全部能力

Create personalized, compelling cover letters from resume and job description

Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.

Conventional Commits 1.0.0 + best-practice workflow for git commit messages that serve four readers — `git log` scanners, `git blame` tracers, `git bisect` hunters, and AI agents (LLMs rebuilding context after `/clear`, reviewing PRs, generating changelogs, answering natural-language history queries). Five founding principles (atomic / leaves-repo-green / why-over-what / imperative / searchable), five-step workflow (diff inspection → staging → type decision tree → secrets blocklist → pre-commit checklist), explicit Breaking-Change / Revert / Amend / Trailer protocols, and a dialect scaffolder that generates per-project `docs/references/COMMIT.md` for project-specific extensions (domain proper nouns, custom trailers like `Refs:` / `Flag:` / `Plan SC:`, workflow hooks like PDCA / Linear / Jira / squash-merge PRs). ALWAYS trigger this skill when the user: (1) asks to write, generate, or improve a commit message (2) pastes a commit-message draft for review or critique (3) asks "should I split this commit?" / "what type for this change?" / "is this breaking?" (4) is finishing a logical unit of work and about to run `git commit` (5) mentions stage / staging / amend / revert / fixup / cherry-pick in a commit-authoring context (6) asks how to set up PDCA / Linear / Jira-driven auto-commits (7) requests scaffolding a `COMMIT.md` dialect file for a project Triggers (multi-lingual): EN: commit, git commit, stage, commit message, breaking change, conventional commits, revert, fixup, amend, cherry-pick, changelog KO: 커밋, 깃 커밋, 스테이지, 커밋 메시지, 커밋 룰, 컨벤셔널 커밋, 리버트, 되돌리기, 어맨드, 커밋 컨벤션, 커밋 메시지 검토 JA: コミット, git コミット, ステージ, コミットメッセージ, ブレーキング チェンジ, リバート, アメンド ZH: 提交, git 提交, 暂存, 提交信息, 提交消息, 重大变更, 回滚, 修订 ES: commit, mensaje de commit, preparar, cambio incompatible, revertir FR: commit, message de commit, indexer, changement incompatible, revert DE: Commit, Commit-Nachricht, Staging, breaking change, revert IT: commit, messaggio di commit, modifica incompatibile, revert Do NOT trigger for: pure code generation unrelated to git, branch/merge/ rebase mechanics not about message authoring, CI/CD pipeline configuration, or non-git version-control systems. Audience: developers writing git commits. Use technical terms directly. Korean prose variant available at `lang/ko/SKILL.md` for Korean-first readers — the convention itself stays English-default regardless of variant.

This skill should be used when the user asks to "design mobile UI", "review app design", "check UI guidelines", "improve app UX", "design React Native…

This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with…

Web accessibility specialist for WCAG compliance, ARIA implementation, and inclusive design. Use when auditing websites for accessibility issues, implementing…

This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API…

This skill should be used when the user asks to "search for exposed devices on the internet," "perform Shodan reconnaissance," "find vulnerable services using…

Add OAuth authentication to MCP servers on Cloudflare Workers. Uses @cloudflare/workers-oauth-provider with Google OAuth for Claude.ai-compatible authentication. Prevents 9 documented errors including RFC 8707 audience bugs, Claude.ai connection failures, and CSRF vulnerabilities. Use when building MCP servers that need user authentication, implementing Dynamic Client Registration (DCR) for Claude.ai, or replacing static auth tokens with OAuth flows. Includes workarounds for production redirect URI mismatches and re-auth loop issues.

Build full-stack applications with Supabase (PostgreSQL, Auth, Storage, Real-time, Edge Functions). Use when implementing authentication, database design with…

This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API…

Extract components from Figma, convert designs to React components, sync design tokens, and generate code from designs. Bridge the gap between design and code…

This skill should be used when the user asks to "add MCP server", "integrate MCP", "configure MCP in plugin", "use .mcp.json", "set up Model Context Protocol",…

This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources",…

Break large tasks into ADHD-friendly micro-tasks that minimize activation energy and maximize momentum. Use when feeling overwhelmed, can't start a task, or…

This skill should be used when the user asks to "run pentest commands", "scan with nmap", "use metasploit exploits", "crack passwords with hydra or john",…

Execute comprehensive web application security testing using Burp Suite's integrated toolset, including HTTP traffic interception and modification, request…

This skill should be used when the user asks to "search for exposed devices on the internet," "perform Shodan reconnaissance," "find vulnerable services using…

This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define…

This skill should be used when the user asks to "learn ethical hacking", "understand penetration testing lifecycle", "perform reconnaissance", "conduct…