Skills from jeffallan/claude-skills

This skill provides expert Go development guidance, templates, and code examples for concurrency, generics, gRPC, testing, and project layout. It contains explicit commands like `go mod download` and `go test -race`, code that reads environment variables such as `DATABASE_URL` and `REDIS_PASSWORD`, and references remote modules like `github.com/gin-gonic/gin`.

Use when building cross-platform applications with Flutter 3+ and Dart. Invoke for widget development, Riverpod/Bloc state management, GoRouter navigation, platform-specific implementations, performance optimization.

Use when building Laravel 10+ applications requiring Eloquent ORM, API resources, or queue systems. Invoke for Laravel models, Livewire components, Sanctum authentication, Horizon queues.

Dangerous skill for Kubernetes operations with manifests and CLI examples. Includes remote-execution (`curl -Ls https://get.submariner.io | bash`), external network calls (`kubectl apply -f https://raw.githubusercontent.com/...`), and secret-access commands (`kubectl -n argocd get secret ... | base64 -d`).

Use when optimizing SQL queries, designing database schemas, or tuning database performance. Invoke for complex queries, window functions, CTEs, indexing strategies, query plan analysis.

This skill provides patterns and code examples for PHP 8.3+, Laravel, Symfony, async frameworks (Swoole/ReactPHP/Amphp) and testing. Examples include network calls to `https://api.example.com/users`, DB connection examples such as `127.0.0.1` / `root:password@localhost/database`, and a requirement to run `./vendor/bin/phpstan` and tests.

Use when building enterprise Java applications with Spring Boot 3.x, microservices, or reactive programming. Invoke for WebFlux, JPA optimization, Spring Security, cloud-native patterns.

DevOps skill provides CI/CD, containerization, Kubernetes, and IaC templates, scripts, and runbooks for pipelines and platform engineering. It embeds direct `kubectl`/shell scripts and external calls (e.g., `curl https://app.example.com/health`) and shows use of secrets like `password: ${{ secrets.GITHUB_TOKEN }}`.

Provides WordPress development guidance for themes, plugins, Gutenberg blocks, WooCommerce, and performance/security best practices. Includes examples that instruct running shell commands like `npx @wordpress/create-block my-block`, explicit network requests to `https://example.com/api/plugin-updates/`, and a settings `api_key` field.

This skill provides implementation guidance for building FastAPI APIs with Pydantic V2, async SQLAlchemy, JWT auth, WebSockets, and testing. It includes examples that load `env_file` `.env`, reference `SECRET_KEY`/`DATABASE_URL`, and show network endpoints like `http://fastapi:8000` and `http://django:8001`.

Use when writing E2E tests with Playwright, setting up test infrastructure, or debugging flaky browser tests. Invoke for browser automation, E2E tests, Page Object Model, test flakiness, visual testing.

This skill provides senior Python guidance for type-safe, async-first, production-ready Python 3.11+ projects. It includes shell commands (e.g. `poetry install`, `pip install`) and code examples that call external endpoints like `https://api.example.com` and `https://test.pypi.org/simple/`.

Provides templates and guidance to build scalable WebSocket/Socket.IO systems with Redis, sticky sessions, authentication, and monitoring. Examples read environment secrets like `process.env.JWT_SECRET` and make network connections to `redis://localhost:6379`.

High-risk skill for PostgreSQL administration. Contains explicit shell commands that modify ` /var/lib/postgresql/14/main` (e.g., `rm -rf /var/lib/postgresql/14/main/*`, `systemctl stop postgresql`, `pg_basebackup -h primary-host`) and instructs network connections to `primary-host`/`publisher-host` and creation of DB roles with passwords.

This skill provides Spring Boot 3.x templates, architecture guidance, and runnable examples for cloud-native microservices. It uses environment-backed secrets like `${GIT_PASSWORD}` and `${jwt.secret}`, references external endpoints such as `https://api.example.com`/`https://auth.example.com`, and includes build commands like `RUN ./mvnw install -DskipTests`.

Provides C#/.NET implementation guidance for ASP.NET Core, EF Core, Blazor, and performance patterns. The skill reads configuration keys like `JwtSettings` and `Default`, includes CLI migration commands (`dotnet ef migrations add`, `dotnet ef database update`), and configures an external health check to `https://api.example.com/health`.

