# Catálogo De Skills

Este catálogo é gerado a partir dos arquivos `SKILL.md` publicados no repositório sanitizado. Ele ajuda uma IA ou usuário humano a descobrir o que existe sem precisar abrir centenas de pastas manualmente.

Regra de uso: escolha primeiro pelo roteador em `orquestrador/SKILLS_ROUTER.json`; abra o `SKILL.md` completo somente da skill selecionada e dos arquivos referenciados diretamente por ela.

## Adicionar Skill Canônica

Use o helper em vez de criar todos os registros manualmente:

```powershell
powershell -NoProfile -ExecutionPolicy Bypass -File .\scripts\new-canonical-skill.ps1 `
  -Name "skill-example" `
  -Description "Use for ..." `
  -Category "ai" `
  -Risk "medium" `
  -Source "local-patterns" `
  -Trigger "example" `
  -Alias "exemplo" `
  -MirrorEverywhere
```

No Linux/macOS:

```bash
./scripts/new-canonical-skill.sh \
  --name skill-example \
  --description "Use for ..." \
  --category ai \
  --risk medium \
  --source local-patterns \
  --trigger example \
  --alias exemplo \
  --mirror-everywhere
```

O comando cria `orquestrador/skills/<skill>/SKILL.md` e atualiza `orquestrador/SKILLS_MANIFEST.json`, `orquestrador/SKILLS_ROUTER.json` e `orquestrador/SKILL_ALIASES.json`.

Depois de editar o corpo da skill, rode:

```powershell
powershell -NoProfile -ExecutionPolicy Bypass -File .\scripts\validate-skills.ps1
```

ou:

```bash
./scripts/validate-skills.sh
```

Se a skill deve ser usada junto com outras, atualize `orquestrador/SKILL_CHAINS.json` manualmente e rode a validação novamente.

`SKILLS_MANIFEST.json` é a fonte de verdade para skills canônicas. O campo `mirrorEverywhere` controla quais skills entram nas raízes nativas mínimas usadas por Codex, Claude, OpenCode, Cursor, Gemini, Windsurf, Antigravity e `.agents`.

## Skills Canônicas Do Orquestrador

Fonte principal editável. O sync copia essas skills para os espelhos compatíveis.

Total: 23

| Skill | Categoria | Risco | O que faz |
|---|---|---|---|
| `skill-abacatepay-integration` | payments | medium | Integrate AbacatePay PIX/card billing, customers, QRCode PIX, billing webhooks, CPF/CNPJ validation, BRL SaaS checkout, payment receipts, refunds, cancellations, and entitlement sync for Brazilian SaaS products. |
| `skill-cobranca-automatizada-saas-abacatepay` | payments | high | Use for automated SaaS billing with AbacatePay, including dunning rules, invoice portal, trial expiration, billing notifications, admin billing CRUD, and billing metrics. |
| `skill-aionui-cowork-orchestration` | orchestration | medium | Use when integrating AionUi into the {{USER_NAME}} orchestrator workflow, coordinating Codex, Claude, Gemini, OpenCode, or other CLI agents through AionUi without breaking local skills, hooks, MCPs, permissions, or existing Codex workflows. |
| `skill-ai-orchestration` | ai | medium | Use for server-side AI orchestration in SaaS products, including OpenAI, Gemini, Claude, ElevenLabs, streaming, transcription, structured extraction, prompt contracts, token budgets, model routing, queues, retries, observability, consent, validation, and safe API key handling. |
| `skill-elevenlabs-voice-cloning` | ai | high | Use for ElevenLabs voice generation and voice cloning integrations, including Brazilian Portuguese TTS, explicit voice consent, server-side API keys, secure audio uploads, asynchronous jobs, validation, retryable synthesis, and safe handling of biometric voice data. |
| `skill-evolution-api` | communication | medium | Use for WhatsApp automation with Evolution API, including instance lifecycle, QR pairing, inbound and outbound messages, webhooks, consent, tenant isolation, queues, idempotency, rate limits, retries, audit logs, and reliable delivery. |
| `skill-frontend-ux-guardrails` | frontend | medium | Apply frontend UX quality gates for SaaS dashboards, product screens, modals, tables, forms, responsive layouts, overflow fixes, accessibility, visual validation, spelling, and reduction of UI rework. |
| `skill-google-workspace-sync` | integrations | high | Use for Google Workspace integrations with OAuth, Calendar, Meet, FreeBusy, Drive, Sheets, webhooks, least-privilege scopes, encrypted refresh tokens, idempotent writes, reconciliation jobs, consent revocation, validation, and sync audit trails. |
| `skill-live-processing` | media | medium | Use for live stream and VOD ingestion pipelines, including YouTube, Twitch, uploads, capture jobs, queues, transcription, clip generation, media storage, retries, idempotent workers, consent, validation, observability, and safe server-side provider credentials. |
| `skill-manual-video-processing` | media | medium | Use for manual video or audio uploads in SaaS apps, including upload UX, direct storage, validation, malware checks, quota enforcement, asynchronous processing jobs, transcription, clip extraction, review flows, signed URLs, consent, and secure media access. |
| `skill-modern-ui-patterns` | frontend | low | Use for professional SaaS UI implementation and refinement in React, TypeScript, Tailwind, dashboards, admin panels, tables, forms, settings, billing, onboarding, responsive layouts, component states, and design-system consistency. |
| `skill-multiagent-orchestration` | orchestration | medium | Use when a task mentions subagents, multiagents, parallel agents, team execution, swarm, delegation, or requires dividing independent engineering work across agents while preserving integration safety and token efficiency. |
| `skill-open-design-ui` | frontend | low | Apply open-design product UI workflow for premium visual redesigns, dashboards, landing pages, design tokens, component libraries, responsive product screens, visual QA, anti-generic styling, and professional frontend delivery. |
| `skill-saas-admin-dashboard` | frontend | low | Build or improve SaaS admin dashboards, internal admin panels, user/customer screens, tenant/workspace screens, plan/payment/log views, sidebar layouts, metrics, filters, tables, support tools, and onboarding administration. |
| `skill-saas-core-limits` | saas | medium | Implement SaaS plan limits, quotas, entitlements, feature flags, trials, grace periods, blocked accounts, usage counters, and access checks after AbacatePay, Stripe, webhook, or manual admin subscription changes. |
| `skill-saas-dast-recon` | security | high | Run defensive, explicitly authorized SaaS DAST and recon with scope controls. Use when asked to scan an owned local, staging, preview, or approved production URL, API endpoint, SaaS app, tenant boundary, public web surface, auth flow, exposed files, headers, TLS, or OWASP Top 10 behavior using tools such as ZAP, Nuclei, Katana, httpx, and Subfinder. |
| `skill-saas-factory` | saas | medium | Build, refactor, review, or plan SaaS products with React/Vite, dashboards, admin panels, Supabase, payments, subscriptions, tenant limits, webhooks, security, infrastructure, and production readiness. Use as the top-level SaaS construction skill when work may need routing to payment, RLS, dashboard, limits, security scan, or deployment skills. |
| `skill-saas-security-scan` | security | medium | Run defensive, authorized local security scans for owned SaaS repositories. Use when asked to scan local code, dependencies, secrets, containers, IaC, API handlers, Supabase projects, multi-tenant SaaS isolation, or release/security gates with maintained OSS tools such as Semgrep, Gitleaks, Trivy, OSV-Scanner, and OWASP Dependency-Check. |
| `skill-security-hooks` | security | medium | Install and maintain defensive security hooks and CI gates for authorized SaaS projects. Use when asked to add pre-commit hooks, pre-push hooks, CI security scans, GitHub Actions hardening, secret scanning, dependency scanning, SAST, DAST gates, or security automation around existing repositories. |
| `skill-smart-clip-detection` | media | medium | Use for AI-assisted clip detection from transcripts, livestreams, videos, podcasts, calls, or long-form content, including scored candidates, timestamps, batching, validation, prompt versioning, review queues, idempotent reprocessing, consent, and publishing-ready metadata. |
| `skill-stripe-integration` | payments | medium | Integrate Stripe Checkout, Billing, subscriptions, Customer Portal, invoices, trials, coupons, webhook handling, entitlement sync, and SaaS payment state management. |
| `skill-supabase-rls` | security | high | Design and review defensive Supabase/Postgres Row Level Security for SaaS systems. Use for RLS policies, auth-aware tenant isolation, storage policies, service-role boundaries, migrations, indexes, positive/negative access tests, and data-isolation security reviews. |
| `skill-unified-analytics` | analytics | low | Use for SaaS/product analytics architecture, event taxonomy, telemetry instrumentation, funnels, admin dashboards, billing metrics, activation, retention, attribution, privacy guardrails, observability, and cross-provider reporting. |

## Skills Empacotadas Do Codex

Skills instaladas no diretório ativo do Codex. Inclui workflows OMX/Codex e espelho das skills canônicas.

Total: 47

| Skill | Categoria | Risco | O que faz |
|---|---|---|---|
| `ai-slop-cleaner` | - | - | Run an anti-slop cleanup/refactor/deslop workflow |
| `ask-claude` | - | - | Ask Claude via local CLI and capture a reusable artifact |
| `ask-gemini` | - | - | Ask Gemini via local CLI and capture a reusable artifact |
| `autopilot` | - | - | Full autonomous execution from idea to working code |
| `cancel` | - | - | Cancel any active OMX mode (autopilot, ralph, ultrawork, ecomode, ultraqa, swarm, ultrapilot, pipeline, team) |
| `code-review` | - | - | Run a comprehensive code review |
| `configure-notifications` | - | - | Configure OMX notifications - unified portable entry point |
| `deep-interview` | - | - | Socratic deep interview with mathematical ambiguity gating before execution |
| `doctor` | - | - | Diagnose and fix oh-my-codex installation issues |
| `help` | - | - | Guide on using oh-my-codex plugin |
| `hud` | - | - | Show or configure the OMX HUD (two-layer statusline) |
| `note` | - | - | Save notes to notepad.md for compaction resilience |
| `omx-setup` | - | - | Setup and configure oh-my-codex using current CLI behavior |
| `orquestrador-maestro` | - | - | Orquestrador Maestro |
| `plan` | - | - | Strategic planning with optional interview workflow |
| `ralph` | - | - | Self-referential loop until task completion with architect verification |
| `ralplan` | - | - | Alias for $plan --consensus |
| `security-review` | - | - | Run a comprehensive security review on code |
| `skill` | - | - | Manage local skills - list, add, remove, search, edit, setup wizard |
| `skill-abacatepay-integration` | payments | medium | Integrate AbacatePay PIX/card billing, customers, QRCode PIX, billing webhooks, CPF/CNPJ validation, BRL SaaS checkout, payment receipts, refunds, cancellations, and entitlement sync for Brazilian SaaS products. |
| `skill-aionui-cowork-orchestration` | orchestration | medium | Use when integrating AionUi into the {{USER_NAME}} orchestrator workflow, coordinating Codex, Claude, Gemini, OpenCode, or other CLI agents through AionUi without breaking local skills, hooks, MCPs, permissions, or existing Codex workflows. |
| `skill-ai-orchestration` | ai | medium | Use for server-side AI orchestration in SaaS products, including OpenAI, Gemini, Claude, ElevenLabs, streaming, transcription, structured extraction, prompt contracts, token budgets, model routing, queues, retries, observability, consent, validation, and safe API key handling. |
| `skill-elevenlabs-voice-cloning` | ai | high | Use for ElevenLabs voice generation and voice cloning integrations, including Brazilian Portuguese TTS, explicit voice consent, server-side API keys, secure audio uploads, asynchronous jobs, validation, retryable synthesis, and safe handling of biometric voice data. |
| `skill-evolution-api` | communication | medium | Use for WhatsApp automation with Evolution API, including instance lifecycle, QR pairing, inbound and outbound messages, webhooks, consent, tenant isolation, queues, idempotency, rate limits, retries, audit logs, and reliable delivery. |
| `skill-frontend-ux-guardrails` | frontend | medium | Apply frontend UX quality gates for SaaS dashboards, product screens, modals, tables, forms, responsive layouts, overflow fixes, accessibility, visual validation, spelling, and reduction of UI rework. |
| `skill-google-workspace-sync` | integrations | high | Use for Google Workspace integrations with OAuth, Calendar, Meet, FreeBusy, Drive, Sheets, webhooks, least-privilege scopes, encrypted refresh tokens, idempotent writes, reconciliation jobs, consent revocation, validation, and sync audit trails. |
| `skill-live-processing` | media | medium | Use for live stream and VOD ingestion pipelines, including YouTube, Twitch, uploads, capture jobs, queues, transcription, clip generation, media storage, retries, idempotent workers, consent, validation, observability, and safe server-side provider credentials. |
| `skill-manual-video-processing` | media | medium | Use for manual video or audio uploads in SaaS apps, including upload UX, direct storage, validation, malware checks, quota enforcement, asynchronous processing jobs, transcription, clip extraction, review flows, signed URLs, consent, and secure media access. |
| `skill-modern-ui-patterns` | frontend | low | Use for professional SaaS UI implementation and refinement in React, TypeScript, Tailwind, dashboards, admin panels, tables, forms, settings, billing, onboarding, responsive layouts, component states, and design-system consistency. |
| `skill-multiagent-orchestration` | orchestration | medium | Use when a task mentions subagents, multiagents, parallel agents, team execution, swarm, delegation, or requires dividing independent engineering work across agents while preserving integration safety and token efficiency. |
| `skill-open-design-ui` | frontend | low | Apply open-design product UI workflow for premium visual redesigns, dashboards, landing pages, design tokens, component libraries, responsive product screens, visual QA, anti-generic styling, and professional frontend delivery. |
| `skill-saas-admin-dashboard` | frontend | low | Build or improve SaaS admin dashboards, internal admin panels, user/customer screens, tenant/workspace screens, plan/payment/log views, sidebar layouts, metrics, filters, tables, support tools, and onboarding administration. |
| `skill-saas-core-limits` | saas | medium | Implement SaaS plan limits, quotas, entitlements, feature flags, trials, grace periods, blocked accounts, usage counters, and access checks after AbacatePay, Stripe, webhook, or manual admin subscription changes. |
| `skill-saas-dast-recon` | security | high | Run defensive, explicitly authorized SaaS DAST and recon with scope controls. Use when asked to scan an owned local, staging, preview, or approved production URL, API endpoint, SaaS app, tenant boundary, public web surface, auth flow, exposed files, headers, TLS, or OWASP Top 10 behavior using tools such as ZAP, Nuclei, Katana, httpx, and Subfinder. |
| `skill-saas-factory` | saas | medium | Build, refactor, review, or plan SaaS products with React/Vite, dashboards, admin panels, Supabase, payments, subscriptions, tenant limits, webhooks, security, infrastructure, and production readiness. Use as the top-level SaaS construction skill when work may need routing to payment, RLS, dashboard, limits, security scan, or deployment skills. |
| `skill-saas-security-scan` | security | medium | Run defensive, authorized local security scans for owned SaaS repositories. Use when asked to scan local code, dependencies, secrets, containers, IaC, API handlers, Supabase projects, multi-tenant SaaS isolation, or release/security gates with maintained OSS tools such as Semgrep, Gitleaks, Trivy, OSV-Scanner, and OWASP Dependency-Check. |
| `skill-security-hooks` | security | medium | Install and maintain defensive security hooks and CI gates for authorized SaaS projects. Use when asked to add pre-commit hooks, pre-push hooks, CI security scans, GitHub Actions hardening, secret scanning, dependency scanning, SAST, DAST gates, or security automation around existing repositories. |
| `skill-smart-clip-detection` | media | medium | Use for AI-assisted clip detection from transcripts, livestreams, videos, podcasts, calls, or long-form content, including scored candidates, timestamps, batching, validation, prompt versioning, review queues, idempotent reprocessing, consent, and publishing-ready metadata. |
| `skill-stripe-integration` | payments | medium | Integrate Stripe Checkout, Billing, subscriptions, Customer Portal, invoices, trials, coupons, webhook handling, entitlement sync, and SaaS payment state management. |
| `skill-supabase-rls` | security | high | Design and review defensive Supabase/Postgres Row Level Security for SaaS systems. Use for RLS policies, auth-aware tenant isolation, storage policies, service-role boundaries, migrations, indexes, positive/negative access tests, and data-isolation security reviews. |
| `skill-unified-analytics` | analytics | low | Use for SaaS/product analytics architecture, event taxonomy, telemetry instrumentation, funnels, admin dashboards, billing metrics, activation, retention, attribution, privacy guardrails, observability, and cross-provider reporting. |
| `team` | - | - | N coordinated agents on shared task list using tmux-based orchestration |
| `trace` | - | - | Show agent flow trace timeline and summary |
| `ultrawork` | - | - | Parallel execution engine for high-throughput task completion |
| `visual-verdict` | - | - | Structured visual QA verdict for screenshot-to-reference comparisons |
| `web-clone` | - | - | URL-driven website cloning with visual + functional verification |
| `worker` | - | - | Team worker protocol (ACK, mailbox, task lifecycle) for tmux-based OMX teams |

## Biblioteca Comunitária Deduplicada

Biblioteca ampla de skills reutilizáveis copiada para raízes compatíveis quando a instalação completa é usada.

