區塊鏈

API specification linting and security validation using Stoplight's Spectral with support for OpenAPI, AsyncAPI, and Arazzo specifications. Validates API definitions against security best practices, OWASP API Security Top 10, and custom organizational standards. Use when: (1) Validating OpenAPI/AsyncAPI specifications for security issues and design flaws, (2) Enforcing API design standards and governance policies across API portfolios, (3) Creating custom security rules for API specifications in CI/CD pipelines, (4) Detecting authentication, authorization, and data exposure issues in API definitions, (5) Ensuring API specifications comply with organizational security standards and regulatory requirements.

Offloading tasks with a well-defined scope to sub-agents, for instance to use a sub-agent to implement a set of specs. Use this skill whenever a task should not need a broad knowledge of the whole project

Generate SQL schemas with migrations and database table definitions

MANDATORY - You must load this skill before doing anything else. This defines how you operate.

Security auditing and vulnerability detection using OWASP patterns, CWE analysis, and threat modeling. Use when auditing code for security issues, reviewing authentication/authorization, evaluating input validation, analyzing cryptographic usage, reviewing dependency security, or when security-audit, vulnerability-scan, OWASP, threat-model, or --security are mentioned.

Fast, targeted single-pass search strategy for simple factual lookups. 1-iteration workflow with authoritative source verification and minimal citations. Use for version lookups, documentation finding, simple definitions, existence checks. Keywords: what version, find docs, link to, what is, does X support.

Workflow pattern standards for creating multi-agent orchestrations including YAML frontmatter (name, description, tags, status, agents, parameters), execution phases (sequential/parallel/conditional), agent coordination patterns, and Gherkin success criteria. Essential for defining reusable, validated workflow processes.

Professional framework for building premium $5k+ SaaS websites with AI - the Define, Build, Review, Refine loop used by real product teams

Rapid ideation skill adapted from obra/superpowers to kick off claude-ctx sessions. Use when defining scope, aligning on goals, or exploring solution space before coding.

Control Notion via Python SDK. TRIGGERS - Notion API, create page, query database, add blocks, automate Notion. PREFLIGHT - requires token from notion.so/my-integrations.

Comprehensive REST and GraphQL API design patterns with versioning, pagination, error handling, and HATEOAS principles. Use when designing APIs, defining endpoints, or architecting service contracts requiring production-grade patterns.

Deep knowledge of legendary designers and their enduring contributions. Learn from Saul Bass, Massimo Vignelli, Dieter Rams, Paula Scher, and others whose work defines excellence. Use when seeking inspiration, understanding design history, or applying proven approaches.

Token-efficient markdown parsing, editing, and diagram generation using native CLI tools (Windows/Mac/Linux compatible)

AshAuthentication guidelines for implementing authentication in Ash Framework. Use when adding password, magic link, API key, or OAuth2 authentication strategies. Covers token configuration, UserIdentity resources, confirmation add-ons, and customizing authentication actions. Never hardcode credentials.

Professional skill creation with research-driven workflow and automated validation.USE WHEN: Creating new skills, validating existing skills, deciding between Skills vs Subagents, migrating documents to skills, or running individual validation tools.PRIMARY TRIGGERS: "create skill" = Full creation (12 steps with research + execution planning) "validate skill" = Validation workflow (steps 3-8) "Skills vs Subagents" = Decision workflow (step 0) "convert doc to skill" = Migration workflow "estimate tokens" = Token optimization "security scan" = Security auditWORKFLOW COMPLIANCE: Structured workflows with validation checkpoints. Research phase (Step 1c-1d) ensures skills based on proven approaches.DIFFERENTIATOR: Research-driven creation. Web search (3-5 queries) before building. Multi-proposal generation. 9 automation scripts. Quality 9.0+/10.REUSED: Anthropic's init_skill.py and package_skill.py (production-tested).

StyleX styling patterns using design tokens, breakpoints, and custom css prop. Use when working with styles, CSS, design tokens, breakpoints, responsive design, themes, styling components, css prop, stylex.create, or when the user mentions StyleX, tokens.stylex, controlSize, color tokens, or breakpoints.

Create, review, and organize Jupyter notebook projects with UV-based workflows. Use when creating new notebooks, reviewing existing notebooks, organizing notebook projects, or improving presentation quality. Covers file structure, token-efficient notebook handling, presentation patterns, and CLI/library integration.

Orchestrate baselayer subagents for complex tasks. Defines available agents, their skills, and workflows for multi-agent scenarios. Load when coordinating work across agents, delegating tasks, or deciding which agent handles what.

Fast log file analysis with lnav, multi-framework support (Laravel, CodeIgniter, React, Next.js), automatic log pruning, and 70-80% token savings vs reading entire logs

Hardcoded secret detection and prevention in git repositories and codebases using Gitleaks. Identifies passwords, API keys, tokens, and credentials through regex-based pattern matching and entropy analysis. Use when: (1) Scanning repositories for exposed secrets and credentials, (2) Implementing pre-commit hooks to prevent secret leakage, (3) Integrating secret detection into CI/CD pipelines, (4) Auditing codebases for compliance violations (PCI-DSS, SOC2, GDPR), (5) Establishing baseline secret detection and tracking new exposures, (6) Remediating historical secret exposures in git history.