27 skills
Runs CEO, design, and engineering review skills on a plan file in sequence, making intermediate decisions automatically using six built-in principles. Taste decisions and cases where both models chall
Measures web page performance by collecting real PerformanceAPI data from a running browser session. Captures metric baselines before changes, then compares TTFB, FCP, LCP, bundle sizes, and request c
A headless Chromium controller for testing and verifying web apps. Supports navigation, form interaction, element state checks, responsive screenshots, file uploads, and diff comparisons. Runs at roug
Canary monitors a live app after a deploy by checking pages for console errors, performance regressions, and load failures. It takes periodic screenshots, compares them against pre-deploy baselines, a
Adds safety guardrails to bash commands by intercepting destructive operations before they run. Catches patterns like rm -rf, DROP TABLE, force-push, git reset --hard, and kubectl delete. You can over
Wraps the OpenAI Codex CLI to provide three code analysis modes: a structured diff review with a pass/fail gate, an adversarial challenge that searches for edge cases and failure paths, and a consult
Runs a multi-phase security audit across a codebase. Covers secrets in git history, dependency supply chains, CI/CD pipeline risks, LLM-specific vulnerabilities, OWASP Top 10, and STRIDE threat modeli
Runs a design consultation session to build a complete design system from scratch. Researches your product's competitive landscape, proposes typography, color, layout, spacing, and motion choices as a
Audits a live site for visual problems — spacing inconsistencies, hierarchy failures, typography issues, AI-generated layout patterns, and sluggish interactions. Fixes each issue directly in source co
Runs after code ships to bring all project documentation in sync with what actually changed. Reads the diff, then updates README, ARCHITECTURE, CONTRIBUTING, CLAUDE.md, and CHANGELOG to match the curr
Restricts Claude's Edit and Write operations to a single directory for the duration of a session. Any attempt to modify files outside the allowed path is blocked outright. Useful when debugging or mak
Upgrades gstack to the latest version. Detects whether gstack is installed globally or vendored locally, runs the appropriate upgrade path, and displays a changelog summary of what changed between ver
Guard mode combines two safety layers: destructive command warnings (rm -rf, DROP TABLE, force-push) and directory-scoped edit restrictions. It activates both protections at once with a single command
A structured debugging workflow that enforces root cause analysis before any fix is applied. It runs four phases: investigate, analyze, hypothesize, implement. The core rule is simple: no code changes
Picks up where /ship leaves off. Merges the PR, monitors CI and deploy workflows, then runs canary checks against the live site to confirm production health. On first use, it does a dry-run validation
A two-mode office hours simulation that saves a design document. Startup mode runs six diagnostic questions testing demand reality, the status quo workaround, customer specificity, minimum viable wedg
Reviews development plans from a CEO/founder perspective before implementation. Challenges the problem framing, surfaces implementation alternatives, and runs a ten-section analysis covering architect
Reviews UI/UX design decisions in a plan file before implementation. Rates each design dimension 0-10, explains what a 10 looks like for that dimension, then edits the plan to close the gaps. Can gene
Runs an engineering manager-style review on a plan before coding starts. Checks architecture, data flow, test coverage, edge cases, and performance, then walks through each issue interactively with op
A QA skill that runs browser-based testing on web applications, finds bugs, and fixes them in source code. Each fix gets its own atomic commit. Covers three tiers: Quick (critical/high only), Standard
Runs a structured QA pass on a web application and produces a report with a health score, screenshots, and reproduction steps. It never modifies code or fixes anything. Use it when you want a bug inve
Runs a weekly engineering retrospective by analyzing git history, commit patterns, and code quality signals. Breaks down contributions per author with specific praise and growth suggestions anchored i
Pre-landing PR review that analyzes a branch's diff against the base branch. Checks for SQL safety, race conditions, LLM trust boundary violations, enum completeness gaps, test coverage, and scope dri
Imports cookies from an installed Chromium browser into a headless Playwright session. Opens a browser-based picker UI where you select which domains to import. Useful before QA testing pages that req
Detects your deployment platform (Fly.io, Render, Vercel, Netlify, Heroku, GitHub Actions, or custom) and writes the configuration to CLAUDE.md. Once set up, the /land-and-deploy skill reads this conf
Runs the full ship workflow from a feature branch in one command. Covers merging the base branch, running tests, bumping the version, generating a changelog entry, committing in bisectable chunks, pus
Clears the directory restriction set by /freeze, restoring edit access to all directories in the current session. Works by removing the freeze state file so the registered hooks allow edits everywhere
