🔍代码审查 / GitHub MCP 推荐

SQLiteCpp coding standards and API rules for core edits, public headers, style, and Doxygen.

SQLiteCpp CI workflow patterns. Use for GitHub Actions, AppVeyor, Travis, matrices, or test steps.

Builds SQLiteCpp with Meson. Use when configuring Meson builds, tests, or Meson options.

Build SQLiteCpp with CMake. Use for CMake builds, tests, options, or build scripts.

SQLiteCpp and sqlite3 feature flags for CMake and Meson builds.

Refactor an existing SPF behavior using purpose-first discipline. Forces articulation of the behavior's purpose and business rules before code analysis, then maps to the documented patterns in internal/design/spf/conventions/. Triggers: "refactor behavior", "refactor this behavior", "clean up behavior", "apply conventions to behavior", "review behavior for refactor".

Adds Cursor Directory ambassador badges by name or email via Supabase. Resolves the person and sets users.is_ambassador. Use when the user asks to add, grant, or promote an ambassador, ambassador badge, or Cursor Ambassador.

Build and deploy an MCP server from an OpenAPI / Swagger spec using the mcp-use TypeScript SDK. Use this skill whenever the user wants to "turn this OpenAPI spec into an MCP server", "make this API usable from Claude/ChatGPT", "wrap this Swagger doc as MCP tools", "expose this REST API to an LLM", "generate MCP tools from a spec", or pastes/attaches an `openapi.yaml`, `openapi.json`, or `swagger.json` and asks for a Claude-compatible version. Trigger even if the user doesn't say "MCP" — if they describe an existing HTTP API (REST endpoints, an internal service, a third-party API they have a key for) and want an LLM to call it, this is the right skill. Covers spec ingestion (file path, URL, or pasted), operation-to-tool mapping, auth wiring (apiKey, bearer, basic, OAuth bearer), scaffolding with `create-mcp-use-app`, tool generation with proper zod schemas, live testing in the mcp-use inspector, and deploying to Manufact / mcp-use cloud.

Best practices for using the managed browser — handling login walls, CAPTCHAs, lazy-loaded content, paywalls, and tab cleanup.

Covers how to configure the maximum allowed size of the Webiny API Lambda bundle using the Infra.Api.MaxBundleSize extension in webiny.config.tsx. Use when a project's API bundle exceeds the default 4.5 MB limit or when you want to enforce a stricter limit. Handles the extension syntax, byte calculations, and interpreting the build error message.

Use when building multi-agent workflows with relay broker-sdk. Covers conversation vs pipeline coordination, WorkflowBuilder/DAG steps, agents, {{steps.X.output}} chaining, repairable verification gates, evidence-based completion, mandatory Claude-then-Codex fresh-eyes review/fix loops with test hardening, channels, chat-native recipes, error handling, event listeners, step sizing, lead+workers teams, and parallel waves.

Use when building multi-agent workflows with relay broker-sdk. Covers conversation vs pipeline coordination, WorkflowBuilder/DAG steps, agents, {{steps.X.output}} chaining, repairable verification gates, evidence-based completion, mandatory Claude-then-Codex fresh-eyes review/fix loops with test hardening, channels, chat-native recipes, error handling, event listeners, step sizing, lead+workers teams, and parallel waves.

Generate acceptance testing steps after completing a feature or bug fix. Use when the user asks for testing steps, a testing plan, or how to test something.

Docker containerization patterns, Dockerfile best practices, multi-stage builds, and Docker Compose. Use for: docker, Dockerfile, docker-compose, container, image, multi-stage build, docker build, docker run, .dockerignore, health check, distroless, scratch image, BuildKit, layer caching, container security.

Expert Kubernetes specialist mastering container orchestration, cluster management, and cloud-native architectures. Specializes in production-grade deployments, security hardening, and performance optimization with focus on scalability and reliability.

Use when: comparing SQL Server tables across instances, data migration validation, ETL verification, row mismatch detection, schema drift, reconciliation report, production vs staging comparison. Uses mssql-python driver with Apache Arrow for fast columnar data transfer and comparison.

Migrate vanilla CSS, CSS modules, SCSS, or styled-component styles to Tailwind v4 utilities. Prefer @theme-backed tokens and semantic utilities; document arbitrary values and parity gaps. For audits, load review/workflow.md. Triggers: "CSS to Tailwind", "migrate to Tailwind", "tailwind migration", "styled-components to Tailwind", "SCSS to Tailwind", "review Tailwind classes", "tailwind parity".

