AI Security Tools

Thorough code review — checks correctness, security, performance, readability, and test coverage. Gives actionable feedback ranked by severity.

Zero to power user in one invoke — detects OS, installs Homebrew/apt/Node.js/Python, sets up Claude Code, authenticates skills-hub CLI, connects MCP servers, and installs recommended skills based on your project. Cross-platform (macOS, Linux, WSL). Idempotent. Use when: 'quickstart', 'setup machine', 'new machine setup', 'install everything', 'get started', 'onboard me', 'setup skills-hub', 'fresh install'.

UI design system toolkit for Senior UI Designer including design token generation, component documentation, responsive design calculations, and developer handoff tools. Use for creating design systems, maintaining visual consistency, and facilitating design-dev collaboration.

Product marketing skill for positioning, GTM strategy, competitive intelligence, and product launches. Use when the user asks about product positioning, go-to-market planning, competitive analysis, target audience definition, ICP definition, market research, launch plans, or sales enablement. Covers April Dunford positioning, ICP definition, competitive battlecards, launch playbooks, and international market entry. Produces deliverables including positioning statements, battlecard documents, launch plans, and go-to-market strategies.

Workflow orchestrator. Decomposes a task into ordered steps, finds or installs the right skill for each step, runs the chain, and offers to save it as a reusable skill.

Security audit and vulnerability assessment for any codebase. Scans for authentication bypasses, missing auth middleware, broken JWT validation (algorithm confusion, weak secrets, missing expiry), OAuth state and PKCE flaws, IDOR and horizontal privilege escalation, vertical privilege escalation via role manipulation, SQL injection, NoSQL injection, XSS (stored, reflected, DOM), command injection, path traversal, SSRF, CSRF, hardcoded secrets and API keys (sk_live_, AKIA, ghp_), .env and credential file exposure, PII leaking in logs and error responses, overfetching sensitive fields, CORS misconfiguration, session fixation, missing secure/httpOnly/sameSite cookie flags, and Firebase/Firestore rule weaknesses. Produces a severity-ranked findings report with exploit scenarios and fix recommendations. Covers OWASP Top 10.

Curate Claude Code's auto-memory into durable project knowledge. Analyze MEMORY.md for patterns, promote proven learnings to CLAUDE.md and .claude/rules/, extract recurring solutions into reusable skills. Use when: (1) reviewing what Claude has learned about your project, (2) graduating a pattern from notes to enforced rules, (3) turning a debugging solution into a skill, (4) checking memory health and capacity.

When the user wants to develop social media strategy, plan content calendars, manage community engagement, or grow their social presence across platforms. Also use when the user mentions 'social media strategy,' 'social calendar,' 'community management,' 'social media plan,' 'grow followers,' 'engagement rate,' 'social media audit,' or 'which platforms should I use.' For writing individual social posts, see social-content. For analyzing social performance data, see social-media-analyzer.

Perform a detailed SWOT analysis — strengths, weaknesses, opportunities, and threats with actionable recommendations. Use when doing strategic assessment, competitive analysis, or evaluating a product or business position.

Frontend development skill for React, Next.js, TypeScript, and Tailwind CSS applications. Use when building React components, optimizing Next.js performance, analyzing bundle sizes, scaffolding frontend projects, implementing accessibility, or reviewing frontend code quality.

Use this skill any time a .pptx file is involved in any way — as input, output, or both. This includes: creating slide decks, pitch decks, or presentations; reading, parsing, or extracting text from any .pptx file (even if the extracted content will be used elsewhere, like in an email or summary); editing, modifying, or updating existing presentations; combining or splitting slide files; working with templates, layouts, speaker notes, or comments. Trigger whenever the user mentions "deck," "slides," "presentation," or references a .pptx filename, regardless of what they plan to do with the content afterward. If a .pptx file needs to be opened, created, or touched, use this skill.

A comprehensive autonomous web research agent that performs targeted searches, fetches and parses web content, summarizes findings, and generates structured reports, adhering to industry best practices for accuracy, security, and robustness.