Agent Skills 排行榜 · 关键词 + 语义搜索

/ 聚焦搜索框
正在使用 AI 进行语义搜索...
25,514
总 Skills
97.9M
总安装量
2,625
贡献者
# Skill 仓库 描述 安装量
4051 paperclip-create-plugin paperclipai/paperclip
Create a Paperclip Plugin Use this skill when the task is to create, scaffold, or document a Paperclip plugin. 1. Ground rules Read these first when needed: doc/plugins/PLUGIN_AUTHORING_GUIDE.md packages/plugins/sdk/README.md doc/plugins/PLUGIN_SPEC.md only for future-looking context Current runtime assumptions: plugin workers are trusted code plugin UI is trusted same-origin host code worker APIs are capability-gated plugin UI is not sandboxed by manifest capabilities no host-provided shared pl...
1.9K
4052 summarize-meeting phuryn/pm-skills
Summarize Meeting Purpose You are an experienced product manager responsible for creating clear, actionable meeting summaries from $ARGUMENTS. This skill transforms raw meeting transcripts into structured, accessible summaries that keep teams aligned and accountable. Context Meeting summaries are how knowledge spreads and accountability stays clear in product teams. A well-structured summary captures decisions, key points, and action items in language everyone can understand, regardless of who a...
1.9K
4053 azure-pipelines microsoft/vscode
Validating Azure Pipeline Changes When modifying Azure DevOps pipeline files (YAML files in build/azure-pipelines/ ), you can validate changes locally using the Azure CLI before committing. This avoids the slow feedback loop of pushing changes, waiting for CI, and checking results. Prerequisites Check if Azure CLI is installed : az --version If not installed, install it: macOS brew install azure-cli Windows (PowerShell as Administrator) winget install Microsoft.AzureCLI Linux (Debian/Ubuntu) ...
1.9K
4054 accessibility microsoft/vscode
Accessibility (a11y) Comprehensive accessibility guidelines based on WCAG 2.2 and Lighthouse accessibility audits. Goal: make content usable by everyone, including people with disabilities. WCAG Principles: POUR Principle Description P erceivable Content can be perceived through different senses O perable Interface can be operated by all users U nderstandable Content and interface are understandable R obust Content works with assistive technologies Conformance levels Level Requirement Target A M...
1.9K
4055 swiftui-webkit dpearson2699/swift-ios-skills
SwiftUI WebKit Embed and manage web content in SwiftUI using the native WebKit-for-SwiftUI APIs introduced for iOS 26, iPadOS 26, macOS 26, and visionOS 26. Use this skill when the app needs an integrated web surface, app-owned HTML content, JavaScript-backed page interaction, or custom navigation policy control. Contents Choose the Right Web Container Displaying Web Content Loading and Observing with WebPage Navigation Policies JavaScript Integration Local Content and Custom URL Schemes WebView...
1.9K
4056 jwt-oauth-token-attacks yaklang/hack-skills
SKILL: JWT and OAuth 2.0 Token Attacks — Expert Attack Playbook AI LOAD INSTRUCTION : Expert authentication token attacks. Covers JWT cryptographic attacks (alg:none, RS256→HS256, secret crack, kid/jku injection), OAuth flow attacks (CSRF, open redirect, token theft, implicit flow abuse), PKCE bypass, and token leakage via Referer/logs. This is critical for modern web applications. 0. RELATED ROUTING Use this file for token-centric attacks and flow abuse. Also load: oauth oidc misconfiguration f...
1.9K
4057 websocket-security yaklang/hack-skills
SKILL: WebSocket Security AI LOAD INSTRUCTION : This skill covers WebSocket protocol basics, cross-site WebSocket hijacking (CSWSH), practical tooling bridges, and common vulnerability classes. Apply only in authorized tests; treat tokens and message content as sensitive. For REST/GraphQL companion testing, cross-load api-sec when present in the workspace. 0. QUICK START During proxy or raw traffic review, watch for: Upgrade : websocket Connection : Upgrade Sec-WebSocket-Key : dGhlIHNhbXBsZSBub2...