Total: 610

| Skill | Categoria | Risco | O que faz |
|---|---|---|---|
| `3d-web-experience` | - | - | Expert in building 3D experiences for the web - Three.js, React Three Fiber, Spline, WebGL, and interactive 3D scenes. Covers product configurators, 3D portfolios, immersive websites, and bringing depth to web experiences. Use when: 3D website, three.js, WebGL, react three fiber, 3D experience. |
| `ab-test-setup` | - | - | Structured guide for setting up A/B tests with mandatory gates for hypothesis, metrics, and execution readiness. |
| `accessibility-compliance-accessibility-audit` | - | - | You are an accessibility expert specializing in WCAG compliance, inclusive design, and assistive technology compatibility. Conduct audits, identify barriers, and provide remediation guidance. |
| `Active Directory Attacks` | - | - | This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing. |
| `address-github-comments` | - | - | Use when you need to address review or issue comments on an open GitHub Pull Request using the gh CLI. |
| `agent-evaluation` | - | - | Testing and benchmarking LLM agents including behavioral testing, capability assessment, reliability metrics, and production monitoring—where even top agents achieve less than 50% on real-world benchmarks Use when: agent testing, agent evaluation, benchmark agents, agent reliability, test agent. |
| `agent-manager-skill` | - | - | Manage multiple local CLI agents via tmux sessions (start/stop/monitor/assign) with cron-friendly scheduling. |
| `agent-memory-mcp` | - | - | A hybrid memory system that provides persistent, searchable knowledge management for AI agents (Architecture, Patterns, Decisions). |
| `agent-memory-systems` | - | - | Memory is the cornerstone of intelligent agents. Without it, every interaction starts from zero. This skill covers the architecture of agent memory: short-term (context window), long-term (vector stores), and the cognitive architectures that organize them. Key insight: Memory isn't just storage - it's retrieval. A million stored facts mean nothing if you can't find the right one. Chunking, embedding, and retrieval strategies determine whether your agent remembers or forgets. The field is fragm |
| `agent-orchestration-improve-agent` | - | - | Systematic improvement of existing agents through performance analysis, prompt engineering, and continuous iteration. |
| `agent-orchestration-multi-agent-optimize` | - | - | Optimize multi-agent systems with coordinated profiling, workload distribution, and cost-aware orchestration. Use when improving agent performance, throughput, or reliability. |
| `agent-tool-builder` | - | - | Tools are how AI agents interact with the world. A well-designed tool is the difference between an agent that works and one that hallucinates, fails silently, or costs 10x more tokens than necessary. This skill covers tool design from schema to error handling. JSON Schema best practices, description writing that actually helps the LLM, validation, and the emerging MCP standard that's becoming the lingua franca for AI tools. Key insight: Tool descriptions are more important than tool implementa |
| `ai-agents-architect` | - | - | Expert in designing and building autonomous AI agents. Masters tool use, memory systems, planning strategies, and multi-agent orchestration. Use when: build agent, AI agent, autonomous agent, tool use, function calling. |
| `ai-product` | - | - | Every product will be AI-powered. The question is whether you'll build it right or ship a demo that falls apart in production. This skill covers LLM integration patterns, RAG architecture, prompt engineering that scales, AI UX that users trust, and cost optimization that doesn't bankrupt you. Use when: keywords, file_patterns, code_patterns. |
| `airflow-dag-patterns` | - | - | Build production Apache Airflow DAGs with best practices for operators, sensors, testing, and deployment. Use when creating data pipelines, orchestrating workflows, or scheduling batch jobs. |
| `ai-wrapper-product` | - | - | Expert in building products that wrap AI APIs (OpenAI, Anthropic, etc.) into focused tools people will pay for. Not just 'ChatGPT but different' - products that solve specific problems with AI. Covers prompt engineering for products, cost management, rate limiting, and building defensible AI businesses. Use when: AI wrapper, GPT product, AI tool, wrap AI, AI SaaS. |
| `algolia-search` | - | - | Expert patterns for Algolia search implementation, indexing strategies, React InstantSearch, and relevance tuning Use when: adding search to, algolia, instantsearch, search api, search functionality. |
| `algorithmic-art` | - | - | Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations. |
| `analytics-tracking` | - | - | > |
| `angular-migration` | - | - | Migrate from AngularJS to Angular using hybrid mode, incremental component rewriting, and dependency injection updates. Use when upgrading AngularJS applications, planning framework migrations, or modernizing legacy Angular code. |
| `anti-reversing-techniques` | - | - | Understand anti-reversing, obfuscation, and protection techniques encountered during software analysis. Use when analyzing protected binaries, bypassing anti-debugging for authorized analysis, or understanding software protection mechanisms. |
| `api-design-principles` | - | - | Master REST and GraphQL API design principles to build intuitive, scalable, and maintainable APIs that delight developers. Use when designing new APIs, reviewing API specifications, or establishing API design standards. |
| `api-documentation-generator` | - | - | Generate comprehensive, developer-friendly API documentation from code, including endpoints, parameters, examples, and best practices |
| `api-documenter` | - | - | Master API documentation with OpenAPI 3.1, AI-powered tools, and |
| `API Fuzzing for Bug Bounty` | - | - | This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques. |
| `api-patterns` | - | - | API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination. |
| `api-security-best-practices` | - | - | Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities |
| `api-testing-observability-api-mock` | - | - | You are an API mocking expert specializing in realistic mock services for development, testing, and demos. Design mocks that simulate real API behavior and enable parallel development. |
| `templates` | - | - | Project scaffolding templates for new applications. Use when creating new projects from scratch. Contains 12 templates for various tech stacks. |
| `application-performance-performance-optimization` | - | - | Optimize end-to-end application performance with profiling, observability, and backend/frontend tuning. Use when coordinating performance optimization across the stack. |
| `app-store-optimization` | - | - | Complete App Store Optimization (ASO) toolkit for researching, optimizing, and tracking mobile app performance on Apple App Store and Google Play Store |
| `architect-review` | - | - | Master software architect specializing in modern architecture |
| `architecture-decision-records` | - | - | Write and maintain Architecture Decision Records (ADRs) following best practices for technical decision documentation. Use when documenting significant technical decisions, reviewing past architectural choices, or establishing decision processes. |
| `architecture-patterns` | - | - | Implement proven backend architecture patterns including Clean Architecture, Hexagonal Architecture, and Domain-Driven Design. Use when architecting complex backend systems or refactoring existing applications for better maintainability. |
| `arm-cortex-expert` | - | - | > |
| `async-python-patterns` | - | - | Master Python asyncio, concurrent programming, and async/await patterns for high-performance applications. Use when building async APIs, concurrent systems, or I/O-bound applications requiring non-blocking operations. |
| `attack-tree-construction` | - | - | Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders. |
| `auth-implementation-patterns` | - | - | Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues. |
| `automate-whatsapp` | - | safe | Build WhatsApp automations with Kapso workflows: configure WhatsApp triggers, edit workflow graphs, manage executions, deploy functions, and use databases/integrations for state. Use when automating WhatsApp conversations and event handling. |
| `autonomous-agent-patterns` | - | - | Design patterns for building autonomous coding agents. Covers tool integration, permission systems, browser automation, and human-in-the-loop workflows. Use when building AI agents, designing tool APIs, implementing permission systems, or creating autonomous coding assistants. |
| `autonomous-agents` | - | - | Autonomous agents are AI systems that can independently decompose goals, plan actions, execute tools, and self-correct without constant human guidance. The challenge isn't making them capable - it's making them reliable. Every extra decision multiplies failure probability. This skill covers agent loops (ReAct, Plan-Execute), goal decomposition, reflection patterns, and production reliability. Key insight: compounding error rates kill autonomous agents. A 95% success rate per step drops to 60% b |
| `avalonia-layout-zafiro` | - | - | Guidelines for modern Avalonia UI layout using Zafiro.Avalonia, emphasizing shared styles, generic components, and avoiding XAML redundancy. |
| `avalonia-viewmodels-zafiro` | - | - | Optimal ViewModel and Wizard creation patterns for Avalonia using Zafiro and ReactiveUI. |
| `avalonia-zafiro-development` | - | - | Mandatory skills, conventions, and behavioral rules for Avalonia UI development using the Zafiro toolkit. |
| `AWS Penetration Testing` | - | - | This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment. |
| `aws-serverless` | - | - | Specialized skill for building production-ready serverless applications on AWS. Covers Lambda functions, API Gateway, DynamoDB, SQS/SNS event-driven patterns, SAM/CDK deployment, and cold start optimization. |
| `aws-skills` | - | safe | AWS development with infrastructure automation and cloud architecture patterns |
| `azure-functions` | - | - | Expert patterns for Azure Functions development including isolated worker model, Durable Functions orchestration, cold start optimization, and production patterns. Covers .NET, Python, and Node.js programming models. Use when: azure function, azure functions, durable functions, azure serverless, function app. |
| `backend-architect` | - | - | Expert backend architect specializing in scalable API design, |
| `backend-development-feature-development` | - | - | Orchestrate end-to-end backend feature development from requirements to deployment. Use when coordinating multi-phase feature delivery across teams and services. |
| `backend-dev-guidelines` | - | - | Opinionated backend development standards for Node.js + Express + TypeScript microservices. Covers layered architecture, BaseController pattern, dependency injection, Prisma repositories, Zod validation, unifiedConfig, Sentry error tracking, async safety, and testing discipline. |
| `backend-security-coder` | - | - | Expert in secure backend coding practices specializing in input |
| `backtesting-frameworks` | - | - | Build robust backtesting systems for trading strategies with proper handling of look-ahead bias, survivorship bias, and transaction costs. Use when developing trading algorithms, validating strategies, or building backtesting infrastructure. |
| `bash-defensive-patterns` | - | - | Master defensive Bash programming techniques for production-grade scripts. Use when writing robust shell scripts, CI/CD pipelines, or system utilities requiring fault tolerance and safety. |
| `bash-linux` | - | - | Bash/Linux terminal patterns. Critical commands, piping, error handling, scripting. Use when working on macOS or Linux systems. |
| `bash-pro` | - | - | Master of defensive Bash scripting for production automation, CI/CD |
| `bats-testing-patterns` | - | - | Master Bash Automated Testing System (Bats) for comprehensive shell script testing. Use when writing tests for shell scripts, CI/CD pipelines, or requiring test-driven development of shell utilities. |
| `bazel-build-optimization` | - | - | Optimize Bazel builds for large-scale monorepos. Use when configuring Bazel, implementing remote execution, or optimizing build performance for enterprise codebases. |
| `beautiful-prose` | - | safe | Hard-edged writing style contract for timeless, forceful English prose without AI tics |
| `behavioral-modes` | - | - | AI operational modes (brainstorm, implement, debug, review, teach, ship, orchestrate). Use to adapt behavior based on task type. |
| `best-practices` | - | - | Best Practices |
| `billing-automation` | - | - | Build automated billing systems for recurring payments, invoicing, subscription lifecycle, and dunning management. Use when implementing subscription billing, automating invoicing, or managing recurring payment systems. |
| `binary-analysis-patterns` | - | - | Master binary analysis patterns including disassembly, decompilation, control flow analysis, and code pattern recognition. Use when analyzing executables, understanding compiled code, or performing static analysis on binaries. |
| `blockchain-developer` | - | - | Build production-ready Web3 applications, smart contracts, and |
| `blockrun` | - | - | Use when user needs capabilities Codex lacks (image generation, real-time X/Twitter data) or explicitly requests external models ("blockrun", "use grok", "use gpt", "dall-e", "deepseek") |
| `brand-guidelines` | - | - | Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply. |
| `brand-guidelines` | - | - | Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply. |
| `Broken Authentication Testing` | - | - | This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications. |
| `browser-automation` | - | - | Browser automation powers web testing, scraping, and AI agent interactions. The difference between a flaky script and a reliable system comes down to understanding selectors, waiting strategies, and anti-detection patterns. This skill covers Playwright (recommended) and Puppeteer, with patterns for testing, scraping, and agentic browser control. Key insight: Playwright won the framework war. Unless you need Puppeteer's stealth ecosystem or are Chrome-only, Playwright is the better choice in 202 |
| `browser-extension-builder` | - | - | Expert in building browser extensions that solve real problems - Chrome, Firefox, and cross-browser extensions. Covers extension architecture, manifest v3, content scripts, popup UIs, monetization strategies, and Chrome Web Store publishing. Use when: browser extension, chrome extension, firefox addon, extension, manifest v3. |
| `bullmq-specialist` | - | - | BullMQ expert for Redis-backed job queues, background processing, and reliable async execution in Node.js/TypeScript applications. Use when: bullmq, bull queue, redis queue, background job, job queue. |
| `bun-development` | - | - | Modern JavaScript/TypeScript development with Bun runtime. Covers package management, bundling, testing, and migration from Node.js. Use when working with Bun, optimizing JS/TS development speed, or migrating from Node.js to Bun. |
| `Burp Suite Web Application Testing` | - | - | This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing. |
| `business-analyst` | - | - | Master modern business analysis with AI-powered analytics, |
| `busybox-on-windows` | - | - | How to use a Win32 build of BusyBox to run many of the standard UNIX command line tools on Windows. |
| `c4-architecture-c4-architecture` | - | - | Generate comprehensive C4 architecture documentation for an existing repository/codebase using a bottom-up analysis approach. |
| `c4-code` | - | - | Expert C4 Code-level documentation specialist. Analyzes code |
| `c4-component` | - | - | Expert C4 Component-level documentation specialist. Synthesizes C4 |
| `c4-container` | - | - | Expert C4 Container-level documentation specialist. Synthesizes |
| `c4-context` | - | - | Expert C4 Context-level documentation specialist. Creates |
| `backend-patterns` | - | - | Backend architecture patterns, API design, database optimization, and server-side best practices for Node.js, Express, and Next.js API routes. |
| `clickhouse-io` | - | - | ClickHouse database patterns, query optimization, analytics, and data engineering best practices for high-performance analytical workloads. |
| `coding-standards` | - | - | Universal coding standards, best practices, and patterns for TypeScript, JavaScript, React, and Node.js development. |
| `cc-skill-continuous-learning` | - | - | Development skill from everything-Codex |
| `frontend-patterns` | - | - | Frontend development patterns for React, Next.js, state management, performance optimization, and UI best practices. |
| `cc-skill-project-guidelines-example` | - | - | Project Guidelines Skill (Example) |
| `security-review` | - | - | Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns. |
| `cc-skill-strategic-compact` | - | - | Development skill from everything-Codex |
| `cicd-automation-workflow-automate` | - | - | You are a workflow automation expert specializing in creating efficient CI/CD pipelines, GitHub Actions workflows, and automated development processes. Design automation that reduces manual work, improves consistency, and accelerates delivery while maintaining quality and security. |
| `clarity-gate` | - | safe | Pre-ingestion verification for epistemic quality in RAG systems with 9-point verification and Two-Round HITL workflow |
| `Codex-ally-health` | - | safe | A health assistant skill for medical information analysis, symptom tracking, and wellness guidance. |
| `Codex Guide` | - | - | Master guide for using Codex effectively. Includes configuration templates, prompting strategies "Thinking" keywords, debugging techniques, and best practices for interacting with the agent. |
