supabase-environments
Internal guide for building the Supabase CLI environments system. Covers three-environment model, variable resolution, pull/push workflows, secret handling, branch overrides, and local file conventions. For Supabase internal development - use when implementing the env CLI subsystem or environment variable infrastructure.
docs-writer
|
zdev
Manage isolated dev environments with git worktrees, auto ports, and preview URLs
revenuecat
Comprehensive assistance with RevenueCat in-app subscriptions and purchases
game-developer
Expert game development and design skill for building complete, polished games. Use when creating games, game prototypes, or interactive entertainment experiences across platforms (React Native, web, Unity concepts, Godot). Covers game mechanics, physics, AI opponents, level design, progression systems, visual effects, sound integration, and player experience. Triggers on requests to build games, create game mechanics, design levels, implement game AI, add game audio, or develop interactive entertainment.
qa-engineer
Expert guidance for software testing and quality assurance. Use when the user asks to write tests, create test plans, review code for bugs, perform code reviews, write test cases, set up testing frameworks, debug issues, validate requirements, create bug reports, perform regression testing, or improve test coverage. Triggers on testing, QA, quality assurance, test cases, bug reports, test automation, unit tests, integration tests, E2E tests, test coverage, debugging, code review.
skill-writer
Guide users through creating Agent Skills for Claude Code. Use when the user wants to create, write, author, or design a new Skill, or needs help with SKILL.md files, frontmatter, or skill structure.
rn-visual-testing
Visual testing skill for React Native apps across iPhone models. Use when testing app appearance on iPhone 11 through 17 (all variants including Pro, Pro Max, Plus, Mini, Air, and SE). Covers screenshot capture, simulator configuration, screen dimension validation, safe area handling, Dynamic Island/notch compatibility, and pixel-perfect verification across all iPhone screen sizes and resolutions.
rn-security-audit
Security audit skill for React Native applications. Use when reviewing code for vulnerabilities, detecting leaked secrets (API keys, tokens, credentials), identifying exposed personal data (PII), checking insecure storage, validating authentication flows, reviewing network security, and ensuring compliance with mobile security best practices (OWASP MASVS). Covers both JavaScript/TypeScript and native iOS/Android code.
react-native-expert
Expert guidance for building mobile applications with React Native and Expo. Use when the user asks to create, modify, debug, or architect mobile apps, implement native features (camera, notifications, storage, navigation), set up React Native projects, work with Expo or bare React Native workflows, integrate with device APIs, handle app state management, or optimize mobile performance. Triggers on mobile app development, React Native, Expo, iOS/Android cross-platform development.
apple-app-store-agent
Comprehensive agent for preparing and generating all assets needed for Apple App Store submission. Use when user needs to prepare an iOS/iPadOS/macOS app for App Store release, including generating app metadata (descriptions, promotional text, keywords), creating app icons, designing screenshots, preparing privacy policy URLs, and organizing fastlane-compatible folder structures. Triggers on requests like "prepare my app for App Store", "create App Store screenshots", "generate app description", "make app icon", or "set up fastlane metadata".
mock-skill
Mock
claude-code-dev
Claude Code Plugin 开发专家。当用户要创建 Plugin、Skill、Subagent、Slash command、Hook 时触发。也用于解答 Claude Code 开发相关问题。触发词:创建 plugin、写 skill、写 agent、创建 hook、写 command、插件开发。
health-analyze
分析健康数据,计算健康评分并识别异常指标
version-skill
Skill 版本管理的 Skill。当需要 A/B test、切换版本、回滚时触发。触发词:版本、version、A/B test、切换、回滚、promote。
skill-lifecycle
Skill 生命周期管理的 Workflow。当需要创建新 Skill 并持续优化时触发。触发词:创建并优化 skill、skill 生命周期、从零开始创建 skill、新建一个完整的 skill。
scaffold-skill
系统初始化脚手架。用于在新项目中克隆和初始化 sop-engine 内核。
research-skill
调研最佳实践的 Skill。当需要了解某个领域的方法论、工具、最佳实践时触发。触发词:调研、research、了解一下、有什么方法、最佳实践。
reflect-skill
反思总结的 Skill。当任务完成或失败后需要复盘时触发。触发词:反思、复盘、总结、reflect、回顾、lessons learned。
plan-skill
任务规划的 Skill。当需要分解任务、确定步骤顺序时触发。触发词:规划、plan、拆解、分解、步骤、怎么做。
loop-skill
循环执行的 Skill。当需要重复执行直到满足条件时触发。触发词:循环、loop、重复、直到、until、持续。
log-skill
记录执行过程的 Skill。当需要保存执行记录、工作日志时触发。触发词:记录、log、日志、work log、保存记录。
iterate-skill
迭代改进 Skill 的 Skill。当评价不通过或需要优化时触发。触发词:迭代、改进、优化、iterate、improve。
hook-skill
Claude Code Hook 开发专家。当需要创建、调试、配置 Hook 时触发。触发词:创建 hook、写 hook、hook 配置、stop hook、pre tool use、post tool use、session start。