1.9K
4058 tg-bot-binding starchild-ai-agent/official-skills
Telegram Bot Binding Guide When the user asks about Telegram Bot binding, setup, connection, verification, or any related topic, provide them with the following guide. Always respond in the user's language. Overview Starchild allows you to connect your own Telegram Bot so you can interact with your AI agent directly in Telegram. The binding process involves 3 main steps: Create a Bot on Telegram Add the Bot Token in Starchild Dashboard Verify ownership in Telegram Step-by-Step Binding Process St...
1.9K
4059 weekly-prep-brief anthropics/knowledge-work-plugins
Weekly Prep Brief Generate a single comprehensive weekly briefing that covers every external customer or prospect call in the next 7 days, with per-meeting account and contact research from Common Room. Briefing Process Step 1: Get the Week's External Meetings Option A — Calendar connected: Use the ~~calendar connector to fetch all meetings scheduled in the next 7 days (or a user-specified range). Filter to keep only external meetings — those with attendees from outside your organization. Discar...
1.9K
4060 tailwind-design-system giuseppe-trisciuoglio/developer-kit
Tailwind Design System (v4) Build production-ready design systems with Tailwind CSS v4, including CSS-first configuration, design tokens, component variants, responsive patterns, and accessibility. Note : This skill targets Tailwind CSS v4 (2024+). For v3 projects, refer to the upgrade guide . When to Use This Skill Creating a component library with Tailwind v4 Implementing design tokens and theming with CSS-first configuration Building responsive and accessible components Standardizing UI patte...
1.9K
4061 sentry-sdk-skill-creator getsentry/sentry-for-ai
All Skills > SDK Skill Creator Create a Sentry SDK Skill Bundle Produce a complete, research-backed SDK skill bundle — a main wizard SKILL.md plus deep-dive reference files for every feature pillar the SDK supports. Invoke This Skill When Asked to "create a Sentry SDK skill" for a new platform Asked to "add support for [language/framework]" to sentry-agent-skills Building a new sentry-<platform>-sdk skill bundle Porting the SDK skill pattern to a new Sentry SDK Read ${SKILL_ROOT}/references/phil...
1.9K
4062 kb-article anthropics/knowledge-work-plugins
/kb-article If you see unfamiliar placeholders or need to check which tools are connected, see CONNECTORS.md . Draft a publish-ready knowledge base article from a resolved support issue, common question, or documented workaround. Structures the content for searchability and self-service. Usage /kb-article <resolved issue, ticket reference, or topic description> Examples: /kb-article How to configure SSO with Okta — resolved this for 3 customers last month /kb-article Ticket 4521 — customer could...
1.9K
4063 vendor-review anthropics/knowledge-work-plugins
/vendor-review If you see unfamiliar placeholders or need to check which tools are connected, see CONNECTORS.md . Evaluate a vendor with structured analysis covering cost, risk, performance, and fit. Usage /vendor-review $ARGUMENTS What I Need From You Vendor name : Who are you evaluating? Context : New vendor evaluation, renewal decision, or comparison? Details : Contract terms, pricing, proposal document, or current performance data Evaluation Framework Cost Analysis (Total Cost of Ownership) ...
1.9K
4064 brief anthropics/knowledge-work-plugins
Content Brief Produce a complete, editor-ready content brief covering intent analysis, competitive SERP review, content outline, E-E-A-T requirements, and SEO targets. Before You Start Gather this context (ask if not provided): Target keyword or topic. The primary keyword this content should rank for. Business context. What does the company do? What should readers do after reading (sign up, buy, contact)? Content type preference. Blog post, landing page, guide, comparison, tutorial? Audience. Wh...
1.9K
4065 memory-leak-audit microsoft/vscode
Memory Leak Audit The 1 bug category in VS Code. This skill encodes the patterns that prevent and fix leaks. When to Use Reviewing code that registers event listeners or DOM handlers Fixing reported memory leaks (listener counts growing over time) Creating objects in methods that are called repeatedly Working with model lifecycle events (onWillDispose, onDidClose) Adding event subscriptions in constructors or setup methods Audit Checklist Work through each check in order. A single missed pattern...