Use when designing new system architecture, reviewing existing designs, or making architectural decisions. Invoke for system design, architecture review, design patterns, ADRs, scalability planning.

Use when designing REST or GraphQL APIs, creating OpenAPI specifications, or planning API architecture. Invoke for resource modeling, versioning strategies, pagination patterns, error handling standards.

Use when building Rust applications requiring memory safety, systems programming, or zero-cost abstractions. Invoke for ownership patterns, lifetimes, traits, async/await with tokio.

Provides Next.js 14+ developer guidance for App Router, server components, server actions, and deployment. Includes instructions to run shell commands (`npm`, `vercel`, `node`), access env vars (`DATABASE_URL`, `NEXTAUTH_SECRET`, `REVALIDATE_SECRET`), and call `https://api.example.com`/`https://cdn.example.com`.

This skill performs structured code and PR reviews and references local guidance files such as `references/review-checklist.md` and `references/report-template.md`. No security-relevant behaviors detected.

Provides detailed .NET 8 guidance for minimal APIs, EF Core, and cloud-native deployment. The skill includes build/migration commands like `dotnet build` and `dotnet ef migrations`, configures secrets via `JwtSettings__Secret`/`SA_PASSWORD`, and calls external endpoints such as `https://api.external-service.com/health`.

Use when building Kotlin applications requiring coroutines, multiplatform development, or Android with Compose. Invoke for Flow API, KMP projects, Ktor servers, DSL design, sealed classes.

This skill provides advanced TypeScript guidance for types, tsconfig, tRPC, and build optimization. It contains examples that read environment variables like `process.env.API_KEY` and instruct running CLI commands such as `tsc --diagnostics`.

This skill provides a security review workflow, templates, and tool commands for SAST, pentesting, and infrastructure checks. It contains executable shell commands (e.g., `checkov -d terraform/`, `docker run ...`), secret handling examples (e.g., `vault kv put secret/app/config api_key="secret123"`, `cat ~/.bash_history`) and remote calls (e.g., `https://crt.sh/?q=%.example.com&output=json`).

Use when investigating slow queries, analyzing execution plans, or optimizing database performance. Invoke for index design, query rewrites, configuration tuning, partitioning strategies, lock contention resolution.

This skill generates docstrings, OpenAPI specs, documentation sites, and templates for frameworks like FastAPI, NestJS, and Docusaurus. It includes explicit instructions to run shell commands (e.g., `npm run dev`), to use environment variables like `process.env.API_KEY`, and example endpoints such as `https://api.example.com`.

Use when building Angular 17+ applications with standalone components or signals. Invoke for enterprise apps, RxJS patterns, NgRx state management, performance optimization, advanced routing.

Use when building iOS/macOS applications with Swift 5.9+, SwiftUI, or async/await concurrency. Invoke for protocol-oriented programming, SwiftUI state management, actors, server-side Swift.

Use when building C++ applications requiring modern C++20/23 features, template metaprogramming, or high-performance systems. Invoke for concepts, ranges, coroutines, SIMD optimization, memory management.

This skill provides monitoring and observability guidance for logging, metrics, tracing, alerting, dashboards, profiling, and performance testing. It includes executable commands (e.g., `curl http://localhost:6060/debug/pprof/profile?seconds=30`), network endpoints (`http://jaeger:4318/v1/traces`, `https://hooks.slack.com/...`), and an env var reference `process.env.LOG_LEVEL`.

This skill provides guidance, examples, and templates for ES2023+ JavaScript and Node.js development. It includes examples that access `process.env` (`process.env.API_KEY`, `process.env.PORT`), perform filesystem and `child_process` operations (`execAsync('ls -la')`, `spawn('node', ['script.js'])`), and make network requests (e.g., `https://mirror1.example.com/data`, `/api/users`).

Use when designing distributed systems, decomposing monoliths, or implementing microservices patterns. Invoke for service boundaries, DDD, saga patterns, event sourcing, service mesh, distributed tracing.

Use when building game systems, implementing Unity/Unreal features, or optimizing game performance. Invoke for Unity, Unreal, game patterns, ECS, physics, networking, performance optimization.

