Skip to main content
تشغيل أي مهارة في Manus
بنقرة واحدة
مستودع GitHub

vanguard-frontier-agentic

يحتوي vanguard-frontier-agentic على 613 من skills المجمعة من Raishin، مع تغطية مهنية على مستوى المستودع وصفحات skill داخل الموقع.

skills مجمعة
613
Stars
16
محدث
2026-07-03
Forks
3
التغطية المهنية
30 فئات مهنية · 73% مصنفة
مستكشف المستودعات

Skills في هذا المستودع

frontend-dom-xss-csp-review
غير مصنف

Review frontend source for DOM XSS sinks (innerHTML, dangerouslySetInnerHTML, v-html, document.write, eval-class APIs), verify actual attacker-reachable taint flow, and audit Content-Security-Policy and Trusted Types enforcement for real bypasses rather than header-presence checks, with framework-specific sink guidance loaded progressively.

2026-07-03
monorepo-package-governance-review
غير مصنف

Reviews monorepo task-graph configuration (Turborepo tasks/caching, Nx task pipelines) alongside dependency and lockfile governance (pnpm catalogs, npm overrides, lifecycle-script risk) to prevent false-green CI from stale cache reuse and unpinned supply-chain exposure.

2026-07-03
nextjs-server-security-review
غير مصنف

Statically review Next.js middleware, Server Actions, next.config.js, and environment-variable files for four documented server-side defect classes -- middleware matcher exclusions that silently skip auth on Server Functions, Server Actions missing allowedOrigins CSRF protection, secrets leaked via NEXT_PUBLIC_ prefixes, and SSRF/open-redirect via dangerouslyAllowLocalIP or unvalidated rewrite destinations.

2026-07-03
product-analytics-experimentation-review
غير مصنف

Review frontend analytics instrumentation and A/B or multivariate experiment configurations for event-schema correctness, sample-ratio-mismatch risk, statistically valid stopping rules, and consent-gated privacy compliance before shipping a tracking or experiment change.

2026-07-03
angular-template-sanitizer-security-review
غير مصنف

Statically review Angular templates and components for injection via DomSanitizer bypass calls (bypassSecurityTrustHtml, bypassSecurityTrustUrl, bypassSecurityTrustResourceUrl), unsanitized [innerHTML] bindings, and dynamically bound iframe security attributes such as [attr.sandbox], grounded in Angular's own sanitizer and NG0910 documentation.

2026-07-03
edge-cache-data-bleed-review
غير مصنف

Statically review Next.js App Router caching surfaces -- route-level revalidate exports, cache-boundary directives on server functions reading cookies(), generateStaticParams on personalized routes, and Cache-Control/Vary response headers -- for defects that let one user's authenticated response be cached and served back to a different user.

2026-07-03
graphql-client-security-review
غير مصنف

Statically review GraphQL client configuration (Apollo Client, and urql/similar clients by analogy) for production-enabled devtools/introspection exposure, a normalized cache left uncleared across user sessions, missing persisted-query allowlisting against client-driven query abuse, auth headers attached with no CSRF protection, and sensitive fields cached unmasked -- grounded in Apollo Client's own configuration and security-relevant documentation.

2026-07-03
react-rsc-data-boundary-review
غير مصنف

Statically review React Server Components code for data leaks across the server-to-client serialization boundary — secrets passed as props to Client Components, server-only modules missing the `server-only` guard, `use server` actions with no authorization check, non-public environment variables read in `use client` modules, and tainted values crossing the boundary unnarrowed — grounded in React's and Next.js's own documentation.

2026-07-03
sveltekit-actions-load-security-review
غير مصنف

Statically review SvelteKit form actions, load functions, hooks, and templates for CSRF origin-check bypass (checkOrigin/trustedOrigins), unauthenticated sensitive-data returns from load(), auth guards confined to +layout.server.js without an enforced parent()/hooks check, insecure cookies.set() options, and unsanitized {@html} bindings, grounded in SvelteKit's own CSRF, cookies, load, and authentication documentation.

2026-07-03
pci-payment-ui-security-review
غير مصنف

Statically review payment-page frontend code for PCI-DSS-relevant defects in the browser/DOM slice only — raw PAN collection in self-controlled inputs instead of Stripe hosted fields, card data persisted client-side or to analytics, raw card data POSTed to a first-party endpoint, and third-party scripts loaded without Subresource Integrity — grounded in Stripe's own tokenization docs and PCI-DSS v4 script-security requirements.

2026-07-03
nuxt-fullstack-security-review
غير مصنف

Statically review Nuxt 3/4 full-stack code for private secrets exposed via runtimeConfig.public/NUXT_PUBLIC_* env vars, useState/module-scope cross-request state pollution in Nitro, server-route SSRF via $fetch/ofetch with blind useRequestHeaders/credential forwarding, NuxtPayload/useState serialization reaching an XSS sink, and missing security response headers (routeRules headers, nuxt-security), grounded in Nuxt's own documentation via Context7.

