gRPC
APICommonly used with
Skills using gRPC (167)
dotnet-backend
Build ASP.NET Core 8+ backend services with EF Core, auth, background jobs, and production API patterns.
qdrant-vector-search
High-performance vector similarity search engine for RAG and semantic search. Use when building production RAG systems requiring fast nearest neighbor search, hybrid search with filtering, or scalable vector storage with Rust-powered performance.
attio-performance-tuning
Optimize Attio API performance -- caching, batch queries, pagination strategies, connection pooling, and latency reduction. Trigger: "attio performance", "optimize attio", "attio slow", "attio latency", "attio caching", "attio batch requests".
file-to-code
Generates production-ready code from file specifications such as CSV files, JSON schemas, SQL DDL, protobuf definitions, or requirements documents. Use when the user wants to convert a data file or specification into working code. Trigger with phrases like "generate code from this CSV", "create an API from this schema", "build a parser for this file", or "turn this spec into code".
generating-grpc-services
Generate gRPC service definitions, stubs, and implementations from Protocol Buffers. Use when creating high-performance gRPC services. Trigger with phrases like "generate gRPC service", "create gRPC API", or "build gRPC server".
sentry-architecture-variants
Configure Sentry error tracking and performance monitoring for different application architectures. Use when setting up Sentry for monoliths, microservices, serverless functions, event-driven systems, frontend SPAs, mobile apps, or hybrid deployments. Trigger: "sentry monolith setup", "sentry microservices tracing", "sentry serverless lambda", "sentry event-driven kafka", "sentry react native", "sentry architecture pattern".
moai-domain-backend
Backend development specialist covering API design, database integration, microservices architecture, and modern backend patterns. Use when designing APIs, implementing server logic, authentication, or authorization.
moai-platform-deployment
Deployment and hosting platform specialist covering Vercel, Railway, and Convex. Use when deploying applications, configuring edge functions, setting up continuous deployment, or managing serverless infrastructure.
c4-component
Expert C4 Component-level documentation specialist. Synthesizes C4 Code-level documentation into Component-level architecture, defining component boundaries, interfaces, and relationships.
c4-container
Expert C4 Container-level documentation specialist.
dotnet-backend
Build ASP.NET Core 8+ backend services with EF Core, auth, background jobs, and production API patterns.
grpc-golang
Build production-ready gRPC services in Go with mTLS, streaming, and observability. Use when designing Protobuf contracts with Buf or implementing secure service-to-service transport.
golang-grpc
Provides gRPC usage guidelines, protobuf organization, and production-ready patterns for Golang microservices. Use when implementing, reviewing, or debugging gRPC servers/clients, writing proto files, setting up interceptors, handling gRPC errors with status codes, configuring TLS/mTLS, testing with bufconn, or working with streaming RPCs.
schema-evolution-manager
Manages schema evolution and compatibility across data systems
grpc-service-generator
Generate grpc service generator operations. Auto-activating skill for Backend Development. Triggers on: grpc service generator, grpc service generator Part of the Backend Development skill category. Use when working with grpc service generator functionality. Trigger with phrases like "grpc service generator", "grpc generator", "grpc".
conducting-api-security-testing
Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization, rate limiting, input validation, and business logic. The tester uses the OWASP API Security Top 10 as the testing framework, combining Burp Suite interception with Postman collections and custom scripts to test endpoint security at every privilege level. Activates for requests involving API security testing, REST API pentest, GraphQL security assessment, or API vulnerability testing.
testing-api-security-with-owasp-top-10
Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated and manual testing techniques.
api-diff-analyzer
Compare API specifications to detect breaking changes. Compare OpenAPI spec versions, categorize changes by severity, generate migration guides, and block breaking changes in CI.
dast-scanner
Dynamic Application Security Testing execution and management. Configure and execute OWASP ZAP and Nuclei scans, run authenticated scanning, manage scan policies and scope, correlate findings with SAST results, and generate comprehensive vulnerability reports.
performing-cloud-native-forensics-with-falco
Uses Falco YAML rules for runtime threat detection in containers and Kubernetes, monitoring syscalls for shell spawns, file tampering, network anomalies, and privilege escalation. Manages Falco rules via the Falco gRPC API and parses Falco alert output. Use when building container runtime security or investigating k8s cluster compromises.
golang-pro
Implements concurrent Go patterns using goroutines and channels, designs and builds microservices with gRPC or REST, optimizes Go application performance with pprof, and enforces idiomatic Go with generics, interfaces, and robust error handling. Use when building Go applications requiring concurrent programming, microservices architecture, or high-performance systems. Invoke for goroutines, channels, Go generics, gRPC integration, CLI tools, benchmarks, or table-driven testing.
microservices-architect
Designs distributed system architectures, decomposes monoliths into bounded-context services, recommends communication patterns, and produces service boundary diagrams and resilience strategies. Use when designing distributed systems, decomposing monoliths, or implementing microservices patterns — including service boundaries, DDD, saga patterns, event sourcing, CQRS, service mesh, or distributed tracing.
qdrant-vector-search
High-performance vector similarity search engine for RAG and semantic search. Use when building production RAG systems requiring fast nearest neighbor search, hybrid search with filtering, or scalable vector storage with Rust-powered performance.
grpc-protocol
Expert skill for gRPC protocol implementation, debugging, and performance optimization
protobuf-grpc-designer
Protocol Buffers and gRPC service definition with backward compatibility checks
serialization
Expert skill for binary and text serialization formats, schema design, and optimization
ln-113-backend-docs-creator
Creates backend docs (api_spec.md, database_schema.md). Use when project has backend API or database.
fullstack-dev
Full-stack backend architecture and frontend-backend integration guide. TRIGGER when: building a full-stack app, creating REST API with frontend, scaffolding backend service, building todo app, building CRUD app, building real-time app, building chat app, Express + React, Next.js API, Node.js backend, Python backend, Go backend, designing service layers, implementing error handling, managing config/auth, setting up API clients, implementing auth flows, handling file uploads, adding real-time features (SSE/WebSocket), hardening for production. DO NOT TRIGGER when: pure frontend UI work, pure CSS/styling, database schema only.