| `d3-viz` | - | - | Creating interactive data visualisations using d3.js. This skill should be used when creating custom charts, graphs, network diagrams, geographic visualisations, or any complex SVG-based data visualisation that requires fine-grained control over visual elements, transitions, or interactions. Use this for bespoke visualisations beyond standard charting libraries, whether in React, Vue, Svelte, vanilla JavaScript, or any other environment. |
| `Codex-scientific-skills` | - | safe | Scientific research and analysis skills |
| `Codex-speed-reader` | - | safe | -Speed read Codex's responses at 600+ WPM using RSVP with Spritz-style ORP highlighting |
| `Codex-win11-speckit-update-skill` | - | safe | Windows 11 system management |
| `clerk-auth` | - | - | Expert patterns for Clerk auth implementation, middleware, organizations, webhooks, and user sync Use when: adding authentication, clerk auth, user authentication, sign in, sign up. |
| `Cloud Penetration Testing` | - | - | This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms. |
| `codebase-cleanup-deps-audit` | - | - | You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies. |
| `codebase-cleanup-refactor-clean` | - | - | You are a code refactoring expert specializing in clean code principles, SOLID design patterns, and modern software engineering best practices. Analyze and refactor the provided code to improve its quality, maintainability, and performance. |
| `codebase-cleanup-tech-debt` | - | - | You are a technical debt expert specializing in identifying, quantifying, and prioritizing technical debt in software projects. Analyze the codebase to uncover debt, assess its impact, and create acti |
| `code-documentation-code-explain` | - | - | You are a code education expert specializing in explaining complex code through clear narratives, visual diagrams, and step-by-step breakdowns. Transform difficult concepts into understandable explanations. |
| `code-documentation-doc-generate` | - | - | You are a documentation expert specializing in creating comprehensive, maintainable documentation from code. Generate API docs, architecture diagrams, user guides, and technical references using AI-powered analysis and industry best practices. |
| `code-quality` | - | - | Code Quality |
| `code-refactoring-context-restore` | - | - | Use when working with code refactoring context restore |
| `code-refactoring-refactor-clean` | - | - | You are a code refactoring expert specializing in clean code principles, SOLID design patterns, and modern software engineering best practices. Analyze and refactor the provided code to improve its quality, maintainability, and performance. |
| `code-refactoring-tech-debt` | - | - | You are a technical debt expert specializing in identifying, quantifying, and prioritizing technical debt in software projects. Analyze the codebase to uncover debt, assess its impact, and create acti |
| `code-review-ai-ai-review` | - | - | You are an expert AI-powered code review specialist combining automated static analysis, intelligent pattern recognition, and modern DevOps practices. Leverage AI tools (GitHub Copilot, Qodo, GPT-5, C |
| `code-review-checklist` | - | - | Comprehensive checklist for conducting thorough code reviews covering functionality, security, performance, and maintainability |
| `code-review-excellence` | - | - | Master effective code review practices to provide constructive feedback, catch bugs early, and foster knowledge sharing while maintaining team morale. Use when reviewing pull requests, establishing review standards, or mentoring developers. |
| `codex-review` | - | - | Professional code review with auto CHANGELOG generation, integrated with Codex AI |
| `commit` | - | safe | Create commit messages following Sentry conventions. Use when committing code changes, writing commit messages, or formatting git history. Follows conventional commits with Sentry-specific issue references. |
| `competitive-landscape` | - | - | This skill should be used when the user asks to "analyze |
| `competitor-alternatives` | - | - | When the user wants to create competitor comparison or alternative pages for SEO and sales enablement. Also use when the user mentions 'alternative page,' 'vs page,' 'competitor comparison,' 'comparison page,' '[Product] vs [Product],' '[Product] alternative,' or 'competitive landing pages.' Covers four formats: singular alternative, plural alternatives, you vs competitor, and competitor vs competitor. Emphasizes deep research, modular content architecture, and varied section types beyond feature tables. |
| `comprehensive-review-full-review` | - | - | Use when working with comprehensive review full review |
| `comprehensive-review-pr-enhance` | - | - | You are a PR optimization expert specializing in creating high-quality pull requests that facilitate efficient code reviews. Generate comprehensive PR descriptions, automate review processes, and ensure PRs follow best practices for clarity, size, and reviewability. |
| `computer-use-agents` | - | - | Build AI agents that interact with computers like humans do - viewing screens, moving cursors, clicking buttons, and typing text. Covers Anthropic's Computer Use, OpenAI's Operator/CUA, and open-source alternatives. Critical focus on sandboxing, security, and handling the unique challenges of vision-based control. Use when: computer use, desktop automation agent, screen control AI, vision-based agent, GUI automation. |
| `concise-planning` | - | - | Use when a user asks for a plan for a coding task, to generate a clear, actionable, and atomic checklist. |
| `conductor-implement` | - | - | Execute tasks from a track's implementation plan following TDD workflow |
| `conductor-manage` | - | - | Manage track lifecycle: archive, restore, delete, rename, and cleanup |
| `conductor-new-track` | - | - | Create a new track with specification and phased implementation plan |
| `conductor-revert` | - | - | Git-aware undo by logical work unit (track, phase, or task) |
| `conductor-setup` | - | - | Initialize project with Conductor artifacts (product definition, |
| `conductor-status` | - | - | Display project status, active tracks, and next actions |
| `conductor-validator` | - | - | Validates Conductor project artifacts for completeness, |
| `content-creator` | - | - | Create SEO-optimized marketing content with consistent brand voice. Includes brand voice analyzer, SEO optimizer, content frameworks, and social media templates. Use when writing blog posts, creating social media content, analyzing brand voice, optimizing SEO, planning content calendars, or when user mentions content creation, brand voice, SEO optimization, social media marketing, or content strategy. |
| `content-marketer` | - | - | Elite content marketing strategist specializing in AI-powered |
| `context7-auto-research` | - | - | Automatically fetch latest library/framework documentation for Codex via Context7 API |
| `context-compression` | - | safe | Design and evaluate compression strategies for long-running sessions |
| `context-degradation` | - | safe | Recognize patterns of context failure: lost-in-middle, poisoning, distraction, and clash |
| `context-driven-development` | - | - | Use this skill when working with Conductor's context-driven |
| `context-fundamentals` | - | safe | Understand what context is, why it matters, and the anatomy of context in agent systems |
| `context-management-context-restore` | - | - | Use when working with context management context restore |
| `context-management-context-save` | - | - | Use when working with context management context save |
| `context-manager` | - | - | Elite AI context engineering specialist mastering dynamic context |
| `context-optimization` | - | safe | Apply compaction, masking, and caching strategies |
| `context-window-management` | - | - | Strategies for managing LLM context windows including summarization, trimming, routing, and avoiding context rot Use when: context window, token limit, context management, context engineering, long context. |
| `conversation-memory` | - | - | Persistent memory systems for LLM conversations including short-term, long-term, and entity-based memory Use when: conversation memory, remember, memory persistence, long-term memory, chat history. |
| `copy-editing` | - | - | When the user wants to edit, review, or improve existing marketing copy. Also use when the user mentions 'edit this copy,' 'review my copy,' 'copy feedback,' 'proofread,' 'polish this,' 'make this better,' or 'copy sweep.' This skill provides a systematic approach to editing marketing copy through multiple focused passes. |
| `core-components` | - | - | Core component library and design system patterns. Use when building UI, using design tokens, or working with the component library. |
| `cost-optimization` | - | - | Optimize cloud costs through resource rightsizing, tagging strategies, reserved instances, and spending analysis. Use when reducing cloud expenses, analyzing infrastructure costs, or implementing cost governance policies. |
| `cpp-pro` | - | - | Write idiomatic C++ code with modern features, RAII, smart |
| `c-pro` | - | - | Write efficient C code with proper memory management, pointer |
| `cqrs-implementation` | - | - | Implement Command Query Responsibility Segregation for scalable architectures. Use when separating read and write models, optimizing query performance, or building event-sourced systems. |
| `create-pr` | - | safe | Create pull requests following Sentry conventions. Use when opening PRs, writing PR descriptions, or preparing changes for review. Follows Sentry's code review guidelines. |
| `crewai` | - | - | Expert in CrewAI - the leading role-based multi-agent framework used by 60% of Fortune 500 companies. Covers agent design with roles and goals, task definition, crew orchestration, process types (sequential, hierarchical, parallel), memory systems, and flows for complex workflows. Essential for building collaborative AI agent teams. Use when: crewai, multi-agent team, agent roles, crew of agents, role-based agents. |
| `csharp-pro` | - | - | Write modern C# code with advanced features like records, pattern |
| `culture-index` | - | safe | Index and search culture documentation |
| `customer-support` | - | - | Elite AI-powered customer support specialist mastering |
| `daily-news-report` | - | - | Scrapes content based on a preset URL list, filters high-quality technical information, and generates daily Markdown reports. |
| `database-admin` | - | - | Expert database administrator specializing in modern cloud |
| `database-architect` | - | - | Expert database architect specializing in data layer design from |
| `database-cloud-optimization-cost-optimize` | - | - | You are a cloud cost optimization expert specializing in reducing infrastructure expenses while maintaining performance and reliability. Analyze cloud spending, identify savings opportunities, and implement cost-effective architectures across AWS, Azure, and GCP. |
| `database-design` | - | - | Database design principles and decision-making. Schema design, indexing strategy, ORM selection, serverless databases. |
| `database-migration` | - | - | Execute database migrations across ORMs and platforms with zero-downtime strategies, data transformation, and rollback procedures. Use when migrating databases, changing schemas, performing data transformations, or implementing zero-downtime deployment strategies. |
| `database-migrations-migration-observability` | - | - | Migration monitoring, CDC, and observability infrastructure |
| `database-migrations-sql-migrations` | - | - | SQL database migrations with zero-downtime strategies for |
| `database-optimizer` | - | - | Expert database optimizer specializing in modern performance |
| `data-engineer` | - | - | Build scalable data pipelines, modern data warehouses, and |
| `data-engineering-data-driven-feature` | - | - | Build features guided by data insights, A/B testing, and continuous measurement using specialized agents for analysis, implementation, and experimentation. |
| `data-engineering-data-pipeline` | - | - | You are a data pipeline architecture expert specializing in scalable, reliable, and cost-effective data pipelines for batch and streaming data processing. |
| `data-quality-frameworks` | - | - | Implement data quality validation with Great Expectations, dbt tests, and data contracts. Use when building data quality pipelines, implementing validation rules, or establishing data contracts. |
| `data-scientist` | - | - | Expert data scientist for advanced analytics, machine learning, and |
| `data-storytelling` | - | - | Transform data into compelling narratives using visualization, context, and persuasive structure. Use when presenting analytics to stakeholders, creating data reports, or building executive presentations. |
| `dbt-transformation-patterns` | - | - | Master dbt (data build tool) for analytics engineering with model organization, testing, documentation, and incremental strategies. Use when building data transformations, creating data models, or implementing analytics engineering best practices. |
| `debugger` | - | - | Debugging specialist for errors, test failures, and unexpected |
| `debugging-strategies` | - | - | Master systematic debugging techniques, profiling tools, and root cause analysis to efficiently track down bugs across any codebase or technology stack. Use when investigating bugs, performance issues, or unexpected behavior. |
| `debugging-toolkit-smart-debug` | - | - | Use when working with debugging toolkit smart debug |
| `deep-research` | - | safe | Execute autonomous multi-step research using Google Gemini Deep Research Agent. Use for: market analysis, competitive landscaping, literature reviews, technical research, due diligence. Takes 2-10 minutes but produces detailed, cited reports. Costs $2-5 per task. |
| `defi-protocol-templates` | - | - | Implement DeFi protocols with production-ready templates for staking, AMMs, governance, and lending systems. Use when building decentralized finance applications or smart contract protocols. |
| `dependency-management-deps-audit` | - | - | You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies. |
| `dependency-upgrade` | - | - | Manage major dependency version upgrades with compatibility analysis, staged rollout, and comprehensive testing. Use when upgrading framework versions, updating major dependencies, or managing breaking changes in libraries. |
| `deployment-engineer` | - | - | Expert deployment engineer specializing in modern CI/CD pipelines, |
| `deployment-pipeline-design` | - | - | Design multi-stage CI/CD pipelines with approval gates, security checks, and deployment orchestration. Use when architecting deployment workflows, setting up continuous delivery, or implementing GitOps practices. |
| `deployment-procedures` | - | - | Production deployment principles and decision-making. Safe deployment workflows, rollback strategies, and verification. Teaches thinking, not scripts. |
| `deployment-validation-config-validate` | - | - | You are a configuration management expert specializing in validating, testing, and ensuring the correctness of application configurations. Create comprehensive validation schemas, implement configurat |
| `design-md` | - | safe | Analyze Stitch projects and synthesize a semantic design system into DESIGN.md files |
| `design-orchestration` | - | - | > |
| `devops-troubleshooter` | - | - | Expert DevOps troubleshooter specializing in rapid incident |
| `discord-bot-architect` | - | - | Specialized skill for building production-ready Discord bots. Covers Discord.js (JavaScript) and Pycord (Python), gateway intents, slash commands, interactive components, rate limiting, and sharding. |
| `dispatching-parallel-agents` | - | - | Use when facing 2+ independent tasks that can be worked on without shared state or sequential dependencies |
| `distributed-debugging-debug-trace` | - | - | You are a debugging expert specializing in setting up comprehensive debugging environments, distributed tracing, and diagnostic tools. Configure debugging workflows, implement tracing solutions, and establish troubleshooting practices for development and production environments. |
| `distributed-tracing` | - | - | Implement distributed tracing with Jaeger and Tempo to track requests across microservices and identify performance bottlenecks. Use when debugging microservices, analyzing request flows, or implementing observability for distributed systems. |
| `django-pro` | - | - | Master Django 5.x with async views, DRF, Celery, and Django |
| `docs-architect` | - | - | Creates comprehensive technical documentation from existing |
| `documentation-generation-doc-generate` | - | - | You are a documentation expert specializing in creating comprehensive, maintainable documentation from code. Generate API docs, architecture diagrams, user guides, and technical references using AI-powered analysis and industry best practices. |
| `documentation-templates` | - | - | Documentation templates and structure guidelines. README, API docs, code comments, and AI-friendly documentation. |
| `docx` | - | - | Comprehensive document creation, editing, and analysis with support for tracked changes, comments, formatting preservation, and text extraction. When Codex needs to work with professional documents (.docx files) for: (1) Creating new documents, (2) Modifying or editing content, (3) Working with tracked changes, (4) Adding comments, or any other document tasks |
| `dotnet-architect` | - | - | Expert .NET backend architect specializing in C#, ASP.NET Core, |
| `dotnet-backend-patterns` | - | - | Master C#/.NET backend development patterns for building robust APIs, MCP servers, and enterprise applications. Covers async/await, dependency injection, Entity Framework Core, Dapper, configuration, caching, and testing with xUnit. Use when developing .NET backends, reviewing C# code, or designing API architectures. |
| `dx-optimizer` | - | - | Developer Experience specialist. Improves tooling, setup, and |
| `e2e-testing-patterns` | - | - | Master end-to-end testing with Playwright and Cypress to build reliable test suites that catch bugs, improve confidence, and enable fast deployment. Use when implementing E2E tests, debugging flaky tests, or establishing testing standards. |
