اپنے ایجنٹ کے لیے موزوں صلاحیت تلاش کریں۔
Use when running claudikins-kernel:execute, decomposing plans into tasks, setting up two-stage review, deciding batch sizes, or handling stuck agents — enforces isolation, verification, and human checkpoints; prevents runaway parallelization and context death
Review secret detection patterns and scanning workflows. Use for identifying high-signal secrets like AWS keys, GitHub tokens, and DB passwords. Use proactively during all security audits to scan code and history. Examples: - user: "Scan for secrets in this repo" → run high-signal rg patterns and gitleaks - user: "Check for AWS keys" → scan for AKIA patterns and server-side exposure - user: "Audit my .env files" → ensure secrets are gitignored and not committed - user: "Verify secret redaction" → check that reported secrets follow 4+4 format - user: "Scan build artifacts for keys" → search dist/ and build/ for secret patterns
Find, install, and configure MCP servers. Use proactively for MCP discovery, OAuth setup, env vars, stdio vs SSE transport, or troubleshooting MCP connections. Examples: - user: "Add the filesystem MCP server" → read server file, add to mcpServers in opencode.json, verify transport type - user: "How do I use MCP with GitHub?" → check catalog, install @modelcontextprotocol/server-github, configure OAuth token - user: "MCP not connecting" → check transport type (stdio/SSE), verify args/command, check env vars are passed - user: "What MCPs are available?" → run list_mcps.py, show catalog with auth types and install commands
Auditing software supply chain security across CI/CD pipelines, container images, and language ecosystems. Detects mutable dependency references, insecure CI patterns, credential exposure risks, and missing SBOM/SLSA controls. Use when performing a supply chain audit, checking action pinning, auditing dependencies, scanning for CI security issues, reviewing container security, or assessing dependency security. Covers GitHub Actions, containers, Python, Node, Go, Rust, .NET, and more.
Auditing software supply chain security across CI/CD pipelines, container images, and language ecosystems. Detects mutable dependency references, insecure CI patterns, credential exposure risks, and missing SBOM/SLSA controls. Use when performing a supply chain audit, checking action pinning, auditing dependencies, scanning for CI security issues, reviewing container security, or assessing dependency security. Covers GitHub Actions, containers, Python, Node, Go, Rust, .NET, and more.
Full coordinated release of all opentraces packages — schema, CLI, and marketing site — in a single orchestrated flow. Use when the user says "release everything", "full release", "release pack", "release all", "cut a full release", "ship it all", "release-pack", or when doing a versioned release that should touch all three packages at once. This is the right skill any time you want to go from current code to a published, verified release across PyPI (schema + CLI), GitHub Releases, Homebrew, and Vercel in one pass. It handles version bumps, docs checks, ordered publishing, propagation waits, and post-release verification of both pipx and brew installs automatically.
Release a new version of the opentraces CLI to PyPI, Homebrew, and GitHub. Use when the user says "release", "new release", "bump version", "publish new version", "release opentraces", "cut a release", or "release-cli". This handles the CLI package only, not the schema package separately. For a full coordinated release of schema + CLI + site together, use /release-pack instead.
Control interactive terminal applications like vim, git rebase -i, git add -i, git add -p, apt, rclone config, sudo, w3m, and TUI apps. Can also supervise another CLI LLM (cursor-agent, codex, etc.) - approve or reject its actions by pressing y/n at confirmation prompts. Use when you need to interact with applications that require keyboard input, show prompts, menus, or have full-screen interfaces. Also use when commands fail or hang with errors like "Input is not a terminal" or "Output is not a terminal". Better than application specific hacks such as GIT_SEQUENCE_EDITOR or bypassing interactivity through file use.
Fetch all open GitHub issues and determine the most important one to work on next based on priority signals
Develop and modify the Digital Pāḷi Dictionary GUI using Flet framework for lexicographer tools
Format commit messages following conventional commits standard. Use when: writing commit messages, git commit, reviewing commit history. Keywords: commit, git, message, conventional, 提交, 訊息, feat, fix, refactor.
Stage meaningful diffs and create commits with WHY-focused messages. Use when agent needs to commit code changes.
Guide Git branching strategies, branch naming, and merge operations. Use when: creating branches, merging, pull requests, Git workflow questions. Keywords: branch, merge, PR, pull request, GitFlow, GitHub Flow, 分支, 合併, 工作流程.
Query the Digital Pāḷi Dictionary database to find words, roots, definitions, and related information
Guides the three-part Legitimate Interest Assessment (LIA) required under GDPR Article 6(1)(f): purpose test, necessity test, and balancing test. Activate when evaluating legitimate interest as a lawful basis, conducting LIA reviews, or documenting proportionality analysis. Keywords: LIA, legitimate interest, balancing test, necessity test, purpose test, Article 6(1)(f).
Guides determination of the correct lawful basis under GDPR Article 6(1)(a)-(f) for each processing activity. Includes decision tree logic for consent vs legitimate interest vs contract necessity. Activate when evaluating legal grounds for processing or reviewing lawful basis selections. Keywords: lawful basis, Article 6, consent, legitimate interest, legal obligation, contract.
Decision framework for choosing between consent and legitimate interest as the lawful basis for processing. Covers power imbalance indicators, conditionality prohibition under Article 7(4), granularity requirements, the three-part LIA test (purpose, necessity, balancing), and practical decision trees for common scenarios.
Guides compliance with India's Digital Personal Data Protection Act 2023. Covers consent manager registration, data fiduciary obligations under Sections 4-7, significant data fiduciary requirements under Section 10, data principal rights, and Board enforcement framework. Keywords: DPDP Act, India data protection, consent manager, data fiduciary, significant data fiduciary, data principal rights.
Implements email and internet monitoring compliance in the workplace per Barbulescu v Romania (ECHR Grand Chamber), EDPB guidance, and national labour law. Covers acceptable use policies, legitimate expectation of privacy, proportionality testing, and content vs metadata monitoring. Keywords: email monitoring, Barbulescu, workplace privacy, internet monitoring, acceptable use policy, ECHR, proportionality.
Assesses lawful basis for AI training data processing per EDPB April 2025 report on LLMs and general-purpose AI. Covers legitimate interest balancing tests, consent challenges for ML training, public dataset assessment, and web scraping lawfulness. Keywords: AI training data, lawful basis, EDPB LLM, legitimate interest, consent, web scraping.
