>

>

>

Deep architectural context building for security audits. Use when conducting security reviews, building codebase understanding, mapping trust boundaries, or preparing for vulnerability analysis. Inspired by Trail of Bits methodology.

Use when the user asks to invoke, delegate to, or collaborate with Codex on any task. Also use PROACTIVELY when an independent, non-Claude perspective from Codex would add value — second opinions on code, plans, architecture, or design decisions.

Run a structured 5-pass finishing audit on any website before launch — scoring visual polish, technical foundation, UX completeness, content quality, and cross-device readiness on 100 points. Use when: **Pre-launch** - Final validation before going live; **Post-redesign** - Verify nothing broke during the overhaul; **Client handoff** - Structured proof that the site is ready; **Quarterly review** - Catch accumulated debt; **Single-pass focus** - Run just Pass 2 after a perf sprint

Analyze sentiment in text using ML models. Use when: analyzing customer reviews; processing NPS feedback; monitoring brand mentions; evaluating campaign responses; categorizing support tickets

Master the art of directing voice talent to deliver performances that match your brand vision, using Anne Ganguzza's storytelling approach and industry best practices. Use when: Hiring and briefing voiceover artists for a project; Giving direction during recording sessions; Writing scripts that are easy for talent to deliver; Matching voice characteristics to brand personality; Reviewing auditions and selecting the right talent

Master the essential copywriting frameworks used by top marketers. AIDA, PAS, PASTOR, BAB, FAB, and 4Ps—the building blocks of persuasive copy. Use when: Writing sales copy and need a proven structure; Structuring landing pages, emails, or ads; Overcoming writer's block by following a formula; Teaching copywriting fundamentals to your team; Reviewing copy to identify structural weaknesses

Build high-converting landing pages with proven structure, persuasive sections, and best practices. From hero to footer—every element optimized. Use when: Writing landing pages from scratch; Improving existing underperforming pages; Creating templates for repeatable page types; Structuring lead gen, sales, or product pages; Reviewing pages for conversion optimization

Identify at-risk customers using behavioral signals, engagement patterns, and health indicators before they cancel

Identify upsell and cross-sell opportunities through usage patterns, growth signals, and account behavior analysis

Automate QBR preparation with account summaries, success metrics, challenges, and strategic recommendations

Construisez un système de distribution complet (posting, DM delivery, retargeting, tracking) qui transforme vos hooks en pipeline prévisible, basé sur la méthodologie A4 du Marketing Swarm de Lasse Flagstad. Use when: **Lancer une machine de contenu LinkedIn/X** - Cadence, review flow, posting engine; **Automatiser les DMs après engagement** - Trigger → message → tag → booking; **Installer le retargeting** - Email + Meta/IG pour ne jamais perdre un lead; **Créer un dashboard simple** - Les 6 ...

Analyze and red-flag contracts systematically, identifying risks, unfavorable terms, and negotiation opportunities

Assess customer account health using product usage, support sentiment, payment status, and relationship signals

Assess deal health and identify at-risk opportunities using engagement signals, stakeholder mapping, and velocity analysis

Generate predictive pipeline forecasts with confidence intervals and scenario modeling for revenue planning

Create and maintain MEDDIC/MEDDPICC deal scorecards for pipeline hygiene, forecast accuracy, and deal coaching

Perform thorough code reviews focusing on unused code, duplications, coding patterns, bugs, and optimizations. Use when user wants code reviewed or audited. Read-only - outputs findings without making changes.

- **Chrome browser** with Claude in Chrome extension (for reading store reviews)

Detects and analyzes ambiguous language in software requirements and user stories. Use when reviewing requirements documents, user stories, specifications, or any software requirement text to identify vague quantifiers, unclear scope, undefined terms, missing edge cases, subjective language, and incomplete specifications. Provides detailed analysis with clarifying questions and suggested improvements.

Design and review APIs with suggestions for endpoints, parameters, return types, and best practices. Use when designing new APIs from requirements, reviewing existing API designs, generating API documentation, or getting implementation guidance. Supports REST APIs with focus on endpoint structure, request/response schemas, authentication, pagination, filtering, versioning, and OpenAPI specifications. Triggers when users ask to design, review, document, or improve APIs.

Automatically generates change logs from git commits, patches, and pull requests. Use when preparing software releases, creating version summaries, or maintaining CHANGELOG.md files. Analyzes commit messages (including conventional commits), diff/patch files, and PR data to produce categorized Markdown change logs organized by type (Features, Bug Fixes, Breaking Changes, etc.). Ideal for release notes, version updates, and automated changelog maintenance.

Generates clear and structured pull request descriptions from code changes. Use when Claude needs to: (1) Create PR descriptions from git diffs or code changes, (2) Summarize what changed and why, (3) Document breaking changes with migration guides, (4) Add technical details and design decisions, (5) Provide testing instructions, (6) Enhance descriptions with security, performance, and architecture notes, (7) Document dependency changes. Takes code changes as input, outputs comprehensive PR description in Markdown.

