All Skills

Smart contract development advisor based on Trail of Bits best practices — analyzes architecture, upgradeability, dependencies, and testing.

Runs Semgrep static analysis with parallel subagents — full ruleset and high-confidence security scan modes with Semgrep Pro cross-file taint analysis.

Scans codebases for security vulnerabilities using CodeQL interprocedural data flow and taint tracking — supports full and important-only scan modes.

Coverage-guided Python fuzzer based on libFuzzer — fuzzing pure Python code and Python C extensions.

De facto fuzzing tool for Rust projects using Cargo with libFuzzer backend.

AFL++ fuzzer with advanced features — multi-core fuzzing of C/C++ projects with better performance than original AFL.

Techniques for writing effective fuzzing harnesses across languages — creating new fuzz targets and improving existing harness code.

Systematic 9-category code maturity assessment for smart contracts — arithmetic safety, access controls, complexity, MEV risks, and testing.

Analyzes token implementations for ERC20/ERC721 conformity, checks 20+ weird token patterns, and evaluates protocol handling of non-standard tokens.

Prepares codebases for security review using Trail of Bits checklist — sets review goals, runs static analysis, increases test coverage.

Expertise for analyzing DWARF debug files and understanding the DWARF debug format/standard (v3-v5).

Searches and explores Burp Suite project files (.burp) from the command line — searches response bodies with regex, extracts audit findings.

Scans Android APKs for Firebase security misconfigurations — open databases, storage buckets, authentication issues, and exposed cloud functions.

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations — detects prompt injection via env var patterns and dangerous sandbox configs.

Detects missing zeroization of sensitive data in source code and zeroization removed by compiler optimizations — assembly-level analysis.

Guides authoring of high-quality YARA-X detection rules for malware identification — naming conventions, string selection, performance, and false positive reduction.

Identifies dependencies at heightened risk of exploitation or takeover — assesses supply chain attack surface and dependency health.

Guidance for property-based testing across multiple languages and smart contracts — stronger coverage than example-based tests.

Configures Python projects with modern tooling (uv, ruff, ty) — creating projects, standalone scripts, and migrating from pip/Poetry/mypy/black.

Creates language variants of existing Semgrep rules — ports rules to target languages with independent test directories.

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns.

Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes — evaluates "secure by default" principles.

Detects fail-open insecure defaults — hardcoded secrets, weak authentication, and permissive security configurations that allow apps to run insecurely in production.

Verifies code implements exactly what documentation specifies for blockchain audits — finds gaps between specs and implementation.

Detects timing side-channel vulnerabilities in cryptographic code across C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JS, TS, Python, and Ruby.

Find similar vulnerabilities across codebases using pattern-based analysis — hunt bug variants, build CodeQL/Semgrep queries, and perform systematic code audits.

Security-focused differential review of code changes (PRs, commits, diffs) — calculates blast radius and generates markdown reports.

Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.

Analyzes smart contract codebases to identify state-changing entry points for security auditing — categorizes by access level and generates structured audit reports.

Track and visualize ML training experiments with Trackio — log metrics via Python API, fire training alerts, and retrieve logged metrics with real-time dashboards.

Build reusable CLI scripts for Hugging Face API operations — chaining API calls and automating repeated tasks.

Publish and manage research papers on Hugging Face Hub — create paper pages, link to models/datasets, claim authorship.

Train or fine-tune language models using TRL on Hugging Face Jobs — SFT, DPO, GRPO, reward modeling, GGUF conversion, and Trackio monitoring.

Run workloads on Hugging Face Jobs infrastructure — UV scripts, Docker-based jobs, hardware selection, cost estimation, and secrets management.

Add and manage evaluation results in Hugging Face model cards — extract eval tables, import scores, and run custom evaluations.

Create and manage datasets on Hugging Face Hub — initialize repos, define configs, stream row updates, and SQL-based querying.

Execute Hugging Face Hub operations — download models/datasets/spaces, upload files, create repos, manage local cache, and run compute jobs.

Build Gradio web UIs and demos in Python — create apps, components, event listeners, layouts, and chatbots.

Guidelines for upgrading Expo SDK versions — New Architecture, React 19, React Compiler, and native tabs migrations.