qdrant-vector-search
High-performance vector similarity search engine for RAG and semantic search. Use when building production RAG systems requiring fast nearest neighbor search, hybrid search with filtering, or scalable vector storage with Rust-powered performance.
oma-observability
Intent-based observability + traceability router across layers, boundaries, and signals. Routes to vendor-specific skills via category taxonomy; owns transport tuning, meta-observability, incident forensics. Use for observability, traceability, telemetry, APM, RUM, metrics, logs, traces, profiles, SLO, incident forensics, tracing architecture work.
api-versioning-strategy
Write an API versioning strategy document for a service or API platform. Use when asked to define versioning policy, plan API deprecation, classify breaking changes, or document version lifecycle. Produces a complete versioning strategy with breaking-change classification table, deprecation timeline, migration guide template, and client communication template.
a2a-protocol
Use this skill when working with the A2A (Agent-to-Agent) protocol - agent interoperability, multi-agent communication, agent discovery, agent cards, task lifecycle, streaming, and push notifications. Triggers on any A2A-related task including implementing A2A servers/clients, building agent cards, sending messages between agents, managing tasks, and configuring push notification webhooks.
api-design
Use this skill when designing APIs, choosing between REST/GraphQL/gRPC, writing OpenAPI specs, implementing pagination, versioning endpoints, or structuring request/response schemas. Triggers on API design, endpoint naming, HTTP methods, status codes, rate limiting, authentication schemes, HATEOAS, query parameters, and any task requiring API architecture decisions.
backend-engineering
Use this skill when designing backend systems, databases, APIs, or services. Triggers on schema design, database migrations, indexing strategies, distributed systems architecture, microservices, caching, message queues, observability setup, logging, metrics, tracing, SLO/SLI definition, performance optimization, query tuning, security hardening, authentication, authorization, API design (REST, GraphQL, gRPC), rate limiting, pagination, and failure handling patterns. Acts as a senior backend engineering advisor for mid-level engineers leveling up.
checking-code-quality
Checks code quality metrics including complexity, duplication, naming conventions, and function length. Use when running quality gates, reviewing code smells, or checking lint rules. Automatically triggered on complex modules or post-refactor.
verifying-modules
Scans directory structure, detects missing documentation, and verifies code-doc synchronization. Use when checking module completeness, README presence, or DESIGN.md alignment. Automatically triggered after creating new modules.
serialization
Choose the right serialization format for .NET applications. Prefer schema-based formats (Protobuf, MessagePack) over reflection-based (Newtonsoft.Json). Use System.Text.Json with AOT source generators for JSON scenarios.
api-forge
Design REST/GraphQL APIs with OpenAPI 3.1, error handling, pagination, rate limiting, webhooks, and idempotency. Use when user asks to design an API, create endpoints, define REST/GraphQL schema, or generate OpenAPI spec. Do NOT use for database schema design, frontend API integration, or non-HTTP protocols (gRPC, WebSocket, MQTT).
qdrant
Provides Qdrant vector database integration patterns with LangChain4j. Handles embedding storage, similarity search, and vector management for Java applications. Use when implementing vector-based retrieval for RAG systems, semantic search, or recommendation engines.
microservices-patterns
Design microservices architectures with service boundaries, event-driven communication, and resilience patterns. Use when building distributed systems, decomposing monoliths, or implementing microservices.
microservices-patterns
Design microservices architectures with service boundaries, event-driven communication, and resilience patterns. Use when building distributed systems, decomposing monoliths, or implementing microservices.
designing-architectures
Architecture knowledge reference covering API design, security architecture, cloud-native patterns, caching strategies, message queues, and data security. Use when designing system architecture, APIs, or cloud-native infrastructure.
uxc
Discover and call remote schema-exposed interfaces with UXC. Use when an agent or skill needs to list operations, inspect operation schemas, and execute OpenAPI, GraphQL, gRPC, MCP, or JSON-RPC calls via one CLI contract.
api-design
REST/GraphQL/gRPC API design best practices. Use when designing APIs, defining contracts, handling versioning. Covers OpenAPI 3.2, GraphQL Federation, gRPC streaming.
api-documentation-writer
Generate comprehensive API documentation including endpoint descriptions, request/response examples, authentication guides, error codes, and SDKs. Creates OpenAPI/Swagger specs, REST API docs, and developer-friendly reference materials. Use when users need to document APIs, create technical references, or write developer documentation.
api-design-framework
Use this skill when designing REST, GraphQL, or gRPC APIs. Provides comprehensive API design patterns, versioning strategies, error handling conventions, authentication approaches, and OpenAPI/AsyncAPI templates. Ensures consistent, well-documented, and developer-friendly APIs across all backend services.
dotnet-backend
Build ASP.NET Core 8+ backend services with EF Core, auth, background jobs, and production API patterns.
golang-enterprise-patterns
Enterprise-level Go architecture patterns including clean architecture, hexagonal architecture, DDD, and production-ready application structure.
otel-collector
Expert guidance for configuring and deploying the OpenTelemetry Collector. Use when setting up a Collector pipeline, configuring receivers, exporters, or processors, deploying a Collector to Kubernetes or Docker, or forwarding telemetry to Dash0. Triggers on requests involving collector, pipeline, OTLP receiver, exporter, or Dash0 collector setup.
hunt-grpc
Hunt gRPC vulnerabilities — server reflection enabled (enumerate all services/methods), missing authentication / metadata-stripping on internal endpoints, plaintext gRPC over HTTP/2, internal endpoint disclosure, proto file leakage, gRPC-Web/grpc-gateway transcoding injection, and HTTP/2 Rapid Reset DoS (CVE-2023-44487). Use when target exposes port 50051 / 443 / 8443 / 9090 with HTTP/2, when grpcurl/grpcui detects reflection, when an Envoy or grpc-gateway proxy is fronting a microservice, or when recon reveals a microservice architecture.