| `elixir-pro` | - | - | Write idiomatic Elixir code with OTP patterns, supervision trees, |
| `email-sequence` | - | - | When the user wants to create or optimize an email sequence, drip campaign, automated email flow, or lifecycle email program. Also use when the user mentions "email sequence," "drip campaign," "nurture sequence," "onboarding emails," "welcome sequence," "re-engagement emails," "email automation," or "lifecycle emails." For in-app onboarding, see onboarding-cro. |
| `email-systems` | - | - | Email has the highest ROI of any marketing channel. $36 for every $1 spent. Yet most startups treat it as an afterthought - bulk blasts, no personalization, landing in spam folders. This skill covers transactional email that works, marketing automation that converts, deliverability that reaches inboxes, and the infrastructure decisions that scale. Use when: keywords, file_patterns, code_patterns. |
| `embedding-strategies` | - | - | Select and optimize embedding models for semantic search and RAG applications. Use when choosing embedding models, implementing chunking strategies, or optimizing embedding quality for specific domains. |
| `employment-contract-templates` | - | - | Create employment contracts, offer letters, and HR policy documents following legal best practices. Use when drafting employment agreements, creating HR policies, or standardizing employment documentation. |
| `environment-setup-guide` | - | - | Guide developers through setting up development environments with proper tools, dependencies, and configurations |
| `error-debugging-error-analysis` | - | - | You are an expert error analysis specialist with deep expertise in debugging distributed systems, analyzing production incidents, and implementing comprehensive observability solutions. |
| `error-debugging-error-trace` | - | - | You are an error tracking and observability expert specializing in implementing comprehensive error monitoring solutions. Set up error tracking systems, configure alerts, implement structured logging, and ensure teams can quickly identify and resolve production issues. |
| `error-debugging-multi-agent-review` | - | - | Use when working with error debugging multi agent review |
| `error-detective` | - | - | Search logs and codebases for error patterns, stack traces, and |
| `error-diagnostics-error-analysis` | - | - | You are an expert error analysis specialist with deep expertise in debugging distributed systems, analyzing production incidents, and implementing comprehensive observability solutions. |
| `error-diagnostics-error-trace` | - | - | You are an error tracking and observability expert specializing in implementing comprehensive error monitoring solutions. Set up error tracking systems, configure alerts, implement structured logging, |
| `error-diagnostics-smart-debug` | - | - | Use when working with error diagnostics smart debug |
| `error-handling-patterns` | - | - | Master error handling patterns across languages including exceptions, Result types, error propagation, and graceful degradation to build resilient applications. Use when implementing error handling, designing APIs, or improving application reliability. |
| `Ethical Hacking Methodology` | - | - | This skill should be used when the user asks to "learn ethical hacking", "understand penetration testing lifecycle", "perform reconnaissance", "conduct security scanning", "exploit vulnerabilities", or "write penetration test reports". It provides comprehensive ethical hacking methodology and techniques. |
| `evaluation` | - | safe | Build evaluation frameworks for agent systems |
| `event-sourcing-architect` | - | - | Expert in event sourcing, CQRS, and event-driven architecture patterns. Masters event store design, projection building, saga orchestration, and eventual consistency patterns. Use PROACTIVELY for event-sourced systems, audit trails, or temporal queries. |
| `event-store-design` | - | - | Design and implement event stores for event-sourced systems. Use when building event sourcing infrastructure, choosing event store technologies, or implementing event persistence patterns. |
| `exa-search` | - | - | Semantic search, similar content discovery, and structured research using Exa API |
| `expo-deployment` | - | safe | Deploy Expo apps to production |
| `fal-audio` | - | safe | Text-to-speech and speech-to-text using fal.ai audio models |
| `fal-generate` | - | safe | Generate images and videos using fal.ai AI models |
| `fal-image-edit` | - | safe | AI-powered image editing with style transfer and object removal |
| `fal-platform` | - | safe | Platform APIs for model management, pricing, and usage tracking |
| `fal-upscale` | - | safe | Upscale and enhance image and video resolution using AI |
| `fal-workflow` | - | safe | Generate workflow JSON files for chaining AI models |
| `fastapi-pro` | - | - | Build high-performance async APIs with FastAPI, SQLAlchemy 2.0, and |
| `fastapi-templates` | - | - | Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects. |
| `ffuf-Codex-skill` | - | safe | Web fuzzing with ffuf |
| `file-organizer` | - | - | Intelligently organizes files and folders by understanding context, finding duplicates, and suggesting better organizational structures. Use when user wants to clean up directories, organize downloads, remove duplicates, or restructure projects. |
| `File Path Traversal Testing` | - | - | This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI vulnerabilities", or "access files outside web root". It provides comprehensive file path traversal attack and testing methodologies. |
| `file-uploads` | - | - | Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking. Use when: file upload, S3, R2, presigned URL, multipart. |
| `find-bugs` | - | safe | Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch. |
| `finishing-a-development-branch` | - | - | Use when implementation is complete, all tests pass, and you need to decide how to integrate the work - guides completion of development work by presenting structured options for merge, PR, or cleanup |
| `firebase` | - | - | Firebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules are your last line of defense, and they're often wrong. Firestore queries are limited, and you learn this after you've designed your data model. This skill covers Firebase Authentication, Firestore, Realtime Database, Cloud Functions, Cloud Storage, and Firebase Hosting. Key insight: Firebase is optimized for read-heavy, denormalized data. I |
| `firecrawl-scraper` | - | - | Deep web scraping, screenshots, PDF parsing, and website crawling using Firecrawl API |
| `firmware-analyst` | - | - | Expert firmware analyst specializing in embedded systems, IoT |
| `fix-review` | - | safe | Verify fix commits address audit findings without new bugs |
| `flutter-expert` | - | - | Master Flutter development with Dart 3, advanced widgets, and |
| `form-cro` | - | - | > |
| `fp-ts-errors` | - | safe | Handle errors as values using fp-ts Either and TaskEither for cleaner, more predictable TypeScript code. Use when implementing error handling patterns with fp-ts. |
| `fp-ts-pragmatic` | - | safe | A practical, jargon-free guide to fp-ts functional programming - the 80/20 approach that gets results without the academic overhead. Use when writing TypeScript with fp-ts library. |
| `fp-ts-react` | - | safe | Practical patterns for using fp-ts with React - hooks, state, forms, data fetching. Use when building React apps with functional programming patterns. Works with React 18/19, Next.js 14/15. |
| `framework-migration-code-migrate` | - | - | You are a code migration expert specializing in transitioning codebases between frameworks, languages, versions, and platforms. Generate comprehensive migration plans, automated migration scripts, and |
| `framework-migration-deps-upgrade` | - | - | You are a dependency management expert specializing in safe, incremental upgrades of project dependencies. Plan and execute dependency updates with minimal risk, proper testing, and clear migration pa |
| `framework-migration-legacy-modernize` | - | - | Orchestrate a comprehensive legacy system modernization using the strangler fig pattern, enabling gradual replacement of outdated components while maintaining continuous business operations through ex |
| `free-tool-strategy` | - | - | When the user wants to plan, evaluate, or build a free tool for marketing purposes — lead generation, SEO value, or brand awareness. Also use when the user mentions "engineering as marketing," "free tool," "marketing tool," "calculator," "generator," "interactive tool," "lead gen tool," "build a tool for leads," or "free resource." This skill bridges engineering and marketing — useful for founders and technical marketers. |
| `frontend-developer` | - | - | Build React components, implement responsive layouts, and handle |
| `frontend-dev-guidelines` | - | - | Opinionated frontend development standards for modern React + TypeScript applications. Covers Suspense-first data fetching, lazy loading, feature-based architecture, MUI v7 styling, TanStack Router, performance optimization, and strict TypeScript practices. |
| `frontend-mobile-development-component-scaffold` | - | - | You are a React component architecture expert specializing in scaffolding production-ready, accessible, and performant components. Generate complete component implementations with TypeScript, tests, s |
| `frontend-mobile-security-xss-scan` | - | - | You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. Analyze React, Vue, Angular, and vanilla JavaScript code to identify injection poi |
| `frontend-security-coder` | - | - | Expert in secure frontend coding practices specializing in XSS |
| `frontend-slides` | - | safe | Create stunning, animation-rich HTML presentations from scratch or by converting PowerPoint files. Use when the user wants to build a presentation, convert a PPT/PPTX to web, or create slides for a talk/pitch. Helps non-designers discover their aesthetic through visual exploration rather than abstract choices. |
| `full-stack-orchestration-full-stack-feature` | - | - | Use when working with full stack orchestration full stack feature |
| `web-games` | - | - | Web browser game development principles. Framework selection, WebGPU, optimization, PWA. |
| `gcp-cloud-run` | - | - | Specialized skill for building production-ready serverless applications on GCP. Covers Cloud Run services (containerized), Cloud Run Functions (event-driven), cold start optimization, and event-driven architecture with Pub/Sub. |
| `gdpr-data-handling` | - | - | Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews. |
| `geo-fundamentals` | - | - | Generative Engine Optimization for AI search engines (ChatGPT, Codex, Perplexity). |
| `git-advanced-workflows` | - | - | Master advanced Git workflows including rebasing, cherry-picking, bisect, worktrees, and reflog to maintain clean history and recover from any situation. Use when managing complex Git histories, collaborating on feature branches, or troubleshooting repository issues. |
| `github-actions-templates` | - | - | Create production-ready GitHub Actions workflows for automated testing, building, and deploying applications. Use when setting up CI/CD with GitHub Actions, automating development workflows, or creating reusable workflow templates. |
| `github-workflow-automation` | - | - | Automate GitHub workflows with AI assistance. Includes PR reviews, issue triage, CI/CD integration, and Git operations. Use when automating GitHub workflows, setting up PR review automation, creating GitHub Actions, or triaging issues. |
| `gitlab-ci-patterns` | - | - | Build GitLab CI/CD pipelines with multi-stage workflows, caching, and distributed runners for scalable automation. Use when implementing GitLab CI/CD, optimizing pipeline performance, or setting up automated testing and deployment. |
| `gitops-workflow` | - | - | Implement GitOps workflows with ArgoCD and Flux for automated, declarative Kubernetes deployments with continuous reconciliation. Use when implementing GitOps practices, automating Kubernetes deployments, or setting up declarative infrastructure management. |
| `git-pr-workflows-git-workflow` | - | - | Orchestrate a comprehensive git workflow from code review through PR creation, leveraging specialized agents for quality assurance, testing, and deployment readiness. This workflow implements modern g |
| `git-pr-workflows-onboard` | - | - | You are an **expert onboarding specialist and knowledge transfer architect** with deep experience in remote-first organizations, technical team integration, and accelerated learning methodologies. You |
| `git-pr-workflows-pr-enhance` | - | - | You are a PR optimization expert specializing in creating high-quality pull requests that facilitate efficient code reviews. Generate comprehensive PR descriptions, automate review processes, and ensu |
| `git-pushing` | - | - | Stage, commit, and push git changes with conventional commit messages. Use when user wants to commit and push changes, mentions pushing to remote, or asks to save and push their work. Also activates when user says "push changes", "commit and push", "push this", "push to github", or similar git workflow requests. |
| `go-concurrency-patterns` | - | - | Master Go concurrency with goroutines, channels, sync primitives, and context. Use when building concurrent Go applications, implementing worker pools, or debugging race conditions. |
| `godot-gdscript-patterns` | - | - | Master Godot 4 GDScript patterns including signals, scenes, state machines, and optimization. Use when building Godot games, implementing game systems, or learning GDScript best practices. |
| `golang-pro` | - | - | Master Go 1.21+ with modern patterns, advanced concurrency, |
| `grafana-dashboards` | - | - | Create and manage production Grafana dashboards for real-time visualization of system and application metrics. Use when building monitoring dashboards, visualizing metrics, or creating operational observability interfaces. |
| `graphql` | - | - | GraphQL gives clients exactly the data they need - no more, no less. One endpoint, typed schema, introspection. But the flexibility that makes it powerful also makes it dangerous. Without proper controls, clients can craft queries that bring down your server. This skill covers schema design, resolvers, DataLoader for N+1 prevention, federation for microservices, and client integration with Apollo/urql. Key insight: GraphQL is a contract. The schema is the API documentation. Design it carefully. |
| `graphql-architect` | - | - | Master modern GraphQL with federation, performance optimization, |
| `haskell-pro` | - | - | Expert Haskell engineer specializing in advanced type systems, pure |
| `helm-chart-scaffolding` | - | - | Design, organize, and manage Helm charts for templating and packaging Kubernetes applications with reusable configurations. Use when creating Helm charts, packaging Kubernetes applications, or implementing templated deployments. |
| `hr-pro` | - | - | Professional, ethical HR partner for hiring, |
| `HTML Injection Testing` | - | - | This skill should be used when the user asks to "test for HTML injection", "inject HTML into web pages", "perform HTML injection attacks", "deface web applications", or "test content injection vulnerabilities". It provides comprehensive HTML injection attack techniques and testing methodologies. |
| `hubspot-integration` | - | - | Expert patterns for HubSpot CRM integration including OAuth authentication, CRM objects, associations, batch operations, webhooks, and custom objects. Covers Node.js and Python SDKs. Use when: hubspot, hubspot api, hubspot crm, hubspot integration, contacts api. |
| `hugging-face-cli` | - | safe | Execute Hugging Face Hub operations using the `hf` CLI. Use when the user needs to download models/datasets/spaces, upload files to Hub repositories, create repos, manage local cache, or run compute jobs on HF infrastructure. Covers authentication, file transfers, repository creation, cache operations, and cloud compute. |
| `hugging-face-jobs` | - | safe | This skill should be used when users want to run any workload on Hugging Face Jobs infrastructure. Covers UV scripts, Docker-based jobs, hardware selection, cost estimation, authentication with tokens, secrets management, timeout configuration, and result persistence. Designed for general-purpose compute workloads including data processing, inference, experiments, batch jobs, and any Python-based tasks. Should be invoked for tasks involving cloud compute, GPU workloads, or when users mention running jobs on Hugging Face infrastructure without local setup. |
| `hybrid-cloud-architect` | - | - | Expert hybrid cloud architect specializing in complex multi-cloud |
| `hybrid-cloud-networking` | - | - | Configure secure, high-performance connectivity between on-premises infrastructure and cloud platforms using VPN and dedicated connections. Use when building hybrid cloud architectures, connecting data centers to cloud, or implementing secure cross-premises networking. |
| `hybrid-search-implementation` | - | - | Combine vector and keyword search for improved retrieval. Use when implementing RAG systems, building search engines, or when neither approach alone provides sufficient recall. |
| `i18n-localization` | - | - | Internationalization and localization patterns. Detecting hardcoded strings, managing translations, locale files, RTL support. |
| `IDOR Vulnerability Testing` | - | - | This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications. |
| `imagen` | - | safe | / |
| `incident-responder` | - | - | Expert SRE incident responder specializing in rapid problem |
| `incident-response-incident-response` | - | - | Use when working with incident response incident response |
| `incident-response-smart-fix` | - | - | [Extended thinking: This workflow implements a sophisticated debugging and resolution pipeline that leverages AI-assisted debugging tools and observability platforms to systematically diagnose and res |
| `incident-runbook-templates` | - | - | Create structured incident response runbooks with step-by-step procedures, escalation paths, and recovery actions. Use when building runbooks, responding to incidents, or establishing incident response procedures. |