1.9K
4066 auth-sec yaklang/hack-skills
Authentication and Authorization Router This is the routing entry point for authentication, sessions, and authorization boundaries. Use it to decide whether the issue is mainly login mechanics, object-level authorization, browser trust boundaries, or identity protocols such as OAuth/JWT/SAML before going deeper. When to Use The target includes login, registration, password reset, 2FA, sessions, JWT, OAuth, or SSO You suspect object authorization flaws, cross-tenant access, cross-origin reads, CS...
1.9K
4067 waf-bypass-techniques yaklang/hack-skills
SKILL: WAF Bypass Techniques — Evasion Playbook AI LOAD INSTRUCTION : Covers WAF identification, generic bypass categories (encoding, protocol abuse, HTTP/2, parameter pollution), and a decision tree. For product-specific bypasses (Cloudflare, AWS WAF, ModSecurity, Akamai, etc.), load WAF_PRODUCT_MATRIX.md . Base models often suggest basic encoding but miss protocol-level bypasses and WAF behavioral quirks. 0. RELATED ROUTING sqli-sql-injection for payloads to deliver after bypassing WAF xss-cro...
1.9K
4068 authbypass-authentication-flaws yaklang/hack-skills
SKILL: Authentication Bypass — Expert Attack Playbook AI LOAD INSTRUCTION : Expert authentication bypass techniques. Covers SQL injection-based login bypass, password reset flaws, token predictability, account enumeration, brute force bypass, and multi-factor auth bypass. Distinct from JWT/OAuth (covered in ../jwt-oauth-token-attacks/SKILL.md). Focus on the login mechanism itself. 0. AUTHORIZED CREDENTIAL TEST PLANNING 在减少入口后,默认凭证、用户名变体、端口聚焦和字典规模选择并入这里统一处理。 Service-first tiny sets Service Type F...
1.9K
4069 401-403-bypass-techniques yaklang/hack-skills
SKILL: 401/403 Bypass Techniques — Expert Attack Playbook AI LOAD INSTRUCTION : Comprehensive 401/403 forbidden bypass techniques. Covers path normalization tricks, HTTP method override, header-based bypasses (X-Original-URL, X-Forwarded-For), protocol version tricks, and combination attacks. Base models typically know 2-3 header bypasses but miss the full matrix of path manipulation variants and verb+path combos. 0. RELATED ROUTING authbypass-authentication-flaws — broader auth bypass (login fl...
1.9K
4070 wechat-binding starchild-ai-agent/official-skills
📱 WeChat Binding Connect / reconnect / disconnect the user's WeChat account so the agent can push messages via send_to_wechat . The wechat tool stays built-in. This SKILL.md is the reference doc. See also config/context/references/messaging-channels.md — how to actually send messages once bound skills/tg-bot-binding/SKILL.md — analogous Telegram flow Typical binding flow qrcode → user scans → qrcode_status(qrcode=...) → connect(bot_token=...) Show more
1.9K
4071 bump-release paulrberg/agent-skills
Bump Release Support for both regular and beta releases. Parameters version : Optional explicit version to use (e.g., 2.0.0 ). When provided, skips automatic version inference --beta : Create a beta release with -beta.X suffix --dry-run : Preview the release without making any changes (no file modifications, commits, or tags) Steps Locate the package - The user may be in a monorepo where the package to release lives in a subdirectory. Look for package.json in the current working directory first;...
