runkids
@runkids
Public Skills
feature-radar-learn
by runkids
Extract reusable patterns, architectural decisions, and pitfalls from completed work into .feature-radar/specs/. Captures the "why" behind choices so future sessions build on past experience. MUST use this skill when the user reflects on what worked/didn't, wants to document a decision, or mentions remembering a pattern for future use. Use when the user: - Says "remember this approach", "document this decision", "save this pattern" - Reflects: "that worked well", "lessons learned", "what did we learn" - Wants to capture: "don't forget this", "this was a good pattern" - Hit a dead end: "this didn't work because...", "avoid this approach" - Made a technical decision worth recording for posterity - Says "extract learnings" or "capture what we learned" Do NOT use for recording external observations — that's feature-radar-ref's job. Do NOT use for archiving completed features — that's feature-radar-archive's job.
feature-radar-ref
by runkids
Record external observations, ecosystem trends, and creative inspiration into .feature-radar/references/. MUST use this skill when the user mentions something interesting from outside their project — other tools, articles, approaches, or trends. Even casual mentions like "I saw a cool thing in X" should trigger this skill. Use when the user: - Says "I saw this cool thing in X's API", "check out how X handles this" - Shares a URL, article, talk, or research finding with relevant insights - Notes an ecosystem trend: new tools, standards, community patterns - Mentions a related project shipping a notable feature - Wants to bookmark external inspiration: "interesting approach", "save this" - Says "add reference", "log observation", "track this project" Do NOT use for internal learnings/patterns — that's feature-radar-learn's job. Do NOT use for prioritizing features — that's feature-radar's job.
feature-radar-archive
by runkids
Archive a completed, rejected, or covered feature into .feature-radar/archive/ with mandatory learning extraction. MUST use this skill whenever a feature reaches a terminal state — done, rejected, covered, deferred, or N/A. Even casual mentions like "we shipped X" or "X is done" should trigger this. The skill extracts learnings, derives new opportunities, and updates refs. Use when the user: - Says "we shipped X", "X is done", "X is complete", "we just finished X" - Rejects a feature: "we decided not to build X", "reject this", "doesn't fit" - Defers: "defer X", "postpone this", "revisit later", "not now" - Closes an opportunity: "close this opportunity", "mark as done", "archive this" - Mentions any feature reaching Done/Covered/Rejected/Deferred status Do NOT use for discovering new features — that's feature-radar-scan's job.
feature-radar
by runkids
Full-cycle feature discovery, evaluation, and prioritization. Builds a persistent knowledge base at .feature-radar/ and runs a 6-phase workflow to recommend what to build next. Modes: full (all phases), quick (scan only), evaluate (prioritize), #N (deep-dive one). MUST use this skill whenever the user asks about feature priorities, roadmaps, what to build, or wants to evaluate/compare feature ideas — even if they don't say "feature radar" explicitly. Use when the user: - Asks "what should we build next?", "what's most impactful?", or similar - Wants to prioritize, rank, or compare features or backlog items - Needs roadmap planning, project direction, or strategic feature decisions - Says "help me prioritize", "review our backlog", "what are we missing" - Mentions .feature-radar/ directory or feature tracking - Wants periodic reassessment of deferred or open opportunities
feature-radar-scan
by runkids
Discover new feature opportunities from creative brainstorming, user feedback, ecosystem trends, and cross-project research. Writes results to .feature-radar/opportunities/. MUST use this skill when the user wants to GENERATE new ideas — not evaluate existing ones. Trigger on any request to brainstorm, explore, discover, or find new feature ideas, even casual ones like "I wonder what else we could do" or "give me ideas". Use when the user: - Asks "what else could we build?", "give me feature ideas", "what are we missing?" - Wants to brainstorm, explore new directions, or refresh the opportunity backlog - Says "scan ecosystem", "scan opportunities", "find new features" - Asks to review GitHub issues, community feedback, or adjacent tools for inspiration - Mentions "explore", "discover", or "new directions" in a feature context Do NOT use for evaluating/prioritizing existing features — that's feature-radar's job.
feature-radar-validate
by runkids
Validate SKILL.md frontmatter and .feature-radar/ files against format rules. Runs validate.sh, reports errors/warnings, and auto-fixes issues. MUST use this skill after editing any SKILL.md or .feature-radar/ file — catches format bugs like the 1024-char description limit before they break skill registration. Use when: - User says "validate", "check format", "lint skills", "run validation" - You just edited a SKILL.md (description, name, or body) — run proactively - You created or modified files in .feature-radar/ — run proactively - Before committing changes that touch skills/ or .feature-radar/ - User asks "are my skills valid?", "verify skills", "check skill format" IMPORTANT: Use this proactively after ANY edit to skills/ or .feature-radar/ files, even if the user doesn't ask for it. Format validation prevents silent breakage.
