php-thinkphp-audit
ThinkPHP 框架特效安全审计工具。针对 ThinkPHP 常见的鉴权/CSRF/模板转义/ORM 写入(Mass Assignment)/调试与配置暴露等机制进行白盒静态审计,并映射到通用漏洞类型体系(AUTH/CSRF/TPL/XSS/LOGIC/CFG/SESS/SQL 等)。
php-tpl-audit
PHP Web 源码模板注入/SSTI 审计工具。识别模板引擎渲染点与模板名/表达式可控性,追踪到 eval/执行链,输出可利用性分级、PoC 与修复建议(禁止省略)。
php-vuln-scanner
PHP 组件版本漏洞检测工具。扫描 composer.json / composer.lock 或 jar/包元信息,匹配已知漏洞规则并输出报告(包含可能的触发点分析框架)。
php-wordpress-audit
WordPress 框架特效安全审计工具。针对 WordPress 常见 nonce/capability/check_admin_referer、AJAX action、escape/sanitize、重定向、安全上传与远程请求等机制进行白盒静态审计,并映射到通用漏洞类型体系(AUTH/CSRF/XSS/SQL/CFG/SSRF 等)。
php-xss-audit
PHP Web 源码 XSS 审计工具。识别用户输入进入输出上下文(HTML/属性/JS/URL/模板),分析转义与防护策略,输出可利用性分级、PoC 与修复建议(禁止省略)。
php-xxe-audit
PHP Web 源码 XXE 审计工具。识别 XML 解析点与实体处理配置,追踪 XML 输入来源与回显,输出可利用性分级、PoC 与修复建议(禁止省略)。
php-yii-audit
Yii 框架特效安全审计工具。针对 Yii(通常指 Yii2)访问控制(AccessControl/RBAC)、CSRF、输入过滤规则、输出编码策略、URL/重定向安全等进行白盒静态审计,并映射到通用漏洞类型体系(AUTH/CSRF/XSS/CFG/LOGIC 等)。
aave-integration
This skill should be used when the user needs to interact with AAVE V3 protocol contracts directly, read on-chain data, get reserve configurations, fetch current APY rates, simulate position changes, or execute protocol operations programmatically. Provides low-level access to AAVE Pool contracts, UI Pool Data Provider, and quote generation for supply, borrow, repay, and withdraw operations on Ethereum and Arbitrum.
aave-planner
This skill should be used when the user asks to "supply to aave", "deposit to aave", "lend on aave", "borrow from aave", "take loan on aave", "repay aave loan", "pay back aave", "withdraw from aave", "remove collateral", "aave lending", "earn yield on aave", or mentions AAVE V3 operations including supply, borrow, repay, or withdraw on Ethereum or Arbitrum.
aave-risk-assessor
This skill should be used when the user asks about "health factor", "liquidation risk", "aave risk", "will I be liquidated", "safe to borrow", "my account health", "collateral risk", "liquidation price", or wants to assess the risk of their AAVE V3 position. Calculates health factor, LTV ratios, liquidation thresholds, and provides risk level assessments for positions on Ethereum and Arbitrum.
aave-security-foundations
Security baseline for AAVE integration and execution scripts. Use when user asks for AAVE security review, pre-trade checks, liquidation safety, allowance minimization, or execution hardening.
aave-viem-integration
Foundational EVM integration for AAVE-related scripts using viem. Use when user asks to read balances, read/write contracts, send transactions, or set up typed viem clients for Ethereum and Arbitrum.
openclaw-stock-skill
使用 data.diemeng.chat 提供的接口查询股票日线、分钟线、财务指标等数据,支持 A 股等市场。
ux-improve
UX laws and cognitive psychology principles for designing better interfaces
ifind-data
基于同花顺 iFind API 的金融数据查询技能。用于获取 A 股、港股、美股的股票行情、基金净值、指数数据、财务报表等。触发场景:(1) 查询股票实时行情或历史价格,(2) 获取基金净值和业绩数据,(3) 查询指数成分股和估值,(4) 使用自然语言选股(问财),(5) 获取财务数据和估值指标。支持本地 SDK 和 HTTP API 两种调用方式。
lovable
|
yolo
|
harness-engineering-zh
为 AI Agent 友好的代码库搭建和改进 Harness 工程(包括 AGENTS.md、docs/、Lint 规则、Eval 系统、项目级 Prompt 工程)。触发场景:为 AI Agent 设置新项目/空项目,创建 AGENTS.md 或 CLAUDE.md,关于 Harness 工程的问题,让 Agent 在代码库上更高效地工作。当用户感到沮丧或抱怨 Agent 质量时也会触发(例如:'Agent 总是无视规范'、'它从不听从指令'、'为什么它总是做错 X'、'Agent 坏了')— 因为 Agent 输出质量差几乎总是意味着 Harness 缺失,而不是模型问题。涵盖:Context 工程、架构约束、多 Agent 协作、评估、长运行任务 Harness 以及 Agent 质量问题诊断。
harness-engineering
Set up and improve harness engineering (AGENTS.md, docs/, lint rules, eval systems, project-level prompt engineering) for AI-agent-friendly codebases. Triggers on: new/empty project setup for AI agents, AGENTS.md or CLAUDE.md creation, harness engineering questions, making agents work better on a codebase. ALSO triggers when users are frustrated or complaining about agent quality — e.g. 'the agent keeps ignoring conventions', 'it never follows instructions', 'why does it keep doing X', 'the agent is broken' — because poor agent output almost always signals harness gaps, not model problems. Covers: context engineering, architectural constraints, multi-agent coordination, evaluation, long-running agent harness, and diagnosis of agent quality issues.
