Design microservices architectures with service boundaries, event-driven communication, and resilience patterns. Use when building distributed systems, decomposing monoliths, or implementing microservices.

Service performance monitoring with RED metrics (Rate, Errors, Duration) and runtime-specific telemetry for Java, .NET, Node.js, Python, PHP, and Go. Use when analyzing service health, SLA compliance, or runtime issues. Trigger: "service response time", "error rate", "throughput", "SLA compliance", "service mesh overhead", "JVM GC", "Java heap", "Node.js event loop", ".NET CLR", "Python threads", "PHP OPcache", "Go goroutines", "service performance", "p95 latency", "request failures", "database response time by name". Do NOT use for explaining existing queries, product documentation questions, infrastructure metrics (use dt-obs-hosts), log analysis (use dt-obs-logs), or distributed tracing workflows (use dt-obs-tracing).

Use this skill to interactively scope a maintenance idea into a properly formatted task for the Android Agentic Maintenance Backlog. Invoke when the user wants to add a task to the maintenance backlog, scope a new maintenance idea, or says things like "I want to add something to the backlog", "help me scope a maintenance task", or "can we add this as a maintenance item".

Use this skill to execute a task from the Android Agentic Maintenance Backlog. Invoke when the user provides an Asana task URL from that backlog and asks to run, start, execute, or work on it. Also invoke when the user says things like "run the next maintenance task", "work on this backlog item", or "pick up a maintenance task". Requires the Asana MCP to be configured.

Check whether a translations PR provides full language coverage for all translatable strings it contains, and identify which languages are still missing. Use this whenever the user asks about translation status, whether translations are complete or ready, which languages are missing, or wants to verify a translations PR before merging. Also trigger when the user pastes a PR number or URL alongside any mention of translations, or asks something like "are we good to ship?" in a context that involves string changes.

Static security review for authentication and authorization vulnerabilities. Use when the user invokes /auth-review, asks to audit auth, find identity breaches, review access control, hunt for IDOR/BOLA, or check authorization. Framework- and vendor-agnostic. Enumerates every route/endpoint, builds an authorization matrix, applies a vulnerability catalog, and writes a triage report ready to turn into issues or PRs.

Comprehensive PDF manipulation toolkit for extracting text and tables, creating new PDFs, merging/splitting documents, and handling forms. When Claude needs to fill in a PDF form or programmatically process, generate, or analyze PDF documents at scale.

Implement distributed tracing with Jaeger and Tempo to track requests across microservices and identify performance bottlenecks. Use when debugging microservices, analyzing request flows, or implementing observability for distributed systems.

Write effective blameless postmortems with root cause analysis, timelines, and action items. Use when conducting incident reviews, writing postmortem documents, or improving incident response processes.

Execute database migrations across ORMs and platforms with zero-downtime strategies, data transformation, and rollback procedures. Use when migrating databases, changing schemas, performing data transformations, or implementing zero-downtime deployment strategies.

Comprehensive PDF manipulation toolkit for extracting text and tables, creating new PDFs, merging/splitting documents, and handling forms. When Claude needs to fill in a PDF form or programmatically process, generate, or analyze PDF documents at scale.

Release vercel-plugin — run gates, bump version, generate artifacts, commit, and push. Use when asked to "release", "ship", "bump and push", or "cut a release".

Create a new Cursor plugin scaffold with a valid manifest, component directories, and marketplace wiring. Use when starting a new plugin or adding a plugin to a multi-plugin repository.

Write effective blameless postmortems with root cause analysis, timelines, and action items. Use when conducting incident reviews, writing postmortem documents, or improving incident response processes.

Implement distributed tracing with Jaeger and Tempo to track requests across microservices and identify performance bottlenecks. Use when debugging microservices, analyzing request flows, or implementing observability for distributed systems.

Execute database migrations across ORMs and platforms with zero-downtime strategies, data transformation, and rollback procedures. Use when migrating databases, changing schemas, performing data transformations, or implementing zero-downtime deployment strategies.

Audit application source code against the OWASP Top 10 vulnerability categories. Use when the user mentions 'OWASP,' 'security audit,' 'code security review,' 'vulnerability audit,' 'find vulnerabilities,' 'secure code review,' 'security review,' or wants to check their codebase for common security weaknesses.

Push Packer build metadata to HCP Packer registry for tracking and managing image lifecycle. Use when integrating Packer builds with HCP Packer for version control and governance.

Analyze dependency license compliance and identify license risks. Use when the user says "check licenses", "license compliance", "any GPL dependencies", "copyleft risk", "endor license", or wants to know if dependencies are compatible with their project license. Flags copyleft (GPL, AGPL), unknown, and no-license packages. Do NOT use for vulnerability scanning (/endor-sca) or policy enforcement (/endor-policy).

Manage Software Bill of Materials — export, import, analyze, and compare SBOMs in CycloneDX and SPDX formats. Use when the user says "generate SBOM", "export SBOM", "software bill of materials", "endor sbom", "compare SBOMs", "NTIA compliance", or needs component inventory for compliance. Do NOT use for vulnerability scanning (/endor-scan) or license analysis (/endor-license).