Marketplace
Find the right skill for the job.
Browse the full catalog through outcome-first channels, technical facets, rating filters, and server-side pagination built for a large public marketplace.
docker-optimization
Docker image optimization patterns including multi-stage builds, layer caching, security hardening, and size reduction techniques. Use when building Docker images, optimizing container size, improving build performance, or implementing Docker security best practices. Reduces image sizes by 70-90% and build times by 50-80%.
release-patterns
PR creation, CI/CD validation, and release coordination patterns. Use when creating pull requests, running pre-PR validation, checking CI status, or coordinating merges.
security-auditor
security-auditor skill Trigger terms: security audit, vulnerability scan, OWASP, security analysis, penetration testing, security review, threat modeling, security best practices, CVE Use when: User requests involve security auditor tasks.
staging-deploy
Deploys WitchCityRope to staging environment on DigitalOcean. Automates build, registry push, server deployment, database migrations (if needed), health verification, and rollback capability. SINGLE SOURCE OF TRUTH for staging deployment automation.
docker-compose-builder
Creates production-ready Dockerfiles with multi-stage builds and Docker Compose configurations for multi-service applications (app + database + Redis + message queue). Implements health checks, volume mounts for persistence, networks for service isolation, environment-specific configs (dev/staging/prod), and security best practices (non-root users, minimal images). Generates docker-compose.yml with service dependencies, port mappings, and restart policies. Use when containerizing applications, setting up local development environments, creating deployment configs, adding services (database, cache, queue), or building microservices architectures.
feedback-analyzer
Analyzes deployment logs, application metrics (Grafana), error tracking (Sentry), and user feedback to identify patterns, common errors, performance regressions, and actionable insights. Generates reports with error frequency, affected users, root causes, and recommended fixes. Tracks trends over time and correlates issues with deployments. Use when reviewing production logs, analyzing user feedback/support tickets, investigating post-deployment issues, generating iteration reports, or identifying technical debt priorities.
production-deploy
Deploys WitchCityRope to production environment on DigitalOcean. Automates build, registry push, server deployment, database migrations (if needed), health verification, and rollback capability. SINGLE SOURCE OF TRUTH for production deployment automation.
deploy-prod
Deploys to production
code-review
Use when user asks to review code for quality and security issues.
privacy-manifests
Privacy manifest (PrivacyInfo.xcprivacy) implementation including required reason APIs, tracking domains, third-party SDK declarations, and App Tracking Transparency. Use when preparing apps for App Store privacy requirements.
consent-flow
Generates GDPR/CCPA/DPDP privacy consent flows with granular category preferences, consent state persistence, audit logging, and ATT (App Tracking Transparency) integration. Use when user needs privacy consent UI, cookie/tracking consent, or compliance management.
rails-devops
DevOps and infrastructure specialist for Rails applications. Use when setting up Docker, CI/CD pipelines, deployment configurations, monitoring, logging, or production optimizations. Covers GitHub Actions, Docker, Kubernetes, and cloud platforms.
security-audit
RLS validation, security audits, OWASP compliance, and vulnerability scanning. Use when validating RLS policies, auditing API routes, or scanning for security issues.
ansible-secrets
This skill should be used when working with secrets in Ansible playbooks, integrating Infisical vault, using no_log directive, retrieving credentials securely, or implementing fallback patterns for secrets. Covers the reusable Infisical lookup task.
senior-secops
Comprehensive SecOps skill for application security, vulnerability management, compliance, and secure development practices. Includes security scanning, vulnerability assessment, compliance checking, and security automation. Use when implementing security controls, conducting security audits, responding to vulnerabilities, or ensuring compliance requirements.
senior-security
Comprehensive security engineering skill for application security, penetration testing, security architecture, and compliance auditing. Includes security assessment tools, threat modeling, crypto implementation, and security automation. Use when designing security architecture, conducting penetration tests, implementing cryptography, or performing security audits.
consensus-security
Imported from https://github.com/vamseeachanta/workspace-hub.
.claude
Imported from https://github.com/pulumi/pulumi-docker.
aws-cdk-development
AWS Cloud Development Kit (CDK) expert for building cloud infrastructure with TypeScript/Python. Use when creating CDK stacks, defining CDK constructs, implementing infrastructure as code, or when the user mentions CDK, CloudFormation, IaC, cdk synth, cdk deploy, or wants to define AWS infrastructure programmatically. Covers CDK app structure, construct patterns, stack composition, and deployment workflows.
senior-devops
Comprehensive DevOps skill for CI/CD, infrastructure automation, containerization, and cloud platforms (AWS, GCP, Azure). Includes pipeline setup, infrastructure as code, deployment automation, and monitoring. Use when setting up pipelines, deploying applications, managing infrastructure, implementing monitoring, or optimizing deployment processes.
openai-chatkit-frontend-embed-skill
Integrate and embed OpenAI ChatKit UI into TypeScript/JavaScript frontends (Next.js, React, or vanilla) using either hosted workflows or a custom backend (e.g. Python with the Agents SDK). Use this Skill whenever the user wants to add a ChatKit chat UI to a website or app, configure api.url, auth, domain keys, uploadStrategy, or debug blank/buggy ChatKit widgets.
better-auth
Implement authentication and authorization with Better Auth - a framework-agnostic TypeScript authentication framework. Features include email/password authentication with verification, OAuth providers (Google, GitHub, Discord, etc.), two-factor authentication (TOTP, SMS), passkeys/WebAuthn support, session management, role-based access control (RBAC), rate limiting, and database adapters. Use when adding authentication to applications, implementing OAuth flows, setting up 2FA/MFA, managing user sessions, configuring authorization rules, or building secure authentication systems for web applications.
gitlab-ci-patterns
Build GitLab CI/CD pipelines with multi-stage workflows, caching, and distributed runners for scalable automation. Use when implementing GitLab CI/CD, optimizing pipeline performance, or setting up automated testing and deployment.
reviewing-security
Automated tooling and detection patterns for JavaScript/TypeScript security vulnerabilities. Provides scan commands, vulnerability patterns, and severity mapping—not output formatting or workflow.