Use when design is complete and you need detailed implementation tasks for engineers with zero codebase context - creates comprehensive implementation plans with exact file paths, complete code examples, and verification steps assuming engineer has minimal domain knowledge

面向ecc的以证据为先的自动化清单与重叠审计工作流。当用户希望在修复任何内容之前了解哪些作业、钩子、连接器、MCP服务器或包装器是活跃的、损坏的、冗余的或缺失时使用。

Evidence-first automation inventory and overlap audit workflow for ecc. Use when the user wants to know which jobs, hooks, connectors, MCP servers, or wrappers are live, broken, redundant, or missing before fixing anything.

ecc用の証拠ベースの自動化インベントリとオーバーラップ監査ワークフロー。ユーザーがどのジョブ、フック、コネクタ、MCPサーバー、またはラッパーがライブか、壊れているか、冗長であるか、修正前に不足しているかを知りたい場合に使用します。

Deploy Tinybird pipes and datasources for enter.pollinations.ai observability. Validates and pushes changes to Tinybird Cloud.

Main Agents: Do NOT use this skill directly. If you need to test the TUI, invoke the `tui_tester` subagent. Drive terminal UI (TUI) applications programmatically for testing, automation, and inspection. Use when: automating CLI/TUI interactions, regression testing terminal apps, or verifying interactive behavior. Also use when: user asks "what is agent-tui", "what does agent-tui do", "demo agent-tui", "show me agent-tui", "how does agent-tui work", or wants to see it in action.

Test and deploy changes safely. Runs tests as a pre-deploy gate, deploys, then runs post-deploy verification. This is a TEMPLATE — customize the commands and checks for your specific deployment pipeline.

Create stunning, animation-rich HTML presentations from scratch or by converting PowerPoint files. Use when the user wants to build a presentation, convert a PPT/PPTX to web, or create slides for a talk/pitch. Helps non-designers discover their aesthetic through visual exploration rather than abstract choices.

像素级 iPhone 15 Pro 边框, 一屏 app 截图

三个手机框并排: splash / value-prop / sign-in

Use this skill when you need to execute SQL against the MoviePilot database. This skill guides you through connecting to the database and executing SQL statements. The database type (SQLite or PostgreSQL) and connection details are provided in the system prompt <system_info>. Applicable scenarios include: 1) The user asks about data statistics, counts, or aggregations that existing tools don't cover; 2) The user wants to inspect, modify, or fix raw database records; 3) The user asks to clean up data, update records, or perform database maintenance; 4) The user asks questions like "how many downloads", "show me site stats", "delete old records", etc.

ClickHouse queries, Goose migrations, chdb test schema, or telemetry storage paths.

Security payloads, bypass tables, wordlists, gf pattern names, always-rejected bug list, and conditionally-valid-with-chain table. Use when you need specific payloads for XSS/SSRF/SQLi/XXE/NoSQLi/command injection/SSTI/IDOR/path-traversal/HTTP smuggling/WebSocket/MFA bypass, bypass techniques, or to check if a finding is submittable. Also use when asked about what NOT to submit.

A multi-screen mobile onboarding flow rendered as three phone frames side by side — splash, value-prop, sign-in. Status bar, swipe dots, primary CTA. Use when the brief mentions "mobile onboarding", "iOS onboarding", "phone signup", or "移动端引导".

Use `@tanstack/react-pacer` to debounce/throttle the high-frequency writes that drive an interactive `@tanstack/react-table` v9 table: column filter inputs and column resize state. Pattern: import `useDebouncedCallback` from `@tanstack/react-pacer/debouncer`, wrap your `onChange` writer in it, and keep local input state so typing feels instant. For column resizing, throttle `onColumnResizingChange` so a drag doesn't push 60+ state updates per second. Pacer is the v9 replacement for the hand-rolled `DebouncedInput` setTimeout component from v8 examples.

React Compiler compatibility for `@tanstack/react-table` v9. When you read table state via builder APIs (`column.getIsPinned()`, `row.getIsSelected()`, `cell.getIsAggregated()`, `header.column.getIsSorted()`) inside a nested custom component, React Compiler memoizes the child against the stable `column` / `row` / `cell` reference and never re-runs when the underlying atom changes. Symptom: stale checkboxes, frozen sort indicators, dead pin buttons. Fix: wrap the JSX in `<Subscribe source={table.store} selector={…}>` or `<Subscribe source={table.atoms.X}>` so the dependency is visible to the compiler. Routing keywords: Subscribe, table.Subscribe, React Compiler, stale checkbox, memoized header/cell, builder API.

