Aws

Use the security-review skill to review auth, user input, secrets, APIs, payments, uploads, and other sensitive flows. It provides a practical security-review guide with clear pass/fail checks, risky-pattern examples, and a focused process for catching common issues before release.

deployment-patterns is a practical deployment-patterns skill for CI/CD workflows, Dockerized delivery, health checks, and rollback-safe production rollouts. Use this deployment-patterns guide to choose rolling, blue-green, or canary deployment patterns for web apps with less guesswork.

multi-cloud-architecture helps design and compare AWS, Azure, GCP, and OCI architectures using service mappings and proven patterns like primary/DR, active-active, and portable platform baselines.

terraform-module-library helps teams design reusable Terraform modules for AWS, Azure, GCP, and OCI with a standard structure, examples, and tests for maintainable cloud architecture work.

The cost-optimization skill helps agents review AWS, Azure, GCP, and OCI spend with a practical framework for visibility, rightsizing, pricing models, architecture changes, and tagging standards.

The hybrid-cloud-networking skill guides secure on-prem to cloud connectivity planning, comparing VPN vs dedicated links like Direct Connect and ExpressRoute, with redundancy, routing, and failover tips. Use it as a hybrid-cloud-networking guide for deployment decisions.

The secrets-management skill helps teams secure CI/CD secrets with Vault, AWS Secrets Manager, Azure Key Vault, Google Secret Manager, and native platform options. Use it to plan runtime secret retrieval, rotation, and least-privilege Access Control for pipelines.

detecting-s3-data-exfiltration-attempts helps investigate possible AWS S3 data theft by correlating CloudTrail S3 data events, GuardDuty findings, Amazon Macie alerts, and S3 access patterns. Use this detecting-s3-data-exfiltration-attempts skill for Security Audit, incident response, and suspicious bulk-download analysis.

detecting-aws-iam-privilege-escalation helps audit AWS IAM for privilege escalation paths using boto3 and Cloudsplaining-style analysis. Use it to identify dangerous permission combinations, least-privilege violations, and security audit findings before they become incidents.

The configuring-hsm-for-key-storage skill explains HSM-backed key storage with PKCS#11, SoftHSM2, and production HSM options. Use this guide for install, usage, key attributes, token setup, signing, encryption, and Security Audit evidence.

The configuring-aws-verified-access-for-ztna skill helps you design and configure AWS Verified Access for VPN-less zero trust network access with identity and device posture checks in Cedar. Use this configuring-aws-verified-access-for-ztna guide for access control planning, trust providers, group policies, and endpoint setup.

analyzing-cloud-storage-access-patterns helps security teams detect suspicious cloud storage access in AWS S3, GCS, and Azure Blob Storage. It analyzes audit logs for bulk downloads, new source IPs, unusual API calls, bucket enumeration, after-hours access, and possible exfiltration using baseline and anomaly checks.

analyzing-api-gateway-access-logs helps parse API Gateway access logs to detect BOLA/IDOR, rate-limit bypass, credential scanning, and injection attempts. Built for SOC triage, threat hunting, and Security Audit workflows across AWS API Gateway, Kong, and Nginx-style logs using pandas-based analysis.

terraform-skill is a diagnose-first skill for Terraform and OpenTofu work. Use it to review, debug, or plan changes across modules, tests, CI, scans, and state operations with version-aware guidance. It helps reduce identity churn, secrets exposure, blast radius, CI drift, and state corruption.

The security skill creates PlantUML security architecture diagrams with AWS stencils for identity, encryption, firewalling, compliance, and threat detection. Use it for IAM flows, zero-trust designs, encryption pipelines, Security Audit diagrams, and review-ready documentation. It is not meant for general cloud infrastructure or generic UML modeling.

Create IoT architecture diagrams in PlantUML with device, sensor, gateway, edge, and cloud service icons. The iot skill is best for smart home, industrial IoT, fleet telemetry, sensor networks, digital twins, and robotics. Use it for clear IoT vocabulary and iconography, not generic cloud or UML diagrams.

The data-analytics skill creates PlantUML diagrams for data analysis workflows, including ETL, ELT, data lakes, warehouses, streaming pipelines, log analytics, and BI dashboards. It is optimized for clear source-to-destination flow, AWS analytics/database stencils, and practical data-analytics guide output—not generic software or cloud architecture diagrams.

Use the cloud skill to create PlantUML cloud architecture diagrams with official provider stencil icons for AWS, Azure, GCP, Alibaba Cloud, IBM Cloud, and OpenStack. It is a strong cloud guide for Cloud Architecture, with install and usage patterns, service boundaries, and flow-aware layouts for real deployment diagrams.

terraform-stacks is a practical skill for HashiCorp Terraform Stacks. Use it to create, modify, and validate .tfcomponent.hcl and .tfdeploy.hcl files, wire components and deployments, manage multi-environment or multi-region infrastructure, and troubleshoot Stack syntax, dependencies, and layout. Strong fit for backend development and platform engineering workflows.

terraform-style-guide helps generate and review Terraform HCL using HashiCorp style conventions, file layout, and security-minded defaults. Use it for Terraform-native code generation, module structure, variables, outputs, and safer configuration in real repositories.

Learn terraform-search-import for discovering supported cloud resources with Terraform Search and bulk importing them into Terraform state. This terraform-search-import skill is useful for backend development, audits, and migration workflows when you want a practical guide to install, verify provider support, and start usage with less guesswork.

The transcribe-video skill turns video or audio files into .srt, .vtt, and .txt outputs with AWS Transcribe. Use it for transcribe-video usage when you need captions, a searchable transcript, or a clean text version of spoken content. It also fits transcribe-video for Format Conversion workflows.

benchling-integration is a practical Benchling integration skill for backend development. It helps you install and use the skill to automate registry entities, inventory, ELN entries, workflows, SDK setup, REST API calls, and Data Warehouse queries with clear guidance for authenticated Benchling workflows.

Analyze WAF and audit logs to detect SQL injection campaigns with detecting-sql-injection-via-waf-logs. Built for Security Audit and SOC workflows, it parses ModSecurity, AWS WAF, and Cloudflare events, classifies UNION SELECT, OR 1=1, SLEEP(), and BENCHMARK() patterns, correlates sources, and produces incident-oriented findings.