Implement production-ready features across database, backend, and frontend layers with incremental phased approach
Comprehensive security vulnerability analysis for codebases and infrastructure. Scans dependencies (npm, pip, gem, go, cargo), containers (Docker, Kubernetes), cloud IaC (Terraform, CloudFormation), and detects secrets exposure. Fetches live CVE data from OSV.dev, calculates risk scores, and generates phased remediation plans with TDD validation tests. Use when users mention security scan, vulnerability, CVE, exploit, security audit, penetration test, OWASP, hardening, dependency audit, container security, or want to improve security posture.
Stacks blockchain development intelligence for Codex.
Detects non-functional "theater" code that appears complete but doesn't actually work. Use this skill to identify code that looks correct in static analysis but fails during execution, preventing fake implementations from reaching production. Scans for suspicious patterns, validates actual functionality, and reports findings with recommendations.
Control Eight Sleep pods (status, temperature, alarms, schedules).
Create, export, unpack, pack, import, and validate Dataverse solutions. USE WHEN: "export solution", "import solution", "pack solution", "unpack solution", "create solution", "pull from environment", "push to environment", "validate import", "check import errors", "check if table exists", "check if form is published", "verify deployment". DO NOT USE WHEN: creating tables/columns/forms/views (use dataverse-metadata).
**Version:** 1.0.0
Send WhatsApp messages to other people or search/sync WhatsApp history via the wacli CLI (not for normal user chats).
Manage Apple Notes via the `memo` CLI on macOS (create, view, edit, delete, search, move, and export notes). Use when a user asks Clawdbot to add a note, list notes, search notes, or manage note folders.
Monitor blogs and RSS/Atom feeds for updates using the blogwatcher CLI.
Thorough, adversarial security review of API endpoints, UI flows that call those endpoints, and any database-interacting code. Use when the user asks for a security review, permission/authorization audit, red-team style assessment, or vulnerability analysis. Assume access to source code and a running system; perform threat modeling and check current vulnerabilities relevant to the stack.
Look up Microsoft Purview documentation and guidance from Microsoft Learn. Use this skill ONLY when the user's question does NOT match a diagnostic symptom in dlm-diagnostics. Use dlm-diagnostics first for troubleshooting issues like retention policy errors, archive problems, inactive mailboxes, etc. Use asklearn for general questions like: how do I create a retention policy, how do I set up eDiscovery, how do I enable audit logging, how do I configure communication compliance, how do I set up information barriers, how do I use insider risk management, how do I manage records, or how do I configure adaptive scopes.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Human code review gate for critical components. Activates automatically for security-sensitive paths, high-complexity code, or large changes. Activation trigger: [ACTIVATE:CODE_REVIEW_GATE_V1]
Securely connect to and manage remote Linux/Unix servers via SSH. Execute commands, transfer files (SCP/SFTP), set up port forwarding and tunnels. Use when the user asks to SSH into a server, connect to a remote machine, run remote commands, upload/download files to servers, set up tunnels, or perform server administration tasks. Works on Windows, macOS, and Linux.
Mac App Store申請前のチェックリスト。Sandbox必須、スクリーンショット、Notarization、権限説明を確認。Use when: Mac App Store、macOS申請、Mac審査 を依頼された時。