Envelope encryption is a strategy where data is encrypted with a data encryption key (DEK), and the DEK itself

Configure SAML 2.0 single sign-on for Google Workspace with a third-party identity provider, enabling centralized

'Deploys canary files, honeypot shares, and decoy systems to detect ransomware activity at the earliest possible

Deploy SailPoint IdentityNow or IdentityIQ for identity governance and administration. Covers identity lifecycle

Implement Just-In-Time (JIT) access provisioning to eliminate standing privileges by granting temporary, time-bound

'Implementing microsegmentation using Akamai Guardicore Segmentation to map application dependencies, create

'This skill covers implementing North American Electric Reliability Corporation Critical Infrastructure Protection

'Implements 802.1X port-based network access control using RADIUS authentication, PacketFence NAC, and switch

Deploy and manage network honeypots using OpenCanary, T-Pot, or Cowrie to detect unauthorized access, lateral

Configure and deploy Palo Alto Networks next-generation firewalls with App-ID, User-ID, zone-based policies,

Deploy CyberArk Privileged Access Management to discover, vault, rotate, and monitor privileged credentials across

Deploy and configure Proofpoint Email Protection as a secure email gateway to detect and block phishing, malware,

Harden Kubernetes Role-Based Access Control by implementing least-privilege policies, auditing role bindings,

Implement eBPF-based runtime security observability and enforcement in Kubernetes clusters using Cilium Tetragon

Implement SAML 2.0 Single Sign-On (SSO) using Okta as the Identity Provider (IdP). This skill covers end-to-end

Tune SIEM detection rules to reduce false positives by analyzing alert volumes, creating whitelists, adjusting

Deploy CyberArk Secure Cloud Access to eliminate standing privileges in hybrid and multi-cloud environments using

Implement NextDNS as a zero trust DNS filtering layer with encrypted resolution, threat intelligence blocking,

Deploy Google BeyondCorp Enterprise zero trust access controls using Identity-Aware Proxy (IAP), context-aware

Implement HashiCorp Boundary for identity-aware zero trust infrastructure access management with dynamic credential

'Investigates phishing email incidents from initial user report through header analysis, URL/attachment detonation,

'This skill covers implementing Okta as a centralized identity provider for cloud environments, configuring SSO

'Monitors dark web forums, marketplaces, paste sites, and ransomware leak sites for mentions of organizational

'Monitors Modbus TCP traffic on SCADA and ICS networks to detect anomalous function code usage, unauthorized

The Common Vulnerability Scoring System (CVSS) is the industry standard framework maintained by FIRST (Forum

'Reverse engineers malicious Android APK files using JADX decompiler to analyze Java/Kotlin source code, identify

Harbor is an open-source container registry that provides security features including vulnerability scanning

Context is the complete state available to a language model at inference time — system instructions, tool definitions, retrieved documents, message history, and tool outputs. Context engineering is th

Use when experiments complete to judge what claims the results support, what they don't, and what evidence is still missing. Codex MCP evaluates results against intended claims and routes to next action (pivot, supplement, or confirm). Use after experiments finish — before writing the paper or running ablations.

Turn a refined research proposal or method idea into a detailed, claim-driven experiment roadmap. Use after `research-refine`, or when the user asks for a detailed experiment plan, ablation matrix, evaluation protocol, run order, compute budget, or paper-ready validation that supports the core problem, novelty, simplicity, and any LLM / VLM / Diffusion / RL-based contribution.

Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot

JLCPCB PCB fabrication and assembly — BOM/CPL generation, basic vs extended parts, assembly constraints, design rules, ordering workflow. Use with KiCad for JLCPCB manufacturing. Use this skill when the user mentions JLCPCB, wants to order PCBs or assembled boards, needs prototype bare PCBs and stencils, wants to know JLCPCB design rules and capabilities, or is asking about PCB manufacturing costs or turnaround times. For gerber/CPL export, stencil ordering, and BOM management, see the `bom` skill.

Lobster executes multi-step workflows with approval checkpoints. Use it when:

Set up and use 1Password CLI for sign-in, desktop integration, and reading or injecting secrets.

List, add, edit, complete, or delete Apple Reminders and reminder lists via remindctl.

Audit and harden hosts running OpenClaw for SSH, firewall, updates, exposure, cron checks, and risk posture.

iMessage/SMS CLI for listing chats, history, and sending messages via Messages.app.

Diagnose OpenClaw Android, iOS, or macOS node pairing, QR/setup code, route, auth, and connection failures.

Summarize or transcribe URLs, YouTube/videos, podcasts, articles, transcripts, PDFs, and local files.

Get current weather, rain, temperature, and forecasts for locations or travel planning.

Modular Design Principles workflow skill. Use this skill when the user needs > and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

When the user wants to plan a posting schedule, create a content calendar, or organize when and what to post. Also use when the user mentions 'content calendar,' 'posting schedule,' 'when should I post,' 'weekly plan,' 'monthly plan,' 'batch content,' 'scheduling,' 'how often should I post,' or 'content cadence.' For deciding what topics to cover, see content-strategy-sms. For writing the actual posts, see post-writer-sms.

Embrace simplicity in your code by removing unnecessary complexity. Focus on writing clear and concise code that serves its purpose without over-engineering.

Manage multi-agent Telegram group collaboration for OpenClaw. Use when: (1) adding a new agent/bot to the team, (2) removing an agent, (3) listing current agents, (4) diagnosing multi-agent configuration issues, (5) clearing session caches, (6) syncing workspace team info. Triggers: 'multiagent', 'add agent', 'remove agent', 'agent doctor', 'agent list', 'clear sessions', 'multi-agent'.

Creates landing page copy using the Landing Page Copy prompt from jeffbailey.us. Direct shortcut — use when the user says /write:landing-page-copy.

This document defines the Claude Code skill for troubleshooting etcd issues on two-node OpenShift clusters with fencing topology. When activated, Claude becomes an expert etcd/Pacemaker troubleshooter

Triage and prioritize Linear backlog. Analyzes issues for staleness, blockers, and suggests priorities based on dependencies and capacity.

Agent execution engine that composes prompts, routes models, and writes run artifacts. Use when launching subagent runs.

Implement a GitHub issue by exploring the codebase, planning, and creating a PR

<SUBAGENT-STOP>