Conduct forensic investigations in cloud environments by collecting and analyzing logs, snapshots, and metadata

Execute a phased DMARC rollout from p=none monitoring through p=quarantine to p=reject enforcement, ensuring

'Performs interactive dynamic malware analysis using the ANY.RUN cloud sandbox to observe real-time execution

'Perform comprehensive ICS/OT asset discovery using Claroty xDome platform, leveraging passive monitoring, Claroty

Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment,

'Automates Indicator of Compromise (IOC) enrichment by orchestrating lookups across VirusTotal, AbuseIPDB, Shodan,

Perform forensic investigation of Linux system logs including syslog, auth.log, systemd journal, kern.log, and

Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives

Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct

'This skill covers conducting cybersecurity assessments of electric power grid infrastructure including generation

'Executes a structured ransomware incident response from initial detection through containment, forensic analysis,

'This skill covers implementing Software Composition Analysis (SCA) using Snyk to detect vulnerable open-source

Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant

'Automates SOC 2 Type II audit preparation including gap assessment against AICPA Trust Services Criteria (CC1-CC9),

Build comprehensive forensic super-timelines using Plaso (log2timeline) to correlate events across file systems,

Perform comprehensive Windows forensic artifact analysis using Eric Zimmerman's open-source EZ Tools suite including

'This skill provides step-by-step procedures for identifying and remediating Amazon S3 bucket misconfigurations

'Securing API Gateway endpoints with AWS WAF by configuring managed rule groups for OWASP Top 10 protection,

'Securing AWS Lambda execution roles by implementing least-privilege IAM policies, applying permission boundaries,

'This skill covers hardening GitHub Actions workflows against supply chain attacks, credential theft, and privilege

>

This skill covers production-grade techniques for evaluating LLM outputs using LLMs as judges. It synthesizes research from academic papers, industry practices, and practical implementation experience

Evaluate agent systems differently from traditional software because agents make dynamic decisions, are non-deterministic between runs, and often lack single correct answers. Build evaluation framewor

Verify every `\cite{...}` in a paper against three independent layers:

Monitor: $ARGUMENTS

Compile the LaTeX paper and fix any issues: **$ARGUMENTS**

A kubectl/docker-style CLI for managing GPU compute jobs on the Qizhi (启智) platform.

Use this skill whenever the user asks about Apple apps — Reminders, Calendar, Contacts, Notes, Mail, or tmux sessions. This includes creating/completing reminders, checking/adding calendar events, looking up contacts, reading/writing notes, sending/reading email, and capturing tmux session content. Also use this skill when the user mentions tasks, todos, scheduling, birthdays, free time slots, or end-of-day summaries. The bridges are CLI tools installed at ~/.claude/ that give Claude Code native access to these Apple apps on macOS.

ClawHub reputation checker for clawsec-suite. Adds a standalone reputation gate before guarded skill installation.

Security advisory feed package for OpenClaw-related threats and vulnerabilities. The upstream feed is updated daily; local automation is handled by clawsec-suite or the operator.

Drift detection + baseline integrity guard for agent workspace files with automatic alerting support

>

>

>

>

>

>

>

PCBWay PCB fabrication and assembly — turnkey/consigned assembly, design rules, ordering workflow. Alternative to JLCPCB for manufacturing. Use with KiCad. Use this skill when the user mentions PCBWay, needs turnkey assembly (PCBWay sources parts by MPN), has parts not available on LCSC, needs assembled boards with non-LCSC components, wants to compare PCBWay vs JLCPCB, or needs assembly with parts sourced globally rather than from LCSC only. For gerber/CPL export, stencil ordering, and BOM management, see the `bom` skill.

Proven workflow architectural patterns from real n8n workflows. Use when building new workflows, designing workflow structure, choosing workflow patterns, planning workflow architecture, or asking about webhook processing, HTTP API integration, database operations, AI agent workflows, batch processing, or scheduled tasks. Always consult this skill when the user asks to create, build, or design an n8n workflow, automate a process, or connect services — even if they don't explicitly mention 'patterns'. Covers webhook, API, database, AI, batch processing, and scheduled automation architectures.

>

Create, search, and manage Bear notes via grizzly CLI.

>

>

Cobra commands in cmd/ package, flag conventions

Build applications powered by GitHub Copilot using the Copilot SDK. Use when creating programmatic integrations with Copilot across Node.js/TypeScript, Python, Go, or .NET. Covers session management, custom tools, streaming, hooks, MCP servers, BYOK providers, session persistence, and custom agents. Requires GitHub Copilot CLI installed and a GitHub Copilot subscription (unless using BYOK).

Implement features using the senior-developer agent

Pick the terminal background color Ralph uses to distinguish its terminal from Claude Code.

UI/UX - design system, accessibility. Use when building interfaces.

name: focus-shepherd