Use when building cross-platform mobile applications with React Native or Expo. Invoke for navigation patterns, platform-specific code, native modules, FlatList optimization.

Use when building React 18+ applications requiring component architecture, hooks patterns, or state management. Invoke for Server Components, performance optimization, Suspense boundaries, React 19 features.

This skill provides comprehensive Shopify development guidance for themes, apps, Storefront API, and checkout extensions. It includes examples that use env vars like `process.env.SHOPIFY_API_KEY!`, run CLI commands such as `npm create @shopify/app@latest`, and call endpoints like `https://your-app.com/api/upsell`.

Use when developing firmware for microcontrollers, implementing RTOS applications, or optimizing power consumption. Invoke for STM32, ESP32, FreeRTOS, bare-metal, power optimization, real-time systems.

This skill is a debugging guide for reproducing, isolating, and fixing software bugs across languages. It contains explicit terminal/debugger commands such as `node --inspect`, `python -m pdb`, and `git bisect` that instruct executing shell commands.

This skill provides comprehensive testing guidance and templates for unit, integration, E2E, performance, and security testing. It includes CI shell steps like `run: npm ci` and `run: npx playwright test --shard=${{ matrix.shard }}/4` and references env vars such as `process.env.CI`; these are standard CI/config patterns and the only security-relevant actions.

This skill is a full-stack implementation template for building frontend, backend, and security deliverables. It references environment variables like `DATABASE_URL` and `JWT_SECRET`, includes runnable commands such as `npm run build`, and contains example network calls to `https://api.example.com`.

This skill provides pandas guidance and code examples for data cleaning, aggregation, merging, and performance optimization. No security-relevant behaviors detected.

This skill provides secure-coding guidance for authentication, input validation, and OWASP Top 10 prevention. It references environment secrets such as `JWT_SECRET` and `SESSION_SECRET` and includes shell-execution examples like `exec(`convert ${userInput}`)` and `execFile('convert', ...)`.

Provides multi-cloud architecture guidance for AWS, Azure, and GCP. Contains runnable CLI and code examples that invoke commands (`aws compute-optimizer ...`), read env vars (`DATABASE_URL`, `ACCESS_KEY`, `SECRET_KEY`), and call metadata/endpoints like `http://169.254.169.254/latest/meta-data/spot/termination-time`.

This skill provides guidance and code examples for building CLIs in Node/Python/Go, including config resolution, plugins, completions, and testing. It demonstrates reading config/credentials at `~/.mycli/credentials.json`, accessing env vars like `CI`/`DEBUG`, and running commands such as `execaCommand('node bin/cli.js --version')`.

Use when building Rails 7+ web applications with Hotwire, real-time features, or background job processing. Invoke for Active Record optimization, Turbo Frames/Streams, Action Cable, Sidekiq.

High-risk RAG architecture skill that includes examples permitting arbitrary remote code execution (`trust_remote_code=True`) and running shell commands (`subprocess.run(['pip', 'install', name])`). It also demonstrates external network calls (e.g., `https://your-cluster.qdrant.io`, `https://your-cluster.weaviate.network`) and use of API keys (`api_key="your-api-key").

This skill provides Terraform IaC guidance, templates, and CI/CD/testing examples for AWS, Azure, and GCP. It includes explicit CLI commands like `terraform init` and `terraform apply`, uses credentials such as `AWS_ACCESS_KEY_ID`/`AWS_SECRET_ACCESS_KEY`, and references external sources like `git::https://github.com/org/terraform-modules.git//vpc?ref=v1.2.3`.

Provides NestJS architecture guidance and code templates for modules, controllers, services, DTOs, guards, and testing. The skill explicitly reads configuration secrets via environment/config access such as `process.env.JWT_SECRET`, `process.env.API_KEY`, and `process.env.ALLOWED_ORIGINS`.

This skill is a Vue 3 frontend specialist guide for Composition API, Nuxt 3, Pinia, TypeScript, PWAs, and related build tooling. It includes shell commands like `npm init quasar`/`npm run build`, references endpoints such as `https://api.example.com` and `http://localhost:3000`, and uses env vars like `SENTRY_AUTH_TOKEN` and `VITE_API_URL`.

