Explore skills

Adaptive post-implementation verification is performed using fresh subagents sized S/M/L (bug-fix, feature, architecture) within a multi-agent pipeline with strict role zoning. The system auto-scales from 2 to 7 agents based on phase size to optimize token usage.

Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.

Scans Substrate/Polkadot pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, incorrect weights, and bad origin checks. Use when auditing Substrate runtimes or FRAME pallets.

Identifies dependencies at heightened risk of exploitation or takeover. Use when assessing supply chain attack surface, evaluating dependency health, or scoping security engagements.

Scans TON (The Open Network) smart contracts for 3 critical vulnerabilities including integer-as-boolean misuse, fake Jetton contracts, and forward TON without gas checks. Use when auditing FunC contracts.

Use to set up, install, audit, update, repair, or sync a project-local AI harness for the current repository. It inspects the repo, conducts an interview for defaults and guardrails, then creates or updates synchronized AGENTS.md, CLAUDE.md, GEMINI.md, PROJECT_HARNESS.md, harness-contract.json, and harness-runtime.json files.

Manage NuGet packages using Central Package Management (CPM) and dotnet CLI. Never edit .csproj or Directory.Packages.props XML directly - use dotnet add/remove/list commands. Use shared version variables for related packages. Covers workspaces, security audits, and version management.

Interactive codebase health audit covering 8 dimensions: Architecture, Security, Performance, Maintainability, Testing, Docs, Dependencies, Quality. Zero dependencies.

Bug Hunter v1.1.0 Systematically hunts and detects potential bugs in code, including security vulnerabilities, null safety issues, boundary conditions, exception handling gaps, logic defects, code smells, and concurrency problems.

This comprehensive security skill for AI-assisted projects operates in two modes: AUDIT, running a 50-point checklist with quantitative scoring, and PREVENTIVE, guiding secure code generation by consulting vulnerability knowledge bases. It covers OWASP Top 10, cloud-native security (Supabase RLS, Firebase Rules), and payment security.

Security audit for MCP (Model Context Protocol) servers. Detects data exfiltration risks, command injection, permission escalation, and supply chain vulnerabilities before adding MCP servers to your agent.

Security Skill: Focuses on preventing hardcoded secrets, implementing JWT authentication, and ensuring robust input validation.