distributed-tracing
Implement distributed tracing with OpenTelemetry, Tempo/Jaeger — instrumentation, sampling, and trace-to-log correlation. Use when the user asks about distributed tracing, OpenTelemetry setup, span instrumentation, trace propagation, or connecting traces to logs and metrics.
api-design
API design patterns for REST/GraphQL framework design, versioning strategies, and RFC 9457 error handling. Use when designing API endpoints, choosing versioning schemes, implementing Problem Details errors, or building OpenAPI specifications.
api-breaker
Automated API security testing starting from domains. Discovers REST, GraphQL, and SOAP APIs, reconstructs schemas, and tests for BOLA/IDOR, BFLA, mass assignment, JWT attacks, rate limiting bypass, and business logic flaws. Use when user asks to "test API security", "break API", "find API vulnerabilities", "test GraphQL", "test JWT", "API pentest", or provides domains with API endpoints. For authorized testing only.
api-design
REST/GraphQL/gRPC API design best practices. Use when designing APIs, defining contracts, handling versioning. Covers OpenAPI 3.2, GraphQL Federation, gRPC streaming.
nw-sd-framework
4-step system design framework with back-of-envelope estimation, scaling ladder, and common pitfalls
backend-architect
Expert backend architect specializing in scalable API design, microservices architecture, and distributed systems. Masters REST/GraphQL/gRPC APIs, event-driven architectures, service mesh patterns, and modern backend frameworks. Handles service boundary definition, inter-service communication, resilience patterns, and observability. Use PROACTIVELY when creating new backend services or APIs.
c4-component
Expert C4 Component-level documentation specialist. Synthesizes C4 Code-level documentation into Component-level architecture, defining component boundaries, interfaces, and relationships. Creates component diagrams and documentation. Use when synthesizing code-level documentation into logical components.
c4-container
Expert C4 Container-level documentation specialist. Synthesizes Component-level documentation into Container-level architecture, mapping components to deployment units, documenting container interfaces as APIs, and creating container diagrams. Use when synthesizing components into deployment containers and documenting system deployment architecture.
mir-backend-dotnet
Make It Right (.NET runtime tier). CLR/CoreCLR runtime reliability footguns shared across EVERY .NET backend framework (ASP.NET Core, Minimal APIs, gRPC, Blazor Server, SignalR, background services) — distinct from the generic backend gates and from any one framework's mechanics. Covers: sync-over-async deadlock and thread-pool starvation (.Result/.Wait()/.GetAwaiter().GetResult()), ConfigureAwait(false) in library code, ValueTask misuse, thread-pool saturation under load, IDisposable/using discipline, DbContext thread-safety and lifetime, DI captive dependency (Scoped/Transient injected into Singleton), CancellationToken propagation, and large-object heap pressure. TRIGGER when the backend runtime is .NET / CLR — any C# or F# service. SKIP for Node/JVM/Go/Rust/Python/Ruby/PHP/BEAM runtimes (each has its own mir-backend-<runtime> tier), and for framework-library mechanics (those live in mir-backend-dotnet-<framework>).
hunt-dispatch
Skill-set loader for /hunt orchestrator. Fingerprints the target, picks the right platform attack skills, and loads the Red Team or WAPT skill set. Use when /hunt has just received a mode answer (redteam or wapt + blackbox|greybox) and needs to load the appropriate skills and print the taxonomy. Not for direct user invocation.
go-grpc
Use when implementing or reviewing gRPC servers/clients in Go. Covers .proto organisation, code generation with protoc/buf, server bootstrap (interceptors, health, graceful shutdown), client patterns (reuse, deadlines, retries), status.Code error handling, streaming, TLS/mTLS, and bufconn testing. Apply when writing .proto files, adding interceptors, or auditing a service for production readiness.
protobuf
Use when working with Protocol Buffer (.proto) files, buf.yaml, buf.gen.yaml, or buf.lock. Covers proto design, buf CLI, gRPC/Connect services, protovalidate constraints, schema evolution, and troubleshooting lint/breaking errors.
a2a-protocol
Use this skill when working with the A2A (Agent-to-Agent) protocol - agent interoperability, multi-agent communication, agent discovery, agent cards, task lifecycle, streaming, and push notifications. Triggers on any A2A-related task including implementing A2A servers/clients, building agent cards, sending messages between agents, managing tasks, and configuring push notification webhooks.
api-design
Use this skill when designing APIs, choosing between REST/GraphQL/gRPC, writing OpenAPI specs, implementing pagination, versioning endpoints, or structuring request/response schemas. Triggers on API design, endpoint naming, HTTP methods, status codes, rate limiting, authentication schemes, HATEOAS, query parameters, and any task requiring API architecture decisions.
backend-engineering
Use this skill when designing backend systems, databases, APIs, or services. Triggers on schema design, database migrations, indexing strategies, distributed systems architecture, microservices, caching, message queues, observability setup, logging, metrics, tracing, SLO/SLI definition, performance optimization, query tuning, security hardening, authentication, authorization, API design (REST, GraphQL, gRPC), rate limiting, pagination, and failure handling patterns. Acts as a senior backend engineering advisor for mid-level engineers leveling up.
pdlc-arch
架构分析(生成/更新 docs/ARCHITECTURE.md 系统架构总览 · surface 型)
golang-pro
Implements concurrent Go patterns using goroutines and channels, designs and builds microservices with gRPC or REST, optimizes Go application performance with pprof, and enforces idiomatic Go with generics, interfaces, and robust error handling. Use when building Go applications requiring concurrent programming, microservices architecture, or high-performance systems. Invoke for goroutines, channels, Go generics, gRPC integration, CLI tools, benchmarks, or table-driven testing.
microservices-architect
Designs distributed system architectures, decomposes monoliths into bounded-context services, recommends communication patterns, and produces service boundary diagrams and resilience strategies. Use when designing distributed systems, decomposing monoliths, or implementing microservices patterns — including service boundaries, DDD, saga patterns, event sourcing, CQRS, service mesh, or distributed tracing.