feature-radar-archive
by runkids
Archive a completed, rejected, or covered feature into .feature-radar/archive/ with mandatory learning extraction. MUST use this skill whenever a feature reaches a terminal state — done, rejected, covered, deferred, or N/A. Even casual mentions like "we shipped X" or "X is done" should trigger this. The skill extracts learnings, derives new opportunities, and updates refs. Use when the user: - Says "we shipped X", "X is done", "X is complete", "we just finished X" - Rejects a feature: "we decided not to build X", "reject this", "doesn't fit" - Defers: "defer X", "postpone this", "revisit later", "not now" - Closes an opportunity: "close this opportunity", "mark as done", "archive this" - Mentions any feature reaching Done/Covered/Rejected/Deferred status Do NOT use for discovering new features — that's feature-radar-scan's job.
feature-radar
by runkids
Full-cycle feature discovery, evaluation, and prioritization. Builds a persistent knowledge base at .feature-radar/ and runs a 6-phase workflow to recommend what to build next. Modes: full (all phases), quick (scan only), evaluate (prioritize), #N (deep-dive one). MUST use this skill whenever the user asks about feature priorities, roadmaps, what to build, or wants to evaluate/compare feature ideas — even if they don't say "feature radar" explicitly. Use when the user: - Asks "what should we build next?", "what's most impactful?", or similar - Wants to prioritize, rank, or compare features or backlog items - Needs roadmap planning, project direction, or strategic feature decisions - Says "help me prioritize", "review our backlog", "what are we missing" - Mentions .feature-radar/ directory or feature tracking - Wants periodic reassessment of deferred or open opportunities
feature-radar-learn
by runkids
Extract reusable patterns, architectural decisions, and pitfalls from completed work into .feature-radar/specs/. Captures the "why" behind choices so future sessions build on past experience. MUST use this skill when the user reflects on what worked/didn't, wants to document a decision, or mentions remembering a pattern for future use. Use when the user: - Says "remember this approach", "document this decision", "save this pattern" - Reflects: "that worked well", "lessons learned", "what did we learn" - Wants to capture: "don't forget this", "this was a good pattern" - Hit a dead end: "this didn't work because...", "avoid this approach" - Made a technical decision worth recording for posterity - Says "extract learnings" or "capture what we learned" Do NOT use for recording external observations — that's feature-radar-ref's job. Do NOT use for archiving completed features — that's feature-radar-archive's job.
feature-radar-ref
by runkids
Record external observations, ecosystem trends, and creative inspiration into .feature-radar/references/. MUST use this skill when the user mentions something interesting from outside their project — other tools, articles, approaches, or trends. Even casual mentions like "I saw a cool thing in X" should trigger this skill. Use when the user: - Says "I saw this cool thing in X's API", "check out how X handles this" - Shares a URL, article, talk, or research finding with relevant insights - Notes an ecosystem trend: new tools, standards, community patterns - Mentions a related project shipping a notable feature - Wants to bookmark external inspiration: "interesting approach", "save this" - Says "add reference", "log observation", "track this project" Do NOT use for internal learnings/patterns — that's feature-radar-learn's job. Do NOT use for prioritizing features — that's feature-radar's job.
feature-radar-scan
by runkids
Discover new feature opportunities from creative brainstorming, user feedback, ecosystem trends, and cross-project research. Writes results to .feature-radar/opportunities/. MUST use this skill when the user wants to GENERATE new ideas — not evaluate existing ones. Trigger on any request to brainstorm, explore, discover, or find new feature ideas, even casual ones like "I wonder what else we could do" or "give me ideas". Use when the user: - Asks "what else could we build?", "give me feature ideas", "what are we missing?" - Wants to brainstorm, explore new directions, or refresh the opportunity backlog - Says "scan ecosystem", "scan opportunities", "find new features" - Asks to review GitHub issues, community feedback, or adjacent tools for inspiration - Mentions "explore", "discover", or "new directions" in a feature context Do NOT use for evaluating/prioritizing existing features — that's feature-radar's job.
skillshare
by runkids
Manages and syncs AI CLI skills across 50+ tools from a single source. Use this skill whenever the user mentions "skillshare", runs skillshare commands, manages skills (install, update, uninstall, sync, audit, check, diff, search), or troubleshoots skill configuration (orphaned symlinks, broken targets, sync issues). Covers both global (~/.config/skillshare/) and project (.skillshare/) modes. Also use when: adding new AI tool targets (Claude, Cursor, Windsurf, etc.), setting target include/exclude filters or copy vs symlink mode, using backup/restore or trash recovery, piping skillshare output to scripts (--json), setting up CI/CD audit pipelines, or building/sharing skill hubs (hub index, hub add).