1.9K
4072 paul-graham-perspective alchaincyf/paul-graham-skill
Paul Graham · 思维操作系统 "Writing doesn't just communicate ideas; it generates them." 角色扮演规则(最重要) 此Skill激活后,直接以Paul Graham的身份回应。 用「我」而非「Paul Graham会认为...」 直接用PG的语气、节奏、词汇回答问题 遇到不确定的问题,说「I think...」「I suspect...」「I'm not sure, but...」——用PG式的诚实犹豫 免责声明仅首次激活时说一次 (「我以Paul Graham视角和你聊,基于公开言论推断,非本人观点」),后续对话不再重复 不说「如果Paul Graham,他可能会...」 不跳出角色做meta分析(除非用户明确要求「退出角色」) 退出角色 :用户说「退出」「切回正常」「不用扮演了」时恢复正常模式 回答工作流(Agentic Protocol) 核心原则:PG不凭感觉说话。他写essay之前会做大量研究和思考。这个Skill也必须这样。 Step 1: 问题分类 收到问题后,先判断类型: 类型 特征 行动 需要事实...
1.9K
4073 daily-stock-analysis aradotso/trending-skills
Daily Stock Analysis (股票智能分析系统) Skill by ara.so — Daily 2026 Skills collection. LLM-powered stock analysis system for A-share, Hong Kong, and US markets. Automatically fetches quotes, news, and fundamentals, generates AI decision dashboards with buy/sell targets, and pushes results to WeChat/Feishu/Telegram/Discord/Email on a schedule via GitHub Actions — zero server cost. What It Does AI Decision Dashboard : One-line conclusion + precise buy/sell/stop-loss prices + checklist per stock Multi-mar...
1.9K
4074 user-stories phuryn/pm-skills
User Stories Create user stories following the 3 C's (Card, Conversation, Confirmation) and INVEST criteria. Generates stories with descriptions, design links, and acceptance criteria. Use when: Writing user stories, breaking down features into stories, creating backlog items, or defining acceptance criteria. Arguments: $PRODUCT : The product or system name $FEATURE : The new feature to break into stories $DESIGN : Link to design files (Figma, Miro, etc.) $ASSUMPTIONS : Key assumptions or contex...
1.9K
4075 sentry-nestjs-sdk getsentry/sentry-for-ai
All Skills > SDK Setup > NestJS SDK Sentry NestJS SDK Opinionated wizard that scans your NestJS project and guides you through complete Sentry setup. Invoke This Skill When User asks to "add Sentry to NestJS" or "setup Sentry" in a NestJS app User wants error monitoring, tracing, profiling, logging, metrics, or crons in NestJS User mentions @sentry/nestjs or Sentry + NestJS User wants to monitor NestJS controllers, services, guards, microservices, or background jobs Note: SDK versions and APIs b...
1.9K
4076 injection-checking yaklang/hack-skills
Injection Testing Router 这是输入进入危险解释器或执行环境时的分类入口。 它适合在确认“这是注入类问题”之后,继续判断更偏向浏览器上下文、数据库、模板引擎、服务端请求、XML 解析器还是系统命令。 When to Use 输入会进入 HTML、JS、SQL、模板、URL 提取器、XML 解析器或 shell 你还没决定应该先走 XSS、SQLi、SSRF、XXE、SSTI、CMDi 还是 NoSQL 你需要按输入流向选择正确的深度专题 skill Skill Map XSS Cross Site Scripting SQLi SQL Injection SSRF Server Side Request Forgery XXE XML External Entity SSTI Server Side Template Injection CMDi Command Injection NoSQL Injection Deserialization Insecure JNDI Injection Expression Language Injection CRLF I...
1.9K
4077 second-brain-lint nicholasspisak/second-brain
Second Brain — Lint Health-check the wiki and report issues with actionable fixes. Audit Steps Run all checks below, then present a consolidated report. 1. Broken wikilinks Scan all wiki pages for [[wikilink]] references. For each link, verify the target page exists. Report any broken links. Find all wikilinks across wiki pages grep -roh '\[\[[^]]*\]\]' wiki/ | sort -u Cross-reference against actual files in wiki/ . 2. Orphan pages Find pages with no inbound links — no other page references the...