api-diff
Diff an OpenAPI spec across commits and classify each change as major/minor/patch per SemVer-for-APIs
user-level-detect
Detect user's technical level from how they speak. Adjust all communication accordingly.
microservices-patterns
Design microservices architectures with service boundaries, event-driven communication, and resilience patterns. Use when building distributed systems, decomposing monoliths, or implementing microservices.
network-fundamentals-cloud
Networking fundamentals as they apply to cloud infrastructure — virtual networks, subnets, routers, NAT, floating IPs, security groups, VLAN/VXLAN segmentation, load balancing, SDN concepts, and how Neutron-style cloud networks sit on top of physical topology. Covers TCP behavior at scale, congestion control, tail latency, overlay networks, and the operational gotchas that come from network layering. Use when designing cloud network topology, debugging cross-AZ latency, or reviewing a proposed VPC/SG design.
senior-rust-practices
This skill should be used when the user asks about "rust workspace", "rust best practices", "cargo workspace setup", "rust code organization", "rust dependency management", "rust testing strategy", "rust project", "scalable rust", "rust CI setup", or needs guidance on senior-level Rust development patterns, workspace design, code organization strategies, or production-ready Rust architectures.
microservices-patterns
Design microservices architectures with service boundaries, event-driven communication, and resilience patterns. Use when building distributed systems, decomposing monoliths, or implementing microservices.
feishu-user-plugin
All-in-one Feishu MCP server + CLI tool — send messages as yourself (incl. batch_send), read group/P2P chats (auto-expands merge_forward), manage docs/tables/wiki (full CRUD)/drive, OKR (with progress writes), calendar (read+write), Tasks v2, multi-profile auto-switch, real-time WS events. v1.3.15: manage_doc_block gains a table create mode — agents stop guessing the table block_type (tables are 31, not 40); the plugin builds the block_type=31 table, fills each cell by updating its auto-created text block (no stray empty blocks), resolves cells scoped (no whole-doc 500-block cap) and fails loud rather than silently dropping content. UAT refresh now self-heals a benign refresh_token rotation race: on invalid_grant it re-reads disk and adopts a peer's freshly-persisted valid token (snapshotting the sent token pre-await for the in-process hot-reload case) instead of false-flipping to UAT_REVOKED and pushing the user through a needless oauth re-consent.
bounty-api
Use when bug-bountying an API target — REST, GraphQL, gRPC, WebSocket. Covers OWASP API Top 10 (BOLA, BFLA, mass assignment, rate limiting bypass, JWT issues, GraphQL abuse). Triggers on "bounty api", "graphql security", "rest api testing", "api top 10".
microservices-patterns
Design microservices architectures with service boundaries, event-driven communication, and resilience patterns. Use when building distributed systems, decomposing monoliths, or implementing microservices.
sglang-model-gateway
SGLang Model Gateway (`sgl-model-gateway`, formerly `sgl-router`) — Rust router fronting vLLM and SGLang inference workers on Kubernetes. Covers first-class vLLM gRPC backend plus HTTP transparent-proxy for vanilla vLLM, the policy set (six `--policy` values, `cache_aware` default), tokenizer-format dispatch (`tokenizer.json` HF-fast vs `tiktoken.model` BPE — including when neither is required because `cache_aware` is text-based), air-gapped recipe (gateway ignores `HF_ENDPOINT`, mount tokenizer files on PVC only when actually needed), K8s manifests with `model_id` labels and per-model RBAC, three HA mitigations (single + PDB, `sessionAffinity: ClientIP`, `--enable-mesh` CRDT sync), and a pitfall catalog covering the Dec 2025 `sgl-router` → `sgl-model-gateway` rename and over-engineered tokenizer init-container traps.
doncheli-api-contract
Design complete API contracts covering endpoints, auth, rate limiting, error handling, retries, circuit breaker and idempotency. Activate when user mentions "api contract", "api design", "endpoint", "webhook", "REST", "GraphQL", "OpenAPI", "design the API".
backend-developer
Backend Developer (/be, alias: James, /james) - Senior Backend Developer with 10+ years experience. Covers Java/Spring Boot (default), Kotlin, Python/FastAPI, PHP/Laravel, Quarkus, and Kafka/messaging - detects the project's stack and loads the matching reference. Use when implementing server features, REST APIs, business logic, persistence, messaging, or unit/integration tests in any of these stacks.
adr-generator
Create comprehensive Architectural Decision Records (ADRs). Researches the destination directory to detect existing template conventions, gathers context, determines next ADR number, generates the ADR, validates completeness, and saves. Supports multiple ADR formats (MADR, Nygard, Alexandrian, project canonical). Use when documenting technical decisions or creating new ADR files. Use when you say "write an ADR", "document this decision". Do NOT use to debate or review an existing ADR (use adr-review).
go-bootstrap
Bootstraps a new Go project from scratch with hexagonal architecture, testcontainers, CI pipeline, and the full skill/agent suite installed. Use when starting a new project or microservice.
dojo-indexer
Set up and configure Torii indexer for GraphQL queries, gRPC subscriptions, and SQL access. Use when indexing your deployed world for client queries or real-time updates.
golang-grpc
Provides gRPC usage guidelines, protobuf organization, and production-ready patterns for Golang microservices. Use when implementing, reviewing, or debugging gRPC servers/clients, writing proto files, setting up interceptors, handling gRPC errors with status codes, configuring TLS/mTLS, testing with bufconn, or working with streaming RPCs.
code-documenter
Use when adding docstrings, creating API documentation, or building documentation sites. Invoke for OpenAPI/Swagger specs, JSDoc, doc portals, tutorials, user guides.
golang-pro
Use when building Go applications requiring concurrent programming, microservices architecture, or high-performance systems. Invoke for goroutines, channels, Go generics, gRPC integration.
microservices-architect
Use when designing distributed systems, decomposing monoliths, or implementing microservices patterns. Invoke for service boundaries, DDD, saga patterns, event sourcing, service mesh, distributed tracing.