algorand-vulnerability-scanner
by runkids
Scans Algorand smart contracts for 11 common vulnerabilities including rekeying attacks, unchecked transaction fees, missing field validations, and access control issues. Use when auditing Algorand projects (TEAL/PyTeal).
ask-questions-if-underspecified
by runkids
Clarify requirements before implementing. Use when serious doubts arise.
audit-prep-assistant
by runkids
Prepares codebases for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures accessibility, and generates documentation (flowcharts, user stories, inline comments).
atheris
by runkids
Atheris is a coverage-guided Python fuzzer based on libFuzzer. Use for fuzzing pure Python code and Python C extensions.
constant-time-analysis
by runkids
Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encountering division on secrets, secret-dependent branches, or constant-time programming questions in C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, or Ruby.
cargo-fuzz
by runkids
cargo-fuzz is the de facto fuzzing tool for Rust projects using Cargo. Use for fuzzing Rust code with libFuzzer backend.
address-sanitizer
by runkids
AddressSanitizer detects memory errors during fuzzing. Use when fuzzing C/C++ code to find buffer overflows and use-after-free bugs.
code-maturity-assessor
by runkids
Systematic code maturity assessment using Trail of Bits' 9-category framework. Analyzes codebase for arithmetic safety, auditing practices, access controls, complexity, decentralization, documentation, MEV risks, low-level code, and testing. Produces professional scorecard with evidence-based ratings and actionable recommendations.
coverage-analysis
by runkids
Coverage analysis measures code exercised during fuzzing. Use when assessing harness effectiveness or identifying fuzzing blockers.
audit-context-building
by runkids
Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.
aflpp
by runkids
AFL++ is a fork of AFL with better fuzzing performance and advanced features. Use for multi-core fuzzing of C/C++ projects.
git-cleanup
by runkids
"Safely analyzes and cleans up local git branches and worktrees by categorizing them as merged, squash-merged, superseded, or active work."
claude-in-chrome-troubleshooting
by runkids
Diagnose and fix Claude in Chrome MCP extension connectivity issues. Use when mcp__claude-in-chrome__* tools fail, return "Browser extension is not connected", or behave erratically.
constant-time-testing
by runkids
Constant-time testing detects timing side channels in cryptographic code. Use when auditing crypto implementations for timing vulnerabilities.
debug-buttercup
by runkids
Debugs the Buttercup CRS (Cyber Reasoning System) running on Kubernetes. Use when diagnosing pod crashes, restart loops, Redis failures, resource pressure, disk saturation, DinD issues, or any service misbehavior in the crs namespace. Covers triage, log analysis, queue inspection, and common failure patterns for: redis, fuzzer-bot, coverage-bot, seed-gen, patcher, build-bot, scheduler, task-server, task-downloader, program-model, litellm, dind, tracer-bot, merger-bot, competition-api, pov-reproducer, scratch-cleaner, registry-cache, image-preloader, ui.
codeql
by runkids
Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality suite) and "important only" (high-precision security findings) scan modes. Also handles creating data extension models and processing CodeQL SARIF output.
devcontainer-setup
by runkids
Creates devcontainers with Claude Code, language-specific tooling (Python/Node/Rust/Go), and persistent volumes. Use when adding devcontainer support to a project, setting up isolated development environments, or configuring sandboxed Claude Code workspaces.
cairo-vulnerability-scanner
by runkids
Scans Cairo/StarkNet smart contracts for 6 critical vulnerabilities including felt252 arithmetic overflow, L1-L2 messaging issues, address conversion problems, and signature replay. Use when auditing StarkNet projects.
firebase-apk-scanner
by runkids
Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use when analyzing APK files for Firebase vulnerabilities, performing mobile app security audits, or testing Firebase endpoint security. For authorized security research only.
sarif-parsing
by runkids
Parses and processes SARIF files from static analysis tools like CodeQL, Semgrep, or other scanners. Triggers on "parse sarif", "read scan results", "aggregate findings", "deduplicate alerts", or "process sarif output". Handles filtering, deduplication, format conversion, and CI/CD integration of SARIF data. Does NOT run scans — use the Semgrep or CodeQL skills for that.
guidelines-advisor
by runkids
Smart contract development advisor based on Trail of Bits' best practices. Analyzes codebase to generate documentation/specifications, review architecture, check upgradeability patterns, assess implementation quality, identify pitfalls, review dependencies, and evaluate testing. Provides actionable recommendations.
