Auth
Authentication and authorization
vulnerability-scan
by ymd38
Run an offensive security audit (OWASP-based) using Semgrep and produce a read-only vulnerability report. Use before committing code to detect Broken Access Control, Injection (SQL/NoSQL/OS/Template), Frontend Security issues (XSS/CSP/HSTS), SSRF, and hardcoded secrets or PII exposure. Triggers on requests like "security scan", "vulnerability check", "audit security", "find vulnerabilities", "/vulnerability-scan", or when asked for an offensive security review of the codebase. Does NOT modify any code — read-only inspection only.
secure-coding-generate
by vchirrav
Generate secure code following OWASP Secure Coding rules. Automatically detects the security domain and produces code with inline Rule ID citations (e.g., [INPUT-04], [AUTH-07]) plus a rules-applied summary.
psc
by unlimiting-studio
Google Play Developer API Edits workflow CLI(@unlimiting/psc)를 설치하고 사용해 Android 앱 배포를 수행한다. psc 설치, 서비스 계정 인증, auth 상태 점검, edits/bundles/tracks 수동 배포, publish submit 원샷 배포, 점진 배포(inProgress), release notes JSON 적용, 자격증명/환경변수 우선순위 설정이 필요한 작업에서 사용한다.
keyboard-injector
by famaoai-creator
(Optional) iTerm2 session ID for targeted injection.
problem-space
by open-horizon-labs
Map what we're optimizing and what constraints we treat as real. Use before jumping to solutions, when hitting repeated blockers, or when patches keep accumulating.
solution-space
by open-horizon-labs
Explore candidate solutions before committing. Use when you have a problem statement and need to evaluate approaches - band-aid, optimize, reframe, or redesign.
backlog-management
by ichi-h
バックログ解決のためのバックログ管理方法を定義します。バックログファイルの構造、フォーマット、命名規則、依存関係のガイドラインを提供します。
box-connector
by famaoai-creator
Securely connects to Box using the Node.js SDK (JWT). downloads files, searches content, and manages folder structures.
problem-statement
by open-horizon-labs
Define the framing of a problem. Change the statement, change the solution space. Use when starting work, when solutions feel wrong, or when you suspect an X-Y problem.
implementing-dynamic-authorization
by sumik5
Dynamic authorization design covering ABAC, ReBAC, PBAC models and Cedar policy language. Use when designing access control systems, choosing authorization models, or writing Cedar policies. Distinct from securing-code (code-level) by focusing on authorization model selection and policy-based access control.
robot-startup
by Idate96
Set up the standard Moleworks ROS 2 tmux session for on-machine work with 4 windows in order (low_level, perception, estimator, foxglove). Use when asked to create/recreate the tmux window layout and start the stack quickly (dig controllers are started separately).
gap-analysis
by HikaruEgashira
技術選定や競合分析を行う際に自律的にギャップ分析を行うメタスキルです。 複数の軸で類似概念を調査し、現行システムとのギャップを洗い出し、 なぜそのギャップが生じているのかを自問して戦略を立案します。 Trigger: 技術選定, 競合分析, 改善提案, ギャップ分析
handover
by shuymn
Creates or refreshes a HANDOVER.md that captures current session state for the next assistant. Use when wrapping up a session, context is getting full, switching operators, or when the user asks for a handoff summary including decisions, pitfalls, lessons learned, next steps, and important files. Also trigger when the user says "save progress", "session summary", or "prepare for next session".
rviz-screenshot-loop
by Idate96
Capture RViz/GUI screenshots via MCP to close the loop while debugging ROS. Use when you need visual verification in RViz or other windows.
@tank/token-redaction
by tankpkg
"Detect and redact API tokens, keys, bearer values, and JWTs in local OpenCode SQLite session stores. Covers backup-first workflow, pattern matching for common token formats, dry-run verification, database integrity checks, and session cleanup. Triggers: redact, token, API key, secret, JWT, bearer, session store, SQLite, cleanup, sensitive data, credential leak, key rotation, security."
llmposter
by SkillDoAI
Rust library for mocking LLM API servers (OpenAI, Anthropic, Gemini, and Responses API) in tests with configurable fixtures, failure injection, and streaming.
clawdbot-self-security-audit
by Nep-Cheat
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities and generate reports. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities do I have". This skill only READS configuration and generates reports—it never modifies settings or executes fixes automatically. Designed to be extensible—new checks can be added by updating this skill's knowledge.
fork
by corygabrielsen
Branch off a conversation to handle tangents. Outputs context summary and ready-to-paste command for a new terminal session.
port-daddy-cli
by curiositech
Multi-agent coordination via Port Daddy. Use when starting dev servers, coordinating with other agents, preventing file conflicts, salvaging dead agents' work, or tracking changes. Activate on "port conflict", "claim port", "coordinate agents", "start session", "leave note", "file conflict", "dev server", "salvage", "changelog".
execute
by open-horizon-labs
Do the work. Pre-flight, build, detect drift, salvage if needed. Use when you have a clear aim and are ready to implement.
salvage
by open-horizon-labs
Extract learning before restarting. Code is a draft; learning is the asset. Use when work is drifting, approach has reversed 3+ times, or scope is expanding while "done" keeps fuzzing.
@tank/google-calendar
by tankpkg
"Create, query, update, and manage Google Calendar events and availability. Covers event CRUD, free/busy queries, recurring events with RRULE, Google Meet conferencing, attendee management, multi-calendar operations, and incremental sync. Triggers: calendar, event, meeting, schedule, availability, free busy, recurring event, RRULE, Google Meet, attendee, reminder, timezone, booking, appointment, Google Calendar."
Shellforge Realms - Agent Deployment Skill
by ear2earGrin
🔹
aim
by open-horizon-labs
Clarify the outcome you want - a change in user behavior, not a feature shipped. Use at the start of any work to ground the session in strategic intent.