define-architecture
Capture the architecture of the project — platforms, service shape (monolith vs. modular vs. services), integrations, data flow, trust boundaries, and multi-tenancy. Use when the project-builder agent is gathering architecture information.
survey
Explore codebase structure, entry points, tech stack, hotspots, and call graphs
api-examples
Generate API usage examples and tutorials from code analysis
api-design
API design principles for REST, GraphQL, and gRPC
interface-design
Design It Twice — spawn 3-4 parallel sub-agents producing radically different interfaces for a module, then compare on depth, locality, and seam placement. Use before committing to a new interface or public API.
architecture-runtime-topology
Use when code work touches runtime shape: services, app/CLI/background flows, deployment/IaC, observability, resilience, external integrations, ownership, and runtime coupling.
dare-layered-design
Enforce arquitetura estrita de 4 camadas (Handlers, Services, Repositories, Models) em todos os projetos DARE, independente de linguagem ou framework. Inspirado em "Layered Design for Ruby on Rails Applications" de Vladimir Dementyev (Evil Martians).
setup
Initialize a project with the SpecRails workflow. Generates project-specific data files: .specrails/config.yaml, personas, memory directories, backlog config, and CLAUDE.md snippet. Does NOT copy logic files — the sr plugin already provides all agents, skills, and commands.
anki
Create decks and add cards/flashcards to the user's AnkiWeb account from the command line. Bundles a self-contained Python CLI plus the user's AnkiWeb credentials, so no setup is required. Use whenever the user wants to add a flashcard or note to Anki/AnkiWeb, create or remove an Anki deck, or list their existing Anki decks or note types — e.g. "add a card to my Spanish deck", "make an Anki deck called X", "save this as a flashcard".
api-design
This skill should be used when the user needs to "design the API", do "endpoint design", pin down a "request/response shape", choose a "pagination" strategy (cursor vs offset), add an "idempotency key" to a write, plan "API versioning", an "error contract", or pick between "REST vs gRPC vs GraphQL" or "WebSocket vs polling". Use it whenever a design has reached the interface — the concrete request, response, primary access path, and how clients page, retry, and version — even if the user only said "the boxes talk to each other".
cover-letter
Generate a cover letter from a job description using Sukhrob's resume. Applies humanizer for natural tone.
api-design
Design production-grade REST, GraphQL, gRPC, and Python library APIs with correct schemas, error contracts, auth, and versioning. Use when the user asks to design an API, define endpoints, create an OpenAPI/Swagger spec, design a GraphQL schema, build a gRPC service, model request/response with Pydantic, add pagination, or review API contracts. NOT for building MCP server tools (use mcp-server). NOT for Node.js/Express API routes or backend patterns (use backend-patterns or typescript-development).
microservices-patterns
Design microservices architectures with service boundaries, event-driven communication, and resilience patterns. Use when building distributed systems, decomposing monoliths, or implementing microservices.
grepai-storage-qdrant
Configure Qdrant vector database for GrepAI. Use this skill for high-performance vector search.
webvuln
Web vulnerability hunting playbook. Use after recon, when you have specific hosts/endpoints to test for IDOR/BAC, injection, auth flaws, SSRF, and known CVEs. Emphasizes real PoC + concrete impact.
microservice-patterns
【微服务模式】微服务架构设计模式,包含服务拆分、通信方式、数据管理、服务发现、熔断降级、链路追踪。 触发时机: - 用户要求"微服务架构"、"服务拆分" - 需要设计分布式系统 - 需要实现服务治理 提供模式选择建议和代码实现。
implementing-api-patterns
API design and implementation across REST, GraphQL, gRPC, and tRPC patterns. Use when building backend services, public APIs, or service-to-service communication. Covers REST frameworks (FastAPI, Axum, Gin, Hono), GraphQL libraries (Strawberry, async-graphql, gqlgen, Pothos), gRPC (Tonic, Connect-Go), tRPC for TypeScript, pagination strategies (cursor-based, offset-based), rate limiting, caching, versioning, and OpenAPI documentation generation. Includes frontend integration patterns for forms, tables, dashboards, and ai-chat skills.
shell-scripting
Write robust, portable shell scripts with proper error handling, argument parsing, and testing. Use when automating system tasks, building CI/CD scripts, or creating container entrypoints.
api-contract-reviewer
Reviews REST + gRPC contracts for stability, versioning, completeness, backwards compatibility. References rest-api-architect / protobuf-architect / grpc-architect for rules; runs `buf breaking` / `openapi-diff`. Severity-keyed findings. Use when reviewing a new endpoint, proto change, or before a breaking-change release.
event-driven-architect
Event-driven architecture — event/command taxonomy, Protobuf schemas, topic naming, mandatory outbox, partitioning, idempotency, DLQs, schema evolution. Broker-agnostic (NATS/Kafka/RabbitMQ). Use when designing event flows or auditing consistency.
grpc-architect
Vanilla gRPC standards — .proto services, status.Error with standard codes, domain→code mapping, interceptor chain (auth/log/recovery/validation/metrics), client deadlines, context propagation, reflection off in prod, bufconn testing. Language-agnostic; Go examples. Use when designing or reviewing a gRPC service.
mcp-architect
MCP (Model Context Protocol) 2025-11-25 server standards — tool/resource/prompt primitives, capability negotiation, Streamable HTTP transport with Mcp-Session-Id, OAuth 2.1 + RFC 8707 resource indicators, tool annotations (readOnly/destructive/idempotent), structured output, JSON-RPC error mapping, prompt-injection and SSRF defenses, MCP Inspector testing. Python (FastMCP) and Go (official SDK) recipes. Use when designing, reviewing, or scaffolding an MCP server.
protobuf-architect
Protocol Buffers (proto3) standards — Buf-style package naming, protovalidate (CEL), buf toolchain for lint/breaking/generation, field-number reservation, well-known types. Language-agnostic schema design. Use when designing or evolving .proto files.
