Firebase Firestore, Auth, Storage, real-time listeners, security rules

Progressive Web Apps - service workers, caching strategies, offline, Workbox

Next.js with Supabase and Drizzle ORM

Express/Hono with Supabase and Drizzle ORM

FastAPI with Supabase and SQLAlchemy/SQLModel

Web UI - glassmorphism, Tailwind, dark mode, accessibility

Stripe Checkout, subscriptions, webhooks, customer portal

WooCommerce REST API - products, orders, customers, webhooks

Dynamic multi-repo and monorepo awareness for Claude Code. Analyze workspace topology, track API contracts, and maintain cross-repo context.

makepad-2.0-animation

makepad-2.0-layout

makepad-2.0-troubleshooting

makepad-2.0-widgets

'Curated Swift package ecosystem for WendyOS and Linux. Use when developers mention: (1) Swift packages for Linux or ARM64/AMD64, (2) choosing a Swift library, (3) Swift Package Index, (4) swiftpackageindex.com, (5) what Swift library to use, (6) Swift on WendyOS dependencies, (7) edge computing Swift libraries.'

Three.js interaction - raycasting, controls, mouse/touch input, object selection. Use when handling user input, implementing click detection, adding camera controls, or creating interactive 3D experiences.

>

Perform comprehensive forensic analysis of disk images using Autopsy to recover files, examine artifacts, and

'Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system

Use the Malpedia platform and API to research malware family relationships, track variant evolution, link families

'Analyzes encryption algorithms, key management, and file encryption routines used by ransomware families to

Examine file system slack space, MFT entries, USN journal, and alternate data streams to recover hidden data

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs)

'Auditing Kubernetes cluster RBAC configurations to identify overly permissive roles, wildcard permissions, dangerous

Establish SAML 2.0 identity federation between on-premises Active Directory and Azure AD (Microsoft Entra ID)

'Builds comprehensive identity governance and lifecycle management processes including joiner-mover-leaver automation,

'Builds a structured ransomware incident response playbook aligned with the CISA StopRansomware Guide and NIST

Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents for

Apply bottom-up and top-down role mining techniques to discover optimal RBAC roles from existing user-permission

Build a structured SOC escalation matrix defining severity tiers, response SLAs, escalation paths, and notification

'Builds a structured SOC incident response playbook for ransomware attacks covering detection, containment, eradication,

Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified

Build a vulnerability exception and risk acceptance tracking system with approval workflows, compensating controls

'Responds to malware infections across enterprise endpoints by identifying the malware family, determining infection

Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory.

'Designs and implements VLAN-based network segmentation on managed switches to isolate network zones, enforce

'Configures pfSense firewall rules, NAT policies, VPN tunnels, and traffic shaping to enforce network segmentation,

'Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction

'Executes containment strategies to stop active adversary operations and prevent lateral movement during a confirmed

'Correlates disparate security incidents, IOCs, and adversary behaviors across time and organizations to identify

'Deploys canary files (honeytokens) across file systems to detect ransomware encryption activity in real time.

'Deploys and monitors ransomware canary files across critical directories using Python''s watchdog library for

Deploy and configure Tailscale as a WireGuard-based zero trust mesh VPN with identity-aware access controls,

'This skill teaches security teams how to deploy and operationalize Amazon GuardDuty for continuous threat detection

'Detecting compromised cloud credentials across AWS, Azure, and GCP by analyzing anomalous API activity, impossible

'Detects defense evasion techniques used by adversaries in endpoint logs including log tampering, timestomping,

'Identifies lateral movement techniques in enterprise networks by analyzing authentication logs, network flows,

Detect and prevent QR code phishing (quishing) attacks that bypass traditional email security by embedding malicious

'Detects ransomware encryption activity in real time using entropy analysis, file system I/O monitoring, and

Detect WMI event subscription persistence by analyzing Sysmon Event IDs 19, 20, and 21 for malicious EventFilter,

'Evaluates and selects Threat Intelligence Platform (TIP) products based on organizational requirements including