libafl
by runkids
LibAFL is a modular fuzzing library for building custom fuzzers. Use for advanced fuzzing needs, custom mutators, or non-standard fuzzing targets.
libfuzzer
by runkids
Coverage-guided fuzzer built into LLVM for C/C++ projects. Use for fuzzing C/C++ code that can be compiled with Clang.
fp-check
by runkids
"Systematically verifies suspected security bugs to eliminate false positives. Produces TRUE POSITIVE or FALSE POSITIVE verdicts with documented evidence for each bug."
second-opinion
by runkids
"Runs external LLM code reviews (OpenAI Codex or Google Gemini CLI) on uncommitted changes, branch diffs, or specific commits. Use when the user asks for a second opinion, external review, codex review, gemini review, or mentions /second-opinion."
cosmos-vulnerability-scanner
by runkids
Scans Cosmos SDK blockchains for 9 consensus-critical vulnerabilities including non-determinism, incorrect signers, ABCI panics, and rounding errors. Use when auditing Cosmos chains or CosmWasm contracts.
designing-workflow-skills
by runkids
Guides the design and structuring of workflow-based Claude Code skills with multi-step phases, decision trees, subagent delegation, and progressive disclosure. Use when creating skills that involve sequential pipelines, routing patterns, safety gates, task tracking, phased execution, or any multi-step workflow. Also applies when reviewing or refactoring existing workflow skills for quality.
modern-python
by runkids
Configures Python projects with modern tooling (uv, ruff, ty). Use when creating projects, writing standalone scripts, or migrating from pip/Poetry/mypy/black.
differential-review
by runkids
Performs security-focused differential review of code changes (PRs, commits, diffs). Adapts analysis depth to codebase size, uses git history for context, calculates blast radius, checks test coverage, and generates comprehensive markdown reports. Automatically detects and prevents security regressions.
harness-writing
by runkids
Techniques for writing effective fuzzing harnesses across languages. Use when creating new fuzz targets or improving existing harness code.
secure-workflow-guide
by runkids
Guides through Trail of Bits' 5-step secure development workflow. Runs Slither scans, checks special features (upgradeability/ERC conformance/token integration), generates visual security diagrams, helps document security properties for fuzzing/verification, and reviews manual security areas.
insecure-defaults
by runkids
"Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling."
fuzzing-dictionary
by runkids
Fuzzing dictionaries guide fuzzers with domain-specific tokens. Use when fuzzing parsers, protocols, or format-specific code.
dwarf-expert
by runkids
Provides expertise for analyzing DWARF debug files and understanding the DWARF debug format/standard (v3-v5). Triggers when understanding DWARF information, interacting with DWARF files, answering DWARF-related questions, or working with code that parses DWARF data.
ossfuzz
by runkids
OSS-Fuzz provides free continuous fuzzing for open source projects. Use when setting up continuous fuzzing infrastructure or enrolling projects.
fuzzing-obstacles
by runkids
Techniques for patching code to overcome fuzzing obstacles. Use when checksums, global state, or other barriers block fuzzer progress.
property-based-testing
by runkids
Provides guidance for property-based testing across multiple languages and smart contracts. Use when writing tests, reviewing code with serialization/validation/parsing patterns, designing features, or when property-based testing would provide stronger coverage than example-based tests.
interpreting-culture-index
by runkids
Interprets Culture Index (CI) surveys, behavioral profiles, and personality assessment data. Supports individual profile interpretation, team composition analysis (gas/brake/glue), burnout detection, profile comparison, hiring profiles, manager coaching, interview transcript analysis for trait prediction, candidate debrief, onboarding planning, and conflict mediation. Accepts extracted JSON or PDF input via OpenCV extraction script.
ruzzy
by runkids
Ruzzy is a coverage-guided Ruby fuzzer by Trail of Bits. Use for fuzzing pure Ruby code and Ruby C extensions.
frontend-slides
by runkids
Create stunning, animation-rich HTML presentations from scratch or by converting PowerPoint files. Use when the user wants to build a presentation, convert a PPT/PPTX to web, or create slides for a talk/pitch. Helps non-designers discover their aesthetic through visual exploration rather than abstract choices.
ui-skills
by runkids
Opinionated constraints for building better interfaces with agents.
docker-expert
by runkids
Docker containerization expert with deep knowledge of multi-stage builds, image optimization, container security, Docker Compose orchestration, and production deployment patterns. Use PROACTIVELY for Dockerfile optimization, container issues, image size problems, security hardening, networking, and orchestration challenges.