Explorar skills

Use when preparing a codebase for first-time public/open-source release. Full lifecycle from audit through documentation, hardening, and final review.

Ongoing maintenance for your assembled expert team. Add expertise, audit for bloat, restructure messy setups, or upgrade older projects. Auto-detects severity — targeted addition, health check, or full restructure. Use gigo:maintain, /maintain, or when gigo:blueprint or gigo:snap detect gaps.

Docker guidance for fast-moving teams. Starts with "do you need a Dockerfile?" (often no - use mounted code pattern). When Dockerfiles are needed, provides 2025 best practices for multi-stage builds, security hardening, BuildKit optimization, and language-specific patterns. Use when setting up Docker for a project, auditing Dockerfiles, or optimizing builds/images.

Perform thorough code reviews with security, performance, and maintainability analysis. Use when user asks to review code, check for bugs, or audit a codebase.

Code review for TenantFlow. Checks security, correctness, and quality. Focuses on tenant isolation, Stripe webhooks, and Clerk auth.

Scans Cosmos SDK blockchain modules and CosmWasm contracts for consensus-critical vulnerabilities — chain halts, fund loss, state divergence. 25 core + 16 IBC + 10 EVM + 3 CosmWasm patterns. Use when auditing custom x/ modules, reviewing IBC integrations, or assessing pre-launch chain security. Updated for SDK v0.53.x.

Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use when analyzing APK files for Firebase vulnerabilities, performing mobile app security audits, or testing Firebase endpoint security. For authorized security research only.

Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level (public, admin, role-restricted, contract-only), and generates structured audit reports. Excludes view/pure/read-only functions. Use when auditing smart contracts (Solidity, Vyper, Solana/Rust, Move, TON, CosmWasm

Scans Cairo/StarkNet smart contracts for 6 critical vulnerabilities including felt252 arithmetic overflow, L1-L2 messaging issues, address conversion problems, and signature replay. Use when auditing StarkNet projects.

Scans Algorand smart contracts for 11 common vulnerabilities including rekeying attacks, unchecked transaction fees, missing field validations, and access control issues. Use when auditing Algorand projects (TEAL/PyTeal).

Security scanning via clearwing — source code vulnerability hunting and network pentesting.

Prepares codebases for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures accessibility, and generates documentation (flowcharts, user stories, inline comments).