mcp-security-audit

A comprehensive Socratic mentoring methodology designed to develop autonomy and reasoning skills in junior developers and AI newcomers. Guides through questions rather than answers — never solves prob

'Analyze chatmode or prompt files and recommend optimal AI models based on task complexity, required capabilities, and cost-efficiency'

Guides Qdrant query latency optimization. Use when someone asks 'search is slow', 'how to reduce latency', 'p99 is too high', 'tail latency', 'single query too slow', 'how to make search faster', or 'latency spikes'.

'Install npm packages in a Docker sandbox environment. Use this skill whenever you need to install, reinstall, or update node_modules inside a container where the workspace is mounted via virtiofs. Native binaries (esbuild, lightningcss, rollup) crash on virtiofs, so packages must be installed on the local ext4 filesystem and symlinked back.'

'Guide for configuring and managing GitHub secret scanning, push protection, custom patterns, and secret alert remediation. For pre-commit secret scanning in AI coding agents via the GitHub MCP Server, this skill references the Advanced Security plugin (`advanced-security@copilot-plugins`). Use this skill when enabling secret scanning, setting up push protection, defining custom patterns, triaging alerts, resolving blocked pushes, or when an agent needs to scan code for secrets before committing.'

'Find and explore Windows desktop APIs. Use when building features that need platform capabilities — camera, file access, notifications, UI controls, AI/ML, sensors, networking, etc. Discovers the right API for a task and retrieves full type details (methods, properties, events, enumeration values).'

Strategic guide for becoming an effective GitHub contributor. Covers opportunity discovery, project selection, high-quality PR creation, and reputation building. Use when looking to contribute to open-source projects, building GitHub presence, or learning contribution best practices.

Analyze and reclaim macOS disk space through intelligent cleanup recommendations. This skill should be used when users report disk space issues, need to clean up their Mac, or want to understand what's consuming storage. Focus on safe, interactive analysis with user confirmation before any deletions.

>

UnoCSS instant atomic CSS engine, superset of Tailwind CSS. Use when configuring UnoCSS, writing utility rules, shortcuts, or working with presets like Wind, Icons, Attributify.

A complete system for building profitable software products without bloat, bureaucracy, or burnout. Over fifteen years, 37signals distilled their approach into three books: *Getting Real* (2006) estab

Framework for building a sustainable, weekly practice of customer discovery that keeps product teams making progress toward desired outcomes. Rather than treating discovery as a phase that happens bef

A principled approach to building reliable, scalable, and maintainable data systems. Apply these principles when choosing databases, designing schemas, architecting distributed systems, or reasoning a

Framework for building products customers love by structuring empowered teams that solve hard problems through continuous discovery and delivery. Based on a fundamental truth: the best product compani

Framework for designing, deploying, and operating production-ready software systems. Based on a fundamental truth: the software that passes QA is not the software that survives production. Production

>

>

>

>

>

>

>

>

>

iFlytek Image Understanding (图片理解) — analyze and answer questions about images using Spark Vision model. WebSocket API, pure Python stdlib, no pip dependencies.

Comprehensive smart contract security audit framework with multi-expert analysis. Use for full audits of Ethereum / EVM Solidity and Vyper, Solana / SVM Anchor Rust, TON / FunC / Tact, or Sui / Move projects.

Investigate and remediate data quality alerts using Monte Carlo MCP tools. Runs root cause analysis, assesses blast radius, discovers available tools (MCP/CLI/API), proposes and executes fixes, or escalates with full context when uncertain.

Use this skill inside a Hermes conversation when a user wants Hermes to deploy hermes-arxiv-agent end to end in either local/Feishu mode or optional GitHub Pages mode, including cloning the appropriate repo, installing Python dependencies, generating the correct cron prompt, and creating a daily cron job.

