Plugin architecture, registration, and trait patterns

Transform resume bullets into detailed portfolio case studies

Guide for setup Codemap CLI for intelligent codebase visualization and navigation

Research what people actually say about any topic in the last 30 days. Pulls posts and engagement from Reddit, X, YouTube, TikTok, Hacker News, Polymarket, GitHub, and the web.

Semantic file discovery via `vexor`. Use whenever locating where something is implemented/loaded/defined in a medium or large repo, or when the file location is unclear. Prefer this over manual browsing.

Claude Code Agent Teams - default team-based development with strict TDD pipeline enforcement

Deep code property graph analysis with Joern CPG (AST+CFG+PDG) and CodeQL for control flow, data flow, taint analysis, and security auditing

Centralized API key management from Access.txt

Intent-Augmented Code Property Graph — tracks WHY code exists via ReasonNodes with formal contracts, 6-dimension drift detection, and 3 canonical pre-task queries for autonomous development

Microsoft Teams bots and AI agents - Claude/OpenAI, Adaptive Cards, Graph API

Shopify app development - Remix, Admin API, checkout extensions

Technical SEO - robots.txt, sitemap, meta tags, Core Web Vitals

makepad-2.0-theme

makepad-2.0-vector

'Expert guidance on using PostgreSQL with Swift. Use when developers mention: (1) PostgreSQL or Postgres in Swift, (2) postgres-nio library, (3) SQL queries in Swift, (4) PostgreSQL connection pooling, (5) prepared statements, (6) type-safe database access, (7) bulk loading or COPY FROM, (8) PostgresClient or PostgresConnection.'

'Expert guidance on SwiftNIO best practices, patterns, and implementation. Use when developers mention: (1) SwiftNIO, NIO, ByteBuffer, Channel, ChannelPipeline, ChannelHandler, EventLoop, NIOAsyncChannel, or NIOFileSystem, (2) EventLoopFuture, ServerBootstrap, or DatagramBootstrap, (3) TCP/UDP server or client implementation, (4) ByteToMessageDecoder or wire protocol codecs, (5) binary protocol parsing or serialization, (6) blocking the event loop issues.'

'Expert guidance on building WASM apps for Wendy Lite MCU firmware on ESP32-C6. Use when developers mention: (1) Wendy Lite or wendy-lite, (2) WASM apps on ESP32 or microcontrollers, (3) WendyLite Swift package or import WendyLite, (4) building C/Rust/Swift/Zig apps for ESP32, (5) WAMR runtime on embedded devices, (6) GPIO/I2C/SPI/UART/NeoPixel from WASM, (7) Embedded Swift on WASM or wasm32-none-none-wasm, (8) BLE provisioning on ESP32-C6, (9) uploading WASM binaries to MCU, (10) TLS/networking on ESP32 from Swift.'

Download videos from social media URLs (X/Twitter, YouTube, Instagram, TikTok, etc.) using yt-dlp. Use when saving a video locally, extracting content for transcription, or archiving video references.

Three.js asset loading - GLTF, textures, images, models, async patterns. Use when loading 3D models, textures, HDR environments, or managing loading progress.

Three.js textures - texture types, UV mapping, environment maps, texture settings. Use when working with images, UV coordinates, cubemaps, HDR environments, or texture optimization.

Extract and formalize domain terminology from the current conversation into a consistent glossary, saved to a local file.

Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source

Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached

'Analyzes malicious VBA macros embedded in Microsoft Office documents (Word, Excel, PowerPoint) to identify download

Perform static analysis of malicious PDF documents using peepdf, pdfid, and pdf-parser to extract embedded JavaScript,

Use Sysinternals Autoruns to systematically identify and analyze malware persistence mechanisms across registry

Parse Office 365 Unified Audit Logs via Microsoft Graph API to detect email forwarding rule creation, inbox delegation,

'Identifies and unpacks UPX-packed and other packed malware samples to expose the original executable code for

Monitor and analyze ransomware group data leak sites (DLS) to track victim postings, extract threat intelligence

Identify ransomware network indicators including C2 beaconing patterns, TOR exit node connections, data exfiltration

Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines,

'Parses and analyzes the Windows Amcache.hve registry hive to extract evidence of program execution, application

Parse Windows Prefetch files using the windowsprefetch Python library to reconstruct application execution history,

Extract and analyze Windows Registry hives to uncover user activity, installed software, autostart entries, and

'Automates the enrichment of raw indicators of compromise with multi-source threat intelligence context using

Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library

'Builds an automated malware submission and analysis pipeline that collects suspicious files from endpoints and

Build effective detection rules using Splunk Search Processing Language (SPL) correlation searches to identify

Build collaborative forensic incident timelines using Timesketch to ingest, normalize, and analyze multi-source

Build an automated pipeline to defang indicators of compromise (URLs, IPs, domains, emails) for safe sharing

OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its

Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and

Build automated threat intelligence enrichment pipelines in Splunk Enterprise Security using lookup tables, modular

Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication,

'Responds to phishing incidents by analyzing reported emails, extracting indicators, assessing credential compromise,

Hardware Security Modules (HSMs) are tamper-resistant physical devices that safeguard cryptographic keys and

Configure microsegmentation policies to enforce least-privilege workload-to-workload access using tools like

'Correlates security events in IBM QRadar SIEM using AQL (Ariel Query Language), custom rules, building blocks,

'Deobfuscates malicious JavaScript code used in web-based attacks, phishing pages, and dropper scripts by reversing

'Detects prompt injection attacks targeting LLM-based applications using a multi-layered defense combining regex