Deploying Expo apps to iOS App Store, Android Play Store, web hosting, and API routes.

Write EAS workflow YAML files for Expo projects — CI/CD pipelines and deployment automation in .eas/workflows/.

Use Expo DOM components to run web code in a webview on native and as-is on web — migrate web code to native incrementally.

Implementing network requests in Expo — fetch API, React Query, SWR, error handling, caching, offline support, and Expo Router data loaders.

Use @expo/ui/swift-ui to build iOS native views with SwiftUI in Expo SDK 55.

Use @expo/ui/jetpack-compose to build Android native views with Jetpack Compose in Expo SDK 55.

Set up Tailwind CSS v4 in Expo with react-native-css and NativeWind v5 for universal styling.

Build and distribute Expo development clients locally or via TestFlight.

Guidelines for creating API routes in Expo Router with EAS Hosting.

Complete guide for building beautiful apps with Expo Router — fundamentals, styling, components, navigation, animations, patterns, and native tabs.

Guide for Netlify AI Gateway — access AI models from OpenAI, Anthropic, and Google via a unified proxy without managing API keys directly.

Deploys web projects to Netlify using the CLI — preview and production deploys with npx netlify commands.

Guide for using the Netlify CLI — installation, authentication, site linking, netlify dev, netlify deploy, and environment variable management.

Reference for netlify.toml configuration — build settings, redirects, headers, deploy contexts, environment variables, and functions config.

Guide for controlling caching on Netlify CDN — Cache-Control, Netlify-CDN-Cache-Control, cache tags, durable cache, and framework-specific patterns.

Guide for deploying web frameworks on Netlify — Vite/React, Astro, TanStack Start, Next.js, Nuxt, SvelteKit, and Remix adapters.

Guide for Netlify Forms — data-netlify attribute, spam filtering, AJAX submissions, file uploads, notifications, and submissions API.

Guide for Netlify Image CDN — the /.netlify/images endpoint, query parameters, remote image allowlisting, clean URL rewrites.

Guide for Netlify DB (managed Neon Postgres) — provisioning, raw SQL, Drizzle ORM integration, migrations, and deploy preview branching.

Guide for using Netlify Blobs object storage — getStore(), CRUD operations, metadata, listing, deploy-scoped vs site-scoped stores.

Guide for writing Netlify Edge Functions — Deno runtime, context.next() middleware pattern, geolocation, and when to choose edge vs serverless.

Guide for writing Netlify serverless functions — modern syntax, TypeScript, path routing, background functions, scheduled functions, and streaming.

Teaches agents to iteratively build websites using Stitch with an autonomous baton-passing loop pattern and browser automation.

Expert guidance for integrating shadcn/ui components — component discovery, installation, customization, and best practices.

Generates walkthrough videos from Stitch projects using Remotion with smooth transitions, zooming, and text overlays.

Converts Stitch designs into modular Vite and React components using system-level networking and AST-based validation.

Transforms vague UI ideas into polished Stitch-optimized prompts — enhances specificity, adds UI/UX keywords, injects design system context.

Analyzes Stitch projects and synthesizes a semantic design system into DESIGN.md files.

Turns product or tech specs into concrete Notion tasks — breaks down spec pages into detailed implementation plans with acceptance criteria and progress tracking.

Searches across a Notion workspace, synthesizes findings from multiple pages, and creates comprehensive research documentation.

Prepares meeting materials by gathering context from Notion, enriching with Claude research, and creating both internal pre-read and external agenda.

Transforms conversations and discussions into structured documentation pages in Notion — captures insights, decisions, and knowledge from chat context.

Reviews and authors Cloudflare Workers code against production best practices — streaming, floating promises, global state, secrets, bindings, and observability.

Builds AI agents on Cloudflare using the Agents SDK with state management, real-time WebSockets, scheduled tasks, tool integration, and chat capabilities.

Builds remote MCP servers on Cloudflare Workers with tools, OAuth authentication, and production deployment.

Analyzes web performance using Chrome DevTools MCP — Core Web Vitals (FCP, LCP, TBT, CLS), render-blocking resources, layout shifts, caching issues, and accessibility gaps.

Cloudflare Workers CLI for deploying and managing Workers, KV, R2, D1, Vectorize, Queues, Workflows, Pipelines, and Secrets Store.