Suggest and apply code refactorings to improve readability, maintainability, and code quality. Use this skill when improving existing code structure, eliminating code smells, applying design patterns, simplifying complex logic, extracting duplicated code, renaming for clarity, or preparing code for new features. Provides specific before/after examples, explains benefits, identifies risks, and ensures behavior preservation through tests.

Conduct comprehensive code reviews identifying bugs, security issues, performance problems, code quality concerns, and best practice violations. Use when reviewing pull requests, examining code changes, evaluating new code, assessing code quality, or providing feedback on implementations. Analyzes code for correctness, security vulnerabilities, performance bottlenecks, maintainability issues, test coverage, documentation quality, and adherence to coding standards. Produces structured markdown reviews with categorized findings, severity ratings, specific examples, and actionable recommendations. Triggers when users ask to review code, check pull requests, evaluate implementations, find bugs, or assess code quality.

Identify and report code smells indicating poor design or maintainability issues in Python code, including duplicate code, magic numbers, hardcoded values, God classes, feature envy, inappropriate intimacy, data clumps, primitive obsession, and long parameter lists. Use when conducting code quality audits, preparing for refactoring, improving codebase maintainability, or performing design reviews. Produces markdown reports with severity ratings, locations, descriptions, and specific refactoring recommendations with before/after examples. Triggers when users ask to find code smells, identify design issues, suggest refactorings, improve code quality, or detect maintainability problems.

Identifies and analyzes conflicts in software requirements including logical contradictions, technical incompatibilities, resource constraints, timeline issues, data conflicts, and stakeholder priority mismatches. Use when reviewing requirement sets, specifications, user stories, or project plans to detect conflicts that could block implementation or cause rework. Provides detailed conflict analysis with resolution strategies and impact assessment.

Analyzes code to identify security-critical time intervals and timing vulnerabilities in authentication, authorization, and time-sensitive security operations. Use this skill when reviewing code for proper timeout enforcement, token expiration, session management, rate limiting, password reset validity, or any time-sensitive security mechanism. Detects missing expiration checks, excessive timeout values, lack of rate limiting, client-side only validation, hardcoded timeouts, and timing attack vulnerabilities. Triggers when users ask to check security timeouts, verify token expiration handling, audit session timeout implementation, review rate limiting, or analyze time-based security controls.

Generate prioritized CVE watchlists and actionable security recommendations for repositories. Use when analyzing CVE scan results, creating security reports, prioritizing vulnerability remediation, or generating security gate reports for CI/CD. Takes CVE scan results (JSON/SARIF from npm audit, pip-audit, Snyk), reachability analysis, and cutoff date as input. Combines severity, reachability, exploitability, and dependency criticality to rank CVEs by practical risk. Outputs markdown reports with concrete next-step guidance (immediate upgrade, monitor, ignore with justification, apply mitigation) suitable for issue trackers, security reviews, and CI security gates.

Identify and analyze unused or redundant code including unused functions/methods, unused variables/imports, unreachable code, and redundant conditions. Use when cleaning up codebases, improving maintainability, reducing technical debt, or conducting code quality audits. Analyzes Python code using AST analysis and produces markdown reports listing dead code locations with line numbers, severity ratings, and recommendations. Triggers when users ask to find dead code, remove unused code, identify unused imports, find unreachable code, or clean up redundant logic.

Identify design quality issues in code including high coupling, low cohesion, God classes, long methods, and other code smells. Use when: (1) Reviewing code architecture and design quality, (2) Identifying refactoring opportunities, (3) Detecting God classes or classes with too many responsibilities, (4) Finding high coupling or low cohesion issues, (5) Analyzing code maintainability and technical debt. Detects coupling smells, cohesion problems, complexity issues, size violations, and encapsulation problems with actionable refactoring suggestions.

Unified GitHub triage for issues AND PRs. Classifies open items, answers questions from codebase, analyzes bugs, reviews PRs, and produces a structured triage report. Triggers: 'triage', 'triage issues', 'triage PRs', 'github triage'.

Automatically generate user-facing release notes from git commits, pull requests, changelogs, and code changes. Use when preparing software releases, creating version announcements, documenting what changed between versions, or communicating updates to users. Analyzes commit messages, PR descriptions, and code diffs to produce categorized markdown release notes organized by New Features, Improvements, Bug Fixes, and Breaking Changes. Focuses on user-visible changes while filtering out internal/technical details. Triggers when users ask to generate release notes, create changelog, write version announcement, or summarize changes for a release.

Verify that design documents, code implementations, and tests fully cover all specified requirements. Use this skill when validating requirement traceability, conducting design reviews, assessing implementation completeness, checking test coverage against requirements, performing compliance audits, or identifying missing functionality. Produces coverage reports showing which requirements are satisfied, partially satisfied, or missing.

