Explorar skills

Security audit for Android projects. Checks OWASP-oriented client-side risks, manifest exposure, hardcoded secrets, WebView handling, storage posture, and build obfuscation evidence. Triggers on: "security", "OWASP", "permissions", "encryption", "WebView", "certificate pinning".

Build system and dependency hygiene review for Android projects. Focuses on module-aware Gradle evidence, KAPT/KSP migration risk, release shrink config, repository hygiene, and dependency verification. Triggers on: "build system", "gradle", "dependencies", "version catalog", "KAPT", "KSP".

O Onboarding Brownfield audita artefatos de projeto existentes para conformidade com o formato do template, classifica as lacunas por impacto e gera um plano de migração numerado. Use-o ao ingressar em um projeto em andamento ou ao atualizar de uma versão de template mais antiga, verificando se o que existe funcionará com o template.

Android 15/16 compatibility preflight. Evaluates target SDK posture, edge-to-edge signals, predictive back migration risk, large-screen behavior, and 16 KB page-size readiness with explicit version awareness. Triggers on: "compatibility", "android 16", "edge-to-edge", "predictive back", "large screen".

Use when administering a Synapse / Matrix homeserver — list or snapshot all rooms, rate room health (public, unencrypted, orphaned), render a Graphviz map of the room/space tree, force-join users, promote room admins, harden rooms (add-to-space + restrict + encrypt), deactivate Matrix users (with GDPR erase), find biggest rooms by DB size, audit where a user is admin or member, replay join/leave t

Full Android audit orchestration. Builds audit-context.json, dispatches specialist agents against that shared evidence, then applies canonical gate and cap logic. Triggers on: "audit", "full android check", "analyze my android project", "project health check".

Realiza auditorias de segurança em alterações de código, diffs ou branches para encontrar vulnerabilidades exploráveis de alta confiança. Use para auditar segurança, revisar vulnerabilidades ou verificar problemas de segurança.

Audita jogos em busca de vulnerabilidades de segurança como adulteração de saves, vetores de trapaça, exploits de rede e exposição de dados, fornecendo um relatório priorizado com orientações de remediação. Recomenda-se antes de qualquer lançamento público ou multiplayer.

Strategic Android improvement roadmap. 4-phase plan with app-type specific templates for social, ecommerce, fintech, health/fitness, productivity apps. Triggers on: "android plan", "android strategy", "android roadmap", "improvement plan".

Review an authorized application for business-logic vulnerabilities, workflow abuse, approval bypasses, replay conditions, quota circumvention, plan enforcement bugs, and state-transition errors. Use for billing, invites, approvals, refunds, admin actions, and multi-step workflows.

Fluxo de trabalho de correção de emergência que ignora os processos normais de sprint com um registro de auditoria completo. Cria um branch de hotfix, rastreia aprovações e garante que a correção seja retroportada corretamente.

Conduct authorized defensive security audits of codebases and web applications. Use for broad appsec review across OWASP, authz, business logic, SSRF, XSS, CSRF, injection, file upload, secrets, logging, and tenant isolation. Produces structured findings with severity, confidence, evidence, and safe remediation guidance.