Explore skills

Scan the current codebase or a specified file/diff for production bugs, logic errors, and risky code before it ships. Use when the user says "review", "check my code", "is this safe to ship", or "any bugs in this?". Produces a prioritised bug list with exact file:line references and optional auto-fixes.

Audit code for security vulnerabilities. Use when the user says "security-audit", "security check", "is this secure", "audit for vulnerabilities", or before any public deployment. Covers OWASP Top 10 and common API/backend attack surfaces.

Audit any system for human usability against Nielsen's 10 heuristics. Deterministic checklist — same 10 heuristics, same severity scale, same report structure every run. Works on UI screens, CLI flows, API response patterns, user journeys, component code, or any described interface. Invoke when user says "usability audit", "UX review", "heuristic evaluation", "audit for usability", "check this for

Trace the root cause of a bug or unexpected behaviour. Use when the user says "why is this broken", "why does this fail", "whybroken", "something's wrong with X", or pastes an error. Never patches symptoms — always finds the cause first.

Use when about to emit a warning, flag, or alert for a LOW-confidence issue — the alert-fatigue / signal-credibility discipline. False alarms have an asymmetric cost: after repeated low-confidence warnings, the operator stops reading the channel, and the one true warning gets ignored. Fires on choosing a log level (warn vs info vs error), inflating a PR title/commit to "CRITICAL", marking speculat

Use when about to extract maximum present value from a RENEWABLE source in a way that degrades the source itself — the kill-the-source / unsustainable-extraction anti-pattern. Fires when about to max out an API rate limit or quota to ship one task faster (risks the access), flood the operator with low-priority pings (burns attention/trust budget), sacrifice maintainability for one task's throughpu

Use when, just after abandoning or failing at something, you catch yourself concluding "that wasn't worth reaching anyway" — the post-mortem self-deception / motivated-reasoning anti-pattern. Fires when writing a post-mortem after a failure or rollback, recording a lesson after a retreat, or when an operator/agent's stated reason for quitting smells like comfort rather than analysis. The tell: a g

Run the repo's make targets in dependency order (setup → lint → test → end-to-end) and verify each command's terminal output against its `logs/dev-<ts>-<cmd>.log` archive. Supports a full audit and a fast variant. Use whenever the user wants to validate the toolchain is clean, run lint+test locally before pushing, or reconcile terminal output against the dev-runner log archives — phrasings like "r

Analyze pending git changes and write a structured, conventional-commit plan to COMMITS.md so the user can review and stage commits in batches before committing. Use whenever the user wants to group working-tree or staged changes into sensible commits, draft commit messages for a dirty working tree, or prepare a commit plan from a diff.

Audit the latest GitHub Actions workflow runs on the current branch/PR for warnings, errors, failures, deprecation notices, and other log noise — then fix what's fixable in-repo (workflow YAML, configs, source, tests). Hands commit + push back to the developer. Use after CI finishes and before merge, or whenever the user asks about failing/noisy CI — phrasings like "audit the PR", "why did CI fail

Scan the codebase for AI-generated slop in comments and docstrings — temporal markers, self-referential AI framing, narrative WHAT-comments, marketing padding — and propose tightened rewrites, routing claim-bearing docstrings that need a code-grounded rewrite to its sibling /techne:reslop. Use when the user wants to audit pending changes or the whole codebase for verbose, low-value commentary left

Maintain the Zensical-powered documentation site — nav ordering in zensical.toml, the docs GitHub Pages workflow, CSS and JS assets, and link/anchor integrity across docs/**/*.md. Sibling of /techne:docsync (which only verifies prose claims against code). Use when the user wants the site itself audited — config, deploy pipeline, theming, assets, cross-page links — rather than content accuracy.