Lu1sDV
UserPersonal skills collection for Claude
Categories
Indexed Skills (23)
codeql
Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality + security-experimental suites) and "important only" (high-precision security findings) scan modes. Also handles creating data extension models and processing CodeQL SARIF output.
cook
Use when user says "cook", "let it cook", wants iterative refinement with quality gates, wants to race multiple approaches and pick the best, needs repeat passes, or wants autonomous task-list completion. Triggers: cook, let it cook, review loop, race approaches, ralph, iterate until done.
debate
Use when a technical decision has 2–4 nameable positions and the user wants a recommendation, not open-ended exploration. Triggers include "X vs Y", "A or B", "pick one", "contested trade-off", adversarial review, and decide-between requests. Skip when analysis is open-ended (use superpowers:brainstorming) or the question has no real contest. Keywords: debate, decision, contested, trade-off, versus, steelman, adversarial, argue.
tavily-web
Web search, content extraction, site crawling, URL discovery, and AI-powered research using Tavily API via curl. Use when user needs web search results, current events, news, finance data, content from URLs, site-wide extraction, or multi-topic research with citations. Trigger phrases: 'search the web', 'find online', 'extract from URL', 'crawl site', 'research topic', 'latest news about', 'web search', 'tavily'.
ctfd
Use when developing, debugging, deploying, or maintaining any CTFd instance or fork - Docker stack issues, plugin development, CSRF 302 errors, theme customization, database migrations, nginx proxy misconfig, SQLAlchemy 1.4 gotchas, pytest test infrastructure, or API 500 responses
feature-engineering
Use when building or improving time series forecasting models and the user asks about exogenous variables, calendar features, rolling statistics, cyclical encoding, differencing, or feature scaling — or when forecast accuracy has plateaued and new features may help.
glitchtip
Use when deploying, configuring, integrating, or troubleshooting GlitchTip — including self-hosted installation, SDK setup, source maps, sentry-cli, uptime monitoring, alerting, environment variables, Docker Compose, Helm, social auth, and migration from Sentry
hermes-self-evolution
Replicate the Hermes Agent self-evolving loop for agents that should learn from experience: persistent declarative memory, session recall, agent-managed procedural skills, and post-task review that creates or patches reusable skills. Use when designing, evaluating, or operating an AI agent workflow that should save durable user/project facts, recall prior conversations, turn successful non-trivial workflows into skills, and improve stale skills during use.
llm-domain-speedrun
Use when someone needs to rapidly learn an unfamiliar technical domain under a tight deadline, when previous attempts through books, courses, or unstructured practice have failed, or when bridging a fundamental knowledge gap using an LLM as a private tutor
oauth-audit
Use when auditing OAuth 2.0 / OIDC implementations against RFC 9700 (OAuth Security BCP), reviewing client or authorization-server code, evaluating PKCE / state / redirect-URI handling, hardening token exchange and refresh flows, or triaging suspected OAuth vulnerabilities (CWE-352 CSRF, CWE-287 broken auth).
ofelia
Use when scheduling tasks in Docker environments with Ofelia — configuring job-exec, job-run, job-local, job-service-run via INI files or Docker labels, cron scheduling, overlap prevention, logging to Slack/email/disk, Docker Compose integration, Swarm services, and troubleshooting scheduled container jobs
photon-geocoder
Use when geocoding addresses, reverse geocoding coordinates, building address autocomplete, or integrating location search with OpenStreetMap data via Photon API (photon.komoot.io). Triggers on "photon", "geocode", "reverse geocode", "OSM address search".
python-exploitation
Use when escaping a Python sandbox or pyjail, bypassing import/builtins/attribute or character/byte blacklists, recovering builtins after __builtins__ is stripped, exploiting pickle/marshal/PyYAML/multiprocessing deserialization, Python-template SSTI (Jinja2/RestrictedPython/str.format), bypassing PEP 578 audit hooks, crafting or abusing CPython bytecode and code objects, exfiltrating with no stdout, or reversing .pyc files. CTF / security-research focused; covers CPython 3.8–3.13.
sink-research-orchestrator
Use when sink subagents encounter unseen languages or new technique categories that require fresh comprehensive research — not well-known sinks. Orchestrates parallel research swarms with structured JSON citations. Triggers: "comprehensive", "exhaustive", "most complete", "deep dive", "unseen language", "new technique category", "long horizon", "parallel research".
skillsmp-search
Use when finding, browsing, or installing community skills, or when a needed capability might exist as a marketplace skill. Triggers on "find a skill", "search skills", "install skill", "skillsmp", or "marketplace".
ssrf-testing
Use when testing for SSRF in web applications, accessing internal services through SSRF, bypassing SSRF filters, auditing applications that fetch user-supplied URLs, or implementing SSRF prevention. Covers blind and non-blind SSRF, cloud metadata exploitation, protocol smuggling, and defense strategies.
telethon-development
Use when working with Telethon (Telegram MTProto client) — debugging FloodWaitError, mocking for tests, handling None-as-False boolean fields, entity resolution, rate limiting, session management, or version compatibility issues
test-engineering
Use when designing test strategies, planning coverage across the test pyramid, evaluating automation candidates, or improving test quality. Also use when diagnosing flaky tests, slow test suites, or coverage gaps. Framework-agnostic strategy and automation planning.
universal-research-orchestrator
Use when starting research, audit, or investigation tasks needing multi-source coverage — security/sink research, codebase audits, framework deep-dives, market comparison, or any "exhaustive / most complete / long horizon" request. Triggers on "audit", "investigate", "research", "find vulns", "exhaustive", "long horizon", "deep dive", "most complete".
vuln-research
Use when performing vulnerability research, security auditing, code analysis, bug bounty hunting, CTF challenges, penetration testing, or exploit development. Covers source audit across 30+ attack domains, sink analysis for 12 languages, SAST/DAST integration, vulnerability chaining, and proof-of-concept development. Triggers: vuln assessment, pentest, bug bounty, security audit, find vulns, exploit, ctf, code audit, hunt bugs, 0-day, SAST, DAST, taint analysis, CI/CD pipeline security, GitHub Actions, Terraform, Traefik, n8n workflow, OpenTelemetry, supply chain attack, agent sweep, find me zero days, sweep everything, automated vuln discovery, binary analysis, reverse engineering, firmware audit, kernel driver, memory corruption, ROP, fuzzing harness, patch diffing.
comprehensive-python-sink-research-workflow
Master skill documenting the complete workflow for exhaustive security sink research, from parallel agent spawning through structured citation and source archival. Covers the full lifecycle: research → synthesis → formatting → validation → archival. Use as reference for any "most complete" security analysis project.
zero-dof
Use when directing LLM coding agents on substantial development tasks — establishing executable oracles, designing agent playbooks, constraining agent output quality, or preventing metric gaming. Also use when LLM-generated code has recurring quality or architecture issues that need systematic correction. Triggers: zero dof, zero degrees of freedom, executable oracle, constrain agent, agent quality, LLM coding constraints, playbook design, oracle pipeline.
zeroclaw
Use when building, configuring, deploying, or troubleshooting ZeroClaw AI agent infrastructure — including provider setup, channel binding, memory backends, config.toml authoring, CLI usage, Docker/native runtime, and migration from other agent frameworks
Bio shown is the top-scored skill's repo description as a fallback — real GitHub bios land in a future update.