資料庫

Analyzes feedback logs to identify patterns and suggest improvements to review skills. Use when you have accumulated feedback data and want to improve review accuracy.

World-class security content writer for VibeShip Knowledge Base. Creates authoritative, SEO-optimized, LLM-extractable content about cybersecurity vulnerabilities in AI-generated code.Use this skill when:- Writing vulnerability articles (SQL injection, XSS, IDOR, etc.)- Creating AI tool security analysis (Cursor, Claude Code, Bolt patterns)- Writing stack security guides (Next.js + Supabase, Express, etc.)- Generating fix prompts for AI coding tools- Creating security checklists and glossary entries- Writing research content (Vulnerability Index, methodology)- Any security-related KB content for vibeship.co/kb/security/Expertise: SEO optimization, LLM citation optimization, OWASP vulnerabilities, CWE database, AI-generated code patterns, vibe coder audience, technical writing for non-security-experts.

Extracts specific fields from YAML files efficiently using yq instead of reading entire files, saving 80-95% context. Use this skill when querying YAML files, filtering/transforming configuration data, or getting specific field(s) from large YAML files like docker-compose.yml or GitHub Actions workflows

Extracts specific fields from JSON files efficiently using jq instead of reading entire files, saving 80-95% context. Use this skill when querying JSON files, filtering/transforming data, or getting specific field(s) from large JSON files

Language-agnostic database best practices covering migrations, schema design, ORM patterns, query optimization, and testing strategies. Activate when working with database files, migrations, schema changes, SQL, ORM code, database tests, or when user mentions migrations, schema design, SQL optimization, NoSQL, database patterns, or connection pooling.

Query Notion for recent document changes

Run Earthly E2E validation for YAML schema contracts. Use when validating YAML schema changes, testing schema contracts against live ClickHouse, or regenerating Python types, DDL, and docs from YAML. For SQL schema design and optimization, use clickhouse-architect skill instead.

SQL-powered forensic investigation and system interrogation using osquery to query operating systems as relational databases. Enables rapid evidence collection, threat hunting, and incident response across Linux, macOS, and Windows endpoints. Use when: (1) Investigating security incidents and collecting forensic artifacts, (2) Threat hunting across endpoints for suspicious activity, (3) Analyzing running processes, network connections, and persistence mechanisms, (4) Collecting system state during incident response, (5) Querying file hashes, user activity, and system configuration for compromise indicators, (6) Building detection queries for continuous monitoring with osqueryd.

Add a new database table with Drizzle ORM

AshPostgres data layer guidelines for PostgreSQL with Ash Framework. Use when configuring postgres blocks, foreign key references, check constraints, custom indexes, migrations, or multitenancy. The default choice for Ash data layers. Supports PostgreSQL 13+.

ClickHouse schema design authority (hub skill). Use when designing schemas, selecting compression codecs, tuning ORDER BY, optimizing queries, or reviewing table structure. **Delegates to**: clickhouse-cloud-management for user creation, clickhouse-pydantic-config for DBeaver config, schema-e2e-validation for YAML contracts. Triggers: "design ClickHouse schema", "compression codecs", "MergeTree optimization", "ORDER BY tuning", "partition key", "ClickHouse performance", "SharedMergeTree", "ReplicatedMergeTree", "migrate to ClickHouse".

Store and manage influencer data in Notion database

Python security vulnerability detection using Bandit SAST with CWE and OWASP mapping. Use when: (1) Scanning Python code for security vulnerabilities and anti-patterns, (2) Identifying hardcoded secrets, SQL injection, command injection, and insecure APIs, (3) Generating security reports with severity classifications for CI/CD pipelines, (4) Providing remediation guidance with security framework references, (5) Enforcing Python security best practices in development workflows.

Use when setting up CI/CD pipelines, experiencing deployment failures, slow feedback loops, or production incidents after deployment - provides deployment strategies, test gates, rollback mechanisms, and environment promotion patterns to prevent downtime and enable safe continuous delivery

Data fetching patterns for server/client components using fetch API, TanStack Query, useSuspenseQuery, apiRouteWrapper, and apiRequestWrapper. Use when implementing data loading, API calls, server functions, queries, mutations, API routes, or when the user mentions TanStack Query, useSuspenseQuery, apiRouteWrapper, apiRequestWrapper, tmdb-server-functions, or data fetching.

Generate SQL schemas with migrations and database table definitions

Multi-agent parallel performance profiling workflow for identifying bottlenecks in data pipelines. Use when investigating performance issues, optimizing ingestion pipelines, profiling database operations, or diagnosing throughput bottlenecks in multi-stage data systems.

Manages OpenAI Codex CLI configuration including config.toml settings, MCP servers, model profiles, sandbox modes, approval policies, and skill paths. Use when configuring Codex CLI, setting up model profiles, managing MCP server integrations, troubleshooting Codex configuration issues, or optimizing Codex for different workflows.

This skill generates interactive Causal Loop Diagram (CLD) MicroSims using the vis-network JavaScript library. Use this skill when users need to create causal loop diagrams for systems thinking education, showing feedback loops, reinforcing and balancing dynamics. The skill creates a complete MicroSim package with index.md, main.html, JavaScript, JSON data, and CSS files in the /docs/sims/ directory. This skill should be used when users request creating CLDs, causal diagrams, feedback loop visualizations, or systems thinking diagrams.

Dynamic application security testing (DAST) using OWASP ZAP (Zed Attack Proxy) with passive and active scanning, API testing, and OWASP Top 10 vulnerability detection. Use when: (1) Performing runtime security testing of web applications and APIs, (2) Detecting vulnerabilities like XSS, SQL injection, and authentication flaws in deployed applications, (3) Automating security scans in CI/CD pipelines with Docker containers, (4) Conducting authenticated testing with session management, (5) Generating security reports with OWASP and CWE mappings for compliance.