CSS conventions, layout systems, and modern patterns: predictable styles through low specificity and explicit cascade control. Invoke whenever task involves any interaction with CSS code — writing, reviewing, refactoring, debugging, or understanding stylesheets, SCSS, layout, or responsive design.

Use when writing, editing, refactoring, or debugging tests anywhere under `tests/**` (unit, integration, or end-to-end); authoring NUnit 4 test classes (`*Test`, `*IntegrationTest`); using NSubstitute mocks, AutoFixture with `[AutoMockData]` / `[InlineAutoMockData]` / `[Frozen]`, or AwesomeAssertions (NOT FluentAssertions); working with `CliIntegrationFixture`, `IntegrationTestFixture`, `MockFileSystem`, `TestableLogger`, `NUnitAnsiConsole`, or `New*` factory helpers; adding or updating E2E fixtures under `tests/Recyclarr.Cli.IntegrationTests.E2E/`; editing `Fixtures/recyclarr.yml`, `metadata.json`, `cf/`, `cf-groups/`, or `quality-profiles/` fixture folders; running `Run-E2ETests.ps1` or `scripts/coverage.py`; investigating flaky tests, coverage gaps, or Testcontainers setup. Triggers on phrases like "write a test", "fix this test", "improve coverage", "add an E2E case", "mock this dependency", or any edit to `*.Tests.csproj` or files under `tests/**`.

Template for skills that integrate with an MCP server. Demonstrates the reference file pattern: Claude reads a domain-specific MCP cheatsheet before making any tool calls, reducing query failures caused by server-specific gotchas. Fork this skill and replace the Sentry example with your target MCP.

VERIFY your changes work. Measure CLS, detect theme flicker, test visual stability, check performance. Use BEFORE and AFTER making changes to confirm fixes. Includes ready-to-run scripts: measure-cls.ts, detect-flicker.ts

GitHub archive: issue/PR search, sync freshness, duplicate clusters, gh-shim PR status, and Gitcrawl repo work.

Debug Python with pdb, breakpoint(), post-mortem inspection, and debugpy remote attach.

GitHub CLI for issues, PRs, CI/check logs, comments, reviews, releases, repos, and gh api queries.

List, configure, authenticate, call, and inspect MCP servers/tools with mcporter over HTTP or stdio.

Use when building Next.js App Router pages, server and client components, fetching data in server components, configuring layouts and middleware, handling routing patterns, optimizing images and fonts, or deploying a Next.js application.

フロントエンドプレゼンテーション、デモンストレーション、およびスライド構成のためのパターンとベストプラクティス。

PreToolUse security-anti-pattern hook for Claude Code. Catches 12 common security risks (command injection, XSS, SQL injection, unsafe deserialization, GitHub Actions workflow injection, eval/new Function code injection) BEFORE the Edit/Write/MultiEdit operation completes. Session-state caching prevents duplicate warnings on the same file+rule combo. Stdlib only — no dependencies. Use when you want a safety net during Claude Code sessions that touch security-sensitive code (auth, payments, user input handling, IaC). Disable with ENABLE_SECURITY_REMINDER=0 if you need to perform a verified-safe operation that would otherwise trip a pattern. Triggers — "add security hook", "block unsafe code", "detect command injection before write", "prevent SQL injection patterns", "security warning hook".

后端服务开发。当用户需要开发 API、数据库设计、微服务架构或后端业务逻辑时使用此技能。

后端服务开发专家（通才）。精通多种后端技术栈，能够根据需求选择最合适的技术方案。 当用户需要开发API、数据库设计、微服务架构或后端业务逻辑时使用此技能。 根据用户需求的技术栈，自动切换到对应语言的专家模式： - Python → 查看 python/SKILL.md - Node.js → 查看 nodejs/SKILL.md - Go → 查看 go/SKILL.md - Java → 查看 java/SKILL.md

后端架构模式、API 设计、数据库优化，以及针对 Node.js、Express 和 Next.js API 路由的服务端最佳实践。

Deploy webicached binary to beta.webi.sh. Use when building, uploading, or restarting the cache daemon. Covers cross-compile, conf sync, service management.