Delegate coding tasks to Codex, Claude Code, or Pi agents via background process. Use when: (1) building/creating new features or apps, (2) reviewing PRs (spawn in temp dir), (3) refactoring large codebases, (4) iterative coding that needs file exploration. NOT for: simple one-liner fixes (just edit), reading code (use read tool), or any work in ~/clawd workspace (never spawn agents here). Requires a bash tool that supports pty:true.

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.

Use when creating Nuxt modules: (1) Published npm modules (@nuxtjs/, nuxt-), (2) Local project modules (modules/ directory), (3) Runtime extensions (components, composables, plugins), (4) Server extensions (API routes, middleware), (5) Releasing/publishing modules to npm, (6) Setting up CI/CD workflows for modules. Provides defineNuxtModule patterns, Kit utilities, hooks, E2E testing, and release automation.

Workflow and best practices for writing Apache Airflow DAGs. Use when the user wants to create a new DAG, write pipeline code, or asks about DAG patterns and conventions. For testing and debugging DAGs, see the testing-dags skill.

Text and document translation with REST-style clients.

Build image analysis applications with Azure AI Vision SDK for Java. Use when implementing image captioning, OCR text extraction, object detection, tagging, or smart cropping.

Use when the user wants to create or modify a specific Kubernetes resource type in ConfigHub — phrases like "create a StatefulSet", "add an Ingress", "set up NetworkPolicy", "I need a CronJob", "add RBAC for my app", "set up autoscaling", "create a DaemonSet", "expose my service externally", "add a PDB", "create a Job for data migration", "I need a headless Service", "set up persistent storage". Walks the user through authoring the resource as literal YAML in a ConfigHub Unit, applying best-practice defaults via functions, and wiring it into the Space. Pulls live examples from the `skill-examples` Space when available (seeded by `skill-examples-bootstrap`); falls back to `references/yaml-patterns.md`. Do not load for: AppConfig-based ConfigMaps (use `app-config`), Helm chart imports (use `import-from-helm`), raw config-as-data doctrine questions without a specific resource type (use `config-as-data`).

Use when the user wants to bring a Kustomize overlay or base into ConfigHub as Units — phrases like "I have a kustomization.yaml, how do I use it with ConfigHub?", "import my Kustomize overlays", "migrate from Kustomize to ConfigHub", "render this overlay into ConfigHub", "kustomize build into Units", or "I have a base + overlays directory structure". Runs `kustomize build` locally, splits the result into one or more ConfigHub Units via `cub unit create`, and hands off ongoing customization to `cub-mutate`. Do not load for Flux `Kustomization` CRDs (use `import-from-flux` — that's the renderer-bridge pipeline), for Helm charts (use `import-from-helm`), for adopting live cluster resources (use `import-from-cluster`), or for authoring raw YAML from scratch (use `config-as-data`).

Use when ConfigHub's Unit Data and the cluster's live state for that Unit have diverged — phrases like "reconcile drift", "the cluster changed out of band", "someone kubectl edit'd this", "ConfigHub and the cluster disagree", "accept the live changes", "overwrite the cluster with ConfigHub", "refresh from live", "who owns this drift?", "we have drift on app-a in prod". Runs `cub unit refresh` to pull current live state, `cub unit diff` against Data, walks the decide-who-wins decision (ConfigHub wins → re-apply; cluster wins → absorb; merge → selective reconcile), and executes the chosen path. Do not load for revision history rewind (use `rollback-revision`), for post-apply verification / three-way agreement checks (use `verify-apply`), for the first-time apply of a newly-bound Unit (use `cub-apply`), or for importing wholesale live resources into a brand-new Unit (use `import-from-cluster`).