2026-07-03
vue-router-navigation-security-review
غير مصنف

Statically review Vue Router navigation guards, redirect flows, and template bindings for client-side guards used as the sole authorization boundary, open redirects via route.query.redirect/returnUrl, javascript:/data: scheme injection through dynamic :to/:href bindings, route params/query reaching v-html/innerHTML (reflected XSS), guard-induced redirect loops, and catch-all/history-mode misconfiguration, grounded in Vue Router's own documentation.

2026-07-03
vue-state-store-security-review
غير مصنف

Statically review Pinia and legacy Vuex state stores for sensitive data persisted to localStorage/sessionStorage without scoping, untrusted server-payload hydration (window.__pinia/__INITIAL_STATE__) with un-escaped state serialization, SSR store-singleton cross-request pollution, store plugins/$subscribe/$onAction acting on untrusted payloads, client-held role flags used as an authorization source of truth, and devtools state exposure in production builds.

2026-07-03
ai-generated-frontend-code-review
غير مصنف

Apply an elevated review pass to AI or LLM-generated frontend code changes, checking specifically for hallucinated framework APIs, slopsquatted or non-existent dependency names, unsanitized dynamic-HTML sinks, and missing accessibility semantics before the diff is merged.

2026-07-03
browser-compatibility-review
غير مصنف

Audit JS/CSS/HTML feature usage against the project's declared Browserslist/supported-browser matrix using Baseline and caniuse status data, flag unguarded non-Baseline usage, and verify feature-detection or polyfill fallback coverage, with per-feature caniuse/Baseline lookups loaded only for features actually in question.

2026-07-03
design-token-governance-review
غير مصنف

Reviews design-token source of truth and build pipelines for hardcoded-value drift and resolved WCAG 1.4.3/1.4.11 contrast compliance across theme variants (light, dark, high-contrast), grounded in the W3C Design Tokens format and current WCAG success criteria.

2026-07-03
enterprise-red-team-review
غير مصنف

Run a mandatory adversarial review pass against Tier-1 specialist verdicts for frontend security review, AI-generated code review, and production incident workflows, hunting for exploit paths, WCAG failures automated tooling cannot catch, and prompt-injection artifacts in AI-generated code. Use before a change with security, accessibility, or AI-generated-code implications is allowed to reach the Board Chair.

2026-07-03
framework-upgrade-risk-review
غير مصنف

Assess breaking-change and regression risk for a same-framework major-version upgrade (React, Next.js, Angular, Vue, or core build tooling), grounding every claimed breaking change in the framework's official release notes/migration guide, and separate upgrade-blocking issues from cosmetic deprecation noise.

2026-07-03
frontend-board-chair
غير مصنف

Sequence frontend specialist and red-team reviews for the 10 governed workflows (new feature, perf regression, a11y audit, security review, SSR/hydration bug, design-system change, framework migration, AI-generated code review, production incident, CWV failure) and issue a binding evidence-gated approve/conditional-approve/reject decision. Use when a frontend change needs a final governance verdict, not a first-pass technical review.

2026-07-03
frontend-finops-cost-to-serve-review
غير مصنف

Build a cost-to-serve model covering CDN egress, SSR/edge compute, image transformation, and CI build-minute spend for a frontend surface, and rank remediation options by dollar savings weighed against Core Web Vitals and security impact, without treating cost-cutting and security/performance as unrelated trade-offs.

2026-07-03
frontend-maestro
غير مصنف

Route frontend governance tasks to the narrowest specialist or parallel team (max 4) from the frontend agent catalog. Use when you do not already know which frontend specialist handles the task. Not for direct frontend answers; Maestro classifies, dispatches, and hands off to frontend-board-chair-agent only. Never auto-dispatches live-mutation-capable specialists — requires explicit human confirmation with blast-radius and rollback before routing to any live-guard specialist.

2026-07-03
frontend-migration-modernization-plan
غير مصنف

Build a phased, reversible plan to migrate or modernize a legacy frontend surface (jQuery/Backbone/AngularJS to a modern framework, CRA/Webpack to Vite, or a same-framework major-version bump) using strangler-fig sequencing with measurable exit criteria per phase, without defaulting to a full rewrite.

2026-07-03
frontend-observability-rum-instrumentation
غير مصنف

Design or review browser-side Real User Monitoring instrumentation for Core Web Vitals (LCP, INP, CLS) using the web-vitals attribution build and distributed tracing via OpenTelemetry Web, enforcing lab-vs-field evidence labeling, sampling/cardinality sizing, and PII-in-telemetry controls, with library-specific wiring references loaded only when instrumentation code is actually being written or reviewed.

2026-07-03
legacy-jquery-to-modern-framework-review
غير مصنف

Inventory the hidden behaviors in a legacy jQuery/Backbone-era codebase — implicit global event delegation, direct DOM mutation outside any render cycle, plugin side effects, ad-hoc accessibility shims, and unsanitized HTML string building — that a mechanical framework port would silently drop or need to explicitly reproduce.

