Marketplace
Find the right skill for the job.
Browse the full catalog through outcome-first channels, technical facets, rating filters, and server-side pagination built for a large public marketplace.
env-config
This skill manages environment variables and secrets across development, staging, and production environments, helping users add new variables, configure stage-specific settings, set up secrets for deployment, and debug environment-related issues.
env-config
This skill manages environment variables and secrets across development, staging, and production environments, helping with adding new variables, configuring stage-specific settings, setting up deployment secrets, and debugging environment-related issues.
checkpoint
This skill provides a checkpoint and recovery mechanism for CFN Docker orchestration, enabling crash recovery, orphan container detection, and automated resumption of wave execution to prevent work loss.
cfn-transparency-middleware
A Rust-based middleware that captures, logs, and analyzes agent interactions with memory tracking, performance metrics, and security filtering, enabling comprehensive audit trails and compliance reporting.
kubernetes-deployment
This skill generates Kubernetes manifests for deploying a full-stack todo application with frontend, backend, and MCP server components. It creates namespace, configmaps, secrets, deployments, services, and ingress configurations specifically for Minikube local development environments.
securing-authentication
Authentication, authorization, and API security implementation. Use when building user systems, protecting APIs, or implementing access control. Covers OAuth 2.1/OIDC, JWT patterns, sessions, Passkeys/WebAuthn, RBAC/ABAC/ReBAC, policy engines (OPA, Casbin, SpiceDB), managed auth (Clerk, Auth0), self-hosted (Keycloak, Ory), and API security best practices.
k8s-security
Audit Kubernetes RBAC, enforce policies, and manage secrets. Use for security reviews, permission audits, policy enforcement with Kyverno/Gatekeeper, and secret management.
k8s-troubleshoot
Debug Kubernetes pods, nodes, and workloads. Use when pods are failing, containers crash, nodes are unhealthy, or users mention debugging, troubleshooting, or diagnosing Kubernetes issues.
devops-troubleshooting
This skill provides DevOps and infrastructure troubleshooting for Cloudflare Workers, PlanetScale PostgreSQL, and distributed systems, helping diagnose deployment issues, connection errors, and performance degradation.
serving-llms-vllm
Serves LLMs with high throughput using vLLM's PagedAttention and continuous batching. Use when deploying production LLM APIs, optimizing inference latency/throughput, or serving models with limited GPU memory. Supports OpenAI-compatible endpoints, quantization (GPTQ/AWQ/FP8), and tensor parallelism.
sast-bandit
Python security vulnerability detection using Bandit SAST with CWE and OWASP mapping. Use when: (1) Scanning Python code for security vulnerabilities and anti-patterns, (2) Identifying hardcoded secrets, SQL injection, command injection, and insecure APIs, (3) Generating security reports with severity classifications for CI/CD pipelines, (4) Providing remediation guidance with security framework references, (5) Enforcing Python security best practices in development workflows.
scripting
DevOps scripting with Bash, Python, and Go for automation, tooling, and infrastructure management
remediation-injection
Security fix patterns for injection vulnerabilities (SQL, Command, XSS). Provides language-specific code examples showing vulnerable and secure implementations.
check-secrets
Scan the codebase for potential secret leaks including API keys, tokens, passwords, hardcoded project IDs, and sensitive identifiers. Use when the user says "check for secrets", "scan for leaks", "security check", or before committing sensitive changes.
tailscale-manager
Manage Tailscale funnels across different ct project instances. Start/stop funnels and route traffic to different docker containers.
pipeline-debugger
Debug and monitor GitLab CI/CD pipelines for merge requests. Check pipeline status, view job logs, and troubleshoot CI failures. Use this when the user needs to investigate GitLab CI pipeline issues, check job statuses, or view specific job logs.
rivetkit
RivetKit backend and Rivet Actor runtime guidance. Use for building, modifying, debugging, or testing Rivet Actors, registries, serverless/runner modes, deployment, or actor-based workflows.
llm-serving-patterns
LLM inference infrastructure, serving frameworks (vLLM, TGI, TensorRT-LLM), quantization techniques, batching strategies, and streaming response patterns. Use when designing LLM serving infrastructure, optimizing inference latency, or scaling LLM deployments.
orchestrate-review
Use when user asks to "deep review the code", "thorough code review", "multi-pass review", or when orchestrating the Phase 9 review loop. Provides review pass definitions (code quality, security, performance, test coverage), signal detection patterns, and iteration algorithms.
aws-cost-operations
This skill provides AWS cost optimization, monitoring, and operational best practices with integrated MCP servers for billing analysis, cost estimation, observability, and security assessment.
image-optimization
This skill optimizes images for web performance by selecting modern formats, implementing responsive techniques, and enabling lazy loading to significantly improve page load times and prepare assets for production deployment.
cloudflare
Infrastructure operations for Cloudflare: Workers, KV, R2, D1, Hyperdrive, observability, builds, audit logs. Triggers: worker/KV/R2/D1/logs/build/deploy/audit. Three permission tiers: Diagnose (read-only), Change (write requires confirmation), Super Admin (isolated environment). Write operations follow read-first, confirm, execute, verify pattern. MCP is optional — works with Wrangler CLI/Dashboard too.
tool-better-auth
Use when implementing authentication with Better Auth in a TypeScript/Next.js app (session strategy, providers, cookies, CSRF, redirects, middleware, and security best practices).
code-quality-analysis
This skill provides comprehensive code quality analysis through security reviews (OWASP Top 10), clarity refactoring for readability, and synthesis analysis for cross-file issues, ideal for security audits, quality checks, and pre-deployment reviews.