🔍代码审查 / GitHub MCP 推荐

Perform comprehensive code reviews for TypeScript projects, analyzing type safety, best practices, performance, security, and code quality with actionable feedback

Work on Madoc TS automation bots, bot definitions, and task event handling. Use when adding new bots, updating bot triggers, or changing bot execution flows in services/madoc-ts.

Database access patterns for performance. Separate read/write models, avoid N+1 queries, use AsNoTracking, apply row limits, and never do application-side joins. Works with EF Core and Dapper.

This skill should be used when the user asks to "create a hookify rule", "write a hook rule", "configure hookify", "add a hookify rule", or needs guidance on hookify rule syntax and patterns.

This skill should be used when the user asks to "add MCP server", "integrate MCP", "configure MCP in plugin", "use .mcp.json", "set up Model Context Protocol", "connect external service", mentions "${CLAUDE_PLUGIN_ROOT} with MCP", or discusses MCP server types (SSE, stdio, HTTP, WebSocket). Provides comprehensive guidance for integrating Model Context Protocol servers into Claude Code plugins for external tool and service integration.

Review code for quality, bugs, and improvements. Use when user wants code review or quality assessment.

Automation & tooling specialist: browser automation, CI/CD, monorepo, performance testing, feature flags. 23 methodologies.

Apply Strunk's timeless writing rules to ANY prose humans will read—documentation, commit messages, error messages, explanations, reports, or UI text. Makes your writing clearer, stronger, and more professional.

Generate standalone skills from MCP servers. Use when users want to create a reusable skill for an MCP service. Triggers on "create skill for MCP", "generate MCP skill", "make skill from MCP server".

Query up-to-date documentation and code examples for any programming library or framework. Use when looking up API docs, finding code examples, or checking library usage. Triggers on "how to use [library]", "docs for [package]", "show me examples of [framework]", "Context7 lookup".

Search the web, research companies, and find code context using Exa AI. Use when performing web searches, company research, or finding programming documentation. Triggers on "search the web", "find online", "research company", "code context for [library]", "Exa search".

Search real-world code examples from over a million public GitHub repositories. Use when finding code patterns, implementation examples, or how libraries are used in practice. Triggers on "find code examples", "how is [library] used", "search GitHub code", "grep.app search", "code pattern".

Control JetBrains IDE (IntelliJ, WebStorm, PyCharm) via MCP. Use when manipulating IDE files, running configurations, searching code, or performing refactoring. Triggers on "open in IDE", "run configuration", "refactor code", "IDE search", "JetBrains".

Interact with MCP (Model Context Protocol) servers using the mcporter CLI. Use this skill when you need to list available MCP servers, view tool schemas, call MCP tools, manage OAuth authentication, or generate CLI wrappers and TypeScript types for MCP servers.

Create robust Python automation with full logging and safety checks. Use when tasks need complex data processing, authenticated API work, conditional file operations, or error handling beyond simple shell commands.

Mobile development patterns for React Native and Flutter including navigation, state management, and responsive design

Kubernetes operations including manifests, Helm charts, operators, troubleshooting, and resource management

Docker best practices including multi-stage builds, compose patterns, image optimization, and security

MCP server development including tool design, resource endpoints, prompt templates, and transport configuration

Testing strategies including contract testing, snapshot testing, mutation testing, property-based testing, and test organization

Advanced TypeScript patterns including generics, conditional types, mapped types, template literals, and type guards

Next.js 14+ App Router patterns including RSC, ISR, middleware, parallel routes, and data fetching

Modern frontend patterns for React Server Components, performance optimization, and Core Web Vitals

Query optimization, indexing strategies, and database performance tuning for PostgreSQL and MySQL

Application security covering input validation, auth, headers, secrets management, and dependency auditing

Pythonic code with modern type hints, dataclasses, async patterns, packaging, and testing

Use when reviewing code security, auditing dependencies for CVEs, checking configuration or secret security, assessing authentication and authorization patterns, identifying OWASP vulnerabilities (injection, XSS, CSRF), or addressing security concerns about implementations.

Extract text and tables from PDF files, fill forms, merge documents. Use when working with PDF files or when the user mentions PDFs, forms, or document extraction.

Frontend development skill for React, Next.js, TypeScript, and Tailwind CSS applications. Use when building React components, optimizing Next.js performance, analyzing bundle sizes, scaffolding frontend projects, implementing accessibility, or reviewing frontend code quality.

Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).

Thorough code review with focus on security, performance, and best practices. Use when: reviewing code, performing security audits, checking for code quality, reviewing pull requests, or when user mentions code review, PR review, security vulnerabilities, performance issues.

Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).

Comprehensive PDF manipulation toolkit for extracting text and tables, creating new PDFs, merging/splitting documents, and handling forms. When Claude needs to fill in a PDF form or programmatically process, generate, or analyze PDF documents at scale.

Enables live interaction with the NetAlertX runtime. This skill configures the Model Context Protocol (MCP) connection, granting full API access for debugging, troubleshooting, and real-time operations including database queries, network scans, and device management.

Enables live interaction with the NetAlertX runtime. This skill configures the Model Context Protocol (MCP) connection, granting full API access for debugging, troubleshooting, and real-time operations including database queries, network scans, and device management.

Skills for using Docker Model Runner to run local LLM inference

Apply CSS alpha masking with linear-gradient for horizontal or vertical edge fades (mask-image and -webkit-mask-image). Use when asked for alpha masks, fade edges, or CSS mask gradients.

React useEffect best practices from official docs. Use when writing/reviewing useEffect, useState for derived values, data fetching, or state synchronization. Teaches when NOT to use Effect and better alternatives.

Set up a Docker container for running Nextflow training examples. Handles basic setup, Docker-outside-of-Docker (DooD) for containerized processes, ARM Mac platform emulation, and troubleshooting. Use when you need to run Nextflow examples in a consistent environment.

Read before running tests. Detailed instructions for single, standard unit tests (fast), full suites (slow), handling authentication, and obtaining the API Token. Tests must be run when a job is complete.

Use when writing prose humans will read—documentation, commit messages, error messages, explanations, reports, or UI text. Applies Strunk's timeless rules for clearer, stronger, more professional writing.

Deploy applications to Render by analyzing codebases, generating render.yaml Blueprints, and providing Dashboard deeplinks. Use when the user wants to deploy, host, publish, or set up their application on Render's cloud platform.

Deploy web projects to Netlify using the Netlify CLI (`npx netlify`). Use when the user asks to deploy, host, publish, or link a site/repo on Netlify, including preview and production deploys.

Deploy applications and infrastructure to Cloudflare using Workers, Pages, and related platform services. Use when the user asks to deploy, host, publish, or set up a project on Cloudflare.

Reviews code changes for bugs, security issues, and quality problems

Use when tasks involve reading, creating, or reviewing PDF files where rendering and layout matter; prefer visual checks by rendering pages (Poppler) and use Python tools such as `reportlab`, `pdfplumber`, and `pypdf` for generation and extraction.

Perform language and framework specific security best-practice reviews and suggest improvements. Trigger only when the user explicitly requests security best practices guidance, a security review/report, or secure-by-default coding help. Trigger only for supported languages (python, javascript/typescript, go). Do not trigger for general code review, debugging, or non-security tasks.

Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model. Trigger only when the user explicitly asks to threat model a codebase or path, enumerate threats/abuse paths, or perform AppSec threat modeling. Do not trigger for general architecture summaries, code review, or non-security design work.