handoff-skill
Agent 间任务交接的 Skill。当需要把任务交给另一个 Agent 时触发。触发词:交接、handoff、交给、让 xxx 来处理。
evaluate-skill
评价 Skill 执行结果的 Skill。当需要评价产出质量、判断是否需要迭代时触发。触发词:评价、evaluate、打分、怎么样、效果如何。
create-skill
创建新 Skill 的 Skill。当需要把能力固化为 Skill 时触发。触发词:创建 skill、新建 skill、写一个 skill、create skill。
clarify-skill
澄清用户意图的 Skill。当用户给出模糊想法、需要脑暴、需要讨论设计时触发。触发词:帮我想想、我想做、讨论一下、澄清、clarify。
Linux Production Shell Scripts
This skill should be used when the user asks to "create bash scripts", "automate Linux tasks", "monitor system resources", "backup files", "manage users", or "write production shell scripts". It provides ready-to-use shell script templates for system administration.
mariadb-best-practices
MariaDB database development standards. Triggers when working with MariaDB databases, Galera cluster, or MariaDB-specific features.
IDOR Vulnerability Testing
This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications.
File Path Traversal Testing
This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI vulnerabilities", or "access files outside web root". It provides comprehensive file path traversal attack and testing methodologies.
Ethical Hacking Methodology
This skill should be used when the user asks to "learn ethical hacking", "understand penetration testing lifecycle", "perform reconnaissance", "conduct security scanning", "exploit vulnerabilities", or "write penetration test reports". It provides comprehensive ethical hacking methodology and techniques.
Cloud Penetration Testing
This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms.
Burp Suite Web Application Testing
This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing.
Broken Authentication Testing
This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.
AWS Penetration Testing
This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.
API Fuzzing for Bug Bounty
This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques.
Active Directory Attacks
This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.
delegate
Delegate tasks to specialized subagents. Analyzes requirements, selects appropriate agents, and launches them with proper context while enforcing the max-2-parallel rule.
claude-docs-consultant
Consult official Claude Code documentation from docs.claude.com using selective fetching. Use this skill when working on Claude Code hooks, skills, subagents, MCP servers, or any Claude Code feature that requires referencing official documentation for accurate implementation. Fetches only the specific documentation needed rather than loading all docs upfront.
javascript-best-practices
JavaScript coding standards and best practices. This skill should be used when writing, reviewing, or refactoring JavaScript code. Triggers on tasks involving vanilla JavaScript, DOM manipulation, async operations, or performance optimization.
Metasploit Framework
This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.
mysql-best-practices
MySQL database development standards. Triggers when working with MySQL databases, queries, schema design, or optimization.
Network 101
This skill should be used when the user asks to "set up a web server", "configure HTTP or HTTPS", "perform SNMP enumeration", "configure SMB shares", "test network services", or needs guidance on configuring and testing network services for penetration testing labs.
laravel-best-practices
Laravel development standards. Triggers when working with Laravel applications, Eloquent ORM, Blade templates, or Livewire components.
Linux Privilege Escalation
This skill should be used when the user asks to "escalate privileges on Linux", "find privesc vectors on Linux systems", "exploit sudo misconfigurations", "abuse SUID binaries", "exploit cron jobs for root access", "enumerate Linux systems for privilege escalation", or "gain root access from low-privilege shell". It provides comprehensive techniques for identifying and exploiting privilege escalation paths on Linux systems.
Cross-Site Scripting and HTML Injection Testing
This skill should be used when the user asks to "test for XSS vulnerabilities", "perform cross-site scripting attacks", "identify HTML injection flaws", "exploit client-side injection vulnerabilities", "steal cookies via XSS", or "bypass content security policies". It provides comprehensive techniques for detecting, exploiting, and understanding XSS and HTML injection attack vectors in web applications.
WordPress Penetration Testing
This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies.
wordpress-best-practices
WordPress development standards. Triggers when working with WordPress plugins, themes, hooks, REST API, or Gutenberg blocks.
Page 1367 of 1484 · 74167 results
