skill-name
[REQUIRED] Comprehensive description of what this skill does and when to use it. Include: (1) Primary functionality, (2) Specific use cases, (3) Security operations context. Must include specific "Use when:" clause for skill discovery. Example: "SAST vulnerability analysis and remediation guidance using Semgrep and industry security standards. Use when: (1) Analyzing static code for security vulnerabilities, (2) Prioritizing security findings by severity, (3) Providing secure coding remediation, (4) Integrating security checks into CI/CD pipelines." Maximum 1024 characters.
Best use case
skill-name is best used when you need a repeatable AI agent workflow instead of a one-off prompt. It is especially useful for teams working in multi. [REQUIRED] Comprehensive description of what this skill does and when to use it. Include: (1) Primary functionality, (2) Specific use cases, (3) Security operations context. Must include specific "Use when:" clause for skill discovery. Example: "SAST vulnerability analysis and remediation guidance using Semgrep and industry security standards. Use when: (1) Analyzing static code for security vulnerabilities, (2) Prioritizing security findings by severity, (3) Providing secure coding remediation, (4) Integrating security checks into CI/CD pipelines." Maximum 1024 characters.
[REQUIRED] Comprehensive description of what this skill does and when to use it. Include: (1) Primary functionality, (2) Specific use cases, (3) Security operations context. Must include specific "Use when:" clause for skill discovery. Example: "SAST vulnerability analysis and remediation guidance using Semgrep and industry security standards. Use when: (1) Analyzing static code for security vulnerabilities, (2) Prioritizing security findings by severity, (3) Providing secure coding remediation, (4) Integrating security checks into CI/CD pipelines." Maximum 1024 characters.
Users should expect a more consistent workflow output, faster repeated execution, and less time spent rewriting prompts from scratch.
Practical example
Example input
Use the "skill-name" skill to help with this workflow task. Context: [REQUIRED] Comprehensive description of what this skill does and when to use it. Include: (1) Primary functionality, (2) Specific use cases, (3) Security operations context. Must include specific "Use when:" clause for skill discovery. Example: "SAST vulnerability analysis and remediation guidance using Semgrep and industry security standards. Use when: (1) Analyzing static code for security vulnerabilities, (2) Prioritizing security findings by severity, (3) Providing secure coding remediation, (4) Integrating security checks into CI/CD pipelines." Maximum 1024 characters.
Example output
A structured workflow result with clearer steps, more consistent formatting, and an output that is easier to reuse in the next run.
When to use this skill
- Use this skill when you want a reusable workflow rather than writing the same prompt again and again.
When not to use this skill
- Do not use this when you only need a one-off answer and do not need a reusable workflow.
- Do not use it if you cannot install or maintain the related files, repository context, or supporting tools.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/skill-name/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How skill-name Compares
| Feature / Agent | skill-name | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
[REQUIRED] Comprehensive description of what this skill does and when to use it. Include: (1) Primary functionality, (2) Specific use cases, (3) Security operations context. Must include specific "Use when:" clause for skill discovery. Example: "SAST vulnerability analysis and remediation guidance using Semgrep and industry security standards. Use when: (1) Analyzing static code for security vulnerabilities, (2) Prioritizing security findings by severity, (3) Providing secure coding remediation, (4) Integrating security checks into CI/CD pipelines." Maximum 1024 characters.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
AI Agent for Product Research
Browse AI agent skills for product research, competitive analysis, customer discovery, and structured product decision support.
SKILL.md Source
<!-- PROGRESSIVE DISCLOSURE GUIDELINES: - Keep this SKILL.md file under 500 lines - Only include core workflows and common patterns here - Move detailed content to references/ directory - Link clearly to when references should be consulted - See: references/WORKFLOW_CHECKLIST.md for workflow pattern examples - Challenge every sentence: "Does Claude really need this?" --> # Skill Name ## Overview Brief overview of what this skill provides and its security operations context. ## Quick Start Provide the minimal example to get started immediately: ```bash # Example command or workflow tool-name --option value ``` ## Core Workflow ### Sequential Workflow For straightforward step-by-step operations: 1. First action with specific command or operation 2. Second action with expected output or validation 3. Third action with decision points if needed ### Workflow Checklist (for complex operations) For complex multi-step operations, use a checkable workflow: Progress: [ ] 1. Initial setup and configuration [ ] 2. Run primary security scan or analysis [ ] 3. Review findings and classify by severity [ ] 4. Apply remediation patterns [ ] 5. Validate fixes with re-scan [ ] 6. Document findings and generate report Work through each step systematically. Check off completed items. **For more workflow patterns**, see [references/WORKFLOW_CHECKLIST.md](references/WORKFLOW_CHECKLIST.md) ### Feedback Loop Pattern (for validation) When validation and iteration are needed: 1. Generate initial output (configuration, code, etc.) 2. Run validation: `./scripts/validator_example.py output.yaml` 3. Review validation errors and warnings 4. Fix identified issues 5. Repeat steps 2-4 until validation passes 6. Apply the validated output **Note**: Move detailed validation criteria to `references/` if complex. ## Security Considerations - **Sensitive Data Handling**: Guidance on handling secrets, credentials, PII - **Access Control**: Required permissions and authorization contexts - **Audit Logging**: What should be logged for security auditing - **Compliance**: Relevant compliance requirements (SOC2, GDPR, etc.) ## Bundled Resources ### Scripts (`scripts/`) Executable scripts for deterministic operations. Use scripts for low-freedom operations requiring consistency. - `example_script.py` - Python script template with argparse, error handling, and JSON output - `example_script.sh` - Bash script template with argument parsing and colored output - `validator_example.py` - Validation script demonstrating feedback loop pattern **When to use scripts**: - Deterministic operations that must be consistent - Complex parsing or data transformation - Validation and quality checks ### References (`references/`) On-demand documentation loaded when needed. Keep SKILL.md concise by moving detailed content here. - `EXAMPLE.md` - Template for reference documentation with security standards sections - `WORKFLOW_CHECKLIST.md` - Multiple workflow pattern examples (sequential, conditional, iterative, feedback loop) **When to use references**: - Detailed framework mappings (OWASP, CWE, MITRE ATT&CK) - Advanced configuration options - Language-specific patterns - Content exceeding 100 lines ### Assets (`assets/`) Templates and configuration files used in output (not loaded into context). These are referenced but not read until needed. - `ci-config-template.yml` - Security-enhanced CI/CD pipeline with SAST, dependency scanning, secrets detection - `rule-template.yaml` - Security rule template with OWASP/CWE mappings and remediation guidance **When to use assets**: - Configuration templates - Policy templates - Boilerplate secure code - CI/CD pipeline examples ## Common Patterns ### Pattern 1: [Pattern Name] Description and example of common usage pattern. ### Pattern 2: [Pattern Name] Additional patterns as needed. ## Integration Points - **CI/CD**: How this integrates with build pipelines - **Security Tools**: Compatible security scanning/monitoring tools - **SDLC**: Where this fits in the secure development lifecycle ## Troubleshooting ### Issue: [Common Problem] **Solution**: Steps to resolve. ## References - [Tool Documentation](https://example.com) - [Security Framework](https://owasp.org) - [Compliance Standard](https://example.com)
Related Skills
file-name-wizard
Audit all filename and naming conventions in the codebase against CLAUDE.md standards and common patterns. Use when user asks to check naming conventions, audit filenames, find naming inconsistencies, or validate file naming patterns.
domain-name-brainstormer
Generates creative domain name ideas for your project and checks availability across multiple TLDs (.com, .io, .dev, .ai, etc.). Saves hours of brainstorming and manual checking.
azure-quotas
Check/manage Azure quotas and usage across providers. For deployment planning, capacity validation, region selection. WHEN: "check quotas", "service limits", "current usage", "request quota increase", "quota exceeded", "validate capacity", "regional availability", "provisioning limits", "vCPU limit", "how many vCPUs available in my subscription".
raindrop-io
Manage Raindrop.io bookmarks with AI assistance. Save and organize bookmarks, search your collection, manage reading lists, and organize research materials. Use when working with bookmarks, web research, reading lists, or when user mentions Raindrop.io.
zlibrary-to-notebooklm
自动从 Z-Library 下载书籍并上传到 Google NotebookLM。支持 PDF/EPUB 格式,自动转换,一键创建知识库。
discover-skills
当你发现当前可用的技能都不够合适(或用户明确要求你寻找技能)时使用。本技能会基于任务目标和约束,给出一份精简的候选技能清单,帮助你选出最适配当前任务的技能。
web-performance-seo
Fix PageSpeed Insights/Lighthouse accessibility "!" errors caused by contrast audit failures (CSS filters, OKLCH/OKLAB, low opacity, gradient text, image backgrounds). Use for accessibility-driven SEO/performance debugging and remediation.
project-to-obsidian
将代码项目转换为 Obsidian 知识库。当用户提到 obsidian、项目文档、知识库、分析项目、转换项目 时激活。 【激活后必须执行】: 1. 先完整阅读本 SKILL.md 文件 2. 理解 AI 写入规则(默认到 00_Inbox/AI/、追加式、统一 Schema) 3. 执行 STEP 0: 使用 AskUserQuestion 询问用户确认 4. 用户确认后才开始 STEP 1 项目扫描 5. 严格按 STEP 0 → 1 → 2 → 3 → 4 顺序执行 【禁止行为】: - 禁止不读 SKILL.md 就开始分析项目 - 禁止跳过 STEP 0 用户确认 - 禁止直接在 30_Resources 创建(先到 00_Inbox/AI/) - 禁止自作主张决定输出位置
obsidian-helper
Obsidian 智能笔记助手。当用户提到 obsidian、日记、笔记、知识库、capture、review 时激活。 【激活后必须执行】: 1. 先完整阅读本 SKILL.md 文件 2. 理解 AI 写入三条硬规矩(00_Inbox/AI/、追加式、白名单字段) 3. 按 STEP 0 → STEP 1 → ... 顺序执行 4. 不要跳过任何步骤,不要自作主张 【禁止行为】: - 禁止不读 SKILL.md 就开始工作 - 禁止跳过用户确认步骤 - 禁止在非 00_Inbox/AI/ 位置创建新笔记(除非用户明确指定)
internationalizing-websites
Adds multi-language support to Next.js websites with proper SEO configuration including hreflang tags, localized sitemaps, and language-specific content. Use when adding new languages, setting up i18n, optimizing for international SEO, or when user mentions localization, translation, multi-language, or specific languages like Japanese, Korean, Chinese.
google-official-seo-guide
Official Google SEO guide covering search optimization, best practices, Search Console, crawling, indexing, and improving website search visibility based on official Google documentation
github-release-assistant
Generate bilingual GitHub release documentation (README.md + README.zh.md) from repo metadata and user input, and guide release prep with git add/commit/push. Use when the user asks to write or polish README files, create bilingual docs, prepare a GitHub release, or mentions release assistant/README generation.