\ud83d\udd28 Andru.ia Skill-Smith (The Forge) workflow skill. Use this skill when the user needs Ingeniero de Sistemas de Andru.ia. Dise\u00f1a, redacta y despliega nuevas habilidades (skills) dentro del repositorio siguiendo el Est\u00e1ndar de Diamante and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Agent Orchestrator workflow skill. Use this skill when the user needs Meta-skill que orquestra todos os agentes do ecossistema. Scan automatico de skills, match por capacidades, coordenacao de workflows multi-skill e registry management and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Agent Orchestrator workflow skill. Use this skill when the user needs Meta-skill que orquestra todos os agentes do ecossistema. Scan automatico de skills, match por capacidades, coordenacao de workflows multi-skill e registry management and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

ai-engineer workflow skill. Use this skill when the user needs Build production-ready LLM applications, advanced RAG systems, and intelligent agents. Implements vector search, multimodal AI, agent orchestration, and enterprise AI integrations and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

App Builder - Application Building Orchestrator workflow skill. Use this skill when the user needs Main application building orchestrator. Creates full-stack applications from natural language requests. Determines project type, selects tech stack, coordinates agents and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

AppDeploy Skill workflow skill. Use this skill when the user needs Deploy web apps with backend APIs, database, and file storage. Use when the user asks to deploy or publish a website or web app and wants a public URL. Uses HTTP API via curl and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Architecture Decision Framework workflow skill. Use this skill when the user needs Architectural decision-making framework. Requirements analysis, trade-off evaluation, ADR documentation. Use when making architecture decisions or analyzing system design and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Asana Automation via Rube MCP workflow skill. Use this skill when the user needs Automate Asana tasks via Rube MCP (Composio): tasks, projects, sections, teams, workspaces. Always search tools first for current schemas and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Astro Web Framework workflow skill. Use this skill when the user needs Build content-focused websites with Astro \u2014 zero JS by default, islands architecture, multi-framework components, and Markdown/MDX support and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Deep Context Builder Skill (Ultra-Granular Pure Context Mode) workflow skill. Use this skill when the user needs Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Authentication & Authorization Implementation Patterns workflow skill. Use this skill when the user needs Build secure, scalable authentication and authorization systems using industry-standard patterns and modern best practices and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

\ud83d\udd79\ufe0f Autonomous Agent Patterns workflow skill. Use this skill when the user needs Design patterns for building autonomous coding agents, inspired by Cline and OpenAI Codex and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Avalonia Layout with Zafiro.Avalonia workflow skill. Use this skill when the user needs Guidelines for modern Avalonia UI layout using Zafiro.Avalonia, emphasizing shared styles, generic components, and avoiding XAML redundancy and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Avalonia ViewModels with Zafiro workflow skill. Use this skill when the user needs Optimal ViewModel and Wizard creation patterns for Avalonia using Zafiro and ReactiveUI and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Avalonia Zafiro Development workflow skill. Use this skill when the user needs Mandatory skills, conventions, and behavioral rules for Avalonia UI development using the Zafiro toolkit and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Axiom \u2014 First-Principles Assumption Auditor / \u7b2c\u4e00\u6027\u539f\u7406\u62c6\u89e3\u5668 workflow skill. Use this skill when the user needs First-principles assumption auditor. Classifies each hidden assumption (fact / convention / belief / interest-driven), ranks by fragility \u00d7 impact, and rebuilds conclusions from verified premises. Bilingual: auto-detects Chinese or English and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Axiom \u2014 First-Principles Assumption Auditor / \u7b2c\u4e00\u6027\u539f\u7406\u62c6\u89e3\u5668 workflow skill. Use this skill when the user needs First-principles assumption auditor. Classifies each hidden assumption (fact / convention / belief / interest-driven), ranks by fragility \u00d7 impact, and rebuilds conclusions from verified premises. Bilingual: auto-detects Chinese or English and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Azure Developer CLI (azd) Container Apps Deployment workflow skill. Use this skill when the user needs Deploy containerized frontend + backend applications to Azure Container Apps with remote builds, managed identity, and idempotent infrastructure and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Azure Developer CLI (azd) Container Apps Deployment workflow skill. Use this skill when the user needs Deploy containerized frontend + backend applications to Azure Container Apps with remote builds, managed identity, and idempotent infrastructure and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Azure AI Anomaly Detector SDK for Java workflow skill. Use this skill when the user needs Build anomaly detection applications with Azure AI Anomaly Detector SDK for Java. Use when implementing univariate/multivariate anomaly detection, time-series analysis, or AI-powered monitoring and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

Azure AI Anomaly Detector SDK for Java workflow skill. Use this skill when the user needs Build anomaly detection applications with Azure AI Anomaly Detector SDK for Java. Use when implementing univariate/multivariate anomaly detection, time-series analysis, or AI-powered monitoring and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.