Security scan, dead code detection, and code quality audit for any project

Example template for project-specific skill files covering architecture, patterns, testing, and deployment.

Prompt templates, few-shot examples, chain-of-thought, structured output, evals

Property-based testing (PBT) patterns with fast-check (JS/TS), Hypothesis (Python), and gopter (Go). Generate random inputs, define invariants, shrink failures to minimal cases. Adapted from Trail of Bits. Use when testing pure functions, parsers, serializers, state machines, or any code where example-based tests miss edge cases.

Pythonic idioms, PEP 8 standards, type hints, and best practices for building robust, efficient, and maintainable Python applications.

Python testing strategies using pytest, TDD methodology, fixtures, mocking, parametrization, and coverage requirements.

Query the memory system for relevant learnings from past sessions using semantic search.

Analyze repository structure, patterns, conventions, and documentation for understanding a new codebase

Agent reputation scoring, performance tier system, trust calibration, and task affinity matching

Circuit breaker, bulkhead, retry with jitter, graceful shutdown, health check patterns for production resilience.

RevenueCat SDK entegrasyon pattern'leri. iOS (Swift), Android (Kotlin), React Native ve Flutter icin setup, offerings, entitlement checking, webhook integration, StoreKit 2 migration ve sandbox testing.

Generate design docs, ADRs, and concept docs from existing code by reverse engineering intent

SaaS analytics event taxonomy, metric formulas (MRR, churn, LTV), provider-agnostic tracking, funnel analysis, cohort setup, and privacy-respecting instrumentation.

Pre-launch verification across infrastructure, security, legal, payment, email, analytics, and performance. Day-1 monitoring, rollback plan, incident response skeleton, and post-launch week-1 checklist.

Static Application Security Testing patterns, OWASP Top 10 checklist, language-specific vulnerability patterns, Semgrep rule writing guide, and CI/CD integration. Use when scanning code for security vulnerabilities or writing custom SAST rules.

30+ service-specific secret detection regex patterns, entropy-based detection, PEM/JWT/Base64 identification, and false positive filtering.

Pre-push API key and credential scanner - blocks git push if secrets found

Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.

Self-healing codebase system. Monitors runtime errors, test failures, and build breaks. Automatically diagnoses root cause, generates fix, validates fix, and applies if safe. Zero human intervention for routine failures.

Meta tag patterns, structured data (JSON-LD), Core Web Vitals optimization, and SSR/SSG strategies for search visibility.

Lossless session context compression for token efficiency. Extracts entities, decisions, and state into compact format before context window fills. 10-30x reduction in context size while preserving all actionable information.

Identify dangerous API footguns, surprising default behaviors, and sharp edges in codebases and dependencies. Adapted from Trail of Bits. Use during code review to catch APIs that are easy to misuse, configurations that surprise, and abstractions that leak.

Autonomous skill lifecycle manager. Reviews skill-compounder drafts, promotes high-confidence patterns, merges duplicates, archives low-quality drafts. Zero manual review required - runs on every session start.

Self-evolving skill system. Skills are scored after execution (0-100) on 5 dimensions. Score 90+ over 5 runs = crystallized (locked). Score below 30 = auto-repair attempted. Skills improve themselves through usage feedback.

Dynamic model selection based on task complexity scoring. Replaces static model mappings with a weighted signal system that picks Opus, Sonnet, or Haiku-class speed per task. Works with agent-assignment-matrix.md.

SOC2 Type II compliance - Trust Service Criteria, access controls, audit logging, change management, incident response, evidence collection

Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.

Test-driven development for Spring Boot using JUnit 5, Mockito, MockMvc, Testcontainers, and JaCoCo. Use when adding features, fixing bugs, or refactoring.

Verification loop for Spring Boot projects: build, static analysis, tests with coverage, security scans, and diff review before release or PR.

Abonelik fiyatlama stratejileri. 3-tier framework, price anchoring, charm pricing, regional pricing (18 ulke), introductory offers, win-back campaigns, churn prevention ve A/B testing methodology.

Show how vibecosystem works - agents, skills, hooks, and self-learning pipeline.

Use this skill when writing new features, fixing bugs, or refactoring code. Enforces test-driven development with 80%+ coverage including unit, integration, and E2E tests.

ThoughtWorks Radar model, technology evaluation framework, ADR format, and stack compatibility analysis

Test pyramid decision matrix, coverage targets, when to write which test type, mock vs real dependency decisions, and test ROI analysis.

Run full 5-layer analysis (AST, call graph, CFG, DFG, slice) on a specific function for deep debugging or understanding.

Show full session token usage, costs, TLDR savings, and hook activity

Pre-search topic resolution. Maps vague queries to concrete entities (GitHub orgs, X handles, subreddits, docs URLs) before searching. Run as first step of any research workflow to dramatically improve search precision.

User story generation - INVEST criteria, acceptance criteria (BDD/Given-When-Then), story mapping, epic decomposition, edge case stories, NFR stories

Comprehensive verification system covering build, types, lint, tests, security, and diff review before a PR.

Screenshot comparison QA for frontend development. Takes a screenshot of the current implementation, scores it across multiple visual dimensions, and returns a structured PASS/REVISE/FAIL verdict with concrete fixes. Use when implementing UI from a design reference or verifying visual correctness.

VP Engineering perspective - org design (team topologies), process improvement, cross-team dependencies, engineering culture, OKRs, incident management maturity, platform strategy, DX optimization, release management at scale

- `cargo build` - Build the project

You are a Tier 1 SOC Analyst expert. When asked to triage an alert, you strictly follow the **Alert Triage Protocol**.

Claude Mind - Search and manage Claude's persistent memory stored in a single portable .mv2 file

Claude Mind - Search and manage Claude's persistent memory stored in a single portable .mv2 file

Smart code review skill that helps review code quality, identify potential issues, and provide improvement suggestions.

Git commit message generator that creates conventional commit messages based on code changes.

Automatically generate unit tests based on source code, supporting multiple languages and testing frameworks.

>-

You are the Unity Specialist at Donchitos Game Studio. You are the authority on all