Frontend

Guidance for extracting secrets from protected or obfuscated binaries through systematic static and dynamic analysis. This skill should be used when tasks involve reverse engineering executables, extracting hidden flags or keys, analyzing binary protections, or decoding obfuscated data within compiled programs.

Create distinctive, production-grade frontend interfaces with high design quality. Use when building web components, pages, or applications. Includes framework-specific guidance for Tailwind, React, Vue, and Rails/Hotwire ecosystems.

Guidance for building and installing Cython extension packages, particularly when resolving compatibility issues with modern Python and NumPy versions. This skill applies when installing legacy Cython packages, fixing NumPy 2.0 deprecation errors, resolving Python 3.x compatibility issues in extension modules, or troubleshooting Cython compilation failures. Use this skill for tasks involving setup.py with Cython extensions, deprecated NumPy type errors, or installing packages to system Python environments.

Guidance for sanitizing git repositories by identifying and removing sensitive credentials, API keys, tokens, and other secrets. This skill should be used when tasks involve cleaning repositories of secrets, preparing code for public release, auditing for credential exposure, or removing sensitive data from version control history.

Test klaude-code interactively using tmux with synchronous task completion. Use when testing UI features, verifying changes, or debugging interactive behavior. Eliminates polling/sleep by using KLAUDE_TEST_SIGNAL for precise synchronization.

Provides systematic approaches for solving multi-person scheduling problems with complex constraints. This skill should be used when finding meeting times, scheduling events, or solving optimization problems involving multiple calendars, availability windows, time-based constraints, preferences, and buffer requirements.

Guidance for setting up Git-based web deployment systems where pushing to a Git repository automatically deploys content to a web server. This skill should be used when tasks involve configuring bare Git repositories with post-receive hooks for automated web deployment, setting up lightweight web servers to serve deployed content, or creating Git-push-to-deploy workflows. Covers service persistence, permission management, and verification strategies.

This skill guides writing Ansible playbooks for server configuration. Use when hardening servers, installing packages, or automating post-provisioning tasks that cloud-init cannot handle.

Native HTML dialog patterns for Rails with Turbo and Stimulus. Use when building modals, confirmations, alerts, or any overlay UI. Triggers on modal, dialog, popup, confirmation, alert, or toast patterns.

Research and compile effective organic traffic and customer acquisition methods for new websites with zero ad spend. Includes traffic sources, community strategies, cold outreach scripts, and 30-day action plans with success stories.

This skill guides writing comprehensive RSpec tests for Ruby and Rails applications. Use when creating spec files, writing test cases, or testing new features. Covers RSpec syntax, describe/context organization, subject/let patterns, fixtures, mocking with allow/expect, and shoulda matchers.

Guidance for implementing path tracers and ray tracers to reconstruct or generate images. This skill applies when tasks involve writing C/C++ ray tracing code, reconstructing images from reference images, or building rendering systems with spheres, shadows, and procedural textures. Use for image reconstruction tasks requiring similarity matching.

Guidance for building POV-Ray (Persistence of Vision Raytracer) from source, particularly legacy versions like 2.2. This skill should be used when tasked with downloading, compiling, and installing POV-Ray from source archives. It covers handling legacy C code, compressed archive formats, build system navigation, and verification strategies for successful compilation.

Guidance for bypassing HTML/JavaScript sanitization filters in security testing contexts. This skill should be used when tasked with finding XSS filter bypasses, testing HTML sanitizers, or exploiting parser differentials between server-side filters and browsers. Applies to CTF challenges, authorized penetration testing, and security research involving HTML injection and JavaScript execution through sanitization bypasses.

Create or update Next.js server actions for blog and analytics functionality. Use when adding form handlers, data mutations, or server-side logic in the web app.

Guidance for setting up Git repositories with automatic web deployment via post-receive hooks. This skill applies when configuring bare Git repositories, setting up web servers to serve pushed content, creating Git hooks for deployment automation, or implementing push-to-deploy workflows.

Business Logic Focus audit worker (L3). Detects tests that validate framework/library behavior (Prisma, Express, bcrypt, JWT, axios, React hooks) instead of OUR code. Returns findings with REMOVE decisions.

Guidance for extracting structured data from log files using regular expressions. This skill applies when parsing logs to extract dates, IP addresses, timestamps, or other structured patterns, especially when multiple conditions must be combined (e.g., "find the last date on lines containing an IP"). Use this skill for complex regex construction involving lookaheads, anchors, and pattern composition.

Use when implementing features or fixing bugs - enforces RED-GREEN-REFACTOR cycle requiring tests to fail before writing code

Guidance for implementing minimal GPT-2 inference in constrained environments (code golf challenges). This skill should be used when implementing neural network inference from scratch, parsing binary checkpoint formats, implementing BPE tokenization, or working on code golf challenges involving ML models. Covers verification strategies and common pitfalls for checkpoint parsing and model inference.