Marketplace
Find the right skill for the job.
Browse the full catalog through outcome-first channels, technical facets, rating filters, and server-side pagination built for a large public marketplace.
update-buttercut
This skill automates updating the ButterCut CLI tool with dual update paths: git pull for git repositories or direct download from GitHub. It includes backup creation, version verification, and test execution to ensure updates don't break existing functionality. The workflow handles edge cases like uncommitted changes and provides clear failure reporting.
windows-expert
Provides practical guidance for Windows-WSL interoperability tasks including path conversion, executable calling, and system administration. Covers common pain points like file permissions, line endings, and networking quirks. Focuses on actionable commands rather than theoretical concepts.
frontend-htmx
Provides a complete Rust stack for building web applications with server-side rendering using Axum, Askama templates, and HTMX for dynamic interactions. Eliminates JavaScript build toolchains and deploys as a single binary. Includes template examples, handler patterns, and HTMX attribute usage for common UI updates.
self-improving
Use when starting infrastructure, testing, deployment, or framework-specific tasks - automatically searches PRPM registry for relevant expertise packages and suggests installation to enhance capabilities for the current task
cybersecurity-analyst
Analyzes events through cybersecurity lens using threat modeling, attack surface analysis, defense-in-depth, zero-trust architecture, and risk-based frameworks (CIA triad, STRIDE, MITRE ATT&CK). Provides insights on vulnerabilities, attack vectors, defense strategies, incident response, and security posture. Use when: Security incidents, vulnerability assessments, threat analysis, security architecture, compliance. Evaluates: Confidentiality, integrity, availability, threat actors, attack patterns, controls, residual risk.
container-signing
Provides a complete GitHub Actions workflow for signing Docker images with Cosign and generating SLSA provenance attestations. Includes Dockerfile labels, permission setup, verification commands, and troubleshooting guidance for implementing container supply chain security.
log-classifier
Automatically classifies log files into 10 types using path patterns, keywords, and metadata analysis. Provides confidence scores, reasoning, and suggested fields. Handles both new logs and reclassification of existing files with clear error handling.
core-reviewer
A code review agent that systematically checks functionality, security, performance, and maintainability. Provides concrete examples of issues and fixes, includes checklists and prioritization guidelines. Integrates with existing tools like linting and testing frameworks.
k8s-security-policies
This skill implements Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC to secure clusters, enforce network isolation, and apply pod security standards for production-grade, compliant environments.
docusaurus
A Docusaurus documentation expert skill that helps create, configure, and deploy modern documentation sites. It provides guidance on MDX authoring, plugin development, theming, versioning, i18n, and deployment to platforms like GitHub Pages and Vercel.
4-step-program
A coordinator workflow that enforces a fix-review-iterate loop for Docker agents, requiring GitHub PR posting for all code reviews. It ensures 100% issue coverage and 10/10 review quality before presenting to humans.
deployment-management
Manages LangGraph Cloud deployments via CLI commands for listing, filtering, and deleting test resources. Focuses on cleanup workflows with environment variable handling and interactive confirmation prompts to prevent accidental deletion.
gitlab-ci-patterns
Provides ready-to-use GitLab CI/CD pipeline templates for common scenarios including multi-stage workflows, Docker builds, Kubernetes deployments, Terraform automation, and security scanning. Includes caching strategies and best practices for pipeline optimization.
springboot-security
Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.
prowler-compliance
Creates and manages Prowler compliance frameworks. Trigger: When working with compliance frameworks (CIS, NIST, PCI-DSS, SOC2, GDPR, ISO27001, ENS, MITRE ATT&CK).
browser-automation
Browser automation via HTTP server. Supports multiple concurrent sessions for multi-user testing, saved flows, and profile-based auth persistence.
devops-engineer
Use when setting up CI/CD pipelines, containerizing applications, or managing infrastructure as code. Invoke for pipelines, Docker, Kubernetes, cloud platforms, GitOps.
vulnerability-scanner
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
tensorrt-llm
Optimizes LLM inference with NVIDIA TensorRT for maximum throughput and lowest latency. Use for production deployment on NVIDIA GPUs (A100/H100), when you need 10-100x faster inference than PyTorch, or for serving models with quantization (FP8/INT4), in-flight batching, and multi-GPU scaling.
SSH Penetration Testing
This skill should be used when the user asks to "pentest SSH services", "enumerate SSH configurations", "brute force SSH credentials", "exploit SSH vulnerabilities", "perform SSH tunneling", or "audit SSH security". It provides comprehensive SSH penetration testing methodologies and techniques.
Pentest Checklist
This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements.
qa-gate-gcp
Pre-production validation gate for GCP stack (Cloud Run/Functions/App Engine, Firestore/Cloud SQL, Firebase Auth/Identity Platform) — generates test plans, executes test suites, validates APIs, UI, toasts, LLM output quality, and produces go/no-go reports
nano-banana-2
Gemini image generation, editing, and search-grounded image creation via gemini-3.1-flash-image-preview (Nano Banana 2). USE FOR: - Generating images from text prompts (text-to-image) - Editing or transforming an existing image with text instructions - Generating images grounded in live web/image search results Requires GEMINI_API_KEY environment variable. See rules/setup.md for configuration and rules/security.md for output handling guidelines.
api-security-testing
API安全测试的专业技能和方法论