Audit web applications and codebases for the most common and dangerous security vulnerabilities — especially those introduced by AI-assisted ("vibe coded") development. Use this skill whenever the user asks to review code for security issues, harden an app, audit an API, check for vulnerabilities, or secure a project. Also trigger when the user mentions terms like "security review", "pentest checklist", "harden my app", "is my code secure", "fix security holes", "OWASP", "SQL injection", "XSS", "vibe code security", or shares backend/frontend code and asks if anything looks wrong. Even if the user just says "review my code" without mentioning security, consider triggering this skill — security is always relevant. --- # Vibe-Code Security Audit Systematic security audit for web applications, with special attention to vulnerabilities that AI code-generation tools introduce most frequently.
Pre-commit code quality review for Unity C# code. Checks against Rules, CODING_STANDARDS.md, NAMING_CONVENTIONS.md, and GDD Gherkin test coverage. Use when code has been written and tests are passing but before committing. Runs automatically at Step 8.5 of /uw-cmd-implement-feature. Triggers on "review this code", "check my implementation", "pre-commit review", "code review", "check before commit", "is this ready to commit", "review my changes", or any request to validate code quality before committing.
This skill should be used when writing, editing, or reviewing code, creating tests, or when the user asks about "code style", "codestyle", "formatting", "best practices", or code quality. Apply these rules to all code changes.
Simplifies and refines code for clarity, consistency, and maintainability while preserving all functionality. Focuses on recently modified code unless instructed otherwise.
This skill should be used when the user wants to find, audit, or remove dead code, unused imports, unused functions, unused variables, duplicate implementations, or simplify a codebase. Works across all programming languages. Relevant when the user says "find dead code", "remove dead code", "remove unused imports", "find duplicate code", "simplify this codebase", "find unused functions", "find unused code", "remove commented out code", "what code is unused", "find orphaned files", "detect duplicate implementations", "find unreachable code", "clean up this codebase", or "audit for unused code".
- 📁 references/
- 📁 scripts/
- 📄 .gitignore
- 📄 EXAMPLE_CUSTOM_ANIMATION.py
- 📄 QUICK_START.md
Recursive maths animator — Manim-based technical animations with optional voiceover (manim-voiceover), git scene versioning, pinned requirements, asset folders, GIF approval previews, and a vision verification loop (frame extract, multimodal review in Cursor/Claude Code, VERIFICATION_FEEDBACK.md, iterate). Brief-first workflow: pitch a digestible animation plan and design options, get user approval, then code; lock theme in DESIGN_THEME.md.
We hacked Claude Code open-source, debugged it from scratch, and made it actually work. Full-featured AI coding CLI — your code, your keys, your rules.
This skill should be used when the user asks to "calculate code mass", "measure code complexity with APP", "compare implementations using APP", "apply Absolute Priority Premise", "use mass calculations", or during TDD refactor phases when comparing alternative implementations. Based on Micah Martin's work.
Check and improve ABAP code quality using abaplint and Clean ABAP principles. Use this skill when users ask to check, lint, validate, review, or analyze ABAP code for syntax errors, clean code compliance, code quality, best practices, or adherence to Clean ABAP guidelines. Also use when users ask to set up abaplint, configure abaplint.json, or run abaplint on their ABAP project. Triggers include requests like "check this ABAP code", "lint my ABAP", "run abaplint", "configure abaplint", "is this clean ABAP", "review my ABAP", or "analyze ABAP code quality".
- 📁 examples/
- 📄 bandit.md
- 📄 README.md
- 📄 SKILL.md
Security audit of Python source code (.py, setup.py, pyproject.toml) for security vulnerabilities using Bandit AST analysis. (1) Detects exec/eval code execution, pickle/yaml deserialization, subprocess shell injection, SQL injection, hardcoded credentials, weak cryptography, OWASP Top 10 Python issues. Use for Python security audits, Django/Flask apps, malicious Python code triage, CI/CD pipelines. NOT use for dependency/package audits (use guarddog), non-Python code (use graudit), shell scripts (use shellcheck). For mixed Python projects, combine with graudit -d secrets for comprehensive coverage.
Use when writing or changing TypeScript/Node.js code - prevents O(n²) collection scanning, hand-rolled builtins, wasteful allocation, unsafe dictionaries, polymorphic deopts, and other performance and code quality anti-patterns
Analyze code modules and files for refactoring opportunities, code smells, and architectural pattern violations in any language or framework. Use this skill when the user asks to "analyze code smells", "find refactoring opportunities", "check for code quality issues", or "review architecture" for a specific module or file.