harness-engineering-guide
>
fattureincloud
Manage Fatture in Cloud invoicing platform via the fic CLI. Create and manage invoices, clients, suppliers, products, receipts, e-invoices, taxes, and more.
handoff-memory
Create, refresh, validate, and resume shared HANDOFF and memory documents for a repository, a workspace-wide cross-repo context, or a workstream inside a larger workspace. Use when asked to write a handoff, checkpoint progress, resume prior work, or standardize project-state notes in Git-trackable files such as `docs/HANDOFF.md`, `_memory/HANDOFF.md`, or `_memory/workstreams/checkout-flow/HANDOFF.md`.
use-youtube-data-mcp
Configure and use the hosted YouTube Data MCP end-to-end with minimal user input. Use when users want the agent to verify Node.js and `npx`, configure MCP server config (Windows/macOS, Cursor/Codex/OpenClaw/OpenCode), request API key at setup time, run post-install capability discovery (`tools/list` and `get_patch_notes`), and then strongly recommend helper skill and Python setup for full local document and spreadsheet workflows.
owasp-security
遵循 OWASP Top 10 实施安全编码实践。适用于预防安全漏洞、实现认证、保护 API 或进行安全审查。触发关键词:OWASP, security, XSS, SQL injection, CSRF, authentication security, secure coding, vulnerability, 安全编码。
deep-research
Conduct enterprise-grade research with multi-source synthesis, citation tracking, and verification. Use when user needs comprehensive analysis requiring 10+ sources, verified claims, or comparison of approaches. Triggers include "deep research", "comprehensive analysis", "research report", "compare X vs Y", or "analyze trends". Do NOT use for simple lookups, debugging, or questions answerable with 1-2 searches.
case-study-writing
|
seo-geo-optimizer
Comprehensive SEO/GEO/AEO analysis toolkit for optimizing content visibility across traditional search engines (Google, Bing), AI platforms (ChatGPT, Perplexity, Claude, Gemini, Grokipedia), answer engines (Google AI Overviews, Bing Copilot, featured snippets), voice assistants (Google Assistant, Siri, Alexa), and social media (Facebook, Twitter, LinkedIn, WhatsApp, Instagram). Analyzes HTML/Markdown/JSX files for metadata completeness, schema markup, keyword optimization, entity extraction, and generates multi-format audit reports with platform-specific recommendations.
motion-dev-animations
Creates 120fps GPU-accelerated animations with Motion.dev (Framer Motion successor) for React, Next.js, Svelte, and Astro projects. Use when user requests animation, motion, scroll effects, parallax, hero animations, gestures, drag interactions, spring physics, whileHover effects, whileInView animations, animated UI, micro-interactions, page transitions, or layout animations. Generates production TypeScript/JSX code with accessibility (prefers-reduced-motion) and performance validation (≥60fps). Supports entrance animations, gesture interactions (hover/tap/drag), scroll-based reveals, and layout transitions using spring physics and natural timing. Do NOT use for CSS-only transitions (use native CSS), static sites without JavaScript, Vue animations (use motion-v variant instead), or SVG/Canvas complex animations (GSAP better suited).
iot-architect
Expert in IoT system design, hardware selection (ESP32, LoRa), and firmware architecture (Arduino, PlatformIO). Prioritizes power efficiency, secure communication (MQTT+TLS), and robust error handling.
security-guardian
Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides structured reports to help maintain a clean and secure codebase.
ai-dating
This skill enables dating and matchmaking workflows. Use it when a user asks to make friends, find a partner, run matchmaking, or provide dating preferences/profile updates. The skill should execute `dating-cli` commands to complete profile setup, task creation/update, match checking, contact reveal, and review.
api-security-tester
Execute end-to-end API security testing from attack-surface mapping through validated findings and remediation notes.
auth-flow-operator
Establish and validate authenticated test access through login, registration, session lifecycle, and role context checks.
crypto-vulnerability-analyst
Analyze cryptographic design and implementation for misuse, key-management weaknesses, and protocol-level exploit opportunities.
