ipv6-first
IPv6 is THE first-class citizen. All code, tests, documentation, and configurations MUST be IPv6-first. IPv4 MAY be added only for legacy support as a second-class citizen.
firewall-check
Check for meaning firewall violations - kernel crates must never import domain crates
implementing-zero-trust-dns-with-nextdns
Implement NextDNS as a zero trust DNS filtering layer with encrypted resolution, threat intelligence blocking, privacy protection, and organizational policy enforcement across all endpoints.
performing-active-directory-bloodhound-analysis
Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised users to Domain Admin.
performing-active-directory-penetration-test
Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound, exploit Kerberos weaknesses, escalate privileges via ADCS/DCSync, and demonstrate domain compromise.
skr-address-resolution
Add .skr domain name resolution and display to Solana Mobile React Native apps. Use when the user requests to integrate .skr domain validation, resolve .skr domains to wallet addresses, display .skr names instead of addresses, add reverse lookup from addresses to domains, or implement .skr name features anywhere wallet addresses are shown (profiles, friend lists, transaction history, etc.)
conducting-domain-persistence-with-dcsync
Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting KRBTGT, Domain Admin, and service account hashes for Golden Ticket creation.
scope-check
Verifies whether a target (IP, domain, URL, or system) is within the authorized scope of the current engagement before testing begins. Always run this before touching a new target. Reads scope.md from the current engagement directory if it exists.
scan-domain-entities
[Documentation] Scan project and populate/sync docs/project-reference/domain-entities-reference.md with domain entities, data models, DTOs, aggregate boundaries, cross-service entity sync, and ER diagrams.
firewall-check
Check for meaning firewall violations - kernel crates must never import domain crates
sales-anymailfinder
Anymail Finder platform help — email finder and verification tool with 97%+ delivery guarantee. Finds emails by person name, company/domain, decision-maker role, or LinkedIn URL, with bulk search up to 100K rows and a GeoLead Finder. Use when looking up emails by name and company, finding decision-maker emails by role, verifying emails, running bulk email searches, finding emails from LinkedIn URLs, or working with the Anymail Finder API. Do NOT use for cross-platform enrichment strategy (use /sales-enrich), email deliverability strategy (use /sales-deliverability), or prospect list strategy (use /sales-prospect-list).
crafters-cli
Manage Crafter Station domains (Spaceship DNS + Vercel), agent infrastructure, and Claude Code configuration via the crafters CLI.
domain-registry
Reference library of domain definitions used by deep-* skills to select appropriate expert agents. Not invocable standalone — read via the Read tool by context, deep-audit, deep-verify, deep-review, deep-research, deep-explorer, and deep-council.
create-agent
Create and validate domain agents. USE WHEN create agent, new agent, agent structure, validate agent, check agent, domain agent. AgentSearch('create-agent') for docs.
create-domain
Create and validate PAL domains (project workspaces). USE WHEN create domain, new domain, domain structure, validate domain, map domain, sync domain, archive domain, project workspace, housekeeping. SkillSearch('create-domain') for docs.
add-domain
Add a new life domain to Claude OS. Creates the Desktop folder and LIFE-SPEC.md through a guided conversation. Use when user says "add a domain", "I want Claude to help with fitness", "track my finances", or wants to extend what Claude manages.
gmail-email-to-repo-extraction
Extract structured data from Gmail inbox emails, enrich with domain-specific classification, legal-scan against deny list, commit to appropriate repo, then optionally delete originals.
email-infrastructure
Email deliverability and DNS-based email authentication covering SPF, DKIM, DMARC, MX, PTR, and BIMI records, SMTP relay service configuration (SendGrid, SES, Postmark, Mailgun), self-hosted Postfix relay basics, and deliverability testing. USE WHEN: - Setting up or auditing email DNS records (SPF, DKIM, DMARC, MX, PTR) - Configuring a transactional email relay service (SendGrid, Amazon SES, Postmark) - Rolling out a DMARC policy from p=none to p=reject - Debugging emails landing in spam or being rejected - Generating DKIM key pairs for a custom domain - Setting up Postfix as a smart relay host - Checking email blacklists and Google Postmaster Tools DO NOT USE FOR: - Building a full mail server (Dovecot IMAP, Postfix + Dovecot stack — scope is relay/deliverability) - Marketing email platform setup (Mailchimp, Klaviyo campaign workflows) - Email template design or HTML email rendering - Inbound email parsing pipelines (use SendGrid Inbound Parse, Mailgun Routes, etc.)
dns
DNS concepts, record types, and management skill: Cloudflare, Route 53, DNSSEC, debugging with dig/nslookup, TTL strategy, and split-horizon DNS. USE WHEN: - Adding or modifying DNS records for a web application, mail system, or API - Configuring Cloudflare proxy (orange cloud) or DNS-only mode - Setting up Route 53 hosted zones, health checks, and routing policies - Debugging DNS propagation, CNAME loops, MX failures, or SPF/DKIM issues - Planning a migration with minimal downtime (TTL strategy) - Configuring DNSSEC, CAA records, or reverse DNS (PTR) - Setting up split-horizon DNS for internal vs external resolution DO NOT USE FOR: - SSL/TLS certificate issuance (use ssl-tls skill) - Nginx or application-level routing (use nginx or api-gateway skill) - Service mesh internal DNS (use kubernetes or service-mesh skill) - Email server configuration beyond DNS records (use a dedicated email skill)