This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detect malware",...

Detect risk or uncertainty and pause execution. Use before or after plans, commands, diffs, or implementation to surface unclear requirements or risky actions.

GTD mentor for inbox processing, weekly reviews, and coaching. Triggers on "process inbox", "weekly review", "what should I do", "I'm stuck", or /gtd command.

Voice conversation: transcribe voice input, reply in same format (voice-to-voice, text-to-text) by default. User can override with voice or text commands.

Run Docker commands within a container environment, including starting the Docker daemon and managing containers. Use when building, running, or managing Docker containers and images.

This skill should be used when users want to run the built-in TLS (two-level system) driver in socket or embedded mode and need parameter conventions and example commands.

View and manage inline GitHub PR review comments with full thread context from the terminal

This skill should be used when the user asks to "set up a web server", "configure HTTP or HTTPS", "perform SNMP enumeration", "configure SMB shares", "test network services", or needs guidance on...

This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing",...

This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI...

This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a...

This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks",...

Writing pull request titles and descriptions for the tldraw repository. Use when creating a new PR, updating an existing PR's title or body, or when the /pr command needs PR content guidance.

Use when analyzing fix commits to create postmortems, checking code changes against known issues before release, or updating postmortem knowledge base after release. Triggers on /postmortem...

LLM-as-judge methodology for comparing code implementations across repositories. Scores implementations on functionality, security, test quality, overengineering, and dead code using weighted...

Harbor framework for agent evaluation. Use when: (1) Running harbor commands (harbor run, harbor tasks check), (2) Creating/validating SkillsBench tasks, (3) Understanding task format or debugging...

Create robust Python automation with full logging and safety checks. Use when tasks need complex data processing, authenticated API work, conditional file operations, or error handling beyond...

Expert in high-performance CSV processing, parsing, and data cleaning using Python, DuckDB, and command-line tools. Use when working with CSV files, cleaning data, transforming datasets, or...

Use when working with icons in any project. Provides CLI for searching 200+ icon libraries (Iconify) and retrieving SVGs. Commands: `better-icons search <query>` to find icons, `better-icons get...

Create and manage local Issue specs (specs/issues/) - individual work items with testable acceptance criteria. Use for "create issue", "new task", "list issues", "check issues", "pick issue". NOTE...