Prevents directory traversal in Supabase Storage via path validation functions and storage RLS.

Enforces strict isolation of service_role key to server-side contexts only.

Injects tenant ID and RBAC permissions into JWT via Postgres Auth Hooks during token issuance.

Writes and executes JavaScript-based shell scripts using Google's zx library. Use when writing shell scripts, automation, build tools, file processing, CLI tools, deployment scripts, data pipelines, or batch operations. Also covers piping, streams, parallel execution, retries, cross-platform scripting, built-in fs utilities, and minimist argument parsing.

Splits mixed Server/Client pages into separate files with clean boundaries — extracting client logic into a `<DescriptiveName>Client.tsx` and rewriting `page.tsx` as a pure Server Component — and flags repeated JSX structures for extraction into shared typed components. Apply when working in a Next.js App Router project and you detect `export const metadata` alongside `"use client"`, hooks in a Server Component, a page file that has grown unwieldy (>200–300 LOC) with interactive logic, or the same layout block duplicated inline multiple times.

Guidelines for naming MCP tools, describing parameters, and documenting tools in a language- and framework-agnostic manner

BEFORE manually calling cmux set-status or writing chpwd hooks for workspace coloring, use this skill. Manages workspace color rules that auto-apply based on directory patterns. Handles config creation, zsh hook installation, rule management, and on-demand workspace coloring via cmux set-status. Triggers on "cmux setup", "workspace colors", "color this workspace", "add color rule", "project colors", or any request to visually differentiate cmux workspaces.

Create observability dashboards from OTEL metrics, logs, and traces using Kopai. Use when building metric visualizations, monitoring views, KPI panels, or when the user wants to see their telemetry data in a dashboard — even if they don't say "dashboard" explicitly. Also use when other skills or workflows need to present telemetry data visually (e.g. after root cause analysis).

Analyze telemetry data for root cause analysis using Kopai CLI. Use when debugging errors, investigating latency issues, tracing request flows across services, or correlating logs with traces. Also use when users report production issues like "why is my API slow", "getting 500 errors", "service is down", "requests are timing out", or any symptom that needs telemetry-based investigation — even if they don't mention traces or observability explicitly.

Generate eval scenarios from repo commits, configure multi-agent runs, execute baseline + with-context evals, and compare results — the full setup pipeline before improvement begins

Comprehensive documentation and best practices for building Terraform providers with terraform-plugin-framework (v1.17.0). Covers providers, resources, schemas, types, validators, testing, and common pitfalls.

A mature testing framework for Go designed to help you write expressive specs

A lightweight library for defining and managing system configurations for scientific experimentation.

tox plugin that makes tox use `pyenv which` to find python executables

Kedro helps you build production-ready data and analytics pipelines

Cross-platform Bluetooth Low Energy GATT client library for asynchronous BLE communication

asyncio (PEP 3156) Redis support

License detector for UglifyJS that identifies and preserves license comments during minification

The scrypt password-based key derivation function with sync and cancellable async.

The smallest and fastest pixel-level image comparison library with anti-aliasing detection.