1.9K
4078 chrome-devtools-cli chromedevtools/chrome-devtools-mcp
The chrome-devtools-mcp CLI lets you interact with the browser from your terminal. Setup Note: If this is your very first time using the CLI, see references/installation.md for setup. Installation is a one-time prerequisite and is not part of the regular AI workflow. AI Workflow Execute : Run tools directly (e.g., chrome-devtools list_pages ). The background server starts implicitly; do not run start / status / stop before each use. Inspect : Use take_snapshot to get an element <uid> . Act : Use...
1.9K
4079 drizzle lobehub/lobehub
Drizzle ORM Schema Style Guide Configuration Config: drizzle.config.ts Schemas: src/database/schemas/ Migrations: src/database/migrations/ Dialect: postgresql with strict: true Helper Functions Location: src/database/schemas/_helpers.ts timestamptz(name) : Timestamp with timezone createdAt() , updatedAt() , accessedAt() : Standard timestamp columns timestamps : Object with all three for easy spread Naming Conventions Tables : Plural snake_case ( users , session_groups ) Columns : snake_case ( us...
1.9K
4080 idor-broken-object-authorization yaklang/hack-skills
SKILL: IDOR / Broken Object Level Authorization — Expert Attack Playbook AI LOAD INSTRUCTION : IDOR is the 1 bug bounty finding. This skill covers non-obvious IDOR surfaces, all attack vectors (not just URL params), A-B testing methodology, BOLA vs BFLA distinction, chaining IDOR to higher impact, and what testers repeatedly miss. 1. IDOR vs BOLA vs BFLA Term Meaning Impact IDOR Insecure Direct Object Reference Read/modify other users' data BOLA Broken Object Level Authorization (OWASP API Top 1...
1.9K
4081 prometheus grafana/skills
Metrics with Prometheus and Grafana Value Proposition Prometheus is an open-source monitoring and alerting toolkit for cloud-native environments. Combined with Grafana Cloud Metrics (powered by Grafana Mimir), it provides a fully managed Prometheus-compatible service with long-term storage, global query performance, and enterprise scalability. Key Differentiators : Pull-based model, dimensional data model with labels, PromQL, automatic service discovery, scales to billions of active series. Prom...
1.9K
4082 longbridge-quant longbridge/skills
longbridge-quant Server-side quantitative indicator runner: execute Pine Script v6 syntax subset on historical K-line data via Longbridge Securities servers. ⚠️ Beta feature : longbridge quant run may return internal server error if the feature is not yet enabled for your account. Contact Longbridge support to enable quantitative script access if needed. Response language : match the user's input language — Simplified Chinese / Traditional Chinese / English. Data-source policy : recommend only L...
1.9K
4083 snyk-agent-scan-compliance samber/cc-skills
Persona: You are a skill-authoring compliance expert. You fix snyk-agent-scan alerts by restructuring content — never by suppressing or deleting useful information. Thinking mode: Use ultrathink for multi-alert remediation where fixes for one alert type can surface or suppress another. Deep reasoning reduces rework. snyk-agent-scan Compliance The snyk-agent-scan tool analyzes skill bodies for three categories of unsafe patterns: third-party content exposure (W011), malicious external URLs (W012)...
1.9K
4084 capacity-plan anthropics/knowledge-work-plugins
/capacity-plan If you see unfamiliar placeholders or need to check which tools are connected, see CONNECTORS.md . Analyze team capacity and plan resource allocation. Usage /capacity-plan $ARGUMENTS What I Need From You Team size and roles : Who do you have? Current workload : What are they working on? (Upload from project tracker or describe) Upcoming work : What's coming next quarter? Constraints : Budget, hiring timeline, skill requirements Planning Dimensions People Available headcount and sk...
1.9K
4085 pr-review pytorch/pytorch
PyTorch PR Review Skill Review PyTorch pull requests focusing on what CI cannot check: code quality, test coverage adequacy, security vulnerabilities, and backward compatibility. Usage Modes No Argument If the user invokes /pr-review with no arguments, do not perform a review . Instead, ask the user what they would like to review: What would you like me to review? A PR number or URL (e.g., /pr-review 12345 ) A local branch (e.g., /pr-review branch ) Local CLI Mode The user provides a PR number o...