Use when the user wants to bring a Helm chart under ConfigHub management — phrases like "install cert-manager from Helm", "I have a Helm chart, how do I use it with ConfigHub?", "render this chart into ConfigHub", "cub helm install", "upgrade to the new chart version", "how do I customize a chart without losing changes on upgrade?", or "deploy nginx/prometheus/traefik via Helm through ConfigHub". Runs `cub helm install` / `cub helm upgrade` / `cub helm template`, follows the clone-based customization pattern so upgrades preserve user edits, splits CRDs into their own Unit, and hands off applying to `cub-apply`. Do not load for ArgoCD Application or Flux HelmRelease discovery (use `import-from-argocd` / `import-from-flux` — those insert ConfigHub into an existing GitOps pipeline), for adopting already-deployed live resources (use `import-from-cluster`), or for authoring raw Kubernetes YAML with no chart (use `config-as-data`).

Use when the user wants a working ConfigHub playground to exercise the other skills against — phrases like "set up the skill-examples space", "bootstrap the examples", "give me a Unit to tinker with", "walk me through with a real example", "I'm new to ConfigHub, show me something I can poke at", or "reset the examples". Creates (or refreshes) a `skill-examples` Space with seed Units covering common Kubernetes resource types — Deployment, StatefulSet, DaemonSet, Job, CronJob, Ingress, NetworkPolicy, RBAC, HPA, PDB — and applies the canonical defaults-function chain so the end state demonstrates config-as-data with provenance intact. Other skills (like `kubernetes-resources`) pull from these live examples in preference to hardcoded YAML. Idempotent: re-running is safe. Do not load for creating real application Spaces (use config-as-data + space setup directly) or for bootstrapping triggers/policy (use triggers-and-applygates).

Use when the user has live Kubernetes resources already running in a cluster — applied by `kubectl apply`, installed via a different workflow, or inherited from a previous operator — and wants to bring them under ConfigHub management without a GitOps tool or a Helm chart in hand. Phrases like "adopt these existing resources into ConfigHub", "I have stuff in the cluster, how do I get it into cub?", "reverse engineer my namespace into Units", "import from the cluster", "cub unit import", "we kubectl-apply'd everything and want to migrate", or "bring the running state into ConfigHub". Creates Units pre-bound to a cluster Target, runs `cub unit import` with `--where-resource` filters to pull live manifests, then hands off to `config-as-data` doctrine for ongoing management. Do not load for Helm-installed charts (use `import-from-helm`), ArgoCD Applications (use `import-from-argocd`), Flux HelmReleases / Kustomizations (use `import-from-flux`), or new YAML being authored from scratch (use `config-as-data`).

Use when the user is organizing Units, Targets, and Workers across environments or regions — phrases like "how should I structure my Spaces?", "where do dev/staging/prod go?", "multi-region layout", "one Space per environment?", "app-a-prod vs prod-app-a naming", "should these be labels or separate Spaces?", "how do I keep prod config separate from dev?", or "we're standing up a second cluster, what's the ConfigHub pattern?". Prescribes one Space per deployment boundary (environment × region × cluster), the `platform` Space for org-wide Triggers/Filters, and label/slug conventions that make cross-Space queries and cloning painless. Do not load for authoring a single Unit's YAML (use `config-as-data`), for binding a Unit to a Target (use `target-bind`), or for setting up validation Triggers (use `triggers-and-applygates`).

Orientation skill — load when the user is new to ConfigHub, asks "what is a Unit / Space / Target / Worker / Trigger / Filter / Link", needs to understand how entities relate, wants a quick tour before diving into specific operations, or asks "how do I do X in ConfigHub" without enough context to route yet. Also covers Delete Gates and Destroy Gates — phrases like "protect this Space from accidental deletion", "stop anyone from destroying the prod Unit", "add a delete gate", "why can't I delete this?", "how do I lock down critical infra?". Explains the core vocabulary, the Read vs Write tool boundary, the change-description + -o mutations conventions, gate semantics, and routes to the right dedicated skill for each kind of task. Do not load when the user's intent is already concrete enough to route (e.g., "add a trigger that blocks :latest" → triggers-and-applygates; "bump the image" → cub-mutate; "find Deployments using v1.2.3" → cub-query).