| `Infinite Gratitude` | - | safe | Multi-agent research skill for parallel research execution (10 agents, battle-tested with real case studies). |
| `inngest` | - | - | Inngest expert for serverless-first background jobs, event-driven workflows, and durable execution without managing queues or workers. Use when: inngest, serverless background job, event-driven workflow, step function, durable execution. |
| `interactive-portfolio` | - | - | Expert in building portfolios that actually land jobs and clients - not just showing work, but creating memorable experiences. Covers developer portfolios, designer portfolios, creative portfolios, and portfolios that convert visitors into opportunities. Use when: portfolio, personal website, showcase work, developer portfolio, designer portfolio. |
| `internal-comms` | - | - | A set of resources to help me write all kinds of internal communications, using the formats that my company likes to use. Codex should use this skill whenever asked to write some sort of internal communications (status reports, leadership updates, 3P updates, company newsletters, FAQs, incident reports, project updates, etc.). |
| `internal-comms` | - | - | A set of resources to help me write all kinds of internal communications, using the formats that my company likes to use. Codex should use this skill whenever asked to write some sort of internal communications (status reports, leadership updates, 3P updates, company newsletters, FAQs, incident reports, project updates, etc.). |
| `ios-developer` | - | - | Develop native iOS applications with Swift/SwiftUI. Masters iOS 18, |
| `istio-traffic-management` | - | - | Configure Istio traffic management including routing, load balancing, circuit breakers, and canary deployments. Use when implementing service mesh traffic policies, progressive delivery, or resilience patterns. |
| `iterate-pr` | - | safe | Iterate on a PR until CI passes. Use when you need to fix CI failures, address review feedback, or continuously push fixes until all checks are green. Automates the feedback-fix-push-wait cycle. |
| `java-pro` | - | - | Master Java 21+ with modern features like virtual threads, pattern |
| `javascript-mastery` | - | - | Comprehensive JavaScript reference covering 33+ essential concepts every developer should know. From fundamentals like primitives and closures to advanced patterns like async/await and functional programming. Use when explaining JS concepts, debugging JavaScript issues, or teaching JavaScript fundamentals. |
| `javascript-pro` | - | - | Master modern JavaScript with ES6+, async patterns, and Node.js |
| `javascript-testing-patterns` | - | - | Implement comprehensive testing strategies using Jest, Vitest, and Testing Library for unit tests, integration tests, and end-to-end testing with mocking, fixtures, and test-driven development. Use when writing JavaScript/TypeScript tests, setting up test infrastructure, or implementing TDD/BDD workflows. |
| `javascript-typescript-typescript-scaffold` | - | - | You are a TypeScript project architecture expert specializing in scaffolding production-ready Node.js and frontend applications. Generate complete project structures with modern tooling (pnpm, Vite, N |
| `julia-pro` | - | - | Master Julia 1.10+ with modern features, performance optimization, |
| `k8s-manifest-generator` | - | - | Create production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, and Secrets following best practices and security standards. Use when generating Kubernetes YAML manifests, creating K8s resources, or implementing production-grade Kubernetes configurations. |
| `k8s-security-policies` | - | - | Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards. |
| `kaizen` | - | - | Guide for continuous improvement, error proofing, and standardization. Use this skill when the user wants to improve code quality, refactor, or discuss process improvements. |
| `kpi-dashboard-design` | - | - | Design effective KPI dashboards with metrics selection, visualization best practices, and real-time monitoring patterns. Use when building business dashboards, selecting metrics, or designing data visualization layouts. |
| `kubernetes-architect` | - | - | Expert Kubernetes architect specializing in cloud-native |
| `langchain-architecture` | - | - | Design LLM applications using the LangChain framework with agents, memory, and tool integration patterns. Use when building LangChain applications, implementing AI agents, or creating complex LLM workflows. |
| `langfuse` | - | - | Expert in Langfuse - the open-source LLM observability platform. Covers tracing, prompt management, evaluation, datasets, and integration with LangChain, LlamaIndex, and OpenAI. Essential for debugging, monitoring, and improving LLM applications in production. Use when: langfuse, llm observability, llm tracing, prompt management, llm evaluation. |
| `langgraph` | - | - | Expert in LangGraph - the production-grade framework for building stateful, multi-actor AI applications. Covers graph construction, state management, cycles and branches, persistence with checkpointers, human-in-the-loop patterns, and the ReAct agent pattern. Used in production at LinkedIn, Uber, and 400+ companies. This is LangChain's recommended approach for building agents. Use when: langgraph, langchain agent, stateful agent, agent graph, react agent. |
| `last30days` | - | - | Research a topic from the last 30 days on Reddit + X + Web, become an expert, and write copy-paste-ready prompts for the user's target tool. |
| `launch-strategy` | - | - | When the user wants to plan a product launch, feature announcement, or release strategy. Also use when the user mentions 'launch,' 'Product Hunt,' 'feature release,' 'announcement,' 'go-to-market,' 'beta launch,' 'early access,' 'waitlist,' or 'product update.' This skill covers phased launches, channel strategy, and ongoing launch momentum. |
| `legacy-modernizer` | - | - | Refactor legacy codebases, migrate outdated frameworks, and |
| `legal-advisor` | - | - | Draft privacy policies, terms of service, disclaimers, and legal |
| `linear-Codex-skill` | - | safe | Manage Linear issues, projects, and teams |
| `linkerd-patterns` | - | - | Implement Linkerd service mesh patterns for lightweight, security-focused service mesh deployments. Use when setting up Linkerd, configuring traffic policies, or implementing zero-trust networking with minimal overhead. |
| `lint-and-validate` | - | - | Automatic quality control, linting, and static analysis procedures. Use after every code modification to ensure syntax correctness and project standards. Triggers onKeywords: lint, format, check, validate, types, static analysis. |
| `Linux Privilege Escalation` | - | - | This skill should be used when the user asks to "escalate privileges on Linux", "find privesc vectors on Linux systems", "exploit sudo misconfigurations", "abuse SUID binaries", "exploit cron jobs for root access", "enumerate Linux systems for privilege escalation", or "gain root access from low-privilege shell". It provides comprehensive techniques for identifying and exploiting privilege escalation paths on Linux systems. |
| `Linux Production Shell Scripts` | - | - | This skill should be used when the user asks to "create bash scripts", "automate Linux tasks", "monitor system resources", "backup files", "manage users", or "write production shell scripts". It provides ready-to-use shell script templates for system administration. |
| `llm-application-dev-ai-assistant` | - | - | You are an AI assistant development expert specializing in creating intelligent conversational interfaces, chatbots, and AI-powered applications. Design comprehensive AI assistant solutions with natur |
| `llm-application-dev-langchain-agent` | - | - | You are an expert LangChain agent developer specializing in production-grade AI systems using LangChain 0.1+ and LangGraph. |
| `llm-application-dev-prompt-optimize` | - | - | You are an expert prompt engineer specializing in crafting effective prompts for LLMs through advanced techniques including constitutional AI, chain-of-thought reasoning, and model-specific optimizati |
| `llm-app-patterns` | - | - | Production-ready patterns for building LLM applications. Covers RAG pipelines, agent architectures, prompt IDEs, and LLMOps monitoring. Use when designing AI applications, implementing RAG, building agents, or setting up LLM observability. |
| `llm-evaluation` | - | - | Implement comprehensive evaluation strategies for LLM applications using automated metrics, human feedback, and benchmarking. Use when testing LLM performance, measuring AI application quality, or establishing evaluation frameworks. |
| `loki-mode` | - | - | Multi-agent autonomous startup system for Codex. Triggers on "Loki Mode". Orchestrates 100+ specialized agents across engineering, QA, DevOps, security, data/ML, business operations, marketing, HR, and customer success. Takes PRD to fully deployed, revenue-generating product with zero human intervention. Features Task tool for subagent dispatch, parallel code review with 3 specialized reviewers, severity-based issue triage, distributed task queue with dead letter handling, automatic deployment to cloud providers, A/B testing, customer feedback loops, incident response, circuit breakers, and self-healing. Handles rate limits via distributed state checkpoints and auto-resume with exponential backoff. Requires --dangerously-skip-permissions flag. |
| `machine-learning-ops-ml-pipeline` | - | - | Design and implement a complete ML pipeline for: $ARGUMENTS |
| `makepad-skills` | - | safe | Makepad UI development skills for Rust apps: setup, patterns, shaders, packaging, and troubleshooting. |
| `malware-analyst` | - | - | Expert malware analyst specializing in defensive malware research, |
| `marketing-ideas` | - | - | Provide proven marketing strategies and growth ideas for SaaS and software products, prioritized using a marketing feasibility scoring system. |
| `marketing-psychology` | - | - | Apply behavioral science and mental models to marketing decisions, prioritized using a psychological leverage and feasibility scoring system. |
| `market-sizing-analysis` | - | - | This skill should be used when the user asks to "calculate TAM", |
| `memory-forensics` | - | - | Master memory forensics techniques including memory acquisition, process analysis, and artifact extraction using Volatility and related tools. Use when analyzing memory dumps, investigating incidents, or performing malware analysis from RAM captures. |
| `memory-safety-patterns` | - | - | Implement memory-safe programming with RAII, ownership, smart pointers, and resource management across Rust, C++, and C. Use when writing safe systems code, managing resources, or preventing memory bugs. |
| `memory-systems` | - | safe | Design short-term, long-term, and graph-based memory architectures |
| `mermaid-expert` | - | - | Create Mermaid diagrams for flowcharts, sequences, ERDs, and |
| `Metasploit Framework` | - | - | This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments. |
| `micro-saas-launcher` | - | - | Expert in launching small, focused SaaS products fast - the indie hacker approach to building profitable software. Covers idea validation, MVP development, pricing, launch strategies, and growing to sustainable revenue. Ship in weeks, not months. Use when: micro saas, indie hacker, small saas, side project, saas mvp. |
| `microservices-patterns` | - | - | Design microservices architectures with service boundaries, event-driven communication, and resilience patterns. Use when building distributed systems, decomposing monoliths, or implementing microservices. |
| `minecraft-bukkit-pro` | - | - | Master Minecraft server plugin development with Bukkit, Spigot, and |
| `ml-engineer` | - | - | Build production ML systems with PyTorch 2.x, TensorFlow, and |
| `mlops-engineer` | - | - | Build comprehensive ML pipelines, experiment tracking, and model |
| `ml-pipeline-workflow` | - | - | Build end-to-end MLOps pipelines from data preparation through model training, validation, and production deployment. Use when creating ML pipelines, implementing MLOps practices, or automating model training and deployment workflows. |
| `mobile-design` | - | - | Mobile-first design and engineering doctrine for iOS and Android apps. Covers touch interaction, performance, platform conventions, offline behavior, and mobile-specific decision-making. Teaches principles and constraints, not fixed layouts. Use for React Native, Flutter, or native mobile apps. |
| `mobile-developer` | - | - | Develop React Native, Flutter, or native mobile apps with modern |
| `mobile-security-coder` | - | - | Expert in secure mobile coding practices specializing in input |
| `modern-javascript-patterns` | - | - | Master ES6+ features including async/await, destructuring, spread operators, arrow functions, promises, modules, iterators, generators, and functional programming patterns for writing clean, efficient JavaScript code. Use when refactoring legacy code, implementing modern patterns, or optimizing JavaScript applications. |
| `monorepo-architect` | - | - | Expert in monorepo architecture, build systems, and dependency management at scale. Masters Nx, Turborepo, Bazel, and Lerna for efficient multi-project development. Use PROACTIVELY for monorepo setup, |
| `monorepo-management` | - | - | Master monorepo management with Turborepo, Nx, and pnpm workspaces to build efficient, scalable multi-package repositories with optimized builds and dependency management. Use when setting up monorepos, optimizing builds, or managing shared dependencies. |
| `moodle-external-api-development` | - | - | Create custom external web service APIs for Moodle LMS. Use when implementing web services for course management, user tracking, quiz operations, or custom plugin functionality. Covers parameter validation, database operations, error handling, service registration, and Moodle coding standards. |
| `mtls-configuration` | - | - | Configure mutual TLS (mTLS) for zero-trust service-to-service communication. Use when implementing zero-trust networking, certificate management, or securing internal service communication. |
| `multi-agent-brainstorming` | - | - | > |
| `multi-agent-patterns` | - | safe | Master orchestrator, peer-to-peer, and hierarchical multi-agent architectures |
| `multi-cloud-architecture` | - | - | Design multi-cloud architectures using a decision framework to select and integrate services across AWS, Azure, and GCP. Use when building multi-cloud systems, avoiding vendor lock-in, or leveraging best-of-breed services from multiple providers. |
| `multi-platform-apps-multi-platform` | - | - | Build and deploy the same feature consistently across web, mobile, and desktop platforms using API-first architecture and parallel implementation strategies. |
| `n8n-code-python` | - | safe | Write Python code in n8n Code nodes. Use when writing Python in n8n, using _input/_json/_node syntax, working with standard library, or need to understand Python limitations in n8n Code nodes. |
| `n8n-mcp-tools-expert` | - | safe | Expert guide for using n8n-mcp MCP tools effectively. Use when searching for nodes, validating configurations, accessing templates, managing workflows, or using any n8n-mcp tool. Provides tool selection guidance, parameter formats, and common patterns. |
| `n8n-node-configuration` | - | safe | Operation-aware node configuration guidance. Use when configuring nodes, understanding property dependencies, determining required fields, choosing between get_node detail levels, or learning common configuration patterns by node type. |
| `nanobanana-ppt-skills` | - | safe | AI-powered PPT generation with document analysis and styled images |
| `neon-postgres` | - | - | Expert patterns for Neon serverless Postgres, branching, connection pooling, and Prisma/Drizzle integration Use when: neon database, serverless postgres, database branching, neon postgres, postgres serverless. |
| `nestjs-expert` | framework | - | Nest.js framework expert specializing in module architecture, dependency injection, middleware, guards, interceptors, testing with Jest/Supertest, TypeORM/Mongoose integration, and Passport.js authentication. Use PROACTIVELY for any Nest.js application issues including architecture decisions, testing strategies, performance optimization, or debugging complex dependency injection problems. If a specialized expert is a better fit, I will recommend switching and stop. |
| `Network 101` | - | - | This skill should be used when the user asks to "set up a web server", "configure HTTP or HTTPS", "perform SNMP enumeration", "configure SMB shares", "test network services", or needs guidance on configuring and testing network services for penetration testing labs. |
| `network-engineer` | - | - | Expert network engineer specializing in modern cloud networking, |
| `nextjs-app-router-patterns` | - | - | Master Next.js 14+ App Router with Server Components, streaming, parallel routes, and advanced data fetching. Use when building Next.js applications, implementing SSR/SSG, or optimizing React Server Components. |
| `nextjs-best-practices` | - | - | Next.js App Router principles. Server Components, data fetching, routing patterns. |
| `nextjs-supabase-auth` | - | - | Expert integration of Supabase Auth with Next.js App Router Use when: supabase auth next, authentication next.js, login supabase, auth middleware, protected route. |
| `nft-standards` | - | - | Implement NFT standards (ERC-721, ERC-1155) with proper metadata handling, minting strategies, and marketplace integration. Use when creating NFT contracts, building NFT marketplaces, or implementing digital asset systems. |
| `nodejs-backend-patterns` | - | - | Build production-ready Node.js backend services with Express/Fastify, implementing middleware patterns, error handling, authentication, database integration, and API design best practices. Use when creating Node.js servers, REST APIs, GraphQL backends, or microservices architectures. |