Hardware verification tool for checking functional equivalence between two RTL designs (Verilog). Use when users need to: (1) Verify if two RTL versions are functionally equivalent, (2) Compare original vs. refactored RTL code, (3) Validate design changes or optimizations, (4) Identify semantic vs. cosmetic differences, (5) Generate counterexamples for non-equivalent designs. Analyzes interface alignment, state variables, logic differences, and produces detailed equivalence verdicts with plain language explanations. Particularly effective for design verification, code reviews, and regression testing of RTL modifications.

Analyze source code statically to detect potential functional bugs including null dereferences, incorrect condition checks, unreachable code, inconsistent state updates, logic errors, resource leaks, and type mismatches. Report suspicious code locations with detailed explanations, severity levels, and confidence assessments. Use when reviewing code for bugs, performing code audits, or when the user asks to find bugs, detect issues, analyze code for problems, or perform static analysis.

Verify code correctness statically against specifications using type checking, contract verification, and formal methods. Use when: (1) Verifying type safety and null safety in Python, Java, or C/C++ code, (2) Checking design-by-contract specifications (preconditions, postconditions, invariants), (3) Validating code against formal specifications, (4) Ensuring code quality and correctness before runtime, (5) Finding potential bugs through static analysis. Supports Python (mypy, contracts), Java (javac, JML), and provides verification scripts and contract specification guidelines.

Statically analyze code to detect security vulnerabilities including buffer overflows, injection risks (SQL, command, XSS), insecure deserialization, improper authentication, hard-coded credentials, and unsafe cryptography. Use when: (1) Performing security code review, (2) Analyzing code for OWASP Top 10 vulnerabilities, (3) Identifying CWE-classified weaknesses, (4) Generating security audit reports, (5) Reviewing code before deployment, or (6) Assessing third-party code security. Findings categorized by CWE ID and severity (Critical/High/Medium/Low).

Detect and analyze areas with high maintenance cost, poor design, or accumulated technical debt. Use this skill when reviewing codebases for quality issues, planning refactoring efforts, conducting code audits, assessing project health, identifying maintenance hotspots, or prioritizing technical improvements. Analyzes code smells, architectural issues, dependency problems, test quality, documentation gaps, and provides actionable recommendations with priority rankings.

Scan repositories for newly disclosed CVEs in dependencies after a specific cutoff date. Takes a repository path, cutoff date (YYYY-MM-DD), and optional parameters for transitive dependencies. Parses dependency manifests (package.json, pom.xml, requirements.txt, go.mod, Cargo.toml) and lockfiles to extract exact versions. Queries vulnerability databases (OSV.dev, NVD, GitHub Advisory) to identify CVEs disclosed strictly after the cutoff date. Distinguishes between newly disclosed CVEs and previously known CVEs. Use when: (1) Performing security audits to find new vulnerabilities since last review, (2) Checking if new CVEs affect a historical codebase version, (3) Generating compliance reports showing vulnerability status at specific dates, (4) Tracking security posture changes over time. Supports npm, Maven, pip, Go modules, Cargo, and other major ecosystems.

Detects security vulnerabilities by matching code against known vulnerability patterns, insecure coding idioms, and CVE-style patterns. Explains why patterns are risky and under what conditions they are exploitable. Use when analyzing code for security issues, reviewing for common vulnerabilities, or assessing exploitability of suspicious code patterns.

Analyze, re-engineer, or bootstrap projects to align with AI-first design principles. Use when asked to review, audit, improve, 'ai-firstify', or start a new project. Performs deep analysis across 7 dimensions, actively restructures existing projects, or guides new project setup through discovery questions. Based on the 9 design principles and 7 design patterns from the TechWolf AI-First Bootcamp.

Analyze engagement patterns across published posts to identify what works. Use when asked to review performance, find successful patterns, or optimize future content.

Evidence gathering for performance review cycles. Gathers goal completion evidence, peer feedback, development progress, scope changes, and values alignment, organised along the org's performance framework dimensions, with organizational values as the 'how' lens. Surfaces evidence gaps. Never suggests ratings, only organises evidence for the manager's judgment.

Helps managers cut through noise and identify their highest-leverage actions for the day or week. Aggregates signals from calendar, triage, team context, and OKRs/goals. Presents a suggested focus list grouped by urgency, importance, and investment. The manager reviews and adjusts. Supports effective execution and prioritisation.

Defines REST and GraphQL API contracts including endpoints, request/response schemas, auth flows, and versioning strategy. Use when designing a new API, reviewing an API spec, or when the user mentions API design, OpenAPI, or endpoint contracts.

Provides a comprehensive code review checklist for pull requests covering security, performance, maintainability, and testing. Use as a reference during code reviews or when the user asks for a review checklist.

Performs architectural and quality code review checking coding standards, SOLID principles, architectural compliance, and common software issues. Use when reviewing a file or directory before merge, or when the user mentions code review, PR review, or quality check.