "clean" code, during code reviews flagging comprehension issues, for legacy code modernization, or in educational/onboarding contexts DO NOT TRIGGER WHEN: the task is outside the specific scope of this component.

Generate a comprehensive Markdown security audit report with executive summary, findings, and remediation guidance.

Submit commits as Phabricator diffs for code review using Sapling.

Attempt to read data from exposed tables to verify actual data exposure and RLS effectiveness.

List all tables exposed via the Supabase PostgREST API to identify the attack surface.

Nuclear-grade 16-agent pre-publish release gate. Runs /get-unpublished-changes to detect all changes since last npm release, spawns up to 10 ultrabrain agents…

ast-grep rule writing and usage best practices. This skill should be used when writing, reviewing, or debugging ast-grep rules for code search, linting, and…

Turn a cleanup packet into one behavior-preserving refactor brief. Use when the user needs to simplify a messy function, component, service, script, or module; split an oversized diff into safer cleanup slices; freeze behavior before touching fragile legacy code; or plan a repeated migration / codemod without changing intended behavior. Route diagnosis to `debugging`, review judgment to `code-review`, validation-program design to `testing-strategies`, bottleneck-led tuning to `performance-optimization`, and pure symbol inventory or impact mapping to `codebase-search`.