> browse/registry

> offensive-basic-exploitation

offensive-basic-exploitation skill from SnailSploit/Claude-Red

> offensive-exploit-dev-course

offensive-exploit-dev-course skill from SnailSploit/Claude-Red

> offensive-exploit-development

offensive-exploit-development skill from SnailSploit/Claude-Red

> offensive-ai-security

offensive-ai-security skill from SnailSploit/Claude-Red

> offensive-xss

offensive-xss skill from SnailSploit/Claude-Red

> wp-plugin-development

WordPress plugin development — architecture, hooks, Settings API, security, data, and lifecycle. Always-active rules when working on plugins or mu-plugins.

> ros2-engineering-skills

Comprehensive ROS 2 engineering guide covering workspace setup, node architecture, communication patterns (topics/services/actions with QoS), lifecycle and component nodes, launch composition, tf2/URDF, ros2_control hardware interfaces, real-time constraints, Nav2, MoveIt 2, perception pipelines, simulation (Gazebo/Isaac Sim), security (SROS2/DDS), micro-ROS (MCU/RTOS), multi-robot systems (fleet management/Open-RMF), testing, debugging, deployment, and ROS 1 migration. Trigger whenever the user

> laravel-dependencies-trim-packages

Remove unneeded Composer packages and assets to improve boot time, memory, and security surface

> code-reviewer

Expert code review specialist. Proactively reviews code for quality, security, and maintainability. Use immediately after writing or modifying code. MUST BE USED for all code changes.

> security-review

Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.

> alicloud-cr

Manage Alibaba Cloud Container Registry (ACR) Enterprise Edition using the @alicloud/cr20181201 TypeScript SDK. Use when working with container image registries on Alibaba Cloud, including instance management, namespaces, image repositories, image tags, build rules, image synchronization, security scanning, delivery chains, Helm charts, artifact lifecycle, and event notifications. Covers all 115 APIs of the CR 20181201 version.

> alicloud-rds

Manage Alibaba Cloud RDS using the @alicloud/rds20140815 TypeScript SDK. Use when working with relational database instances (MySQL, PostgreSQL, SQL Server, MariaDB), accounts, databases, backups, security, monitoring, parameters, read-only instances, database proxy, migration, cross-region DR, PostgreSQL extensions, RDS Custom instances, and resource tagging. Covers all 398 APIs of the RDS 20140815 version.

> alicloud-redis

Manage Alibaba Cloud Redis (Tair / R-KVStore) using the @alicloud/r-kvstore20150101 TypeScript SDK. Use when working with Redis or Tair instances, accounts, backups, security (whitelist/SSL/TDE/audit), parameters, monitoring, cluster scaling, direct connection, Tair Custom instances, and resource tagging. Covers all 157 APIs of the R-KVStore 20150101 version.

> alicloud-ecs

Manage Alibaba Cloud Elastic Compute Service (ECS) using the @alicloud/ecs20140526 TypeScript SDK. Use when working with cloud servers on Alibaba Cloud, including instance lifecycle (create, start, stop, reboot, delete), disks and snapshots, images, security groups, VPC networking, EIP, ENI, SSH key pairs, dedicated hosts, auto provisioning, launch templates, Cloud Assistant commands, tags, system events, diagnostics, storage capacity units, and prefix lists. Covers all 374 APIs of the ECS 20140

> fabric

Intelligent pattern selection for Fabric CLI. Automatically selects the right pattern from 242+ specialized prompts based on your intent - threat modeling, analysis, summarization, content creation, extraction, and more. USE WHEN processing content, analyzing data, creating summaries, threat modeling, or transforming text.

> terraform-skill

Use when working with Terraform or OpenTofu - creating modules, writing tests (native test framework, Terratest), setting up CI/CD pipelines, reviewing configurations, choosing between testing approaches, debugging state issues, implementing security scanning (trivy, checkov), or making infrastructure-as-code architecture decisions

> python-code-review

Comprehensive Python code review focused on bugs, correctness, security, maintainability, and actionable fixes. Use when a user asks for a review of Python files, wants severity-rated findings, wants before/after fix suggestions, or wants verification that implementation matches an active plan document (if one exists). Start by applying read-repo-rules to AGENTS.md, docs/REPO_STYLE.md, docs/PYTHON_STYLE.md, and docs/CHANGELOG.md so review guidance follows repository rules.

> solidity-audit

Security audit and code review checklist. Covers 30+ vulnerability types with real-world exploit cases (2021-2026) and EVMbench Code4rena patterns. Use when conducting security audits, code reviews, or pre-deployment security assessments.

> defi-security

[AUTO-INVOKE] MUST be invoked BEFORE deploying DeFi contracts (DEX, lending, staking, LP, token). Covers anti-whale, anti-MEV, flash loan protection, launch checklists, and emergency response. Trigger: any deployment or security review of DeFi-related contracts.

> solidity-security

[AUTO-INVOKE] MUST be invoked BEFORE writing or modifying any Solidity contract (.sol files). Covers private key handling, access control, reentrancy prevention, gas safety, and pre-audit checklists. Trigger: any task involving creating, editing, or reviewing .sol source files.