Build sandboxed applications for secure code execution — AI code execution, code interpreters, CI/CD systems, and interactive dev environments.

Create and review Cloudflare Durable Objects — stateful coordination, RPC methods, SQLite storage, alarms, WebSockets, and testing with Vitest.

Build AI agents on Cloudflare Workers using the Agents SDK — stateful agents, durable workflows, real-time WebSocket apps, scheduled tasks, MCP servers, and React hooks.

Comprehensive Cloudflare platform skill covering Workers, Pages, KV, D1, R2, Workers AI, Vectorize, Agents SDK, networking, security (WAF, DDoS), and infrastructure-as-code.

Full Sentry SDK setup for Svelte and SvelteKit — error monitoring, tracing, session replay, and logging.

Full Sentry SDK setup for Apple platforms (iOS, macOS, tvOS, watchOS, visionOS) — error monitoring, tracing, profiling, session replay, and logging.

Full Sentry SDK setup for React Native and Expo — error monitoring, tracing, profiling, session replay, and logging.

Full Sentry SDK setup for .NET — error monitoring, tracing, profiling, logging, and crons for ASP.NET Core, MAUI, WPF, Blazor, and Azure Functions.

Full Sentry SDK setup for Ruby — error monitoring, tracing, logging, profiling, and crons for Rails, Sinatra, Sidekiq, and Resque.

Full Sentry SDK setup for Go — error monitoring, tracing, logging, metrics, and crons with support for net/http, Gin, Echo, Fiber, and FastHTTP.

Full Sentry SDK setup for React — error monitoring, tracing, session replay, profiling, and logging for React 16+ with Router and Redux support.

Full Sentry SDK setup for Python — error monitoring, tracing, profiling, logging, metrics, and crons for Django, Flask, FastAPI, Celery, and more.

Full Sentry SDK setup for Next.js — error monitoring, tracing, profiling, logging, session replay, and AI monitoring for Next.js 13+ with App Router and Pages Router.

Creates Sentry alerts using the workflow engine API — supports email, Slack, PagerDuty, Discord, and other notification actions.

Finds and fixes production issues from Sentry using MCP — analyzes stack traces, breadcrumbs, traces, and context to identify root causes.

Django performance code review — finds N+1 queries, queryset inefficiencies, and ORM performance problems.

Django access control and IDOR security review — reviews views, DRF viewsets, ORM queries for authorization vulnerabilities.

Scans agent skills for security issues — checks for prompt injection, malicious scripts, excessive permissions, secret exposure, and supply chain risks.

Simplifies and refines code for clarity, consistency, and maintainability while preserving all functionality.

Systematic security code review based on OWASP guidelines — injection, XSS, authentication, authorization, and cryptography with confidence-based reporting.

Analyzes a repository to generate recommended Claude Code settings.json permissions — detects tech stack, build tools, and monorepo structure.

Iterates on a PR until CI passes — automates the feedback-fix-push-wait cycle for addressing CI failures and review feedback.

Finds bugs, security vulnerabilities, and code quality issues in local branch changes.

Creates pull requests following Sentry conventions for PR titles, descriptions, and issue references.

Creates commits following Sentry conventions with proper conventional commit format and issue references.

Code reviews following Sentry engineering practices — covers security, performance, testing, and design review for pull requests and code changes.

Structured upgrade checklist for moving between Stripe API versions — covers server-side SDKs (Node, Python, Ruby, Go, Java, .NET), Stripe.js, React Native, and mobile SDKs.

Opinionated Stripe integration guidance — pins latest API version, steers toward Checkout Sessions and Payment Element, covers Connect, Billing, PCI compliance, and mobile SDK patterns.

Upgrades a Next.js project to the latest version — reads package.json, fetches official migration guide, runs codemods, updates dependencies, walks through breaking changes.

Teaches the Next.js 16 Cache Components feature (PPR) — use cache directive, cacheLife(), cacheTag(), revalidateTag(), and cache invalidation patterns.

Next.js-specific best practices covering file conventions, RSC boundaries, async APIs, data patterns, error handling, route handlers, image/font optimization, bundling, and debugging.

Deploys any project to Vercel without authentication — packages a tarball, auto-detects framework from package.json (40+ frameworks), returns a live Preview URL and Claim URL.