drift-canary
Compatibility and schema drift canary — checks for database schema migration safety, breaking API contract changes, serializable payload mismatches, and backward compatibility drift. Triggers on keywords: "/drift-canary", "drift-canary", "contract drift", "breaking changes". Use when changing DB schemas, API contracts, serialized payloads, or required config keys.
api
Use for REST API contracts: endpoints, fields, evolution, status codes, errors, pagination, idempotency.
code-breaking-changes
Breaking changes
deploy-django-app
Deploy a Django app behind nginx using a gunicorn unix socket (wrapper-dir layout). Reference recipe — derive a per-host user skill from it.
reusability
This skill should be used when designing, planning, implementing, or reviewing any non-trivial change, or when the user asks to "generalize this", "extract shared util", "deduplicate this" — enforces DRY, well-defined abstractions, and composable components so code is written once and used many times
sematext-otel
Wire a service's OpenTelemetry output to Sematext Cloud. Walks through region, App-type, instrumentation flow (managed OTLP endpoint vs Sematext Agent), and signal selection (traces/metrics/logs), then produces the exact env-var block and points at a runnable reference example in this repo. Invoke when instrumenting a new app for Sematext.
commodity-pricing
Analyze commodity pricing and trading systems including forward curves, option models, position management, risk metrics, and regulatory reporting. Use when: 'review pricing models', 'audit trading system', 'evaluate VaR implementation', 'check commodity risk management', 'assess ETRM system', 'review derivatives valuation', 'analyze energy trading platform', 'evaluate hedge accounting'.
telemetry-canary
Observability and structured logging canary — checks for structured logs (JSON), OpenTelemetry metrics/traces, proper error stack traces, and flags empty catches or silent log swallowing. Triggers on keywords: "/telemetry-canary", "telemetry-canary", "observability audit", "structured logging". Use when adding or changing logging, metrics, tracing, or error-handling code.
pattern-architect-api-endpoint
Resource-oriented REST design — the single authority for API endpoint shape decisions (paths, verbs, request / response body, status codes, error envelope, pagination, sorting, filtering, versioning, idempotency policy, rate-limit policy, trailing-slash spelling). Activate when designing, adding, or refactoring an HTTP endpoint, controller, or handler. Every decision lands in the api contract at `docs/api-contract/<entity>.yaml` which engineers implement against and reviewers verify.
api-designer
Expert guidance on API design including REST vs GraphQL vs gRPC selection, endpoint patterns, authentication strategies, and versioning
api-sculptor
Designs and implements APIs: REST, GraphQL, gRPC, and WebSocket. Produces OpenAPI 3.1 specs, GraphQL SDL schemas, Protocol Buffer definitions, and working server implementations. Use this skill when the user asks about API design, endpoint structure, schema definition, versioning strategy, pagination, authentication, rate limiting, or any API implementation work. Also triggers on "design an API for," "write an OpenAPI spec," "create a GraphQL schema," "set up gRPC," "REST API best practices," or casual requests like "I need endpoints for my app" or "how should I structure my API."
pipeline-architect
Designs and implements data pipelines: ETL/ELT, streaming, batch processing, schema migrations, and data warehouse architecture. Covers Kafka, Airflow, dbt, Spark, ClickHouse, BigQuery, Snowflake, Redis Streams, and more. Use this skill when the user asks about data pipelines, ETL jobs, data transformation, streaming setup, data warehouse design, CDC, schema migrations, data quality checks, or anything involving moving data from source to target. Also triggers on "build a pipeline," "migrate data from X to Y," "set up streaming," "design my data warehouse," or "data quality is bad, help me fix it."
build-data-pipeline
Build a Sui data indexer or analytics pipeline. Use when the user wants to index Sui events, build a pipeline, or query Sui RPC data.
sast-analysis
Perform codebase analysis and architecture mapping as the first phase of a security assessment. Explores the tech stack, frameworks, entry points, data flows, and trust boundaries. Outputs sast/architecture.md. Run this before any vulnerability detection skill. Use when asked to analyze a codebase for security or when sast/architecture.md does not yet exist.
spotify-web-api-with-fixes-and-improvements-from-sonallux
Spotify Web API with fixes and improvements from sonallux API skill. Use when working with Spotify Web API with fixes and improvements from sonallux for albums, artists, shows. Covers 97 endpoints.
square
Square API skill. Use when working with Square for mobile, oauth2, {location_id}. Covers 327 endpoints.
api-contract-first
Hard gate before implementing any API endpoint or service interface. Requires a written, reviewed contract (OpenAPI 3.x, protobuf, or GraphQL schema) before any implementation code is written. Prevents breaking changes, misaligned clients, and undocumented behaviour.
aspnet-core
Build, review, refactor, or architect ASP.NET Core web applications using current official guidance for .NET web development. Use when working on Blazor Web Apps, Razor Pages, MVC, Minimal APIs, controller-based Web APIs, SignalR, gRPC, middleware, dependency injection, configuration, authentication, authorization, testing, performance, deployment, or ASP.NET Core upgrades.
microservices-patterns
Design microservices architectures with service boundaries, event-driven communication, and resilience patterns. Use when building distributed systems, decomposing monoliths, or implementing microservices.
skill-atlas
Find the right public AI-agent skill for a job — and know whether to trust it. Load when about to start a task type (Upwork freelancing, technical interviews, office documents, MCP/tool building, prompt engineering, web/frontend, data analysis, learning English) and you want to know which existing public skills to pull in, rated by source reputation and freshness. Answers "which skill do I load for X, and can I trust it?"
opentelemetry-skill
Use when working with OpenTelemetry - configuring collectors, designing pipelines, instrumenting applications, implementing sampling strategies, managing cardinality, securing telemetry data, troubleshooting observability issues, writing OTTL transformations, making production observability architecture decisions, or setting up observability for AI coding agents (Claude Code, Codex, Gemini CLI, GitHub Copilot, and others)
sui-frontend
Sui frontend dApp development with @mysten/dapp-kit-react (React) and @mysten/dapp-kit-core (Vue, vanilla JS, other frameworks). Use when building browser apps that connect to Sui wallets, query on-chain data, or execute transactions. Use alongside the sui-ts-sdk skill for PTB construction patterns.
