vercel-react-best-practices
React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.
mcp-patterns
Model Context Protocol (MCP) server patterns for building integrations with Claude Code. Triggers on: mcp server, model context protocol, tool handler, mcp resource, mcp tool.
python-cli-patterns
CLI application patterns for Python. Triggers on: cli, command line, typer, click, argparse, terminal, rich, console, terminal ui.
python-cli-ops
CLI application patterns for Python. Triggers on: cli, command line, typer, click, argparse, terminal, rich, console, terminal ui.
axe-ios-simulator
iOS Simulator automation using AXe CLI for touch gestures, text input, hardware buttons, screenshots, video recording, and accessibility inspection. Use when automating iOS Simulator interactions, writing UI tests, capturing screenshots/video, or inspecting accessibility elements. Triggers on iOS Simulator automation, AXe CLI usage, simulator tap/swipe/gesture commands, or accessibility testing tasks.
canton-network-repos
Canton Network, DAML, and Splice repository knowledge. Use when working with Canton participants, DAML smart contracts, Splice applications, LF version compatibility, or package ID mismatches. Triggers on Canton, DAML, Splice, decentralized-canton-sync, or LF version queries.
codex
Hand off a task to Codex CLI for autonomous execution. Use when a task would benefit from a capable subagent to implement, fix, investigate, or review code. Codex has full codebase access and can make changes.
data-driven-testing
DEPRECATED: Use testing-best-practices instead. This skill has been retired.
claude-code-templates
Boilerplate templates for Claude Code extensions. Triggers on: create agent, new skill, command template, hook script, extension scaffold.
cli-patterns
Patterns for building production-quality CLI tools with predictable behavior, parseable output, and agentic workflows. Triggers: cli tool, command line tool, build cli, cli patterns, agentic cli, cli design, typer cli, click cli.
code-stats
Analyze codebase with tokei (fast line counts by language) and difft (semantic AST-aware diffs). Get quick project overview without manual counting. Triggers on: how big is codebase, count lines of code, what languages, show semantic diff, compare files, code statistics.
container-orchestration
Docker and Kubernetes patterns. Triggers on: Dockerfile, docker-compose, kubernetes, k8s, helm, pod, deployment, service, ingress, container, image.
data-processing
Process JSON with jq and YAML/TOML with yq. Filter, transform, query structured data efficiently. Triggers on: parse JSON, extract from YAML, query config, Docker Compose, K8s manifests, GitHub Actions workflows, package.json, filter data.
doc-scanner
Scans for project documentation files (AGENTS.md, CLAUDE.md, GEMINI.md, COPILOT.md, CURSOR.md, WARP.md, and 15+ other formats) and synthesizes guidance. Auto-activates when user asks to review, understand, or explore a codebase, when starting work in a new project, when asking about conventions or agents, or when documentation context would help. Can consolidate multiple platform docs into unified AGENTS.md.
explain
Deep explanation of complex code, files, or concepts. Routes to expert agents, uses structural search, generates mermaid diagrams. Triggers on: explain, deep dive, how does X work, architecture, data flow.
file-search
Modern file and content search using fd, ripgrep (rg), and fzf. Triggers on: fd, ripgrep, rg, find files, search code, fzf, fuzzy find, search codebase.
find-replace
Modern find-and-replace using sd (simpler than sed) and batch replacement patterns. Triggers on: sd, find replace, batch replace, sed replacement, string replacement, rename.
git-workflow
Enhanced git operations using lazygit, gh (GitHub CLI), and delta. Triggers on: stage changes, create PR, review PR, check issues, git diff, commit interactively, GitHub operations, rebase, stash, bisect.
introspect
Analyze Claude Code session logs - extract thinking blocks, tool usage stats, error patterns, debug trajectories. Triggers on: introspect, session logs, trajectory, analyze sessions, what went wrong, tool usage, thinking blocks, session history, my reasoning, past sessions, what did I do.
markitdown
Convert local documents to Markdown using Microsoft's markitdown CLI. Best for: PDF, Word, Excel, PowerPoint, images (OCR), audio. Can fetch URLs but Jina is faster for web. Triggers on: convert to markdown, read PDF, parse document, extract text from, docx, xlsx, pptx, OCR image, local file.
mcp-ops
Model Context Protocol server development, tool design, resource handling, and transport configuration. Use for: mcp, model context protocol, mcp server, mcp tool, mcp resource, fastmcp, mcp transport, stdio, sse, streamable http, mcp inspector, tool handler, mcp prompt.
project-planner
Detects stale project plans and suggests session commands. Triggers on: sync plan, update plan, check status, plan is stale, track progress, project planning.
python-async-patterns
Python asyncio patterns for concurrent programming. Triggers on: asyncio, async, await, coroutine, gather, semaphore, TaskGroup, event loop, aiohttp, concurrent.
