Directory
Discover and filter AI agent skills. 27,776 active skills available.
Popular guides from the directory
Start with intent-focused guides, then come back to the full directory when you need broader coverage.
category guide
AI Agents for Marketing
Discover AI agents for marketing workflows, from SEO and content production to campaign research, outreach, and analytics.
category guide
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
category guide
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
best guide
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
best guide
Top AI Agents for Productivity
See the top AI agent skills for productivity, workflow automation, operational systems, documentation, and everyday task execution.
category guide
AI Agents for Freelancers
Browse AI agent skills for freelancers handling client research, proposals, outreach, delivery systems, documentation, and repeatable admin work.
Results
task-routing
**UNIVERSAL TRIGGER**: ROUTE/TAKE/IMPLEMENT any task FROM a URL or issue reference **URLs & References**: - "get task from github.com/.../issues/N", "fetch spec from docs.google.com/..." - "retrieve task from https://..." **Local File Paths**: - "реализуй /path/to/plan.md", "выполни ./docs/plans/fix.md" - "take /home/user/plan.md", "implement /abs/path/to/plan.md" **Action Triggers (EN)**: - "take this task", "implement this spec", "do issue #NNN" - "route task", "route this", "start issue #NNN" - "check this task", "analyze task" **Triggers (RU)**: - "возьми задачу", "сделай задачу", "реализуй по спеке" - "сделай issue #NNN", "возьми issue #NNN" **#NNN**: action-слово + "issue"/"задачу" обязательны. Голый #NNN -- НЕ триггер. **Should NOT activate** (handled by other skills): - "show/read/view issue #N" (github-issues) - "what does issue #N say" (github-issues) - "edit/close/mark done issue" (github-issues) - "review spec", "check spec", "analyze requirements" (spec-review) - bare GitHub issue URL without action verb (github-issues) TRIGGERS: route task, route this, возьми задачу, сделай задачу, take this task, implement this spec, implement this issue, get task from, check this task, analyze task, retrieve spec, fetch task, реализуй по спеке, сделай issue, do issue, start issue, github.com/issues, docs.google.com/document, /docs/plans, ./docs/plans, /tmp/plan, local file, локальный файл
spec-review
**UNIVERSAL TRIGGER**: Ревью спецификаций и ТЗ на гапы, нестыковки и противоречия. Используй когда: - "get/show/list/display spec issues", "retrieve spec analysis" - "check/analyze/fetch spec review", "review spec" - "проверь спецификацию/ТЗ", "ревью спеки", "проанализируй ТЗ" - "найди гапы в требованиях", "найди нестыковки/противоречия" - пользователь дал ссылку на Google Doc, GitHub issue или Docmost-документ со спецификацией - пользователь вставил текст спецификации и просит проверить **Уровни глубины**: - `--quick` / `-q` — только критические блокеры (быстро) - `--standard` / `-s` — критические + высокие (по умолчанию) - `--deep` / `-d` — все проблемы включая средние - `--exhaustive` / `-e` — полный аудит с рекомендациями - `--no-ask` — использовать standard без вопроса (для CI/CD) **Ключевые слова для уровней**: - "быстро проверь", "только блокеры" -> quick - "тщательно", "подробно", "глубоко" -> deep - "полный аудит", "исчерпывающий" -> exhaustive **Google Doc**: - "проверь спеку docs.google.com/document/d/XXX" - "ревью этого ТЗ [ссылка на Google Doc]" **Docmost**: - "проверь спеку https://docs.company.com/p/XXXXXXXX" - "ревью этого ТЗ в Docmost [ссылка]" **GitHub Issue** (ТОЛЬКО с ревью-контекстом!): - "проанализируй issue #123" (ревью-слово: "проанализируй") - "проверь спецификацию github.com/.../issues/456" (ревью-слово: "проверь") - голый "issue #123" без ревью-контекста -- НЕ триггер (github-issues или task-routing) **Текст в сообщении**: - "проверь это ТЗ: [текст спецификации]" - пользователь вставил большой текст и просит ревью **Локальный файл**: - "проверь спеку в docs/spec.md" - "сделай ревью файла requirements.txt" TRIGGERS: спецификация, ТЗ, spec, specification, requirements, проверь спеку, ревью спеки, review spec, analyze spec, найди гапы, найди противоречия, найди нестыковки, docs.google.com/document, github.com/issues, docmost, /p/, техническое задание, требования, acceptance criteria, проанализируй требования, check requirements, --quick, -q, --deep, -d, --exhaustive, -e, --no-ask, быстро проверь, тщательно проанализируй, полный аудит, только блокеры, глубокий анализ, исчерпывающий
pr-review-fix-loop