| `nodejs-best-practices` | - | - | Node.js development principles and decision-making. Framework selection, async patterns, security, and architecture. Teaches thinking, not copying. |
| `nosql-expert` | - | - | Expert guidance for distributed NoSQL databases (Cassandra, DynamoDB). Focuses on mental models, query-first modeling, single-table design, and avoiding hot partitions in high-scale systems. |
| `notebooklm` | - | - | Use this skill to query your Google NotebookLM notebooks directly from Codex for source-grounded, citation-backed answers from Gemini. Browser automation, library management, persistent auth. Drastically reduced hallucinations through document-only responses. |
| `notion-template-business` | - | - | Expert in building and selling Notion templates as a business - not just making templates, but building a sustainable digital product business. Covers template design, pricing, marketplaces, marketing, and scaling to real revenue. Use when: notion template, sell templates, digital product, notion business, gumroad. |
| `nx-workspace-patterns` | - | - | Configure and optimize Nx monorepo workspaces. Use when setting up Nx, configuring project boundaries, optimizing build caching, or implementing affected commands. |
| `observability-engineer` | - | - | Build production-ready monitoring, logging, and tracing systems. |
| `observability-monitoring-monitor-setup` | - | - | You are a monitoring and observability expert specializing in implementing comprehensive monitoring solutions. Set up metrics collection, distributed tracing, log aggregation, and create insightful da |
| `observability-monitoring-slo-implement` | - | - | You are an SLO (Service Level Objective) expert specializing in implementing reliability standards and error budget-based practices. Design SLO frameworks, define SLIs, and build monitoring that balances reliability with delivery velocity. |
| `observe-whatsapp` | - | safe | Observe and troubleshoot WhatsApp in Kapso: debug message delivery, inspect webhook deliveries/retries, triage API errors, and run health checks. Use when investigating production issues, message failures, or webhook delivery problems. |
| `obsidian-clipper-template-creator` | - | - | Guide for creating templates for the Obsidian Web Clipper. Use when you want to create a new clipping template, understand available variables, or format clipped content. |
| `onboarding-cro` | - | - | When the user wants to optimize post-signup onboarding, user activation, first-run experience, or time-to-value. Also use when the user mentions "onboarding flow," "activation rate," "user activation," "first-run experience," "empty states," "onboarding checklist," "aha moment," or "new user experience." For signup/registration optimization, see signup-flow-cro. For ongoing email sequences, see email-sequence. |
| `on-call-handoff-patterns` | - | - | Master on-call shift handoffs with context transfer, escalation procedures, and documentation. Use when transitioning on-call responsibilities, documenting shift summaries, or improving on-call processes. |
| `openapi-spec-generation` | - | - | Generate and maintain OpenAPI 3.1 specifications from code, design-first specs, and validation patterns. Use when creating API documentation, generating SDKs, or ensuring API contract compliance. |
| `page-cro` | - | - | > |
| `paid-ads` | - | - | When the user wants help with paid advertising campaigns on Google Ads, Meta (Facebook/Instagram), LinkedIn, Twitter/X, or other ad platforms. Also use when the user mentions 'PPC,' 'paid media,' 'ad copy,' 'ad creative,' 'ROAS,' 'CPA,' 'ad campaign,' 'retargeting,' or 'audience targeting.' This skill covers campaign strategy, ad creation, audience targeting, and optimization. |
| `parallel-agents` | - | - | Multi-agent orchestration patterns. Use when multiple independent tasks can run with different domain expertise or when comprehensive analysis requires multiple perspectives. |
| `payment-integration` | - | - | Integrate Stripe, PayPal, and payment processors. Handles checkout |
| `paypal-integration` | - | - | Integrate PayPal payment processing with support for express checkout, subscriptions, and refund management. Use when implementing PayPal payments, processing online transactions, or building e-commerce checkout flows. |
| `paywall-upgrade-cro` | - | - | When the user wants to create or optimize in-app paywalls, upgrade screens, upsell modals, or feature gates. Also use when the user mentions "paywall," "upgrade screen," "upgrade modal," "upsell," "feature gate," "convert free to paid," "freemium conversion," "trial expiration screen," "limit reached screen," "plan upgrade prompt," or "in-app pricing." Distinct from public pricing pages (see page-cro) — this skill focuses on in-product upgrade moments where the user has already experienced value. |
| `pci-compliance` | - | - | Implement PCI DSS compliance requirements for secure handling of payment card data and payment systems. Use when securing payment processing, achieving PCI compliance, or implementing payment card security measures. |
| `pdf` | - | - | Comprehensive PDF manipulation toolkit for extracting text and tables, creating new PDFs, merging/splitting documents, and handling forms. When Codex needs to fill in a PDF form or programmatically process, generate, or analyze PDF documents at scale. |
| `Pentest Checklist` | - | - | This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements. |
| `Pentest Commands` | - | - | This skill should be used when the user asks to "run pentest commands", "scan with nmap", "use metasploit exploits", "crack passwords with hydra or john", "scan web vulnerabilities with nikto", "enumerate networks", or needs essential penetration testing command references. |
| `performance-engineer` | - | - | Expert performance engineer specializing in modern observability, |
| `performance-profiling` | - | - | Performance profiling principles. Measurement, analysis, and optimization techniques. |
| `performance-testing-review-ai-review` | - | - | You are an expert AI-powered code review specialist combining automated static analysis, intelligent pattern recognition, and modern DevOps practices. Leverage AI tools (GitHub Copilot, Qodo, GPT-5, C |
| `performance-testing-review-multi-agent-review` | - | - | Use when working with performance testing review multi agent review |
| `personal-tool-builder` | - | - | Expert in building custom tools that solve your own problems first. The best products often start as personal tools - scratch your own itch, build for yourself, then discover others have the same itch. Covers rapid prototyping, local-first apps, CLI tools, scripts that grow into products, and the art of dogfooding. Use when: build a tool, personal tool, scratch my itch, solve my problem, CLI tool. |
| `php-pro` | - | - | Write idiomatic PHP code with generators, iterators, SPL data |
| `plaid-fintech` | - | - | Expert patterns for Plaid API integration including Link token flows, transactions sync, identity verification, Auth for ACH, balance checks, webhook handling, and fintech compliance best practices. Use when: plaid, bank account linking, bank connection, ach, account aggregation. |
| `plan-writing` | - | - | Structured task planning with clear breakdowns, dependencies, and verification criteria. Use when implementing features, refactoring, or any multi-step work. |
| `playwright-skill` | - | - | Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check responsive design, validate UX, test login flows, check links, automate any browser task. Use when user wants to test websites, automate browser interactions, validate web functionality, or perform any browser-based testing. |
| `popup-cro` | - | - | Create and optimize popups, modals, overlays, slide-ins, and banners to increase conversions without harming user experience or brand trust. |
| `posix-shell-pro` | - | - | Expert in strict POSIX sh scripting for maximum portability across |
| `supabase-postgres-best-practices` | - | - | Postgres performance optimization and best practices from Supabase. Use this skill when writing, reviewing, or optimizing Postgres queries, schema designs, or database configurations. |
| `postgresql` | - | - | Design a PostgreSQL-specific schema. Covers best-practices, data types, indexing, constraints, performance patterns, and advanced features |
| `postmortem-writing` | - | - | Write effective blameless postmortems with root cause analysis, timelines, and action items. Use when conducting incident reviews, writing postmortem documents, or improving incident response processes. |
| `powershell-windows` | - | - | PowerShell Windows patterns. Critical pitfalls, operator syntax, error handling. |
| `pptx` | - | - | Presentation creation, editing, and analysis. When Codex needs to work with presentations (.pptx files) for: (1) Creating new presentations, (2) Modifying or editing content, (3) Working with layouts, (4) Adding comments or speaker notes, or any other presentation tasks |
| `Privilege Escalation Methods` | - | - | This skill should be used when the user asks to "escalate privileges", "get root access", "become administrator", "privesc techniques", "abuse sudo", "exploit SUID binaries", "Kerberoasting", "pass-the-ticket", "token impersonation", or needs guidance on post-exploitation privilege escalation for Linux or Windows systems. |
| `production-code-audit` | - | - | Autonomously deep-scan entire codebase line-by-line, understand architecture and patterns, then systematically transform it to production-grade, corporate-level professional quality with optimizations |
| `product-manager-toolkit` | - | - | Comprehensive toolkit for product managers including RICE prioritization, customer interview analysis, PRD templates, discovery frameworks, and go-to-market strategies. Use for feature prioritization, user research synthesis, requirement documentation, and product strategy development. |
| `programmatic-seo` | - | - | > |
| `projection-patterns` | - | - | Build read models and projections from event streams. Use when implementing CQRS read sides, building materialized views, or optimizing query performance in event-sourced systems. |
| `prometheus-configuration` | - | - | Set up Prometheus for comprehensive metric collection, storage, and monitoring of infrastructure and applications. Use when implementing metrics collection, setting up monitoring infrastructure, or configuring alerting systems. |
| `prompt-caching` | - | - | Caching strategies for LLM prompts including Anthropic prompt caching, response caching, and CAG (Cache Augmented Generation) Use when: prompt caching, cache prompt, response cache, cag, cache augmented. |
| `prompt-engineering` | - | - | Expert guide on prompt engineering patterns, best practices, and optimization techniques. Use when user wants to improve prompts, learn prompting strategies, or debug agent behavior. |
| `prompt-engineering-patterns` | - | - | Master advanced prompt engineering techniques to maximize LLM performance, reliability, and controllability in production. Use when optimizing prompts, improving LLM outputs, or designing production prompt templates. |
| `prompt-library` | - | - | Curated collection of high-quality prompts for various use cases. Includes role-based prompts, task-specific templates, and prompt refinement techniques. Use when user needs prompt templates, role-play prompts, or ready-to-use prompt examples for coding, writing, analysis, or creative tasks. |
| `protocol-reverse-engineering` | - | - | Master network protocol reverse engineering including packet analysis, protocol dissection, and custom protocol documentation. Use when analyzing network traffic, understanding proprietary protocols, or debugging network communication. |
| `pypict-skill` | - | safe | Pairwise test generation |
| `python-development-python-scaffold` | - | - | You are a Python project architecture expert specializing in scaffolding production-ready Python applications. Generate complete project structures with modern tooling (uv, FastAPI, Django), type hint |
| `python-packaging` | - | - | Create distributable Python packages with proper project structure, setup.py/pyproject.toml, and publishing to PyPI. Use when packaging Python libraries, creating CLI tools, or distributing Python code. |
| `python-patterns` | - | - | Python development principles and decision-making. Framework selection, async patterns, type hints, project structure. Teaches thinking, not copying. |
| `python-performance-optimization` | - | - | Profile and optimize Python code using cProfile, memory profilers, and performance best practices. Use when debugging slow Python code, optimizing bottlenecks, or improving application performance. |
| `python-pro` | - | - | Master Python 3.12+ with modern features, async programming, |
| `python-testing-patterns` | - | - | Implement comprehensive testing strategies with pytest, fixtures, mocking, and test-driven development. Use when writing Python tests, setting up test suites, or implementing testing best practices. |
| `quant-analyst` | - | - | Build financial models, backtest trading strategies, and analyze |
| `radix-ui-design-system` | - | safe | Build accessible design systems with Radix UI primitives. Headless component customization, theming strategies, and compound component patterns for production-grade UI libraries. |
| `rag-implementation` | - | - | Build Retrieval-Augmented Generation (RAG) systems for LLM applications with vector databases and semantic search. Use when implementing knowledge-grounded AI, building document Q&A systems, or integrating LLMs with external knowledge bases. |
| `vercel-react-best-practices` | - | - | React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements. |
| `react-modernization` | - | - | Upgrade React applications to latest versions, migrate from class components to hooks, and adopt concurrent features. Use when modernizing React codebases, migrating to React Hooks, or upgrading to latest React versions. |
| `react-native-architecture` | - | - | Build production React Native apps with Expo, navigation, native modules, offline sync, and cross-platform patterns. Use when developing mobile apps, implementing native integrations, or architecting React Native projects. |
| `react-patterns` | - | - | Modern React patterns and principles. Hooks, composition, performance, TypeScript best practices. |
| `react-state-management` | - | - | Master modern React state management with Redux Toolkit, Zustand, Jotai, and React Query. Use when setting up global state, managing server state, or choosing between state management solutions. |
| `react-ui-patterns` | - | - | Modern React UI patterns for loading states, error handling, and data fetching. Use when building UI components, handling async data, or managing UI states. |
| `readme` | - | safe | When the user wants to create or update a README.md file for a project. Also use when the user says "write readme," "create readme," "document this project," "project documentation," or asks for help with README.md. This skill creates absurdly thorough documentation covering local setup, architecture, and deployment. |
| `red-team-tactics` | - | - | Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting. |
| `Red Team Tools and Methodology` | - | - | This skill should be used when the user asks to "follow red team methodology", "perform bug bounty hunting", "automate reconnaissance", "hunt for XSS vulnerabilities", "enumerate subdomains", or needs security researcher techniques and tool configurations from top bug bounty hunters. |
| `reference-builder` | - | - | Creates exhaustive technical references and API documentation. |
| `referral-program` | - | - | When the user wants to create, optimize, or analyze a referral program, affiliate program, or word-of-mouth strategy. Also use when the user mentions 'referral,' 'affiliate,' 'ambassador,' 'word of mouth,' 'viral loop,' 'refer a friend,' or 'partner program.' This skill covers program design, incentive structure, and growth optimization. |
| `remotion-best-practices` | - | - | Best practices for Remotion - Video creation in React |
| `research-engineer` | - | - | An uncompromising Academic Research Engineer. Operates with absolute scientific rigor, objective criticism, and zero flair. Focuses on theoretical correctness, formal verification, and optimal implementation across any required technology. |
| `reverse-engineer` | - | - | Expert reverse engineer specializing in binary analysis, |
| `risk-manager` | - | - | Monitor portfolio risk, R-multiples, and position limits. Creates |
| `risk-metrics-calculation` | - | - | Calculate portfolio risk metrics including VaR, CVaR, Sharpe, Sortino, and drawdown analysis. Use when measuring portfolio risk, implementing risk limits, or building risk monitoring systems. |
| `ruby-pro` | - | - | Write idiomatic Ruby code with metaprogramming, Rails patterns, and |
| `rust-async-patterns` | - | - | Master Rust async programming with Tokio, async traits, error handling, and concurrent patterns. Use when building async Rust applications, implementing concurrent systems, or debugging async code. |
| `rust-pro` | - | - | Master Rust 1.75+ with modern async patterns, advanced type system |
| `saga-orchestration` | - | - | Implement saga patterns for distributed transactions and cross-aggregate workflows. Use when coordinating multi-step business processes, handling compensating transactions, or managing long-running workflows. |
| `sales-automator` | - | - | Draft cold emails, follow-ups, and proposal templates. Creates |
| `salesforce-development` | - | - | Expert patterns for Salesforce platform development including Lightning Web Components (LWC), Apex triggers and classes, REST/Bulk APIs, Connected Apps, and Salesforce DX with scratch orgs and 2nd generation packages (2GP). Use when: salesforce, sfdc, apex, lwc, lightning web components. |
| `sast-configuration` | - | - | Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection. |
| `scala-pro` | - | - | Master enterprise-grade Scala development with functional |