ai-agents
Building AI agents — tool use, chains, memory, and autonomous workflows with LLMs. Use when user mentions "AI agent", "agent development", "tool use", "function calling", "agent loop", "ReAct pattern", "agent memory", "autonomous agent", "multi-agent", "langchain agents", "crew AI", or building systems where LLMs take actions.
ai-prompting
AI prompt engineering and LLM interaction patterns. Use when user asks to "write prompts", "optimize prompts", "design system prompts", "few-shot prompting", "chain-of-thought", "prompt techniques", "LLM patterns", "prompt best practices", "model interactions", "AI assistant design", or mentions prompt optimization, LLM interactions, or generative AI patterns.
ansible
Ansible automation for server configuration, deployment, and infrastructure management. Use when user mentions "ansible", "ansible-playbook", "ansible-vault", "inventory", "playbook", "ansible role", "ansible galaxy", "configuration management", "server provisioning", "infrastructure automation", "ansible task", "ansible template", or automating server setup and deployment.
database-indexing
Database indexing strategies and query optimization. Use when user asks to "optimize queries", "create indexes", "database performance", "query analysis", "explain plans", "index selection", "slow queries", "database tuning", "schema optimization", or mentions database performance and query optimization.
api-versioning
Comprehensive guide to API versioning strategies, backward compatibility, deprecation, and lifecycle management. Use when user asks about "version API", "API compatibility", "breaking changes", "semantic versioning", "API evolution", "deprecation strategy", "backwards compatibility", "API migration", "version management", "sunset header", "API changelog", "schema versioning", "OpenAPI versioning", "GraphQL versioning", or mentions API lifecycle management, consumer migration, or version negotiation.
authentication-patterns
Authentication and authorization patterns and best practices. Use when user asks to "implement authentication", "OAuth flow", "JWT tokens", "session management", "SSO setup", "API keys", "RBAC", "SAML", "passwordless auth", "multi-factor authentication", or mentions auth design patterns and security.
aws-cli
AWS CLI mastery for S3, EC2, Lambda, IAM, and common service operations. Use when user asks to "upload to S3", "launch EC2", "deploy Lambda", "configure AWS", "AWS profiles", "check AWS resources", or any AWS command-line tasks.
base64-encoding
Encoding and decoding utilities — base64, URL encoding, hex, and hashing. Use when user mentions "base64", "encode", "decode", "url encode", "urlencode", "hex", "hash", "sha256", "md5", "checksum", "jwt decode", "binary to text", or converting between encoding formats.
brew-apt
Package manager commands for macOS (Homebrew) and Linux (apt, yum/dnf). Use when user mentions "brew", "homebrew", "apt", "apt-get", "yum", "dnf", "install package", "update packages", "package manager", "brew cask", "PPA", "system dependencies", "upgrade all", or managing system packages.
bun-runtime
Bun runtime for fast JavaScript/TypeScript execution, package management, bundling, and testing. Use when user mentions "bun", "bun run", "bun install", "bunx", "bun test", "bun build", "fast node alternative", "bun shell", or migrating from Node to Bun.
changelog
Changelog generation, release notes, semantic versioning, and release management. Use when user asks to "write a changelog", "generate release notes", "bump version", "follow conventional commits", "create a release", "update CHANGELOG.md", "write migration guide", "document breaking changes", "set up automated releases", "configure semantic-release", "add deprecation notice", "keep a changelog", "version a project", "squash commits before release", "manage pre-releases", "automate versioning", or any versioning, changelog automation, release notes, and release documentation tasks.
cloudflare-workers
Cloudflare Workers for edge computing, serverless functions, and global deployment. Use when user mentions "cloudflare workers", "wrangler", "edge functions", "serverless edge", "cloudflare pages", "D1 database", "R2 storage", "KV store", "workers AI", "edge computing", or deploying to Cloudflare.
code-review
Code review checklists, PR review patterns, and feedback templates. Use when user asks to "review this code", "code review checklist", "PR review template", "review best practices", "write review feedback", or any code review tasks.
containerization-best-practices
Container and Docker best practices. Use when user asks to "optimize Docker", "Docker best practices", "container security", "image optimization", "layer caching", "multi-stage builds", "container networking", "volume management", "Docker performance", or mentions containerization strategies and Docker optimization.
curl-http
API testing with curl and httpie for HTTP requests. Use when user asks to "test API", "make HTTP request", "curl POST", "send request", "test endpoint", "debug API", or make any HTTP calls from command line.
date-time-cli
Date, time, timezone, and epoch timestamp manipulation from the command line. Use when user mentions "date command", "timestamp", "epoch", "unix timestamp", "timezone conversion", "date math", "date formatting", "ISO 8601", "convert timestamp", "time ago", or any date/time manipulation in shell.
Page 5 of 21 · 1036 results