**UNIVERSAL TRIGGER**: Iterative PR review + autofix loop. Use when user wants to review, check, or fix PR changes automatically. Common patterns: - "review my PR", "check my PR", "review changes" - "fix review comments", "address review findings" - "run review loop", "autofix PR issues" - "проверь мой PR", "ревью PR", "проверь изменения" - "исправь замечания ревью", "пофикси замечания" - "запусти ревью", "автоисправление PR" **PR Review** (iterative review + fix cycle): - "review and fix my PR", "check PR and fix issues" - "iterate on PR review", "review loop" - "проверь и исправь PR", "итеративное ревью" **Code Review Fix** (address existing review comments): - "fix review comments", "address PR feedback" - "fix code review issues", "resolve review findings" - "исправь замечания", "пофикси комментарии ревью" **Codex Review** (standalone Codex CLI review): - "codex review", "run codex on my changes" - "codex ревью", "запусти codex" TRIGGERS: review PR, check PR, fix PR, review changes, review loop, autofix, pr review, code review fix, address review, fix comments, review findings, iterate review, codex review, run codex, проверь PR, ревью PR, исправь замечания, пофикси PR, проверь изменения, запусти ревью, автоисправление, codex ревью, замечания ревью, фикс PR
media-upload
**UNIVERSAL TRIGGER**: Use when user wants to UPLOAD/SAVE/ATTACH/SHARE images or media files to S3. **AUTO-TRIGGER**: Activate AUTOMATICALLY after taking screenshots with Playwright MCP. Common patterns: - "upload/save/attach/share [file] to s3" - "get/fetch public link for [image]" - "show/list/display recent uploads" - "сделай скриншот и сохрани" (screenshot + upload) - "открой сайт и сделай скриншот" (implies upload) **Screenshots** (AUTO-ACTIVATE after Playwright screenshot): - After `browser_take_screenshot` → automatically offer to upload - "upload screenshot", "save screenshot", "attach screenshot" - "загрузи скриншот", "приложи скриншот", "сохрани скриншот" - "сделай скриншот [сайта]" → take screenshot + upload to S3 ️ **Images**: - "upload/save/attach image/picture/photo" - "share png/jpg/gif", "get link for image" **Batch**: - "upload all png from ./folder/" - "загрузи все картинки" **History**: - "show/list recent uploads" - "покажи загрузки" TRIGGERS: upload, save, attach, share, get link, show uploads, list uploads, screenshot, image, picture, photo, png, jpg, gif, webp, svg, pdf, s3, bucket, cdn, minio, public link, скриншот, картинка, загрузи, сохрани, сделай скриншот, take screenshot, browser_take_screenshot, playwright screenshot
long-running-harness
**UNIVERSAL TRIGGER**: Use when user wants to START/CONTINUE/MANAGE a long-running development project across multiple sessions. Common patterns: - "start/init/begin new project [description]" - "continue/resume working on [project]" - "начать/инициализировать проект", "продолжить работу над проектом" - "set up harness for [project]", "create project scaffolding" Session types supported: **Initialize (first run)**: - "init long-running project", "start new multi-session project" - "set up project harness", "create progress tracking" - "initialize [web-app/api/cli] project", "начать долгий проект" **Continue (subsequent sessions)**: - "continue project", "resume work", "продолжить работу" - "pick up where I left off", "what's next", "следующая фича" - "next feature", "continue implementation" **Status & Progress**: - "show project progress", "what