| `Security Scanning Tools` | - | - | This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detect malware", "check cloud security", or "evaluate system compliance". It provides comprehensive guidance on security scanning tools and methodologies. |
| `schema-markup` | - | - | > |
| `screen-reader-testing` | - | - | Test web applications with screen readers including VoiceOver, NVDA, and JAWS. Use when validating screen reader compatibility, debugging accessibility issues, or ensuring assistive technology support. |
| `screenshots` | - | safe | Generate marketing screenshots of your app using Playwright. Use when the user wants to create screenshots for Product Hunt, social media, landing pages, or documentation. |
| `scroll-experience` | - | - | Expert in building immersive scroll-driven experiences - parallax storytelling, scroll animations, interactive narratives, and cinematic web experiences. Like NY Times interactives, Apple product pages, and award-winning web experiences. Makes websites feel like experiences, not just pages. Use when: scroll animation, parallax, scroll storytelling, interactive story, cinematic website. |
| `search-specialist` | - | - | Expert web researcher using advanced search techniques and |
| `secrets-management` | - | - | Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments. |
| `security-auditor` | - | - | Expert security auditor specializing in DevSecOps, comprehensive |
| `security-bluebook-builder` | - | safe | Build security Blue Books for sensitive apps |
| `security-compliance-compliance-check` | - | - | You are a compliance expert specializing in regulatory requirements for software systems including GDPR, HIPAA, SOC2, PCI-DSS, and other industry standards. Perform compliance audits and provide implementation guidance. |
| `security-requirement-extraction` | - | - | Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases. |
| `security-scanning-security-dependencies` | - | - | You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation. |
| `security-scanning-security-hardening` | - | - | Coordinate multi-layer security scanning and hardening across application, infrastructure, and compliance controls. |
| `security-scanning-security-sast` | - | - | Static Application Security Testing (SAST) for code vulnerability |
| `segment-cdp` | - | - | Expert patterns for Segment Customer Data Platform including Analytics.js, server-side tracking, tracking plans with Protocols, identity resolution, destinations configuration, and data governance best practices. Use when: segment, analytics.js, customer data platform, cdp, tracking plan. |
| `senior-architect` | - | - | Comprehensive software architecture skill for designing scalable, maintainable systems using ReactJS, NextJS, NodeJS, Express, React Native, Swift, Kotlin, Flutter, Postgres, GraphQL, Go, Python. Includes architecture diagram generation, system design patterns, tech stack decision frameworks, and dependency analysis. Use when designing system architecture, making technical decisions, creating architecture diagrams, evaluating trade-offs, or defining integration patterns. |
| `senior-fullstack` | - | - | Comprehensive fullstack development skill for building complete web applications with React, Next.js, Node.js, GraphQL, and PostgreSQL. Includes project scaffolding, code quality analysis, architecture patterns, and complete tech stack guidance. Use when building new projects, analyzing code quality, implementing design patterns, or setting up development workflows. |
| `seo-audit` | - | - | > |
| `seo-authority-builder` | - | - | Analyzes content for E-E-A-T signals and suggests improvements to |
| `seo-cannibalization-detector` | - | - | Analyzes multiple provided pages to identify keyword overlap and |
| `seo-content-auditor` | - | - | Analyzes provided content for quality, E-E-A-T signals, and SEO |
| `seo-content-planner` | - | - | Creates comprehensive content outlines and topic clusters for SEO. |
| `seo-content-refresher` | - | - | Identifies outdated elements in provided content and suggests |
| `seo-content-writer` | - | - | Writes SEO-optimized content based on provided keywords and topic |
| `seo-fundamentals` | - | - | > |
| `seo-keyword-strategist` | - | - | Analyzes keyword usage in provided content, calculates density, |
| `seo-meta-optimizer` | - | - | Creates optimized meta titles, descriptions, and URL suggestions |
| `seo-snippet-hunter` | - | - | Formats content to be eligible for featured snippets and SERP |
| `seo-structure-architect` | - | - | Analyzes and optimizes content structure including header |
| `server-management` | - | - | Server management principles and decision-making. Process management, monitoring strategy, and scaling decisions. Teaches thinking, not commands. |
| `service-mesh-expert` | - | - | Expert service mesh architect specializing in Istio, Linkerd, and cloud-native networking patterns. Masters traffic management, security policies, observability integration, and multi-cluster mesh con |
| `service-mesh-observability` | - | - | Implement comprehensive observability for service meshes including distributed tracing, metrics, and visualization. Use when setting up mesh monitoring, debugging latency issues, or implementing SLOs for service communication. |
| `sharp-edges` | - | safe | Identify error-prone APIs and dangerous configurations |
| `shellcheck-configuration` | - | - | Master ShellCheck static analysis configuration and usage for shell script quality. Use when setting up linting infrastructure, fixing code issues, or ensuring script portability. |
| `Shodan Reconnaissance and Pentesting` | - | - | This skill should be used when the user asks to "search for exposed devices on the internet," "perform Shodan reconnaissance," "find vulnerable services using Shodan," "scan IP ranges with Shodan," or "discover IoT devices and open ports." It provides comprehensive guidance for using Shodan's search engine, CLI, and API for penetration testing reconnaissance. |
| `shopify-apps` | - | - | Expert patterns for Shopify app development including Remix/React Router apps, embedded apps with App Bridge, webhook handling, GraphQL Admin API, Polaris components, billing, and app extensions. Use when: shopify app, shopify, embedded app, polaris, app bridge. |
| `shopify-development` | - | - | / |
| `signup-flow-cro` | - | - | When the user wants to optimize signup, registration, account creation, or trial activation flows. Also use when the user mentions "signup conversions," "registration friction," "signup form optimization," "free trial signup," "reduce signup dropoff," or "account creation flow." For post-signup onboarding, see onboarding-cro. For lead capture forms (not account creation), see form-cro. |
| `similarity-search-patterns` | - | - | Implement efficient similarity search with vector databases. Use when building semantic search, implementing nearest neighbor queries, or optimizing retrieval performance. |
| `skill-abacatepay-integration` | payments | medium | Integrate AbacatePay PIX/card billing, customers, QRCode PIX, billing webhooks, CPF/CNPJ validation, BRL SaaS checkout, payment receipts, refunds, cancellations, and entitlement sync for Brazilian SaaS products. |
| `skill-aionui-cowork-orchestration` | orchestration | medium | Use when integrating AionUi into the {{USER_NAME}} orchestrator workflow, coordinating Codex, Claude, Gemini, OpenCode, or other CLI agents through AionUi without breaking local skills, hooks, MCPs, permissions, or existing Codex workflows. |
| `skill-ai-orchestration` | ai | medium | Use for server-side AI orchestration in SaaS products, including OpenAI, Gemini, Claude, ElevenLabs, streaming, transcription, structured extraction, prompt contracts, token budgets, model routing, queues, retries, observability, consent, validation, and safe API key handling. |
| `skill-developer` | - | - | Create and manage Codex skills following Anthropic best practices. Use when creating new skills, modifying skill-rules.json, understanding trigger patterns, working with hooks, debugging skill activation, or implementing progressive disclosure. Covers skill structure, YAML frontmatter, trigger types (keywords, intent patterns, file paths, content patterns), enforcement levels (block, suggest, warn), hook mechanisms (UserPromptSubmit, PreToolUse), session tracking, and the 500-line rule. |
| `skill-elevenlabs-voice-cloning` | ai | high | Use for ElevenLabs voice generation and voice cloning integrations, including Brazilian Portuguese TTS, explicit voice consent, server-side API keys, secure audio uploads, asynchronous jobs, validation, retryable synthesis, and safe handling of biometric voice data. |
| `skill-evolution-api` | communication | medium | Use for WhatsApp automation with Evolution API, including instance lifecycle, QR pairing, inbound and outbound messages, webhooks, consent, tenant isolation, queues, idempotency, rate limits, retries, audit logs, and reliable delivery. |
| `skill-frontend-ux-guardrails` | frontend | medium | Apply frontend UX quality gates for SaaS dashboards, product screens, modals, tables, forms, responsive layouts, overflow fixes, accessibility, visual validation, spelling, and reduction of UI rework. |
| `skill-google-workspace-sync` | integrations | high | Use for Google Workspace integrations with OAuth, Calendar, Meet, FreeBusy, Drive, Sheets, webhooks, least-privilege scopes, encrypted refresh tokens, idempotent writes, reconciliation jobs, consent revocation, validation, and sync audit trails. |
| `skill-live-processing` | media | medium | Use for live stream and VOD ingestion pipelines, including YouTube, Twitch, uploads, capture jobs, queues, transcription, clip generation, media storage, retries, idempotent workers, consent, validation, observability, and safe server-side provider credentials. |
| `skill-manual-video-processing` | media | medium | Use for manual video or audio uploads in SaaS apps, including upload UX, direct storage, validation, malware checks, quota enforcement, asynchronous processing jobs, transcription, clip extraction, review flows, signed URLs, consent, and secure media access. |
| `skill-modern-ui-patterns` | frontend | low | Use for professional SaaS UI implementation and refinement in React, TypeScript, Tailwind, dashboards, admin panels, tables, forms, settings, billing, onboarding, responsive layouts, component states, and design-system consistency. |
| `skill-multiagent-orchestration` | orchestration | medium | Use when a task mentions subagents, multiagents, parallel agents, team execution, swarm, delegation, or requires dividing independent engineering work across agents while preserving integration safety and token efficiency. |
| `skill-open-design-ui` | frontend | low | Apply open-design product UI workflow for premium visual redesigns, dashboards, landing pages, design tokens, component libraries, responsive product screens, visual QA, anti-generic styling, and professional frontend delivery. |
| `skill-rails-upgrade` | - | safe | Analyze Rails apps and provide upgrade assessments |
| `skill-saas-admin-dashboard` | frontend | low | Build or improve SaaS admin dashboards, internal admin panels, user/customer screens, tenant/workspace screens, plan/payment/log views, sidebar layouts, metrics, filters, tables, support tools, and onboarding administration. |
| `skill-saas-core-limits` | saas | medium | Implement SaaS plan limits, quotas, entitlements, feature flags, trials, grace periods, blocked accounts, usage counters, and access checks after AbacatePay, Stripe, webhook, or manual admin subscription changes. |
| `skill-saas-dast-recon` | security | high | Run defensive, explicitly authorized SaaS DAST and recon with scope controls. Use when asked to scan an owned local, staging, preview, or approved production URL, API endpoint, SaaS app, tenant boundary, public web surface, auth flow, exposed files, headers, TLS, or OWASP Top 10 behavior using tools such as ZAP, Nuclei, Katana, httpx, and Subfinder. |
| `skill-saas-factory` | saas | medium | Build, refactor, review, or plan SaaS products with React/Vite, dashboards, admin panels, Supabase, payments, subscriptions, tenant limits, webhooks, security, infrastructure, and production readiness. Use as the top-level SaaS construction skill when work may need routing to payment, RLS, dashboard, limits, security scan, or deployment skills. |
| `skill-saas-security-scan` | security | medium | Run defensive, authorized local security scans for owned SaaS repositories. Use when asked to scan local code, dependencies, secrets, containers, IaC, API handlers, Supabase projects, multi-tenant SaaS isolation, or release/security gates with maintained OSS tools such as Semgrep, Gitleaks, Trivy, OSV-Scanner, and OWASP Dependency-Check. |
| `skill-security-hooks` | security | medium | Install and maintain defensive security hooks and CI gates for authorized SaaS projects. Use when asked to add pre-commit hooks, pre-push hooks, CI security scans, GitHub Actions hardening, secret scanning, dependency scanning, SAST, DAST gates, or security automation around existing repositories. |
| `skill-seekers` | - | safe | -Automatically convert documentation websites, GitHub repositories, and PDFs into Codex AI skills in minutes. |
| `skill-smart-clip-detection` | media | medium | Use for AI-assisted clip detection from transcripts, livestreams, videos, podcasts, calls, or long-form content, including scored candidates, timestamps, batching, validation, prompt versioning, review queues, idempotent reprocessing, consent, and publishing-ready metadata. |
| `skill-stripe-integration` | payments | medium | Integrate Stripe Checkout, Billing, subscriptions, Customer Portal, invoices, trials, coupons, webhook handling, entitlement sync, and SaaS payment state management. |
| `skill-supabase-rls` | security | high | Design and review defensive Supabase/Postgres Row Level Security for SaaS systems. Use for RLS policies, auth-aware tenant isolation, storage policies, service-role boundaries, migrations, indexes, positive/negative access tests, and data-isolation security reviews. |
| `skill-unified-analytics` | analytics | low | Use for SaaS/product analytics architecture, event taxonomy, telemetry instrumentation, funnels, admin dashboards, billing metrics, activation, retention, attribution, privacy guardrails, observability, and cross-provider reporting. |
| `slack-bot-builder` | - | - | Build Slack apps using the Bolt framework across Python, JavaScript, and Java. Covers Block Kit for rich UIs, interactive components, slash commands, event handling, OAuth installation flows, and Workflow Builder integration. Focus on best practices for production-ready Slack apps. Use when: slack bot, slack app, bolt framework, block kit, slash command. |
| `slack-gif-creator` | - | - | Knowledge and utilities for creating animated GIFs optimized for Slack. Provides constraints, validation tools, and animation concepts. Use when users request animated GIFs for Slack like "make me a GIF of X doing Y for Slack." |
| `slo-implementation` | - | - | Define and implement Service Level Indicators (SLIs) and Service Level Objectives (SLOs) with error budgets and alerting. Use when establishing reliability targets, implementing SRE practices, or measuring service performance. |
| `SMTP Penetration Testing` | - | - | This skill should be used when the user asks to "perform SMTP penetration testing", "enumerate email users", "test for open mail relays", "grab SMTP banners", "brute force email credentials", or "assess mail server security". It provides comprehensive techniques for testing SMTP server security. |
| `social-content` | - | - | When the user wants help creating, scheduling, or optimizing social media content for LinkedIn, Twitter/X, Instagram, TikTok, Facebook, or other platforms. Also use when the user mentions 'LinkedIn post,' 'Twitter thread,' 'social media,' 'content calendar,' 'social scheduling,' 'engagement,' or 'viral content.' This skill covers content creation, repurposing, and platform-specific strategies. |
| `software-architecture` | - | - | Guide for quality focused software architecture. This skill should be used when users want to write code, design architecture, analyze code, in any case that relates to software development. |
| `solidity-security` | - | - | Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications. |
| `spark-optimization` | - | - | Optimize Apache Spark jobs with partitioning, caching, shuffle optimization, and memory tuning. Use when improving Spark performance, debugging slow jobs, or scaling data processing pipelines. |
| `SQL Injection Testing` | - | - | This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems. |
| `SQLMap Database Penetration Testing` | - | - | This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a vulnerable database," or "perform automated database penetration testing." It provides comprehensive guidance for using SQLMap to detect and exploit SQL injection vulnerabilities. |
| `sql-optimization-patterns` | - | - | Master SQL query optimization, indexing strategies, and EXPLAIN analysis to dramatically improve database performance and eliminate slow queries. Use when debugging slow queries, designing database schemas, or optimizing application performance. |
| `sql-pro` | - | - | Master modern SQL with cloud-native databases, OLTP/OLAP |
| `SSH Penetration Testing` | - | - | This skill should be used when the user asks to "pentest SSH services", "enumerate SSH configurations", "brute force SSH credentials", "exploit SSH vulnerabilities", "perform SSH tunneling", or "audit SSH security". It provides comprehensive SSH penetration testing methodologies and techniques. |
| `startup-analyst` | - | - | Expert startup business analyst specializing in market sizing, |
| `startup-business-analyst-business-case` | - | - | Generate comprehensive investor-ready business case document with |
| `startup-business-analyst-financial-projections` | - | - | Create detailed 3-5 year financial model with revenue, costs, cash |
| `startup-business-analyst-market-opportunity` | - | - | Generate comprehensive market opportunity analysis with TAM/SAM/SOM |