Reviews UI code against Vercel's Web Interface Guidelines — 100+ rules covering accessibility, focus states, forms, animation, typography, dark mode, and i18n.

React Native and Expo best practices for performant mobile apps — 35+ rules across 13 categories including FlashList, Reanimated animations, navigation, and monorepo configuration.

React composition patterns that scale — compound components, state lifting, and internal composition to eliminate boolean prop proliferation in reusable component libraries.

Comprehensive React and Next.js performance optimization guidelines from Vercel Engineering covering 57 rules across 8 categories including waterfalls, bundle size, server-side performance, and data fetching.

MCP server for Atlassian — manage Jira issues, Confluence pages, search across products, and automate project workflows.

MCP server for Notion — create and query databases, manage pages, search content, and interact with workspace data.

MCP server for GitHub — manage repositories, issues, pull requests, branches, actions, and search code across organizations.

MCP server for Slack — send messages, read channels, manage reactions, search history, and interact with Slack workspaces.

MCP server for Sentry — query error events, browse issues, view stack traces, and analyze crash-free rates across projects.

MCP server for Stripe — create charges, manage subscriptions, issue refunds, retrieve payment intents, and query balance transactions.

MCP server for Microsoft Fabric — manage lakehouses, data pipelines, warehouses, and analytics workloads in the Fabric unified platform.

MCP server for Azure Kubernetes Service — manage AKS clusters, node pools, deployments, and monitor workload health.

MCP server for Azure DevOps — manage work items, pipelines, repos, pull requests, and boards across Azure DevOps organizations.

MCP server for Azure resource management — deploy, configure, and monitor Azure services including App Service, Functions, and Storage.

MCP server for Amazon S3 Tables — query tabular data stored in S3 using SQL, manage table metadata, and access Apache Iceberg tables.

MCP server for Amazon Nova Canvas — generate, edit, and manipulate images using the Nova foundation model on Bedrock.

MCP server for Terraform on AWS — plan, apply, and manage infrastructure-as-code with state management and drift detection.

MCP server for Amazon Bedrock Knowledge Bases — query RAG-powered knowledge bases with foundation model retrieval and generation.

MCP server for AWS Cost Explorer — analyze cloud spending, forecast costs, view usage breakdowns, and identify savings opportunities.

MCP server for AWS CloudTrail — query API activity logs, track user actions, and investigate security events across AWS accounts.

MCP server for AWS IAM — manage users, roles, policies, and permissions across AWS accounts with identity federation support.

MCP server for Amazon CloudWatch — query metrics, view dashboards, search log groups, and configure alarms for AWS resources.

MCP server for Amazon DynamoDB — create tables, query items, manage indexes, and perform CRUD operations on NoSQL data.

MCP server for Amazon EKS — manage Kubernetes clusters, node groups, add-ons, and workloads on AWS-managed Kubernetes.

MCP server for Amazon ECS — manage clusters, services, task definitions, and container deployments on Fargate or EC2.

MCP server for AWS Lambda — create, update, invoke, and monitor serverless functions with configuration and layer management.

MCP server for AWS CDK — synthesize, diff, and deploy CloudFormation stacks using infrastructure-as-code constructs.

MCP server providing direct access to AWS service APIs — invoke any AWS API action across all services with IAM-scoped credentials.

MCP server for searching and querying AWS documentation — find service guides, API references, and best practices.

MCP server for Google Analytics — query website traffic data, user behavior, conversion metrics, and audience insights via the GA4 API.

MCP server for Google Vertex AI Creative Studio — generate images, edit media, and create visual content using Vertex AI models.

MCP server for Google Cloud Security Command Center — manage findings, vulnerabilities, and compliance posture across GCP projects.

MCP server for Google Kubernetes Engine — manage clusters, node pools, workloads, and autoscaling on GKE.

MCP server for Google Cloud Run — deploy, manage, and monitor serverless containers on Google Cloud.

MCP server for Google Workspace — manage Gmail, Drive, Docs, Sheets, and Calendar through a unified AI-driven interface.

MCP server for querying Cloudflare analytics via GraphQL — HTTP requests, firewall events, Workers metrics, and custom datasets.

