GitHub
Skills harvested from GitHub repositories
14810 skills availableskill-prompt-convert
用户需要将 Skill 转为可直接复制到聊天框的 Prompt 用户需要将 Prompt 转为 SKILL.md 格式的 Skill 用户提到 Skill 与 Prompt 互转、格式转换 从用户消息或粘贴/附件中获取待转换内容,判断方向:...
md-report-summary
| 文档类型 | 触发词 | | ---- | --------------------- | | 周报 | 周报、本周总结、weekly report | | 工作汇报 | 工作汇报、汇报材料、进度...
dev-workflow
需求理解 → 方案设计 → 代码实现 → 代码审查 → Bug 修复 用户描述新功能/项目想法,需要需求分析 用户提到「方案设计」「架构设计」「怎么实现」 用户提到「代码实现」「开始写代码」「帮我实现」 用户提到「代码审查」「Review」...
excalidraw-diagram
本 Skill 指导 Agent 生成标准的 Excalidraw 图表文件(.excalidraw JSON),在浏览器、Obsidian、VSCode 等集成了 Excalidraw 的环境中可直接打开和继续编辑。 用户希望生成「手绘风...
gpt-image
Agent runbook for GPT Image 2 generation/editing. Use the prompt library + packaged CLI. Do not reimplement image API co...
nopua
The best leader is barely known to exist. When the work is done, the people say "we did it ourselves." — Dao De Jing, Ch...
nopua-zh
--- name: nopua-zh description: "The anti-PUA. Drives AI with wisdom, trust, and inner motivation instead of fear and t...
nopua-lite
太上,不知有之。功成事遂,百姓皆谓"我自然"。 The best leader is barely known to exist. When the work is done, the people say "we did it ourse...
x-article-publisher
Publish Markdown content to X (Twitter) Articles editor, preserving formatting with rich text conversion. Playwright MCP...
fix-db
Fix Prisma schema compilation errors according to code conventions. NEVER use: Prisma enum types (use String with TypeSc...
validate-interface
Validate that Controllers and DTO interfaces match the requirements specification. This skill only checks for discrepanc...
fix-interface
Fix interface and controller compilation errors according to code conventions. NEVER use: as keyword (type assertion) an...
fix-test
Fix test file compilation errors according to code conventions. NEVER use: as keyword (type assertion) any type typia.ra...
validate-test
Validate that test infrastructure properly covers providers and interfaces. This skill only checks for discrepancies - i...
fix-provider
Fix provider, collector, and transformer compilation errors according to code conventions. NEVER use: as keyword (type a...
validate-db
Validate that Prisma schema matches the requirements specification. This skill only checks for discrepancies - it does N...
validate-provider
Validate that Providers, Collectors, and Transformers properly implement the interfaces. This skill only checks for disc...
add-feature
Implement a new feature and iterate until all tests pass (100% success rate). NEVER use: as keyword (type assertion) any...
threat-hunting-evasion
红队必须理解猎手的思维方式才能不被猎到 Sigma/YARA 规则分析与绕过 → references/detection-rules-bypass.md 主流 EDR 检测逻辑分析 → references/edr-detection-l...
ioc-analysis
红队定位:理解蓝队如何追踪你 → 设计短生命周期、不可关联的基础设施 C2 基础设施 OPSEC 清单 → references/c2-infra-opsec.md IOC 类型与生命周期管理 → references/ioc-lifecy...
apt-emulation
目标:不是随机攻击,而是模拟真实威胁者的完整攻击链,检验组织防御能力 攻击模拟框架与资源 → references/emulation-frameworks.md --- 根据目标行业选择 APT: ├─ 金融 → APT38 (Lazar...
tool-delivery
拿到目标权限后,下一步通常是投递工具(fscan、frp、chisel、linpeas、winPEAS、mimikatz 等)到目标上执行。这个环节看似简单,实际上方法选择直接影响成功率和隐蔽性。 预编译好的多平台二进制存放在 /pente...
terraform-tactics
Terraform 将所有托管资源的属性(包括密码、密钥、Token)以明文存储在 State 文件中。State 文件是 Terraform 攻击的核心——拿到 State 等于拿到整个基础设施的凭据快照。此外,Terraform 的声明...
sonarqube-tactics
SonarQube 是 DevSecOps 体系中的核心代码质量平台,默认监听 9000 端口,出厂凭据 admin/admin 常被忽略。一旦被攻破,攻击者可直接获取全部项目源代码、已知漏洞清单和内部凭据——相当于拿到整个研发体系的安全蓝...