backend
1.2K
graphql-design
GraphQL schema design, resolver patterns, subscriptions, DataLoader for N+1 prevention, and error handling
rohitg00
development
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
backend
1.2K
serving-llms-vllm
Serves LLMs with high throughput using vLLM's PagedAttention and continuous batching. Use when deploying production LLM APIs, optimizing inference latency/throughput, or serving models with limited GPU memory. Supports OpenAI-compatible endpoints, quantization (GPTQ/AWQ/FP8), and tensor parallelism.
math-inc
development
backend
1.2K
setup-portless
Sets up Portless for a project to replace port numbers with stable named .localhost URLs. Use when configuring local development routing, fixing port conflicts, or setting up monorepo dev environments.
qdhenry
development
backend
1.1K
golang-samber-oops
Structured error handling in Golang with samber/oops — error builders, stack traces, error codes, error context, error wrapping, error attributes, user-facing vs developer messages, panic recovery, and logger integration. Apply when using or adopting samber/oops, or when the codebase already imports github.com/samber/oops.
samber
development
backend
1.1K
ctf-reverse
CTF 逆向工程技术。当挑战提供未知二进制文件需要分析算法逻辑、游戏客户端需要破解验证、混淆代码需要还原、自定义 VM 需要解释执行时使用。覆盖 Ghidra/IDA 静态分析、GDB/Frida 动态调试、反调试绕过、WASM/.NET/APK/Python 字节码/Go/Rust 多平台逆向
wgpsec
development
backend
1.1K
api-fuzz
REST/GraphQL API 安全测试方法论。当目标有 API 端点(/api/、JSON 响应)、Swagger/OpenAPI 文档暴露、通过 js-api-extract 或目录扫描获得端点列表时使用。覆盖 API 发现、认证测试、框架识别、语义分析智能 Fuzz(根据端点语义推断参数名/类型/业务含义构造精准 payload)、Prototype Pollution、请求走私。IDOR → idor-methodology | GraphQL → graphql-methodology | CSRF → csrf-methodology。任何涉及 API 端点安全测试、参数发现、权限边界测试的场景都应使用此 skill
wgpsec
development
backend
1.1K
mobile-backend
移动 App 后端 API 安全测试。当目标是移动应用的后端接口、发现 /api/v1/ 等移动端 API 路径、或需要测试 App 与服务器之间的通信安全时使用。覆盖 API 端点发现、认证机制测试、业务逻辑漏洞、移动端特有的安全问题
wgpsec
development
backend
1.1K
database-lateral-pivot
数据库横向移动与跨库攻击。当已获取一个数据库权限(PostgreSQL/MySQL/MSSQL)需要横向到其他数据库或内网服务时使用。覆盖 PostgreSQL dblink 跨库连接、MSSQL Linked Server 横向、MySQL 联邦引擎跨库、数据库→SSRF→内网探测。当目标网络隔离但数据库可通信时(数据库通常有比应用服务器更宽松的网络策略),这是突破隔离的关键路径。发现任何数据库间通信需求、内网数据库横向、跨库查询场景都应使用此技能
wgpsec
development
backend
1.1K
browser-xterm-interaction
Playwright Browser MCP 与 xterm.js 终端交互方法论。当需要通过浏览器操作网页内嵌终端、CTF 靶场伪终端、Cloud Shell、在线 IDE 中的终端时使用。覆盖终端内容读取(5 种方法)、命令执行、输出捕获、screenshot 降级策略。只要目标页面中有任何形式的 Web 终端(xterm.js/hterm/jQuery Terminal),就应使用此技能
wgpsec
development
backend
1.1K
responder-poison
使用 Responder 进行 LLMNR/NBT-NS/MDNS 投毒和 NTLMv2 哈希捕获。当处于 Windows 域网络中、需要被动捕获凭据或进行中间人攻击时使用。Responder 监听网络中的名称解析广播请求(LLMNR/NBT-NS/MDNS),伪造响应诱使目标发送 NTLMv2 认证哈希。抓到的哈希可用 hashcat 离线破解或通过 ntlmrelayx 中继到其他服务。涉及 LLMNR 投毒、NBT-NS 投毒、WPAD 代理、NTLMv2 捕获、中间人攻击的场景使用此技能
wgpsec
development
backend
1.1K
zombie-brute
使用 zombie 进行多协议暴力破解。zombie 是 chainreactors 出品的高性能暴力破解工具,支持 SSH/FTP/MySQL/MSSQL/PostgreSQL/Redis/SMB/RDP/SNMP/LDAP/VNC 等 20+ 协议,内置智能字典生成和分布式模式。与 hydra 的区别:zombie 支持更多协议、更快的并发、以及基于规则的字典生成。当需要批量弱口令检测、凭据喷洒时使用此技能
wgpsec
development
backend
1.1K
mcp-builder
Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).
dp-archive
development
backend
1.1K
plan-route
Plan a route and return distance + ETA (schema + deterministic result).
trpc-group
development
backend
1.1K
alchemy
Blockchain API access via Alchemy. Use when an agent needs to query blockchain data (balances, token prices, NFT ownership, transfer history, transaction simulation, gas estimates) across Ethereum, Base, Arbitrum, BNB, Polygon, Solana, and more. Supports API key access ($ALCHEMY_API_KEY), x402 wallet-based pay-per-request (SIWE/SIWS + USDC), and MPP protocol (SIWE + Tempo/Stripe). Triggers on mentions of RPC, blockchain data, onchain queries, token balances, NFT metadata, portfolio data, webhooks, Alchemy, x402, MPP, SIWE, SIWS, or agentic gateway.
BankrBot
development
backend
1.1K
api-logging-guidelines
Best practices and guidelines for using logger in API routes. Defines appropriate logging levels, what to log, and when to avoid logging. Use when implementing or reviewing API route logging, debugging strategies, or optimizing log output.
inkeep
development
backend
1K
dmr-from-django-ninja
Migrate an existing Django API from django-ninja/ninja-extra to django-modern-rest while preserving routes, request/response contracts, auth, throttling, and test coverage. Use when replacing NinjaExtraAPI/api_controller/http_* handlers/ninja.Schema with dmr controllers/routers and typed DTOs.
wemake-services
development
backend
1K
dmr-from-drf
Migrate an existing Django API from Django REST Framework to django-modern-rest while preserving routes, request/response contracts, auth, permissions, throttling, pagination, and test coverage. Use when replacing APIView/ViewSet/GenericAPIView and DRF serializers/routers with dmr controllers/routers and typed DTOs.
wemake-services
development
backend
1K
dmr-openapi-skeleton
Generate django-modern-rest transport-layer skeletons from OpenAPI 3.1+ specs. Use when Codex needs to turn an OpenAPI file, URL, or pasted document into typed DTOs, controllers, routers, Django URL wiring, and minimal tests for this repository or similar projects built on dmr. Trigger on requests to scaffold APIs, bootstrap apps, or map OpenAPI operations to Controller, Router, and OpenAPI view constructs without implementing business logic.
wemake-services
development
backend
1K
flutter-handling-http-and-json
Executes HTTP requests and handles JSON serialization in a Flutter app. Use when integrating with REST APIs or parsing structured data from external sources.
flutter
development
backend
1K
mcp-builder
Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).
platonai
development
backend
1K
spring-boot
Spring Boot 3.x development - REST APIs, JPA, Security, Testing, and Cloud-native patterns. Use for building enterprise Java applications with Spring Boot.
piomin
development