MCP server for Cloudflare One CASB — discover SaaS application usage, detect shadow IT, and review security posture findings.

MCP server for Cloudflare DEX — monitor end-user digital experience with synthetic tests, fleet status, and connectivity insights.

MCP server for querying Cloudflare DNS analytics — query volumes, response codes, and resolver performance metrics.

MCP server for querying Cloudflare account audit logs — track configuration changes, user actions, and API activity.

MCP server for Cloudflare AutoRAG — build and query retrieval-augmented generation pipelines with Vectorize and Workers AI.

MCP server for Cloudflare AI Gateway — manage AI request routing, caching, rate limiting, and observability across LLM providers.

MCP server for managing Cloudflare Logpush jobs — configure, monitor, and troubleshoot log delivery to storage destinations.

MCP server for Cloudflare Browser Rendering — take screenshots, generate PDFs, and extract content from web pages at the edge.

MCP server for managing Cloudflare container workloads — deploy, scale, and monitor containers running on the Cloudflare network.

MCP server for querying Cloudflare Radar internet traffic data — trends, attack statistics, protocol adoption, and BGP insights.

MCP server for querying Workers analytics, request logs, and error traces for observability and debugging.

MCP server for triggering and monitoring Cloudflare Workers builds, deployments, and rollbacks.

MCP server for managing Cloudflare Workers bindings — KV namespaces, D1 databases, R2 buckets, queues, and Durable Objects.

MCP server for searching and querying Cloudflare developer documentation using Vectorize for semantic search.

MCP server that provides current time in various timezones and time conversion between zones using IANA timezone identifiers.

MCP server that enables dynamic, reflective problem-solving through sequential thought chains with branching, revision, and hypothesis testing.

MCP server that provides persistent memory through a knowledge graph. Stores entities, relations, and observations in a local JSON file.

MCP server for Git repository operations — clone, status, diff, log, commit, branch, and checkout across local repositories.

MCP server providing file system access — read, write, move, search, and get directory listings within configurable allowed paths.

MCP server that fetches web content and converts it to markdown. Supports HTTP requests with configurable user-agent and content size limits.

Reference MCP server implementing all protocol features — resources, tools, prompts, sampling, and logging. Useful for testing MCP clients.

Excel file creation, editing, and analysis with financial modeling standards, formula construction rules, and mandatory recalculation via LibreOffice.

Python-based toolkit for testing local web applications using Playwright browser automation with server lifecycle management.

Suite of tools for creating multi-component Claude.ai HTML artifacts using React 18, TypeScript, Vite, Parcel, Tailwind CSS, and shadcn/ui.

Toolkit for styling artifacts with 10 pre-set professional themes including curated color palettes and font pairings, plus custom theme generation.

Creates Slack-optimized animated GIFs with frame assembly, platform validation, and smooth motion effects for emoji and message formats.

Creates, modifies, and evaluates skills through structured testing with parallel subagent runs, grading, benchmarking, and description optimization.

Full PowerPoint lifecycle management — reading, editing, and creating .pptx files with extensive design guidance and mandatory subagent-driven visual QA workflow.

Comprehensive PDF manipulation: reading/extraction, merge/split/rotate, creation via reportlab, OCR for scanned PDFs, watermarking, image extraction, form filling, and security (encryption, passwords).

Skill for creating high-quality MCP servers that enable LLMs to interact with external services. Covers deep research and planning, implementation, review and testing, and evaluation creation.

Resource collection for writing organizational communications: 3P updates, newsletters, FAQ responses, status reports, and incident reports.

Creates distinctive, production-grade frontend interfaces with high design quality. Generates polished HTML/CSS/React code that avoids generic AI aesthetics.

Manages Word document creation, editing, and analysis. Uses the docx npm package for creation and XML unpack/edit/repack workflow for editing.

Guides users through a structured three-stage workflow for co-authoring documentation, proposals, technical specs, and decision docs.

Creates visual art on a canvas (.png and .pdf) using design philosophy principles. Generates museum-quality, design-forward compositions with minimal text via Python.

Applies Anthropic's official brand colors and typography for consistent visual styling across presentations, slides, and other artifacts.

Creates generative art using p5.js with seeded randomness, algorithmic philosophy manifestos, and interactive parameter exploration.