api-doc-generator
从代码生成API文档和OpenAPI规范,支持多种后端框架。 使用场景:为REST API项目生成OpenAPI 3.0规范、创建或更新API接口文档。
api
API skill. Use when working with for extractor. Covers 1 endpoint.
openapi-generator-online
OpenAPI Generator Online API skill. Use when working with OpenAPI Generator Online for api. Covers 7 endpoints.
ts-ddd-adr-writer
Write a structured Architecture Decision Record (ADR) for any technology or design choice in a TypeScript DDD clean architecture project. Trigger when the user says "document this decision", "write an ADR", "why did we choose X", "we decided to use Y instead of Z", "record this architecture choice", or when a significant design trade-off is being discussed and should be captured for the team. Also trigger when the user debates between two patterns (e.g. TypeORM vs Prisma, REST vs gRPC, monolith vs microservices).
api-design-reviewer
当评审新增/改动 API 端点的 PR、为 v2 迁移审计现有 API 或为团队制定 API 规范时使用;做 REST 约定 lint、破坏性变更检测与设计评分,产出问题清单与改进建议;不适用于 GraphQL/gRPC 接口设计、纯实现编码或后端性能压测;触发词:API 设计评审、api review、REST 规范、breaking change、破坏性变更、OpenAPI lint、接口评审、versioning
api-test-suite-builder
当需要为 REST API 批量补齐集成/契约测试时使用;扫描 Next.js/Express/FastAPI/Django REST 路由并生成覆盖鉴权、入参校验、错误码、分页、文件上传、限流的可运行测试套件(Vitest+Supertest 或 Pytest+httpx);不适用于纯前端 UI、单元测试或 GraphQL/gRPC;触发词:生成 API 测试、集成测试套件、契约测试
system-architect
System architecture skill for designing scalable, maintainable software systems. Covers microservices/monolith decisions, API design, DB selection, caching, security, and scalability planning.
observability
Observability Baseline
devrel-analyst
Query the walter_devrel_analytics Postgres database to surface DevRel content performance insights (top threads, optimal posting hours, hook pattern analysis, ROI per content piece, weekly digest). Use before drafting new content on a topic, when the user asks about engagement trends, or for the weekly digest workflow. Work/ context only — requires ANALYTICS_DB_URL. Supports --dry-run for CI. Read-only.
solana-rpc-review
Specialized review for Solana RPC infrastructure code — Yellowstone gRPC streaming plugins, Geyser plugins, Old Faithful (historical access), Dragon's Mouth subscriptions, RPC method handlers. Use this skill on any PR or diff that touches RPC handlers, gRPC streaming code, Geyser plugin code, account/transaction streaming, or anything in [Company]'s hot path. Catches concurrency bugs, allocation in hot paths, missing backpressure, account-size mistakes, compute budget violations, and stake-weighted QoS misconfiguration.
agent-collaboration
Enable multi-agent brainstorming and collaborative problem-solving using pub/sub messaging. Use for complex decisions requiring multiple perspectives.
system-design
Architecture reference - core concepts, technologies, system patterns, software design patterns, anti-patterns, and real-world case studies. Use when designing systems, evaluating tradeoffs, choosing technologies, or selecting an appropriate design pattern.
api-design-plan
Planning and designing scalable, secure, and intuitive APIs
go-refactor
Safe refactoring agent. First documents all inbound surfaces (HTTP, gRPC, message queues, etc.), creates exhaustive e2e tests with testcontainers to lock behavior, then plans and executes the rewrite with type-level compatibility guarantees. Use when restructuring, rewriting, or migrating existing code.
go
Go project layout, HTTP handlers, interfaces, goroutines, error wrapping, table-driven tests, slog logging
saas-api-security
Audit SaaS API surface security including rate limiting, CORS configuration, webhook signature verification, GraphQL query depth/complexity, REST API best practices, idempotency keys, request signing, and API key management. Use this skill whenever the user asks about rate limiting, CORS, webhook security, HMAC signatures, GraphQL security, API abuse, throttling, idempotency, replay protection, or "is my API safe". Trigger on phrases like "audit my API", "review my CORS", "webhook security", "rate limit", "GraphQL depth attack", "API abuse", "signature verification". Use this even when only one API surface is mentioned.
saas-code-security-review
Application-code security review for SaaS backends focusing on authentication, authorization, IDOR/BOLA, SSRF, JWT handling, injection (SQL/NoSQL/command/template), deserialization, mass assignment, and SAST findings. Multi-stack (Node/TypeScript, Python, Go, Java, Ruby). Use this skill whenever the user asks to review code for security bugs, find IDOR or BOLA vulnerabilities, audit auth flows, check JWT validation, look for SSRF, hunt for injection, review session management, or interpret SAST output from CodeQL/Semgrep/Snyk Code. Trigger on phrases like 'review this code for security', 'find IDOR', 'is my JWT validation safe', 'SSRF check', 'SAST report', 'auth bypass', 'BOLA', 'audit my auth', 'session security'. Use this when the user shares a code file and security context.
api-security
API security review against OWASP API Top 10 2023. Covers auth (OAuth2/JWT/API-keys), object-level authorization (BOLA/IDOR), schema validation, rate-limiting, CORS, SSRF, and GraphQL-specific concerns (introspection, query depth, batching).
sol-parser-sdk-bot
Use this skill when developing bots or SDK integrations with sol-parser-sdk, including Rust and multi-language variants, direct parsing, Yellowstone gRPC subscriptions, event filters, account subscriptions, ShredStream, RPC transaction replay, DEX event matching, and parser contribution work. Supports Chinese and English prompts, including 解析, 事件过滤, 交易解析, 账户订阅, 按签名解析, DEX 事件, parser 开发, 多语言 SDK.