features are done" - "project status", "статус проекта", "что сделано" - "remaining features", "what's left to do" **Management**: - "mark feature as done", "update progress" - "add new feature to list", "reprioritize features" Context patterns: - "get/show/list project progress" - "check project status" - "what features in project" - "display remaining features" - "fetch session history" - "retrieve progress log" TRIGGERS: long-running, multi-session, project harness, initialize project, continue project, resume work, progress tracking, feature list, session handoff, incremental development, cross-session, долгий проект, продолжить работу, прогресс проекта, следующая сессия, инициализация проекта, get project status, show features, list remaining, check progress, display status, fetch history, retrieve log, what features done, start harness, begin project, resume session, next feature, pick up work, update progress, mark done, end session Based on Anthropic's research on effective harnesses for long-running agents. Source: https://www.anthropic.com/engineering/effective-harnesses-for-long-running-agents
himalaya
**UNIVERSAL TRIGGER**: Use when user wants to READ/SEND email. Common patterns: - "check my email/inbox", "show unread" - "send email to [recipient]" - "проверить почту", "отправить письмо" **Reading**: - "check inbox", "show unread emails", "what's in my mail" - "read email from [sender]", "find emails about [topic]" - "show email folders", "list mail folders" - "проверить входящие", "непрочитанные", "что в почте", "покажи папки" **Sending**: - "send email to [address]", "compose email" - "reply to email", "forward email" - "отправить письмо", "ответить на письмо", "написать письмо" **Accounts**: - "list email accounts", "switch to work email" - "список почтовых аккаунтов", "использовать рабочую почту" ❌ **Should NOT activate**: - "what is SMTP protocol" (general question) - "email regex validation" (programming) - "install himalaya" (setup) TRIGGERS: email, mail, inbox, send, check, read, show, list, get, compose, reply, forward, unread, fetch, view, display, folder, folders, отправить, проверить, прочитать, показать, получить, письмо, почта, папка, папки
worktree-init-script
**UNIVERSAL TRIGGER**: Use when creating git worktrees in projects with init.sh - extends using-git-worktrees to run project-specific initialization script after worktree setup. **Activation**: Automatic when `using-git-worktrees` is invoked and `init.sh` exists in project root. **Setup**: "run init.sh", "initialize worktree", "project setup script" **Create**: "create worktree", "set up workspace", "new worktree" **Check**: "check init.sh", "verify project setup" TRIGGERS: init.sh, worktree init, worktree setup, project setup script, run init, initialize worktree, worktree initialization, create worktree init, setup worktree project, инициализация worktree, запустить init.sh, скрипт инициализации, настройка worktree, создать worktree с init
plan-to-issue
**UNIVERSAL TRIGGER**: SAVE/PUBLISH/EXPORT implementation plan TO GitHub issue for separate session execution. Common patterns: - "save/publish/export plan to issue" - "create issue from plan", "plan to github" - "сохрани план в issue", "создай issue из плана" **Save Plan**: - "save plan to issue", "publish plan to github" - "сохрани план в issue", "экспортируй план" **Create Issue from Plan**: - "create issue from plan", "plan as issue" - "создай issue из плана", "план в задачу" **Execute Later**: - "save for separate session", "execute plan later" - "сохрани для отдельной сессии", "выполнить потом" **Should NOT activate**: - General "create issue" without plan context - Reading existing issues - Working with issue checkboxes TRIGGERS: plan to issue, save plan, export plan, publish plan, plan as issue, issue from plan, plan to github, сохрани план, план в issue, экспорт плана, план в задачу, save for later, execute later, separate session, сохрани для сессии, выполнить потом, план в github
github-issues
