This skill should be used when the user says "review plan", "validate plan", "check plan", "sanity check the plan", "verify plan", "review my plan", "audit plan", "is my plan ready", or wants to validate a structured project plan for completeness, correctness, and pattern compliance before execution. Checks structural completeness, document quality, dependency graph consistency, codebase reference validity, and pattern compliance. Offers to fix found issues interactively and can proceed directly to arn-code-taskify when the plan passes.

Refactor high-complexity React components in Dify frontend. Use when `pnpm analyze-component --json` shows complexity > 50 or lineCount > 300, when the user asks for code splitting, hook extraction, or complexity reduction, or when `pnpm analyze-component` warns to refactor before testing; avoid for simple/well-structured components, third-party wrappers, or when the user explicitly wants testing without refactoring.

investigate flaky, intermittent, non-reproducible, or ci-only python pytest failures by leading with retrace capture and deterministic replay. use when a user reports flaky pytest tests, random failures, tests that pass locally but fail in ci, async/threading/timing flakes, pytest-xdist issues, fixture leakage, monkeypatch leakage, test isolation failures, dependency/environment-sensitive failures, pytest timeouts, or ai-generated code that breaks tests intermittently. guide the agent to preserve the failed execution as a retrace trace, replay it, inspect runtime state, and use ordinary pytest/source/log checks only as supporting triage.

**MANDATORY for ALL MCP server work** - mcp-use framework best practices and patterns. **READ THIS FIRST** before any MCP server work, including: - Creating new MCP servers - Modifying existing MCP servers (adding/updating tools, resources, prompts, widgets) - Debugging MCP server issues or errors - Reviewing MCP server code for quality, security, or performance - Answering questions about MCP development or mcp-use patterns - Making ANY changes to server.tool(), server.resource(), server.prompt(), or widgets This skill contains critical architecture decisions, security patterns, and common pitfalls. Always consult the relevant reference files BEFORE implementing MCP features.

This skill should be used when the user asks to "find a dashboard", "search dashboards", "does a dashboard exist for X", "find widgets that query Y", "which dashboards use this field", "find a dashboard about errors", "look up dashboards by description", "search for existing monitoring dashboards", "find widgets that reference a field", or wants to discover existing Coralogix dashboards or widgets using natural-language or field-based search.

Static security review for authentication and authorization vulnerabilities. Use when the user invokes /auth-review, asks to audit auth, find identity breaches, review access control, hunt for IDOR/BOLA, or check authorization. Framework- and vendor-agnostic. Enumerates every route/endpoint, builds an authorization matrix, applies a vulnerability catalog, and writes a triage report ready to turn into issues or PRs.

Author, edit, or apply a Descope FGA schema using the ReBAC/ABAC DSL. Use this skill whenever the user asks to create a new FGA schema, modify an existing one, add types/relations/permissions/conditions, review an authorization model, or apply schema changes to a Descope project. Trigger even if the user says things like "set up authorization", "define roles and permissions", "add team-based access", "make this endpoint check FGA", or "update my authz model" — these almost always mean an FGA schema change.

Full research pipeline: Workflow 1 (idea discovery) → implementation → Workflow 2 (auto review loop). Goes from a broad research direction all the way to a submission-ready paper. Use when user says \"全流程\", \"full pipeline\", \"从找idea到投稿\", \"end-to-end research\", or wants the complete autonomous research lifecycle.

Use when writing or reviewing Python code in this repo that builds an interactive voice agent via `agent.deepgram.com/v1/agent/converse`. Covers `client.agent.v1.connect()`, `AgentV1Settings`, `send_settings`, `send_media`, event handling, and function/tool calling. Full-duplex STT + LLM + TTS with barge-in. Use `deepgram-python-text-to-speech` for one-way synthesis, `deepgram-python-speech-to-text` / `deepgram-python-conversational-stt` for transcription only. Triggers include "voice agent", "agent converse", "full duplex", "interactive assistant", "barge-in", "agent.v1", "function calling", "AgentV1Settings".

Use when writing or reviewing JavaScript/TypeScript in this repo that calls Deepgram Conversational STT v2 / Flux (`/v2/listen`) for turn-aware streaming transcription. Covers `client.listen.v2.createConnection()` / `connect()`, Flux models, and turn events like `TurnInfo`. Use `deepgram-js-speech-to-text` for standard v1 ASR and `deepgram-js-voice-agent` for full-duplex assistants. Triggers include "flux", "v2 listen", "conversational STT", "turn detection", "end of turn", "EOT", and "listen.v2".

Use this skill at the end of a Google Slides deck-creation flow run by the same agent in the current session, before reporting the finished URL to the user. Catches the failure modes a creating agent reliably misses — surviving placeholder text, unswapped template imagery, layout overflow, hidden-original leaks. Trigger when the parent google-slides workflow reaches Step 9 / QA, or when the user asks "is this deck ready?" / "QA my deck" about a deck this agent itself just edited. Do NOT trigger for reviewing decks the agent did not create — without the Step 5 pre-fill snapshot the leak check silently degrades and the result is misleading.

Generates an end-of-day wrap-up using the Superhuman Mail MCP server — identifies open loops, unanswered emails, and action items from your day so you can leave work with a clear head. Use this skill whenever someone asks to "wrap up my day", "what's still open in my inbox", "end of day summary", "what do I still need to do", "any emails I missed today", "open loops in my inbox", "summarize my day", "what didn't I respond to", "daily review", "close out my day", "what fell through the cracks", or any variation of wanting to know what's unfinished before signing off. Also trigger when someone says "before I log off", "anything I'm forgetting", "daily debrief", "what should I tackle tomorrow", or wants an accounting of their email activity for the day. Trigger broadly — if someone wants to review what happened and what's still pending at the end of their workday, this skill should activate.

Refactor HTML/TSX files to use existing UI components, DaisyUI classes, and semantic colors. Use when (1) refactoring React/TSX page components to use reusable UI components, (2) replacing raw HTML elements with component library equivalents, (3) converting primitive Tailwind colors to semantic DaisyUI colors, (4) extracting repeated styling patterns into components.

Twilio SMS messaging via uni CLI. Use when user wants to send SMS, check message status, or list sent messages. Requires TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN, and TWILIO_PHONE_NUMBER.

Trello boards, lists, and cards via uni CLI. Use when user wants to manage Trello tasks, create boards, move cards between lists. Requires TRELLO_API_KEY and TRELLO_TOKEN.

Productivity tools via uni CLI. Use when user wants to send Slack messages, search Notion, manage Linear issues, or handle Todoist tasks. Services: slack, notion, linear, todoist.

Django development patterns and conventions (2025). Auto-loads when working with Django models, views, URLs, forms, templates, management commands, or project structure. Includes async support and type hints.

Django API development for 2025. Covers Django Ninja (modern, async-first, type-safe) and Django REST Framework (mature, ecosystem-rich). Use when building REST APIs, choosing between frameworks, implementing authentication, permissions, filtering, pagination, or async endpoints.