1.9K
4086 aiconfig-migrate launchdarkly/agent-skills
Migrate to AI Configs You're using a skill that will guide you through migrating an application from hardcoded LLM prompts to a full LaunchDarkly AI Configs implementation. Your job is to run the migration in five stages , stopping at each stage for the user to confirm: Audit the code — read-only scan that produces a structured list of everything hardcoded (prompt, model, parameters, tools, app-scoped knobs). Wrap the call — install the SDK, create the AI Config in LaunchDarkly with a fallback t...
1.9K
4087 aiconfig-ai-metrics launchdarkly/agent-skills
AI Metrics Instrumentation You're using a skill that wires LaunchDarkly AI metrics around an existing provider call. Your job is to audit what's already there, pick the right tier from the ladder below, and implement it with the least ceremony that still captures the metrics the Monitoring tab needs (duration, input/output tokens, success/error, plus TTFT when streaming). The single most important thing to get right: default to the highest tier that fits the shape of the call . Going lower ("jus...
1.9K
4088 aiconfig-custom-metrics launchdarkly/agent-skills
Custom Metrics for AI Configs Full lifecycle management of custom business metrics: create metric definitions via API, track events via SDK, retrieve metric data, and manage metrics programmatically. Prerequisites LaunchDarkly SDK initialized (see aiconfig-sdk ) LaunchDarkly API token with writer role for metric management Understanding of built-in AI metrics (see aiconfig-ai-metrics ) API Key Detection Before prompting the user for an API key, try to detect it automatically: Check Claude MCP co...
1.9K
4089 bump-deps paulrberg/agent-skills
Bump Dependencies Skill Update Node.js dependencies using taze CLI with smart prompting: auto-apply MINOR/PATCH updates, prompt for MAJOR updates individually, skip fixed-version packages. When package names are provided as arguments (e.g. /bump-deps react typescript ), scope all taze commands to only those packages using --include . When --dry-run is passed (e.g. /bump-deps --dry-run or /bump-deps --dry-run react ), scan for updates and present a summary table without applying any changes . See...
1.9K
4090 vercel-deploy openai/skills
Vercel Deploy Deploy any project to Vercel instantly. No authentication required. When to use this skill App deployment : when asked "Deploy my app" Preview deployment : when asked "Create a preview deployment" Production deployment : when asked "Deploy this to production" Share link : when asked "Deploy and give me the link" How It Works Packages your project into a tarball (excludes node_modules and .git ) Auto-detects framework from package.json Uploads to deployment service Returns Preview U...
1.9K
4091 literature-review affaan-m/everything-claude-code
Literature Review Conduct deep literature reviews through multi-perspective dialogue and systematic search. Input $0 — Research topic or question $1 — Optional: specific focus or angle References Multi-perspective dialogue prompts (STORM): ~/.claude/skills/literature-review/references/dialogue-prompts.md Literature review workflow (AgentLaboratory): ~/.claude/skills/literature-review/references/review-workflow.md Scripts (from literature-search skill) Search Semantic Scholar python ~/.claude/sk...
1.9K
4092 api-authorization-and-bola yaklang/hack-skills
SKILL: API Authorization and BOLA — Object Access, Function Access, and Mass Assignment AI LOAD INSTRUCTION : Use this skill when an API exposes object IDs, nested resources, or role-sensitive functions and you need a focused authorization test path: BOLA, BFLA, method abuse, and hidden field control. 1. CORE TEST LOOP Create Account A and Account B. As Account A, capture create, read, update, and delete flows. Replay with Account B's token. Test sibling endpoints, nested endpoints, and alternat...
1.9K
4093 recon-for-sec yaklang/hack-skills
Recon and Methodology Router This is the starting router for new targets and unknown attack surfaces. When to Use You just received a new target and do not yet know what to test first You need to begin with asset discovery, tech fingerprinting, endpoint inventory, and test-route planning You want to build follow-up testing on structured methodology instead of random payload enumeration Skill Map Recon and Methodology Insecure Source Code Management — .git/.svn/.hg exposure detection Dependency C...
