Marketplace
Find the right skill for the job.
Browse the full catalog through outcome-first channels, technical facets, rating filters, and server-side pagination built for a large public marketplace.
monitoring-setup
Provides configuration templates and best practices for setting up Prometheus, Grafana, and alerting systems. Includes practical examples for Kubernetes monitoring, RED/USE methodologies, and SLO definitions. Focuses on operational observability rather than automated deployment.
handler-storage-local
A local filesystem storage handler for the fractary-file plugin that provides basic file operations (upload, download, delete, list) with structured JSON responses. It focuses on path safety validation and clear error reporting for local development workflows.
clawsec-nanoclaw
Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot
attack-methods-lookup
Looks up OWASP Top 10 attack methods, CWE references, and form-specific vulnerability patterns with a bounty hunter mindset. Returns attack vectors, payloads, and payout estimates. Use when user asks about "XSS", "SQL injection", "CSRF", "OWASP", "CWE", "IDOR", "injection", "bypass", "vulnerability", "exploit", "SQLインジェクション", "クロスサイトスクリプティング", "脆弱性".
Model Deployment
Deploy machine learning models to production using Flask, FastAPI, Docker, cloud platforms (AWS, GCP, Azure), and model serving frameworks
sanitize-git-repo
Guide for sanitizing git repositories by identifying and replacing sensitive information such as API keys, tokens, and credentials. This skill should be used when tasks involve removing secrets from codebases, sanitizing repositories before sharing, or replacing sensitive values with placeholders. Applies to tasks involving secret detection, credential removal, or repository cleanup for security purposes.
vuln-patterns-core
Universal vulnerability detection patterns applicable across all programming languages. Includes hardcoded secrets, SQL/command injection, path traversal, and configuration file patterns.
cfn-agent-selector
A submodule for selecting Claude agents based on task classification using shell scripts and JSON mappings. Provides basic selection and fallback strategies, integrating with a parent agent lifecycle management system. Configuration-driven approach with clear file separation.
qemu-startup
Guidance for starting and configuring QEMU virtual machines with proper serial console access. This skill should be used when tasks involve starting QEMU VMs, configuring serial console or telnet access, booting ISO images, or troubleshooting VM startup issues. Covers pre-flight checks, idempotent startup procedures, and intelligent readiness verification.
firebase-firestore
Build with Firestore NoSQL database - real-time sync, offline support, and scalable document storage. Use when: creating collections, querying documents, setting up security rules, handling real-time listeners, or troubleshooting permission-denied, quota exceeded, invalid query, or offline persistence errors. Prevents 10 documented errors.
reflective-reviewer
A self-reflection specialist that automatically analyzes completed work for quality issues, security vulnerabilities, and improvement opportunities, providing structured feedback to catch problems early before formal code review.
typescript-mcp
Build and deploy production-ready Model Context Protocol (MCP) servers using TypeScript on Cloudflare Workers, enabling API integrations, stateless tools, and edge deployments while preventing common errors.
repo-sync
A Bash script that manages 26+ Git repositories with bulk operations like status checks, pulls, commits, pushes, and branch switching. It organizes repos into work/personal categories and supports coordinated updates across related projects.
vm-bootstrap
Linux VM bootstrap verification skill. MUST BE USED when setting up new VMs or verifying environment. Supports modes: check (warn-only), install (operator-confirmed), strict (CI-ready). Enforces Linux-only + mise as canonical; honors preference brew→npm (with apt fallback). Verifies required tools: mise, node, pnpm, python, poetry, gh, railway, bd, tmux, jq, rg. Handles optional tools as warnings: tailscale, playwright, docker, bv. Never prints/seeds secrets; never stores tokens in repo/YAML; Railway vars only for app runtime env. Safe on dirty repos (refuses and points to dirty-repo-bootstrap skill, or snapshots WIP branch). Keywords: vm, bootstrap, setup, mise, toolchain, linux, environment, provision, verify, new vm
glossary-generator
This skill automatically generates a comprehensive glossary of terms from a learning graph's concept list, ensuring each definition follows ISO 11179 metadata registry standards (precise, concise, distinct, non-circular, and free of business rules). Use this skill when creating a glossary for an intelligent textbook after the learning graph concept list has been finalized.
cfn-hybrid-routing
Implements hybrid routing strategies for distributed systems with primary-secondary channel switching and load balancing. Supports failover mechanisms with configurable latency thresholds and multiple operational modes including synchronous and asynchronous routing.
deploy-automation
This skill automates deployment to multiple platforms (Vercel, Fly.io, Cloudflare, Netlify) based on project templates. It handles platform-specific configuration, runs pre-deploy checks, and returns production URLs. Supports Next.js, FastAPI, Hono, and static sites.
github-actions-templates
Provides ready-to-use GitHub Actions workflow templates for testing, building Docker images, deploying to Kubernetes, and security scanning. Includes concrete examples with specific action versions and best practices for common CI/CD scenarios.
django-security
Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations.
auth-implementation-patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.
threat-mitigation-mapping
Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.
k8s-security-policies
Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.
plaid-fintech
Expert patterns for Plaid API integration including Link token flows, transactions sync, identity verification, Auth for ACH, balance checks, webhook handling, and fintech compliance best practices. Use when: plaid, bank account linking, bank connection, ach, account aggregation.
clerk-auth
Expert patterns for Clerk auth implementation, middleware, organizations, webhooks, and user sync Use when: adding authentication, clerk auth, user authentication, sign in, sign up.