Comprehensive website and web app audit covering security, UX, performance, accessibility, SEO, compliance, and revenue protection. Use this skill whenever the user asks to audit, review, check, or score a website or web application. Also use when the user says 'full-stack audit', 'UX audit', 'security audit', 'launch checklist', 'is my site ready to launch', 'check my site', 'review my code for issues', 'what did I miss', or any variation of wanting a comprehensive quality review before or after launch. This skill catches the issues that AI-built and vibe-coded sites consistently get wrong: client-side paywalls, exposed database tables, missing security headers, broken mobile layouts, and trust gaps that kill conversion. Triggers even if the user only asks about one area (e.g., 'check my security') because problems compound across categories.
Run a runtime accessibility audit using axe-core via Playwright and review the results
This skill should be used when the user asks to "create api endpoint", "django ninja", "django api", "add endpoint", "rest api django", "ninja router", "api schemas", or mentions API development, endpoint organization, or Pydantic schemas in Django projects. Provides Django Ninja patterns with 1-endpoint-per-file organization. --- # Django Ninja API Development Opinionated Django Ninja patterns with single-endpoint-per-file organization. ## Core Principles 1. **One endpoint = one file** - Each endpoint lives in its own file 2. **Logical grouping** - Endpoints grouped in subpackages by domain 3. **Router per group** - Each group has its own router 4. **Schemas in separate package** - Pydantic models in `schemas/` 5. **Services for logic** - Business logic in services, not endpoints ## API Structure ``` myapp/ ├── api/ │ ├── __init__.py # Main NinjaAPI instance │ ├── users/ │ │ ├── __init__.py # Router: users_router │ │ ├── list.py # GET /users/ │ │ ├── detail.py # GET /users/{id} │ │ ├── create.py # POST /users/ │ │ ├── update.py # PUT /users/{id} │ │ └── delete.py # DELETE /users/{id} │ ├── products/ │ │ ├── __init__.py │ │ ├── list.py │ │ ├── detail.py │ │ └── search.py │ └── auth/ │ ├── __init__.py │ ├── login.py │ ├── logout.py │ └── refresh.py └── schemas/ ├── __init__.py ├── user.py # UserIn, UserOut, UserPatch ├── product.py └── common.py # Pagination, errors ``` ## Main API Setup In `api/__init__.py`: ```python from ninja import NinjaAPI from ninja.security import HttpBearer from .users import router as users_router from .products import router as products_router from .auth import router as auth_router class AuthBearer(HttpBearer): def authenticate(self, request, token): # Token validation logic from ..services.auth import AuthService return AuthService.validate_token(token) api = NinjaAPI( title="My API",
Create and invite a DiscoClaw Discord bot to a server, configure required intents/permissions, and generate/verify local .env settings for DiscoClaw. Use when setting up DiscoClaw for a new user/server, rotating bot tokens, debugging why the bot cannot read messages (Message Content Intent), or when generating an invite URL for a given client ID.
Token allocation and vesting schedule builder. Walks founders through allocation design, vesting schedules, and generates a professional Excel token release schedule with supply/demand simulation chart. Use when a founder says "tokenomics", "allocation", "vesting schedule", "token release", "how do I structure my token supply", or after /why-token.
Full multi-platform paid advertising audit with parallel subagent delegation. Analyzes Google Ads, Meta Ads, LinkedIn Ads, TikTok Ads, and Microsoft Ads accounts. Generates health score per platform and aggregate score. Use when user says "audit", "full ad check", "analyze my ads", "account health check", or "PPC audit". --- # Full Multi-Platform Ads Audit ## Process 1. **Collect account data** — request exports, screenshots, or API access 2. **Detect business type** — analyze account signals per ads orchestrator 3. **Identify active platforms** — determine which platforms are in use 4. **Delegate to subagents** (if available, otherwise run inline sequentially): - `audit-google` — Conversion tracking, wasted spend, structure, keywords, ads, settings (G01-G74) - `audit-meta` — Pixel/CAPI health, creative fatigue, structure, audience (M01-M46) - `audit-creative` — LinkedIn, TikTok, Microsoft creative checks + cross-platform synthesis - `audit-tracking` — LinkedIn, TikTok, Microsoft tracking + cross-platform tracking health - `audit-budget` — LinkedIn, TikTok, Microsoft budget/bidding + cross-platform allocation - `audit-compliance` — All-platform compliance, settings, performance benchmarks 5. **Score** — calculate per-platform and aggregate Ads Health Score (0-100) 6. **Report** — generate prioritized action plan with Quick Wins ## Data Collection Ask the user for available data. Accept any combination: - Google Ads: account export, Change History, Search Terms Report - Meta Ads: Ads Manager export, Events Manager screenshot, EMQ scores - LinkedIn Ads: Campaign Manager export, Insight Tag status - TikTok Ads: Ads Manager export, Pixel/Events API status - Microsoft Ads: account export, UET tag status, import validation results If no exports available, audit from screenshots or manual data entry. ## Scoring Read `ads/references/scoring-system.md` for full algorithm. ### Per-Platform Weights | Platform | Category Weights | |----------|-----------------| | Google | Conve
- 📁 .github/
- 📁 src/
- 📁 tests/
- 📄 .gitignore
- 📄 .npmignore
- 📄 advanced-installation.md
An AI-friendly CLI for Jira designed for maximum efficiency and security. All output is structured JSON — no human-readable formatting, no interactive prompts.
- 📁 evals/
- 📁 references/
- 📁 scripts/
- 📄 checkpoints.yaml
- 📄 SKILL.md
Use when conducting security assessments, OWASP/CWE audits, CVSS scoring, auditing PHP/TYPO3 projects for vulnerabilities, scanning dependencies, or reviewing code for security concerns.
Audit an existing repository or paper-code release for open-source hardening gaps across correctness, maintainability, testability, security, performance, observability, and documentation. Use when the user says "audit this repo", "harden this project", "open source readiness", or wants a prioritized file-level report before changing code.
Validate cryptographic module FIPS compliance and check for known vulnerabilities. Use when assessing whether an organization's cryptographic implementations meet federal validation requirements (FIPS 140-2/140-3, NIST SC-13, FedRAMP cryptographic module guidance).
Use when reviewing code security, finding vulnerabilities, testing exploitability, hardening implementation details, and validating that fixes are stable and production-safe. Keywords: security audit, vuln scan, hardening, threat model, secure coding, dependency audit, SAST, secrets, path traversal, command injection, SSRF, XSS, CSRF, authz, authn.
- 📄 .gitignore
- 📄 README.md
- 📄 SKILL.md
BML Connect (Bank of Maldives) payment API integration guide. Use this skill whenever the user mentions BML Connect, Bank of Maldives payments, MVR transactions, MobilePay integration, Maldivian payment processing, laari currency, or wants to accept payments in the Maldives. Also trigger when you see BML API keys, `/public/v2/transactions`, `/public-customers`, or any reference to merchants.bankofmaldives.com.mv. Even if the user just says "add payments" or "integrate a payment gateway" in a Maldivian context, this skill applies. --- # BML Connect Integration BML Connect is the Bank of Maldives merchant payment platform — the primary way to accept online payments in the Maldives. This skill contains everything needed to integrate with the BML Connect API. --- ## Authentication Every API call uses a static API key in the Authorization header. No OAuth, no token exchange, no expiry. ```