Use right after cub-apply returns, or any time the user asks "did it actually deploy?", "is it live?", "is it still applying?", "did argo pick it up?", "are ConfigHub and the cluster in sync?", "prove this converged", "close this release out", "show me what changed". Single skill covering the whole post-apply arc: read Unit status + latest event to classify the apply (Progressing / Completed / Failed / Aborted), drill into `cub unit-event get` for per-resource sync/ready status and the Message field when something broke, cross-check the controller (Argo/Flux) and cluster (kubectl) for runtime failures (ImagePullBackOff, CrashLoopBackOff, schema errors), optionally produce a three-way ConfigHub ↔ controller ↔ cluster agreement table, and on success surface the Revision history with its --change-desc + GUI review links. Do not load for pure ConfigHub-internal query (use cub-query), for reconciling known drift (use drift-reconcile), or when the apply has not actually run yet (use cub-apply).

Use when the user wants to bind a Unit (or many Units) to a destination — a specific Kubernetes cluster+namespace, an ArgoCD Application, a Flux Kustomization, an OCI registry, a Tofu workspace. Phrases like "set up a target", "point this unit at my cluster", "bind these units to prod", "hook up Argo/Flux", "change the namespace this deploys to", "promote these to a different target". Creates or updates a Target with the right provider/toolchain and parameter JSON, attaches Units via cub unit set-target (or --where for bulk), and stops without applying — apply is cub-apply's job. Do not load for installing a worker (use worker-bootstrap first — Targets reference Workers), for running apply (use cub-apply), or for authoring the Unit's YAML (use config-as-data).

Use when the user is in the middle of a production incident and needs an orchestrated plan — phrases like "we have an outage", "prod is crashing", "page me through this", "what do I do first?", "mitigate or roll back?", "production is down since the last release", "something's broken in staging — help me triage", "we're on an incident call, walk me through the ConfigHub side", "post-incident cleanup". Triage the situation, decide between stabilize-and-mitigate vs head-moving rollback vs drift reconciliation, route to the right mutation skill with the scope and `--change-desc` composed, and drive the post-incident verification + close-out. Do not load for planned releases (use `promote-release`), for routine change management, or for single-Unit edits the user is confidently making on their own (use `cub-mutate`).

Use whenever the user is authoring or modifying Kubernetes configuration stored in ConfigHub, or is about to reach for Helm, Kustomize, Jsonnet, cdk8s, or a values file. This skill enforces the "configuration as data" doctrine — Units contain fully-materialized, literal YAML, mutated in place via cub functions or direct edits, never re-rendered from templates. Load this proactively any time the user says things like "add a chart", "values file", "overlay", "template this", "parameterize", "set up Helm for this", "make this reusable across envs", or starts generating K8s YAML that will be stored in ConfigHub. Do not load for: pure import-from-helm / import-from-kustomize flows (those have their own skills that handle one-shot render + store), or authoring config outside ConfigHub.

Use when the user needs to install a ConfigHub bridge worker in a Kubernetes cluster so that Units can apply, refresh, or import against real infrastructure — phrases like "set up a worker", "install the ConfigHub worker", "connect ConfigHub to my cluster", "make ConfigHub able to deploy", "add an Argo renderer worker", "add a Flux renderer worker", "I need a worker for OCI publishing", or "the worker isn't running / is crashing". Creates the worker entity, generates the Kubernetes manifest with the right provider types, installs it (or exports it for review / storage as a ConfigHub Unit), verifies it's running, and stops before you try to deploy anything through a worker that isn't healthy. Do not load for creating Targets (use target-bind — Targets reference Workers but are a separate concern) or for day-2 application apply (use cub-apply once the worker is up).

Use when asking about Rust code style or best practices. Keywords: naming, formatting, comment, clippy, rustfmt, lint, code style, best practice, P.NAM, G.FMT, code review, naming convention, variable naming, function naming, type naming, 命名规范, 代码风格, 格式化, 最佳实践, 代码审查, 怎么命名