**UNIVERSAL TRIGGER**: Use when user mentions GitHub issue URL or asks to read/work with GitHub issues. **Default handler**: Bare GitHub issue URL without action verb -> github-issues (read mode). If user sends just a URL like "https://github.com/org/repo/issues/42" with no action word, this skill handles it. **CRITICAL RULE**: ALWAYS use `gh` CLI for GitHub issues, NEVER use WebFetch! **Reading**: "read issue #N", "show issue", "прочитай задачу" ✅ **Checkboxes**: "mark done", "complete step", "отметь пункт" **Sub-issues**: "create sub-issue", "link as child", "подзадача" **Management**: "edit issue", "close issue", "add label" ️ **Images**: "download images from issue", "скачать картинки" TRIGGERS: github.com/issues, issue #, read issue, show issue, view issue, прочитай issue, покажи issue, задача ✅ checkbox, mark done, complete step, check off, отметь пункт, закрой этап sub-issue, subtask, child issue, parent issue, подзадача, создай подзадачу edit issue, close issue, reopen issue, issue labels, create issue, update task ️ download images, issue attachments, скачать картинки
doc-validate
**UNIVERSAL TRIGGER**: Validate/check/lint documentation quality. **Formatting**: "validate docs", "doc lint", "проверь документацию" **Links**: "broken links", "orphan docs", "битые ссылки" **Terms**: "check glossary", "терминология", "synonyms" **Viewpoints**: "check artifacts", "state diagrams", "threat model" ⚡ **Contradictions**: "find conflicts", "противоречия" ️ **Gaps**: "missing coverage", "пробелы", "completeness" **Review**: "full audit", "полный аудит", "/doc:review" TRIGGERS: doc lint, validate docs, проверь документацию, broken links, orphan, glossary, viewpoints, contradictions, gaps, coverage, /doc:lint, /doc:links, /doc:terms, /doc:viewpoints, /doc:contradictions, /doc:gaps, /doc:review
bugsnag
**UNIVERSAL TRIGGER**: Use when user wants to GET/FETCH/RETRIEVE any data FROM Bugsnag. Common patterns: - "get/show/list/display [something] from bugsnag" - "получить/показать/вывести [что-то] из bugsnag" - "bugsnag [organizations/projects/errors/details/events/comments/stats]" - "what [data] in bugsnag", "check bugsnag [resource]" Specific data types supported: **Organizations & Projects**: - "list bugsnag organizations/orgs", "show organizations" - "list bugsnag projects", "available projects", "проекты bugsnag" **Errors (viewing)**: - "show/list bugsnag errors", "что в bugsnag", "check bugsnag" - "open errors", "error list", "ошибки bugsnag", "открытые ошибки" - "errors with severity error/warning", "filter bugsnag errors" **Error Details**: - "bugsnag details for <id>", "error details", "детали ошибки" - "show stack trace", "error context", "what happened in error" - "events for error", "error timeline", "события ошибки" **Comments**: - "show comments for error", "error comments", "комментарии ошибки" - "bugsnag discussion", "what comments on error" **Analysis**: - "analyze bugsnag errors", "error patterns", "анализ ошибок" - "bugsnag statistics", "error trends", "что происходит в bugsnag" ✅ **Management** (write operations): - "mark as fixed/resolved", "fix error", "resolve error", "close error" - "закрыть ошибку", "отметить как решенную", "исправить ошибку" - "add comment to error", "comment on bugsnag error" - NOTE: Fix/Resolve/Close are synonyms - all mark error as resolved in Bugsnag TRIGGERS: bugsnag, получить из bugsnag, показать bugsnag, список bugsnag, bugsnag data, bugsnag info, check bugsnag, what in bugsnag, bugsnag status, error tracking, error monitoring, production errors, stack trace, bugsnag organizations, bugsnag projects, bugsnag errors, bugsnag details, bugsnag events, bugsnag comments, bugsnag analysis, ошибки в bugsnag, что в bugsnag, проверить bugsnag, данные bugsnag, fix error, resolve error, close error, закрыть ошибку, исправить ошибку, отметить как решенную This skill provides complete Bugsnag API integration for viewing and managing error tracking data via Ruby helper scripts.
