Marketplace
Find the right skill for the job.
Browse the full catalog through outcome-first channels, technical facets, rating filters, and server-side pagination built for a large public marketplace.
cloudflare-workers-security
A Cloudflare Workers security skill providing authentication, CORS, rate limiting, and input validation patterns to protect APIs from common vulnerabilities like unauthorized access, injection attacks, and abuse.
github-project-automation
This skill automates GitHub repository setup with pre-configured CI/CD workflows, security scanning (CodeQL, Dependabot), and structured issue templates, preventing common YAML and configuration errors while ensuring best practices.
backend-dev
This skill orchestrates a complete backend development workflow, transforming business requirements into production-ready systems with expert-led architecture, secure implementation, and automated DevOps pipelines.
dotnet-local-tools
Managing local .NET tools with dotnet-tools.json for consistent tooling across development environments and CI/CD pipelines.
notebooklm-skill
Use this skill to query your Google NotebookLM notebooks directly from Claude Code for source-grounded, citation-backed answers from Gemini. Browser automation, library management, persistent auth. Drastically reduced hallucinations through document-only responses.
github-multi-repo
This skill coordinates changes across multiple GitHub repositories using swarm intelligence. It synchronizes package versions, manages cross-repo dependencies, and optimizes repository structures. The tool helps teams maintain consistency when working with distributed codebases.
error-tracking
This skill provides detailed patterns for integrating Sentry v8 error tracking and performance monitoring into Node.js services. It includes specific code examples for controllers, routes, workflows, cron jobs, and database operations with clear error handling requirements.
moai-worktree
A Git worktree management system designed for parallel SPEC development. It creates isolated workspaces for each SPEC, maintains a central registry, and integrates with MoAI-ADK's plan-run-sync workflow. Provides CLI commands for creation, switching, syncing, and cleanup of worktrees.
k8s-core
Core Kubernetes resource management for pods, namespaces, configmaps, secrets, and nodes. Use when listing, inspecting, or managing fundamental K8s objects.
firebase-storage
Build with Firebase Cloud Storage - file uploads, downloads, and secure access. Use when: uploading images/files, generating download URLs, implementing file pickers, setting up storage security rules, or troubleshooting storage/unauthorized, cors errors, quota exceeded, or upload failed errors. Prevents 9 documented errors.
deployment-cloudflare
This skill deploys TanStack Start applications to Cloudflare Workers/Pages using GitHub Actions, managing secrets via Doppler, handling database migrations, and providing rollback procedures for Grey Haven applications.
security-compliance
Guides security professionals in implementing defense-in-depth security architectures, achieving compliance with industry frameworks (SOC2, ISO27001, GDPR, HIPAA), conducting threat modeling and risk assessments, managing security operations and incident response, and embedding security throughout the SDLC.
frankenphp
This skill provides comprehensive assistance with FrankenPHP, a modern PHP application server built on Caddy. It helps with setup, configuration, worker mode optimization, framework integration (Laravel/Symfony), Docker deployment, and implementing real-time features to enhance PHP application performance and scalability.
cloud-k8s-deployment
Provides concrete steps to deploy applications to DigitalOcean Kubernetes with multi-cloud patterns for AWS and GKE. Includes detailed setup for prerequisites like ingress, cert-manager, Dapr, and production values files. Covers cost optimization and verification checklists.
fix-code-vulnerability
Guidance for identifying and fixing security vulnerabilities in code. This skill should be used when asked to fix security issues, address CVEs or CWEs, remediate vulnerabilities like injection attacks (SQL, command, CRLF, XSS), or when working with failing security-related tests.
sanitizing-user-inputs
Sanitizing and validating user input to prevent XSS, injection attacks, and security vulnerabilities in TypeScript applications
secrets-gitleaks
Hardcoded secret detection and prevention in git repositories and codebases using Gitleaks. Identifies passwords, API keys, tokens, and credentials through regex-based pattern matching and entropy analysis. Use when: (1) Scanning repositories for exposed secrets and credentials, (2) Implementing pre-commit hooks to prevent secret leakage, (3) Integrating secret detection into CI/CD pipelines, (4) Auditing codebases for compliance violations (PCI-DSS, SOC2, GDPR), (5) Establishing baseline secret detection and tracking new exposures, (6) Remediating historical secret exposures in git history.
Tekton
Provides expert guidance on Tekton Pipelines, a Kubernetes-native CI/CD framework, offering best practices for building, testing, and deploying applications with declarative, reusable workflows and troubleshooting assistance.
Homelab
This skill provides expert assistance for managing personal NixOS homelab infrastructure, including system configurations, service deployments, DNS management, and keyboard firmware builds, with built-in safety protocols for remote deployments.
jackson-security
Security considerations for Jackson JSON deserialization in Java applications. Covers timing of validation, raw input interception, and common deserialization attack patterns.
qemu-alpine-ssh
Guidance for setting up QEMU virtual machines with Alpine Linux and SSH access. This skill should be used when tasks involve starting QEMU with Alpine Linux ISO, configuring port forwarding for SSH, setting up OpenSSH server in Alpine, or troubleshooting QEMU networking issues.
Convex Security Check
Quick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling
api-authentication
Secure API authentication with JWT, OAuth 2.0, API keys. Use for authentication systems, third-party integrations, service-to-service communication, or encountering token management, security headers, auth flow errors.
security-practices
This skill provides Grey Haven Studio's security best practices for TanStack Start and FastAPI applications, covering input validation, output sanitization, secret management with Doppler, and OWASP Top 10 defenses to ensure robust application security.