php-route-tracer
PHP Web 路由到 Sink 的多层数据流追踪工具。根据用户指定路由,追踪从 handler 到最终敏感操作点,输出层级证据、参数变量追踪、可控性分析(不做漏洞结论)。
php-route-mapper
PHP Web 源码路由与参数映射分析工具。从源码中提取所有入口路由与参数结构,输出完整请求模板与参数清单(禁止省略)。
php-nosql-audit
PHP Web 源码 NoSQL 注入审计工具。识别用户输入进入 MongoDB/DocumentDB 查询构造,分析是否存在 operator 注入($gt/$ne/$where 等),输出分级、PoC 与修复建议(禁止省略)。
php-logic-audit
PHP Web 业务逻辑漏洞审计工具。识别认证/授权以外的逻辑缺陷:Mass Assignment、流程绕过、竞态条件、状态机缺陷、支付/权限时序漏洞等,输出证据链、分级、PoC 与修复建议(禁止省略)。
php-ldap-audit
PHP Web 源码 LDAP 注入审计工具。识别用户可控数据进入 LDAP filter/DN 构造并被 ldap_search/ldap_read 执行,输出可利用性分级、PoC 与修复建议(禁止省略)。
php-laravel-audit
Laravel 框架特效安全审计工具。针对 Laravel 常见鉴权/CSRF/Session/模型填充/Blade 渲染等框架特性进行白盒静态审计,并将风险映射到你现有通用漏洞类型体系(AUTH/CSRF/LOGIC/XSS/CFG 等)。
php-filesystem-audit
PHP 文件系统操作审计工具。聚焦 mkdir/chmod/chown/unlink/rmdir/link/symlink/readlink/touch/权限与 TOCTOU 等操作的安全风险,为路径校验绕过与写入链利用提供“可利用性增强证据”(不替代 FILE/UPLOAD/WRITE 等 sink 子审计)。
php-file-upload-audit
PHP Web 源码文件上传审计工具。识别上传入口与保存路径、文件名处理与校验逻辑,检测任意文件上传/路径穿越/可执行上传风险,输出可利用性分级、PoC 与修复建议(禁止省略)。
php-file-read-audit
PHP Web 源码任意文件读取/路径穿越审计工具。识别文件读取 Sink,追踪路径来源与校验逻辑,输出可利用性分级、PoC 与修复建议(禁止省略)。
php-expr-audit
PHP Web 源码表达式注入(非模板)审计工具。识别用户可控表达式字符串进入表达式引擎求值/编译并最终导致敏感语义执行,输出可利用性分级、PoC 与修复建议(禁止省略)。
php-deser-audit
PHP Web 源码反序列化/对象注入审计工具。识别 unserialize 注入点与可控数据来源,追踪魔术方法链,输出可利用性分级、PoC 与修复建议(禁止省略)。
php-csrf-audit
PHP Web 源码 CSRF 审计工具。识别状态变更接口是否受 CSRF 保护,追踪 token 生成、校验与绕过条件,输出可利用性分级、PoC 与修复建议(禁止省略)。
php-crypto-audit
PHP Web 源码加密与密钥安全审计工具。识别弱哈希/弱加密/硬编码密钥/签名校验缺陷,输出分级、PoC 与修复建议(禁止省略)。
php-crlf-audit
PHP Web 源码 CRLF/响应分割审计工具。识别用户输入进入 HTTP 响应头,分析换行/控制字符过滤与编码,输出分级、PoC 与修复建议(禁止省略)。
php-codeigniter-audit
CodeIgniter 框架特效安全审计工具。针对 CodeIgniter 的 CSRF、XSS 输出过滤、数据库查询构造、路由与验证器配置、会话 Cookie 安全等机制进行白盒静态审计,并映射到通用漏洞类型体系(CSRF/AUTH/XSS/SQL/CFG/SESS 等)。
php-cmd-audit
PHP Web 源码命令注入审计工具。识别命令执行 Sink(exec/system/shell_exec 等),追踪用户输入进入命令拼接,输出可利用性分级、PoC 与修复建议(禁止省略)。
php-auth-audit
PHP Web 源码鉴权机制审计工具。从源码中识别所有认证/鉴权实现并分析风险,输出路由-鉴权映射与漏洞分析(含 PoC 与修复建议)。
php-archive-extract-audit
PHP Web 归档解压(Zip Slip/路径穿越)审计工具。识别解压条目名如何与目标目录拼接、是否存在 base dir 约束缺失,输出可利用性分级、可观测 PoC 与修复建议(禁止省略)。
vllm-studio
Use when setting up, deploying, or operating vLLM Studio (env keys, controller/frontend startup, Docker services, branch workflow, and release checklists).
vllm-studio-backend
Use when working on vLLM Studio backend architecture (controller runtime, Pi-mono agent loop, OpenAI-compatible endpoints, LiteLLM gateway, inference process, and debugging commands).
trails
Integrate Trails cross-chain infrastructure — Widget, Headless SDK, or Direct API
wagmi
React hooks for Ethereum and EVM blockchain interactions using Wagmi v3. Use when building React or Next.js apps with wallet connections, contract reads/writes, or blockchain state. Triggers on useAccount, useConnect, useContractRead, useContractWrite, WagmiProvider, ConnectKit, RainbowKit, or any React blockchain hooks. Do NOT use for Node scripts or non-React code (use viem skill instead).
viem
TypeScript patterns for low-level EVM blockchain interactions using Viem. Use when writing Node scripts, CLI tools, or backend services that read/write to Ethereum or EVM chains. Triggers on contract interactions, wallet operations, transaction signing, event watching, ABI encoding, or any non-React blockchain TypeScript code. Do NOT use for React/Next.js apps with hooks (use wagmi skill instead).
write-a-prd
Use this skill when writing a PRD for a feature.
crypto-trading-advisor
Crypto trading analysis advisor. Triggers when users ask whether a token is worth trading, if a position can be taken, or for trend analysis. Provides high-value data sources and professional trading principles. Trigger phrases include "should I trade", "can I long/short", "is it a good setup", "trade recommendation", "can I enter here", "what's the play" etc.
crypto-backtest
|
logseq-plugin-dev
Comprehensive guide and resources for developing Logseq plugins. Use this skill when asked to: (1) Create a new Logseq plugin, (2) Implement features using the Logseq Plugin API (Editor, App, DB, UI), (3) Debug or refactor existing Logseq plugins, (4) Set up a development environment for Logseq plugins.
Page 517 of 1485 · 74205 results