triaging-vulnerabilities-with-ssvc-framework
使用 CISA 的利益相关方特定漏洞分类(SSVC)决策树框架对漏洞进行分类和优先排序,产出可操作的修复优先级:Track、Track*、Attend 或 Act。
triaging-security-incident
使用 NIST SP 800-61r3 和 SANS PICERL 框架对安全事件进行初始分类,确定严重性、范围和所需响应行动。 按类型对事件分类,根据业务影响分配优先级,并路由到相应的响应团队。适用于事件分类、 安全告警分类、严重性评估、事件优先级排序或初始事件分析等请求场景。
triaging-security-incident-with-ir-playbook
使用结构化 IR Playbook 对安全事件进行分类和优先排序,确定严重性、分配响应团队并启动适当的响应程序。
triaging-security-alerts-in-splunk
在 Splunk Enterprise Security 中对安全告警进行分类,通过 SPL 查询和事件审查(Incident Review) 仪表板对重要事件进行严重性分类、调查、关联相关遥测并做出升级或关闭决策。 适用于 SOC 分析师需要处理关联搜索产生的告警队列、确定调查优先级, 或需要为交接给二/三级分析师记录分类决策时。
tracking-threat-actor-infrastructure
威胁行为者基础设施追踪涉及使用被动 DNS、证书透明度日志、Shodan/Censys 扫描、WHOIS 分析和网络指纹技术,对对手控制的 C2 服务器、钓鱼域名和暂存服务器等资产进行监控、映射和持续追踪
testing-websocket-api-security
测试 WebSocket API 实现中的安全漏洞,包括 WebSocket 升级时缺少身份认证、跨站 WebSocket 劫持(Cross-Site WebSocket Hijacking,CSWSH)、通过 WebSocket 消息进行的注入攻击、输入校验不足、通过消息泛洪实施拒绝服务,以及通过 WebSocket 帧造成的信息泄露。测试人员使用 Burp Suite 拦截 WebSocket 握手和消息,构造恶意 payload,并测试 WebSocket 通道上的授权绕过。适用于 WebSocket 安全测试、WS 渗透测试、CSWSH 攻击或实时 API 安全评估相关请求。
testing-oauth2-implementation-flaws
测试 OAuth 2.0 和 OpenID Connect 实现中的安全缺陷,包括授权码拦截、重定向 URI 操控、OAuth 流程中的 CSRF、令牌泄露、权限范围(scope)提升以及 PKCE 绕过。测试人员对授权服务器、客户端应用及令牌处理进行评估,发现可导致账户接管或未授权访问的常见错误配置。适用于 OAuth 安全测试、OIDC 漏洞评估、OAuth2 重定向绕过或授权码流程测试相关请求。
testing-mobile-api-authentication
测试移动应用 API 的认证与授权机制,识别认证失效、不安全的令牌管理、会话固定、 权限提升和 IDOR 漏洞。适用于对移动应用后端进行 API 安全评估、测试 JWT 实现、 评估 OAuth 流程或评估会话管理的场景。适合涉及移动 API 认证测试、令牌安全评估、 OAuth 移动端流程测试或 API 授权绕过的相关请求。
testing-jwt-token-security
在安全测试活动中,评估 JSON Web Token(JWT)实现中的密码学弱点、算法混淆攻击和授权绕过漏洞。
testing-for-xxe-injection-vulnerabilities
在授权的渗透测试中发现和利用 XML 外部实体(XXE)注入漏洞,以读取服务器文件、执行 SSRF 并外泄数据。
testing-for-xss-vulnerabilities
通过向反射型、存储型和 DOM 型上下文注入 JavaScript 载荷,测试 Web 应用程序的跨站脚本(XSS)漏洞, 演示客户端代码执行、会话劫持和用户冒充。测试人员识别所有注入点和输出上下文,构造适合上下文的载荷, 并绕过净化和 CSP 保护。适用于 XSS 测试、跨站脚本评估、客户端注入测试或 JavaScript 注入漏洞测试等请求场景。
testing-for-xss-vulnerabilities-with-burpsuite
在授权的安全评估过程中,使用 Burp Suite 的扫描器、Intruder 和 Repeater 工具识别和验证跨站脚本(XSS)漏洞。适用于 Web 应用渗透测试中检测反射型、存储型和 DOM 型 XSS,验证自动化扫描器报告的 XSS 发现,以及评估 CSP 和 XSS 过滤器的有效性时使用。
testing-for-xml-injection-vulnerabilities
测试 Web 应用程序中的 XML 注入漏洞,包括 XXE(XML 外部实体注入)、XPath 注入和 XML 实体攻击,以识别数据泄露和服务器端请求伪造(SSRF)风险。