code-docs-align
Use when the user says '/code-docs-align', 'check if docs match code', 'verify docstrings', 'find stale comments', 'audit TODOs', 'check ref-doc accuracy', 'documentation accuracy', or wants to verify that documentation, docstrings, comments, and ref-docs actually reflect the current state of the code. This skill bridges /code-audit (code quality) and docs-assess (doc coverage) by checking ACCURACY â do the docs match what the code actually does?
technical-seo-audit
Comprehensive technical SEO audit skill that analyses crawl data to identify issues, prioritise actions by business impact, and produce a detailed report plus actionable spreadsheet. Use this skill whenever the user wants to: run a technical SEO audit, analyse a website's technical health, review crawl data from Screaming Frog or Sitebulb, crawl a site via API (Firecrawl or similar), find indexability or crawlability issues, check Core Web Vitals, audit structured data or schema markup, detect cannibalisation or thin content, review redirect chains, find orphan pages, assess site architecture, or produce a prioritised list of SEO fixes. Also trigger when the user uploads a CSV from any crawl tool and asks for analysis, mentions "technical SEO", "site audit", "crawl audit", "SEO health check", or wants to understand why pages are not ranking from a technical perspective. This skill handles everything from data ingestion through to a business-impact-prioritised action plan.
Com.Entity0/Entity Mcp
Access 30+ AI agent essays, CLAUDE.md generator, and readiness assessments.
rails-audit-thoughtbot
Perform comprehensive code audits of Ruby on Rails applications based on thoughtbot best practices. Use this skill when the user requests a code audit, code review, quality assessment, or analysis of a Rails application. The skill analyzes the entire codebase focusing on testing practices (RSpec), security vulnerabilities, code design (skinny controllers, domain models, PORO with ActiveModel), Rails conventions, database optimization, and Ruby best practices. Outputs a detailed markdown audit report grouped by category (Testing, Security, Models, Controllers, Code Design, Views) with severity levels (Critical, High, Medium, Low) within each category.
assess-findings
Triage static analysis findings, assess merit, and accept noise or irrelevant items
decomplect
Architectural code analysis for design quality. Evaluates simplicity (Rich Hickey), functional core/imperative shell (Gary Bernhardt), and coupling (Constantine & Yourdon). Use for design review or architectural assessment.
breaking-change-analysis
Assesses the impact of API changes before implementation to understand what code would break and plan appropriate migration paths. Use when removing methods, changing interfaces, or planning deprecations.
admet-prediction
Predict comprehensive ADMET (Absorption, Distribution, Metabolism, Excretion, Toxicity) properties for drug candidate molecules using GraphMVP ensemble models. Use this skill when: (1) Predicting blood-brain barrier penetration, (2) Assessing side effect profiles, (3) Estimating Caco-2 permeability, half-life, or LD50 toxicity, (4) Evaluating drug-likeness and safety of molecules.
Operant Mcp
Security testing MCP server for penetration testing, forensics, and vulnerability assessment
codebase-architecture-analysis
Analyze a GitHub codebase to create comprehensive architecture documentation including ASCII diagrams, component relationships, data flow, hosting infrastructure, and file structure assessment.
Philadelphia Restoration
Philadelphia water and fire damage restoration: assessment, insurance, costs, and knowledge search.
api-reviewer
Guidelines for reviewing API design in the Hex1b codebase. Use when evaluating public APIs, reviewing accessibility modifiers, or assessing whether new APIs follow project conventions.
ADD Assess Realm
Modular skill for Assess realm support.
Threat Modeling Skill v3.1.0 (20260313a)
AI-native automated software risk analysis skill. LLM-driven, Code-First approach for comprehensive security risk assessment, threat modeling, security testing, penetration testing, and compliance checking.
assessment-design
Evidence-based assessment design with rubrics, feedback strategies, and formative checkpoints. Aligns each assessment to learning objectives using Bloom's taxonomy. Applies Nicol's 7 principles of good feedback practice. Reads from /learning-objectives manifest and extends it with assessment specs. (idstack)
evidence-heavy-evaluator
Generate an evidence-first, read-only repository evaluation report with deterministic scoring and actionable recommendations. Use when the user asks to assess readiness, maintainability, release-readiness, documentation gaps, or engineering health and wants auditable artifacts (`json` + `markdown` + raw command logs).
capture
Capture HTTP traffic from web apps using playwright-cli. Includes site fingerprinting (framework detection, protection checks, iframe detection, auth detection, API discovery) and full traffic recording with tracing and optional HAR output. TRIGGER when: "record traffic from", "capture API calls from", "start Phase 1 for", "analyze traffic from URL", "assess site", "site fingerprint", "start capture for", "open browser for", or any URL is given as the first step of CLI generation. DO NOT trigger for: Phase 2 implementation, test writing, or quality validation.