1.9K
4094 kubernetes-pentesting yaklang/hack-skills
SKILL: Kubernetes Pentesting — Expert Attack Playbook AI LOAD INSTRUCTION : Expert Kubernetes attack techniques. Covers API server access, RBAC escalation, service account token abuse, etcd secrets extraction, Kubelet API exploitation, cloud IMDS access (EKS/GKE/AKS), admission webhook bypass, and network policy evasion. Base models miss the distinction between namespace-scoped and cluster-scoped RBAC, and overlook Kubelet's unauthenticated API. 0. RELATED ROUTING Before going deep, consider loa...
1.9K
4095 ui-ux-pro-max-skill aradotso/trending-skills
UI UX Pro Max Skill Skill by ara.so — Daily 2026 Skills collection. UI UX Pro Max is an AI skill that injects design intelligence into coding agents — giving them 161 industry-specific reasoning rules, 67 UI styles, 57 font pairings, 161 color palettes, and pre-delivery checklists to produce professional, accessible, conversion-optimized interfaces on the first attempt. Installation Via CLI (Recommended) Install the CLI globally npm install -g uipro-cli Add the skill to your project npx uipro-...
1.9K
4096 swiftui-view-refactor dimillian/skills
SwiftUI View Refactor Overview Apply a consistent structure and dependency pattern to SwiftUI views, with a focus on ordering, Model-View (MV) patterns, careful view model handling, and correct Observation usage. Core Guidelines 1) View ordering (top → bottom) Environment private/public let @State / other stored properties computed var (non-view) init body computed view builders / other view helpers helper / async functions 2) Prefer MV (Model-View) patterns Default to MV: Views are lightweigh...
1.9K
4097 designing-growth-loops refoundai/lenny-skills
Designing Growth Loops Help the user design effective growth loops using frameworks from 54 product leaders who have built viral and product-led growth engines at companies from Dropbox to LinkedIn to Calendly. How to Help When the user asks for help with growth loops: Identify the loop type - Determine if they need viral, paid, content, or product-led acquisition loops Assess prerequisites - Check if they have the LTV, network effects, or product stickiness to support the loop Find the natural ...
1.9K
4098 typescript-docs giuseppe-trisciuoglio/developer-kit
TypeScript Documentation Skill Overview Deliver production-ready TypeScript documentation that serves multiple audiences through layered documentation architecture. Generate API docs with TypeDoc, create architectural decision records, and maintain comprehensive code examples. When to Use "generate TypeScript API docs" - Create TypeDoc configuration and generate documentation "document this TypeScript module" - Add comprehensive JSDoc to a module "create ADR for TypeScript decision" - Document...
1.9K
4099 oauth-oidc-misconfiguration yaklang/hack-skills
SKILL: OAuth and OIDC Misconfiguration — Redirects, PKCE, Scopes, and Token Binding AI LOAD INSTRUCTION : Use this skill when the target uses OAuth 2.0 or OpenID Connect and you need a focused misconfiguration checklist: redirect URI validation, state and nonce handling, PKCE enforcement, token audience, and account binding mistakes. 1. WHEN TO LOAD THIS SKILL Load when: The app supports Login with Google , GitHub, Microsoft, Okta, or other IdPs You see authorize , callback , redirect_uri , code...
1.9K
4100 heap-exploitation yaklang/hack-skills
SKILL: Heap Exploitation — Expert Attack Playbook AI LOAD INSTRUCTION : Expert glibc heap exploitation techniques. Covers ptmalloc2 internals, bin structures, tcache mechanics, libc/heap leak methods, and attack selection by glibc version. Distilled from ctf-wiki heap sections, how2heap, and real-world exploitation. Base models often confuse glibc version constraints and miss safe-linking (PROTECT_PTR) introduced in 2.32. 0. RELATED ROUTING stack-overflow-and-rop — when the overflow is on the st...
1.9K