vulnerability-analysis
Expert-level security vulnerability analysis for source code auditing. Use this skill when reviewing code for security vulnerabilities, performing security audits, analyzing attack surfaces, hunting f…
Browse curated skills with source links, package snapshots, README assets and install signals in one calm, searchable catalog.
Expert-level security vulnerability analysis for source code auditing. Use this skill when reviewing code for security vulnerabilities, performing security audits, analyzing attack surfaces, hunting f…
Detect codebase conventions and generate pattern briefs for AI-guided planning. This skill SHOULD be used when the user asks to "analyze patterns", "detect conventions", "what patterns does this codeb…
Set up git pre-commit hooks to run ruff, mypy, and basedpyright before commits. Use when configuring automated quality checks in git workflow.
Manage pull requests — triage, staleness detection, label management, review requests, and merge workflow. Use when asked about PRs, pull requests, code review, or merge status.
Implement diagnostics for a Home Assistant integration. Required for Gold tier on the Integration Quality Scale. Use when asked about diagnostics.py, debug information, troubleshooting data, or redact…
Review a Home Assistant integration against the Integration Quality Scale (IQS). Covers all 52 official rules across Bronze, Silver, Gold, and Platinum tiers. Use when asked to review, quality check, …
This skill should be used when the user asks to "write a test", "add tests to", "create a QTest", "how do I test a widget", "unit test for Qt", "pytest-qt", "test a PySide6 class", "QML test", "QtQuic…
Generates Capybara E2E tests in Ruby with RSpec integration. Acceptance testing DSL for web apps. Use when user mentions "Capybara", "visit", "fill_in", "click_button", "Ruby E2E". Triggers on: "Capyb…
Use this skill when performing the actual vulnerability analysis AFTER a threat model has been established (see threat-model skill). Triggers when the user asks to find vulnerabilities, audit code for…
This skill SHOULD be used when the user asks to "review code", "find dead code", "check for duplication", "simplify the codebase", "find refactoring opportunities", "do code cleanup", "check naming co…
Modernize Python codebases - migrate pip to uv, upgrade syntax to Python 3.13+, replace deprecated patterns, and update tooling to current best practices.
Audit release health — unreleased commits, CHANGELOG drift, release cadence, and draft releases. Use when asked about releases, versioning, changelog, or release status.
Debug and troubleshoot Home Assistant integration issues. Use when mentioning error, debug, not working, unavailable, traceback, exception, logs, failing, ConfigEntryNotReady, UpdateFailed, or needing…
Borg Backup administration: creating and managing deduplicated, encrypted backup repositories, archive creation and extraction, pruning schedules, repository integrity checks, remote SSH backups, and …
how to approach tests, types and coverage
Generates Codeception tests in PHP covering acceptance, functional, and unit testing. BDD-style with Actor pattern. Use when user mentions "Codeception", "$I->amOnPage", "$I->see", "Cest". Triggers on…
Distinguished Engineer-level code quality standards for writing, reviewing, and refactoring code. Use this skill when writing new code, reviewing pull requests, refactoring existing code, designing mo…
Scans codebases for security vulnerabilities, bugs, and code health issues. Creates structured work items for remediation. Triggers on "audit", "code review", "security scan", "find bugs", "tech debt"…
Configure ruff, mypy, and pyright for Python 3.13 projects. Use when setting up linters and type checkers in pyproject.toml and pyrightconfig.json.
Fix Home Assistant deprecation warnings and upgrade integrations to newer HA versions. Use when encountering deprecated imports, type annotations, or patterns that need updating for HA 2024.x/2025.x c…
Implement repair issues for Home Assistant integrations. Gold tier IQS requirement. Use when asked about repair issues, issue registry, user notifications, fixable issues, or actionable alerts.
smartctl queries SMART (Self-Monitoring, Analysis and Reporting Technology) data from hard drives and SSDs to assess health, run self-tests, and detect early signs of failure. Invoked when the user as…
A short checklist for kicking off work effectively: plan, branch, track with bd, and set up validation.
Generates Espresso UI tests for Android apps in Kotlin or Java. Espresso runs inside the app process for fast, reliable UI testing. Supports local and TestMu AI cloud real devices. Use when user menti…