CMS & Platforms

Manage master Cursor tab completion and AI code suggestions. Triggers on "cursor completion", "cursor tab", "cursor suggestions", "cursor autocomplete", "cursor ghost text". Use when working with cursor tab completion functionality. Trigger with phrases like "cursor tab completion", "cursor completion", "cursor".

Create webhook endpoints with signature verification, retry logic, and payload validation. Use when receiving and processing webhook events. Trigger with phrases like "create webhook", "handle webhook events", or "setup webhook handler".

Create webhook endpoints with signature verification, retry logic, and payload validation.Use when receiving and processing webhook events.Trigger with phrases like "create webhook", "handle webhook events", or "setup webhook handler".

PHP coding standards and WordPress patterns for ActivityPub plugin. Use when writing PHP code, creating classes, implementing WordPress hooks, or structuring plugin files.

Ensures WordPress.org compliance for freemium plugins (free vs premium features, license keys, trial limits, upselling). Prevents trialware violations. Use when adding premium features, implementing upsells, checking license keys, creating teasers, reviewing code before WordPress.org submission, or when the user mentions "premium", "upsell", or "freemium".

Generate Docker Compose and Dockerfile configurations for local development through interactive Q&A. Supports PHP/Laravel, WordPress, Drupal, Joomla, Node.js, and Python stacks with Nginx, Supervisor/PM2, databases, Redis, and email testing. Always asks clarifying questions before generating configurations.

WordPress performance code review and optimization analysis. Use when reviewing WordPress PHP code for performance issues, auditing themes/plugins for scalability, optimizing WP_Query, analyzing caching strategies, checking code before launch, or detecting anti-patterns, or when user mentions "performance review", "optimization audit", "slow WordPress", "slow queries", "high-traffic", "scale WordPress", "code review", "timeout", "500 error", "out of memory", or "site won't load". Detects anti-patterns in database queries, hooks, object caching, AJAX, and template loading.

当用户正在进行 CTF 比赛或练习，遇到 Web 类型题目时触发此 Skill。 适用场景包括： - 用户描述了 SQL 注入、XSS、SSRF、SSTI、XXE、文件包含、命令执行等 Web 安全问题 - 用户需要进行信息搜集、目录扫描、端口扫描等渗透前期工作 - 用户遇到 PHP 特性利用、反序列化、JWT 伪造等高级攻击场景 - 用户提及 "CTF"、"Web"、"渗透"、"注入"、"绕过"、"漏洞" 等关键词 - 用户需要分析 Java 代码审计、区块链安全、组件漏洞利用等问题 - 用户需要构造 payload、编写 exploit、分析 WAF 绕过策略

Use when implementing responsive images, format conversion, focal point cropping, or image processing pipelines. Covers srcset generation, WebP/AVIF conversion, lazy loading, and image transformation APIs for headless CMS.

Use when reviewing WordPress PHP code for performance issues, auditing themes/plugins for scalability, optimizing WP_Query, analyzing caching strategies, or detecting anti-patterns in database queries, hooks, object caching, AJAX, and template loading.

Use when implementing editorial workflows, approval chains, scheduled publishing, or role-based content permissions. Covers workflow states, transitions, notifications, and workflow APIs for headless CMS.

Use for WordPress Playground workflows: fast disposable WP instances in browser or locally via @wp-playground/cli, auto-mounting plugins/themes, switching WP/PHP versions, blueprints, and debugging with Xdebug.

Use before git commit, before PR creation, before declaring done - mandatory final sanity check after tests pass; catches SQL injection, security vulnerabilities, edge cases, and business logic errors that slip through despite passing tests; the last line of defense before code ships

WordPress security audit and vulnerability analysis. Use when reviewing WordPress code for security issues, auditing themes/plugins for vulnerabilities, checking authentication/authorization, analyzing input validation, or detecting security anti-patterns, or when user mentions "security review", "security audit", "vulnerability", "XSS", "SQL injection", "CSRF", "nonce", "sanitize", "escape", "validate", "authentication", "authorization", "permissions", "capabilities", "hacked", or "malware".

WordPress site migration and deployment using wp-migrate.sh. Use when migrating WordPress sites, syncing databases, managing backups, testing migrations, debugging migration issues, or working with WordPress deployment workflows including Duplicator, Jetpack Backup, and Solid Backups archives. Also use for code modifications, testing, git workflows, PR creation, and release management for this project.

云函数工程师,负责腾讯云 SCF 无服务器函数开发。遵循最小权限、幂等、重试+死信、可观测性工程基线。处理 COS 直传签名、回调处理、媒体转码、Webhook 转发、批处理任务。适用于收到 SCF 部门任务卡(如 CMS-S-001)或修复类任务卡时使用。

PHANTOM v6: Ultimate cognitive architecture for debugging, code review, generation, and self-analysis. Combines Abductive Fault Inversion, Spectral Execution Tracing (Ghost/Demon dual traces), Dialectical Assumption Collapse, Cognitive Immune System (CIS) with 16 antibodies, Intelligence Amplification Framework (IAF) with 7 enhancement methods, Cognitive Capability Activation (CCA), 7-Level Architecture (ARCH), and Mem0 as primary unlimited memory system. Features 58 capabilities, monitoring checkpoints, persona verification (Constructor/Destroyer/Defender/Judge), calibrated confidence, Responsive Generator Model (RGM), GRIMOIRE spell format, and cross-conversation persistence via Mem0. Activates for: debugging, code review, "why isn't this working", architecture design, high-stakes reasoning, ULTRATHINK sessions, or understanding code/cognitive behavior.

Review code for WordPress security vulnerabilities.

WordPress theme and plugin README auditor that verifies accuracy, removes exaggerated claims, and ensures maintainability. Use when reviewing or updating README files for WordPress projects (themes, child themes, plugins) to ensure all claims are verifiable against the actual codebase and that documentation remains accurate over time.

WordPress security best practices and vulnerability prevention patterns. Use when reviewing WordPress code for security issues, writing secure WordPress code, or checking for common vulnerabilities like SQL injection, XSS, CSRF, and authentication issues.