| `startup-financial-modeling` | - | - | This skill should be used when the user asks to "create financial |
| `startup-metrics-framework` | - | - | This skill should be used when the user asks about "key startup |
| `stitch-ui-design` | - | safe | Expert guide for creating effective prompts for Google Stitch AI UI design tool. Use when user wants to design UI/UX in Stitch, create app interfaces, generate mobile/web designs, or needs help crafting Stitch prompts. Covers prompt structure, specificity techniques, iteration strategies, and design-to-code workflows for Stitch by Google. |
| `stride-analysis-patterns` | - | - | Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation. |
| `stripe-integration` | - | - | Implement Stripe payment processing for robust, PCI-compliant payment flows including checkout, subscriptions, and webhooks. Use when integrating Stripe payments, building subscription systems, or implementing secure checkout flows. |
| `superpowers-lab` | - | safe | Lab environment for Codex superpowers |
| `swiftui-expert-skill` | - | safe | Write, review, or improve SwiftUI code following best practices for state management, view composition, performance, modern APIs, Swift concurrency, and iOS 26+ Liquid Glass adoption. Use when building new SwiftUI features, refactoring existing views, reviewing code quality, or adopting modern SwiftUI patterns. |
| `systems-programming-rust-project` | - | - | You are a Rust project architecture expert specializing in scaffolding production-ready Rust applications. Generate complete project structures with cargo tooling, proper module organization, testing |
| `tailwind-design-system` | - | - | Build scalable design systems with Tailwind CSS, design tokens, component libraries, and responsive patterns. Use when creating component libraries, implementing design systems, or standardizing UI patterns. |
| `tailwind-patterns` | - | - | Tailwind CSS v4 principles. CSS-first configuration, container queries, modern patterns, design token architecture. |
| `tavily-web` | - | - | Web search, content extraction, crawling, and research capabilities using Tavily API |
| `tdd-orchestrator` | - | - | Master TDD orchestrator specializing in red-green-refactor |
| `tdd-workflow` | - | - | Test-Driven Development workflow principles. RED-GREEN-REFACTOR cycle. |
| `tdd-workflows-tdd-cycle` | - | - | Use when working with tdd workflows tdd cycle |
| `tdd-workflows-tdd-green` | - | - | Implement the minimal code needed to make failing tests pass in the TDD green phase. |
| `tdd-workflows-tdd-red` | - | - | Generate failing tests for the TDD red phase to define expected behavior and edge cases. |
| `tdd-workflows-tdd-refactor` | - | - | Use when working with tdd workflows tdd refactor |
| `team-collaboration-issue` | - | - | You are a GitHub issue resolution expert specializing in systematic bug investigation, feature implementation, and collaborative development workflows. Your expertise spans issue triage, root cause an |
| `team-collaboration-standup-notes` | - | - | You are an expert team communication specialist focused on async-first standup practices, AI-assisted note generation from commit history, and effective remote team coordination patterns. |
| `team-composition-analysis` | - | - | This skill should be used when the user asks to "plan team |
| `telegram-bot-builder` | - | - | Expert in building Telegram bots that solve real problems - from simple automation to complex AI-powered bots. Covers bot architecture, the Telegram Bot API, user experience, monetization strategies, and scaling bots to thousands of users. Use when: telegram bot, bot api, telegram automation, chat bot telegram, tg bot. |
| `telegram-mini-app` | - | - | Expert in building Telegram Mini Apps (TWA) - web apps that run inside Telegram with native-like experience. Covers the TON ecosystem, Telegram Web App API, payments, user authentication, and building viral mini apps that monetize. Use when: telegram mini app, TWA, telegram web app, TON app, mini app. |
| `temporal-python-pro` | - | - | Master Temporal workflow orchestration with Python SDK. Implements |
| `temporal-python-testing` | - | - | Test Temporal workflows with pytest, time-skipping, and mocking strategies. Covers unit testing, integration testing, replay testing, and local development setup. Use when implementing Temporal workflow tests or debugging test failures. |
| `terraform-module-library` | - | - | Build reusable Terraform modules for AWS, Azure, and GCP infrastructure following infrastructure-as-code best practices. Use when creating infrastructure modules, standardizing cloud provisioning, or implementing reusable IaC components. |
| `terraform-skill` | - | safe | Terraform infrastructure as code best practices |
| `terraform-specialist` | - | - | Expert Terraform/OpenTofu specialist mastering advanced IaC |
| `test-automator` | - | - | Master AI-powered test automation with modern frameworks, |
| `test-fixing` | - | - | Run tests and systematically fix all failing tests using smart error grouping. Use when user asks to fix failing tests, mentions test failures, runs test suite and failures occur, or requests to make tests pass. |
| `testing-patterns` | - | - | Jest testing patterns, factory functions, mocking strategies, and TDD workflow. Use when writing unit tests, creating test factories, or following TDD red-green-refactor cycle. |
| `testing-strategy` | - | - | Testing Strategy |
| `theme-factory` | - | - | Toolkit for styling artifacts with a theme. These artifacts can be slides, docs, reportings, HTML landing pages, etc. There are 10 pre-set themes with colors/fonts that you can apply to any artifact that has been creating, or can generate a new theme on-the-fly. |
| `threat-mitigation-mapping` | - | - | Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness. |
| `threat-modeling-expert` | - | - | Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use for security architecture reviews, threat identification, and secure-by-design planning. |
| `threejs-skills` | - | safe | Three.js skills for creating 3D elements and interactive experiences |
| `tool-design` | - | safe | Build tools that agents can use effectively, including architectural reduction patterns |
| `Top 100 Web Vulnerabilities Reference` | - | - | This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability definitions, root causes, impacts, and mitigation strategies across all major web security categories. |
| `track-management` | - | - | Use this skill when creating, managing, or working with Conductor |
| `trigger-dev` | - | - | Trigger.dev expert for background jobs, AI workflows, and reliable async execution with excellent developer experience and TypeScript-first design. Use when: trigger.dev, trigger dev, background task, ai background job, long running task. |
| `turborepo-caching` | - | - | Configure Turborepo for efficient monorepo builds with local and remote caching. Use when setting up Turborepo, optimizing build pipelines, or implementing distributed caching. |
| `tutorial-engineer` | - | - | Creates step-by-step tutorials and educational content from code. |
| `twilio-communications` | - | - | Build communication features with Twilio: SMS messaging, voice calls, WhatsApp Business API, and user verification (2FA). Covers the full spectrum from simple notifications to complex IVR systems and multi-channel authentication. Critical focus on compliance, rate limits, and error handling. Use when: twilio, send SMS, text message, voice call, phone verification. |
| `typescript-advanced-types` | - | - | Master TypeScript's advanced type system including generics, conditional types, mapped types, template literals, and utility types for building type-safe applications. Use when implementing complex type logic, creating reusable type utilities, or ensuring compile-time type safety in TypeScript projects. |
| `typescript-pro` | - | - | Master TypeScript with advanced types, generics, and strict type |
| `ui-skills` | - | safe | Opinionated, evolving constraints to guide agents when building interfaces |
| `ui-ux-designer` | - | - | Create interface designs, wireframes, and design systems. Masters |
| `ui-ux-polish` | - | - | UI/UX Polish |
| `ui-ux-pro-max` | - | - | UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 9 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind, shadcn/ui). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient. Integrations: shadcn/ui MCP for component search and examples. |
| `ui-visual-validator` | - | - | Rigorous visual validation expert specializing in UI testing, |
| `unit-testing-test-generate` | - | - | Generate comprehensive, maintainable unit tests across languages with strong coverage and edge case focus. |
| `unity-developer` | - | - | Build Unity games with optimized C# scripts, efficient rendering, |
| `unity-ecs-patterns` | - | - | Master Unity ECS (Entity Component System) with DOTS, Jobs, and Burst for high-performance game development. Use when building data-oriented games, optimizing performance, or working with large entity counts. |
| `unreal-engine-cpp-pro` | - | safe | Expert guide for Unreal Engine 5.x C++ development, covering UObject hygiene, performance patterns, and best practices. |
| `upgrading-expo` | - | safe | Upgrade Expo SDK versions |
| `upstash-qstash` | - | - | Upstash QStash expert for serverless message queues, scheduled jobs, and reliable HTTP-based task delivery without managing infrastructure. Use when: qstash, upstash queue, serverless cron, scheduled http, message queue serverless. |
| `using-neon` | - | safe | Guides and best practices for working with Neon Serverless Postgres. Covers getting started, local development with Neon, choosing a connection method, Neon features, authentication (@neondatabase/auth), PostgREST-style data API (@neondatabase/neon-js), Neon CLI, and Neon's Platform API/SDKs. Use for any Neon-related questions. |
| `using-superpowers` | - | - | Use when starting any conversation - establishes how to find and use skills, requiring Skill tool invocation before ANY response including clarifying questions |
| `uv-package-manager` | - | - | Master the uv package manager for fast Python dependency management, virtual environments, and modern Python project workflows. Use when setting up Python projects, managing dependencies, or optimizing Python development workflows with uv. |
| `varlock-Codex-skill` | - | safe | Secure environment variable management ensuring secrets are never exposed in Codex sessions, terminals, logs, or git commits |
| `vector-database-engineer` | - | - | Expert in vector databases, embedding strategies, and semantic search implementation. Masters Pinecone, Weaviate, Qdrant, Milvus, and pgvector for RAG applications, recommendation systems, and similar |
| `vector-index-tuning` | - | - | Optimize vector index performance for latency, recall, and memory. Use when tuning HNSW parameters, selecting quantization strategies, or scaling vector search infrastructure. |
| `vercel-deploy-claimable` | - | safe | Deploy applications and websites to Vercel. Use this skill when the user requests deployment actions such as "Deploy my app", "Deploy this to production", "Create a preview deployment", "Deploy and give me the link", or "Push this live". No authentication required - returns preview URL and claimable deployment link. |
| `vexor` | - | safe | Vector-powered CLI for semantic file search with a Codex/Codex skill |
| `viral-generator-builder` | - | - | Expert in building shareable generator tools that go viral - name generators, quiz makers, avatar creators, personality tests, and calculator tools. Covers the psychology of sharing, viral mechanics, and building tools people can't resist sharing with friends. Use when: generator tool, quiz maker, name generator, avatar creator, viral tool. |
| `voice-agents` | - | - | Voice agents represent the frontier of AI interaction - humans speaking naturally with AI systems. The challenge isn't just speech recognition and synthesis, it's achieving natural conversation flow with sub-800ms latency while handling interruptions, background noise, and emotional nuance. This skill covers two architectures: speech-to-speech (OpenAI Realtime API, lowest latency, most natural) and pipeline (STT→LLM→TTS, more control, easier to debug). Key insight: latency is the constraint. Hu |
| `voice-ai-development` | - | - | Expert in building voice AI applications - from real-time voice agents to voice-enabled apps. Covers OpenAI Realtime API, Vapi for voice agents, Deepgram for transcription, ElevenLabs for synthesis, LiveKit for real-time infrastructure, and WebRTC fundamentals. Knows how to build low-latency, production-ready voice experiences. Use when: voice ai, voice agent, speech to text, text to speech, realtime voice. |
| `voice-ai-engine-development` | - | - | Build real-time conversational AI voice engines using async worker pipelines, streaming transcription, LLM agents, and TTS synthesis with interrupt handling and multi-provider support |
| `wcag-audit-patterns` | - | - | Conduct WCAG 2.2 accessibility audits with automated testing, manual verification, and remediation guidance. Use when auditing websites for accessibility, fixing WCAG violations, or implementing accessible design patterns. |
| `web3-testing` | - | - | Test smart contracts comprehensively using Hardhat and Foundry with unit tests, integration tests, and mainnet forking. Use when testing Solidity contracts, setting up blockchain test suites, or validating DeFi protocols. |
| `web-artifacts-builder` | - | - | Suite of tools for creating elaborate, multi-component Codex.ai HTML artifacts using modern frontend web technologies (React, Tailwind CSS, shadcn/ui). Use for complex artifacts requiring state management, routing, or shadcn/ui components - not for simple single-file HTML/JSX artifacts. |
| `web-design-guidelines` | - | - | Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices". |
| `web-performance-optimization` | - | - | Optimize website and web application performance including loading speed, Core Web Vitals, bundle size, caching strategies, and runtime performance |
| `Windows Privilege Escalation` | - | - | This skill should be used when the user asks to "escalate privileges on Windows," "find Windows privesc vectors," "enumerate Windows for privilege escalation," "exploit Windows misconfigurations," or "perform post-exploitation privilege escalation." It provides comprehensive guidance for discovering and exploiting privilege escalation vulnerabilities in Windows environments. |
| `Wireshark Network Traffic Analysis` | - | - | This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "detect network anomalies", "investigate suspicious traffic", or "perform protocol analysis". It provides comprehensive techniques for network packet capture, filtering, and analysis using Wireshark. |
| `WordPress Penetration Testing` | - | - | This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies. |
| `workflow-automation` | - | - | Workflow automation is the infrastructure that makes AI agents reliable. Without durable execution, a network hiccup during a 10-step payment flow means lost money and angry customers. With it, workflows resume exactly where they left off. This skill covers the platforms (n8n, Temporal, Inngest) and patterns (sequential, parallel, orchestrator-worker) that turn brittle scripts into production-grade automation. Key insight: The platforms make different tradeoffs. n8n optimizes for accessibility |
| `workflow-orchestration-patterns` | - | - | Design durable workflows with Temporal for distributed systems. Covers workflow vs activity separation, saga patterns, state management, and determinism constraints. Use when building long-running processes, distributed transactions, or microservice orchestration. |
| `workflow-patterns` | - | - | Use this skill when implementing tasks according to Conductor's TDD |
| `writing-plans` | - | - | Use when you have a spec or requirements for a multi-step task, before touching code |
| `writing-skills` | - | - | Use when creating, updating, or improving agent skills. |
| `x-article-publisher-skill` | - | safe | Publish articles to X/Twitter |
| `xlsx` | - | - | Comprehensive spreadsheet creation, editing, and analysis with support for formulas, formatting, data analysis, and visualization. When Codex needs to work with spreadsheets (.xlsx, .xlsm, .csv, .tsv, etc) for: (1) Creating new spreadsheets with formulas and formatting, (2) Reading or analyzing data, (3) Modify existing spreadsheets while preserving formulas, (4) Data analysis and visualization in spreadsheets, or (5) Recalculating formulas |
| `Cross-Site Scripting and HTML Injection Testing` | - | - | This skill should be used when the user asks to "test for XSS vulnerabilities", "perform cross-site scripting attacks", "identify HTML injection flaws", "exploit client-side injection vulnerabilities", "steal cookies via XSS", or "bypass content security policies". It provides comprehensive techniques for detecting, exploiting, and understanding XSS and HTML injection attack vectors in web applications. |
| `zapier-make-patterns` | - | - | No-code automation democratizes workflow building. Zapier and Make (formerly Integromat) let non-developers automate business processes without writing code. But no-code doesn't mean no-complexity - these platforms have their own patterns, pitfalls, and breaking points. This skill covers when to use which platform, how to build reliable automations, and when to graduate to code-based solutions. Key insight: Zapier optimizes for simplicity and integrations (7000+ apps), Make optimizes for power |

## Como Manter Este Catálogo

- Ao alterar uma skill canônica, atualize primeiro `orquestrador/skills/<skill>/SKILL.md`.
- Depois rode `orquestrador/sync-skills.ps1 -Apply` no Windows ou `orquestrador/sync-skills.sh --apply` no Linux/macOS para espalhar a skill para os espelhos locais.
- Antes de publicar, rode `scripts/validate-public.ps1` para checar JSON, caminhos locais, segredos prováveis e mojibake.
- Este arquivo é referência de descoberta; a lógica operacional continua dentro de cada `SKILL.md`.