2026-07-03
wcag-22-accessibility-audit
غير مصنف

Audit frontend markup, components, and design-system primitives against WCAG 2.2 Level A/AA success criteria and ARIA APG interaction patterns, separating automated-detectable violations from manual-verification-required items and flagging legal exposure, with reference material loaded progressively per success-criteria category.

2026-07-03
build-tooling-vite-webpack-review
غير مصنف

Reviews Vite and Webpack build/chunking configuration and bundle-size composition for duplicate dependencies, unsplit vendor chunks, and tree-shaking failures, always version-labeling config since Vite 8 replaced Rollup-era manualChunks with Rolldown-based codeSplitting.

2026-07-02
bundle-budget-code-splitting-review
غير مصنف

Reviews JavaScript/CSS bundle composition against explicit numeric budgets, evaluates route- and component-level code-splitting boundaries, and requires a CI-enforced budget before endorsing any size fix as resolved.

2026-07-02
core-web-vitals-triage
غير مصنف

Decomposes LCP, INP, and CLS regressions into their documented sub-phases using lab and field evidence, and refuses to declare a metric fixed without a field-data or CI-budget verification path.

2026-07-02
e2e-testing-playwright-review
غير مصنف

Reviews Playwright end-to-end test configuration -- fixtures, storageState/auth setup, CI sharding and parallelism, and toHaveScreenshot visual-assertion options -- for reliability and correct gating, grounded in current, version-specific Playwright API docs.

2026-07-02
frontend-auth-session-security-review
غير مصنف

Review client-side authentication and session-management code for token-storage location, cookie-flag correctness, CSRF/open-redirect exposure, and OAuth/OIDC flow choice for browser-based apps against OWASP ASVS and Session Management Cheat Sheet guidance, with the OAuth-for-browsers reference loaded only when an OAuth/OIDC flow is in scope.

2026-07-02
frontend-error-boundary-resilience-review
غير مصنف

Reviews error-boundary placement, fallback UX, and failure-isolation strategy to prevent a single component's runtime error from crashing the whole page, ensuring granular, accessible degradation instead of an app-root-only safety net or a silent, unlogged failure.

2026-07-02
frontend-testing-strategy-review
غير مصنف

Reviews frontend test-pyramid shape, critical-path coverage, and flaky-test governance across unit, component, integration, and E2E layers (Vitest/Jest, Testing Library, Playwright/Cypress), loading framework references only when the task needs them.

2026-07-02
i18n-l10n-readiness-review
غير مصنف

Audit frontend code for internationalization readiness — externalized ICU MessageFormat strings, Intl-based date/number/currency/plural formatting, correct lang/dir attribute propagation, and RTL-safe CSS logical properties — before translation vendor engagement, with CLDR plural-rule detail loaded only when auditing countable strings.

2026-07-02
pwa-offline-readiness-review
غير مصنف

Validates installability against W3C manifest criteria and tests real offline navigation behavior end to end, rejecting a manifest-schema-valid but practically non-installable or non-functional-offline PWA.

2026-07-02
service-worker-cache-strategy-review
غير مصنف

Reviews service-worker route-matching and caching-strategy choices (precache vs. cache-first vs. network-first vs. stale-while-revalidate) against request type and security sensitivity, rejecting uniform blanket strategies and flagging authenticated/PII responses cached in the Cache API.

2026-07-02
tree-shaking-dead-code-review
غير مصنف

Verifies that a bundler's tree-shaking actually eliminated dead code by inspecting output bytes and sideEffects/module-format configuration, rather than trusting a clean build as proof of elimination.

2026-07-02
visual-regression-storybook-review
غير مصنف

Reviews Storybook visual-testing setup -- test-runner wiring, Chromatic integration, and the a11y addon's axe-core gating -- to ensure visually-critical components have deterministic pixel-diff and accessibility coverage before merge, grounded in current Storybook docs.

2026-07-02
microfrontend-boundary-review
غير مصنف

Reviews micro-frontend/module-federation boundary contracts for shared-dependency versioning safety, runtime isolation, and ownership clarity before adoption or extension of a distributed frontend architecture.

2026-07-02
angular-architecture-signals-review
غير مصنف

Statically review Angular component and service architecture for correct Signals usage (signal/computed/effect boundaries and purity), appropriate change-detection strategy (OnPush vs default), and service/DI boundary design, grounded in Angular's own Signals, change-detection, and dependency-injection guidance.

2026-07-02
angular-ssr-hydration-review
غير مصنف

Statically review Angular SSR bootstrap configuration and component templates for hydration-mismatch risk (NG0500-class errors), unjustified ngSkipHydration usage, and direct-DOM-manipulation patterns that bypass Angular's template-owned DOM model, grounded in Angular's own hydration guide and error catalog.

2026-07-02
عرض أهم 40 من أصل 613 skills مجمعة في هذا المستودع.