Provides a prompt-engineering guide and evaluation framework for designing and testing LLM prompts. The skill includes executable CI steps and scripts (`python evaluation/run_evaluation.py`, `evaluation/run_evaluation.py`) that read/write files (`results/report.json`) and call external LLM APIs requiring `ANTHROPIC_API_KEY`.

This skill provides SRE guidance and automation templates for SLOs, monitoring, runbooks, and chaos experiments. It contains executable automation that runs shell commands (e.g., `subprocess.run(step.command, shell=True)`, `kubectl`, `tc`, `find /var/log -delete`), enabling dynamic runbook command execution.

This skill documents integrating Jira and Confluence via MCP, with authentication patterns, JQL/CQL examples, and workflow automation. It includes network calls to Atlassian endpoints like `https://auth.atlassian.com`, instructs handling credentials via env vars such as `ATLASSIAN_API_TOKEN`/`ATLASSIAN_CLIENT_SECRET`, and running CLI tools (`npm`, `npx`, `pip`, `uvx`).

Use when building MCP servers or clients that connect AI systems with external tools and data sources. Invoke for MCP protocol compliance, TypeScript/Python SDKs, resource providers, tool functions.

This skill defines features, elicits requirements via `AskUserQuestions` and subagents, and saves final specifications to `specs/{feature_name}.spec.md`. No security-relevant behaviors detected.

This skill provides comprehensive GraphQL schema, federation, resolver, and subscription guidance. It contains code that calls local endpoints like `http://localhost:4001/graphql` and `ws://localhost:4000/graphql` and reads env vars such as `process.env.JWT_SECRET`.

This skill provides detailed guidance and scripts for fine-tuning LLMs, covering dataset preparation, LoRA/QLoRA, evaluation, quantization, and deployment. It includes instructions that execute shell commands (`subprocess.run`, `python -m vllm.entrypoints.openai.api_server`), call external APIs (`OpenAI`, `http://localhost:8000/v1`, `http://localhost:8080`), and read env vars like `LLAMA_CPP_PATH`.

This skill provides Salesforce development guidance and CI/CD/deployment scripts for Apex, LWC, SOQL, and Salesforce DX. It includes shell commands that download and run tooling (`wget $SFDX_CLI_URL`, `./sfdx/bin/sf`), stores secrets to files (`echo "${{ secrets.SFDX_AUTH_URL }}" > auth.txt`), and makes external callouts (`callout:External_System/api/accounts`, `https://login.salesforce.com`).

This skill provides guidance and code for legacy modernization, migration strategies, testing, and refactoring. It includes explicit shell commands (e.g., `git`, `pip install mutmut`, `dot -Tpng`) and a proxy example that issues requests to `http://localhost:5000/{path}`.

Use when understanding legacy or undocumented systems, creating documentation for existing code, or extracting specifications from implementations. Invoke for legacy analysis, code archaeology, undocumented features.

Use when building Vue 3 applications with JavaScript only (no TypeScript). Invoke for JSDoc typing, vanilla JS composables, .mjs modules.

Dangerous skill: provides chaos-engineering guides and runnable artifacts for injecting failures and managing blast radius. Contains executable `bash`/`kubectl`/`aws` commands that modify ` /etc/hosts` and real systems, uses secrets like `AWS_ACCESS_KEY_ID`/`AWS_SECRET_ACCESS_KEY`, and calls external endpoints such as `https://api.gremlin.com/v1`.

Use when building Django web applications or REST APIs with Django REST Framework. Invoke for Django models, ORM optimization, DRF serializers, viewsets, authentication with JWT.

This skill provides production-grade ML pipeline templates and reference implementations for feature stores, training, experiment tracking, orchestration, and deployment. It includes network integrations to `https://kubeflow.example.com/pipeline` and `http://localhost:5000` and a shell launch script that runs `torchrun`; these are purpose-aligned.

This skill provides detailed Apache Spark guidance and code examples for DataFrame/RDD APIs, performance tuning, streaming, and I/O. It includes explicit network endpoints like `broker1:9092,broker2:9092` and `jdbc:postgresql://host:5432/db`, and examples that set credentials with `.option("password", "password")`.

The skill `the-fool` provides a structured devil's-advocate workflow across five reasoning modes to challenge plans, surface assumptions, and synthesize strengthened positions. No security-relevant behaviors detected.