sol-safekey-bot
Use this skill when integrating sol-safekey into Solana bots or tools, including encrypted keystores, interactive wallet management, password handling, wallet unlock, bot startup scripts, SOL/SPL/WSOL operations, durable nonce setup, and secure key handling for Rust or multi-language bot stacks. Supports Chinese and English prompts, including 钱包, 私钥, keystore, 加密, 解锁, 密码, 安全启动, SOL, SPL, WSOL, nonce.
sol-trade-sdk-bot
Use this skill when building or modifying Solana trading code with sol-trade-sdk, including Rust and multi-language variants, DEX buy/sell params, PumpFun/PumpSwap/Bonk/Raydium/Meteora trading, SWQoS/MEV services, gas fee strategy, durable nonce, address lookup tables, middleware, sniping, and copy trading execution. Supports Chinese and English prompts, including 买入, 卖出, 发单, 交易参数, 狙击, 跟单, SWQoS, MEV, gas 策略, nonce, 多语言 SDK.
solana-bot-sdk-orchestrator
Use this skill when building Solana trading bots or automation that combines solana-streamer, sol-parser-sdk, sol-trade-sdk, and sol-safekey, including multi-language SDK variants for Rust, Node.js/TypeScript, Python, and Go. Supports Chinese and English prompts, including Solana Bot, 狙击, 跟单, 监听, 钱包安全, 多语言 SDK, 交易执行, 风控, Codex, Claude Code, Cursor.
solana-streamer-bot
Use this skill when building bot-facing event streams with solana-streamer or solana-streamer-sdk, including Yellowstone gRPC, ShredStream, dynamic subscriptions, DexEvent callbacks, account filters, RPC transaction replay, and migration from older trait-based streamer APIs. Supports Chinese and English prompts, including 事件流, 监听, 订阅, gRPC, ShredStream, 账户过滤, 回调, RPC 回放, 低延迟.
pm-prd-writer
把模糊需求转化为可评审的产品需求文档(PRD)。当用户说"写个需求文档"、"帮我出PRD"、"这个功能怎么写需求"、"我有个想法想落地"、"把这个需求整理成文档"、"需求评审要用的PRD",或者用户描述了一段功能但没有结构化时,使用这个 Skill。 也适用于:用户上传了原始需求描述/会议纪要/聊天截图并要求整理成PRD;用户说"PRD"、"产品需求"、"需求文档"、"功能说明书"等关键词;用户要求对已有PRD进行补全、优化、查漏补缺。 不适用于:纯技术方案设计(用 architecture / 本项目用 tech-architect agent)、纯 UI 稿标注(用 design-handoff / 本项目用 visual-spec-author agent)、项目管理类文档(用 status-report)。 本项目集成说明:在 /new-feature 流水线中由 A1 product-expert agent 直接调用本 skill 的"质量检查清单"做自检;PM 不在流水线中直接写 PRD 时可主动唤起本 skill。
arch-guidance
Consult and apply the repository architecture reference when discussing system architecture, module boundaries, directory layout, service interfaces, Docker Compose, Kubernetes deployment, or operational entry points. Use when a user asks about architecture, refactors, project structure, deployment models, or infra layout.
grpc-standards
Use when working with gRPC services, protobuf definitions, Protocol Buffers, streaming RPCs, interceptors, or gRPC client configuration in .NET. Provides domain-specific rules layered on top of base architectural standards.
api-design
Designs APIs with contract-first, consumer-driven approach including validation at boundaries, consistent error responses, and security focus. Generates types from OpenAPI/Swagger. Use when designing an API, creating endpoints, API architecture, REST design, building an API, defining contracts, new service, or when starting API work.
aio-golang-mastery
Write, review, and lint Go code. Lint mode runs go build, go vet, golangci-lint, govulncheck, nilaway, deadcode, and race detection, then applies idiomatic fixes. Reference mode covers concurrency, error handling, generics, testing, gRPC, and production hardening.
aio-grafana-diagram
Create Grafana diagrams for system visualization — analyzes codebase to auto-generate Mermaid diagrams with metric binding. For standalone Mermaid diagrams use aio-mermaid instead.
dojo-indexer
Set up and configure Torii indexer for GraphQL queries, gRPC subscriptions, and SQL access. Use when indexing your deployed world for client queries or real-time updates.
serialization
Choose the right serialization format for .NET applications. Prefer schema-based formats (Protobuf, MessagePack) over reflection-based (Newtonsoft.Json). Use System.Text.Json with AOT source generators for JSON scenarios.
deploying-triton
Deploys and manages NVIDIA Triton Inference Server containers. Automates model repository setup, config generation, and health checks. Use for "triton 서버", "triton 실행", "모델 서빙", "inference server" requests.
apex-pipeline
Unified application security testing workflow — combines recon, SAST, DAST, manual hunting, validation, and reporting into a single orchestrated pipeline. Runs as an "app" with automated phase transitions. Supports web apps (React, Next.js, Django, Flask, Laravel, Spring, Rails, Express), mobile APIs, GraphQL, REST, gRPC, and microservices. Phases — Phase 0 (target intake + scope lock), Phase 1 (passive recon + tech fingerprint), Phase 2 (SAST deep scan via semgrep/grep/trufflehog), Phase 3 (DAST active probing — nuclei/ffuf/dalfox), Phase 4 (manual hunt — IDOR/SSRF/XSS/SQLi/auth-bypass/race/business-logic/LLM), Phase 5 (chain building + impact escalation), Phase 6 (7-Question Gate validation), Phase 7 (report generation). Use when starting a full security assessment on any application, when asked to "test this app", "audit this codebase", "find bugs in this project", or when you need an end-to-end security workflow that combines static and dynamic analysis with manual expertise.
diagramador
Genera diagramas de arquitectura y flujo en formato Mermaid. Usa cuando el usuario solicite visualizaciones de sistema, flujos de datos, o diagramas de componentes.
prosa-dev-workflow
Local development workflow for the prosa repository. Use when orienting in the codebase, choosing validation commands, or changing project-level tooling.
Integration detected automatically from skill content. Some results may be false positives.