Word Orb — Vocabulary Intelligence for AI Agents
162K words, 47 languages, 278K lessons, 25K assessments, knowledge graph. Edge-cached.
MCP Server for OSCAL
AI agent tools for Open Security Controls Assessment Language (OSCAL)
code-confidence-map
Assesses code comprehensibility and maintainability risk. Use when the user asks about code confidence, risk, maintainability, tech debt, code health, or whether code is safe to change. Also use when the user asks to analyze code quality, scan for risks, check if code is messy or complex, audit code, do a code checkup, find weak spots, assess what needs refactoring, or asks about code trust, hidden risks, gotchas, or onboarding to a codebase.
Assessing Douyin Creator Fang Qi's Writing Skill; | [Start Chat](https://gptcall.net/chat.html?data=%7B%22contact%22%3A%7B%22id%22%3A%22s46YZ-p7snQFVwtx_4Izl%22%2C%22flow%22%3Atrue%7D%7D)
Douyin;Writing skills;Social media
binary-analysis
Analyze binary files (exe, dll, sys, bin, ocx, scr, cpl, drv) to assess if they are malicious, perform decompilation, extract strings/imports/exports, detect malware, and provide threat assessment. Use this skill when user asks to analyze, examine, check, or assess any binary file, asks if a file is malicious/suspicious/safe, or provides a file path to a binary. Trigger for phrases like "Is [file] malicious?", "Analyze [file]", "What does [binary] do?", or any request involving binary file analysis.
Hardcoded Secrets in Public Code Detection
You are performing a focused security assessment to find hardcoded sensitive data that is exposed in publicly accessible code. This skill uses a three-phase approach with subagents: **recon** (find all potential secret candidates), **batched verify** (confirm each is a real secret in publicly reacha
github-planner
Fetch a GitHub issue and create a detailed implementation plan. Use when given a GitHub issue URL or number to analyze the issue, explore relevant codebase areas, and produce a step-by-step implementation plan with file changes, architecture considerations, and risk assessment.
ai-agent-posture
Use this skill when asked to audit, assess, or report on AI agent security posture across Copilot Studio and Microsoft 365 Copilot agents. Triggers on keywords like "AI agent posture", "agent security audit", "Copilot Studio agents", "agent inventory", "agent authentication", "unauthenticated agents", "agent tools", "MCP tools on agents", "agent knowledge sources", "XPIA risk", "agent sprawl", "AI agent risk", "agent governance", or when investigating AI agent configurations, access policies, tool permissions, or credential exposure. This skill queries the AIAgentsInfo table in Advanced Hunting to produce a comprehensive security posture assessment covering agent inventory, authentication gaps, access control misconfigurations, MCP tool proliferation, knowledge source exposure, XPIA email exfiltration risk, hard-coded credential detection, HTTP request risks, creator governance, and agent sprawl analysis. Supports inline chat and markdown file output.
assessing-breaking-changes
Guides assessment of backward compatibility for MSBuild changes. Consult when modifying behavior, adding warnings or errors, changing defaults, altering target ordering, removing or deprecating features, deciding whether a change needs a ChangeWave, reviewing blast radius of behavioral changes, or when a PR introduces user-visible output differences.
cast-subagents
Use when suggesting exactly one Codex subagent lineup before work begins for multi-lane tasks: branch/PR review across bugs, security, tests, maintainability, docs, or regression risk; codepath tracing plus docs/API verification; option research with tradeoff synthesis; auth/codebase mapping before risk assessment or planning. Advisory only; no auto-spawn; approval required. Do not use for delegated subagent handoffs, trivial single-file fixes, wording-only edits, one fact lookup, unclear requests, or explicit opt-out.