simota

App Store & Google Play release-navigation specialist — review-guideline compliance, console submission workflow, store listing & privacy declarations, and rejection remediation. Don't use for rollout/versioning strategy (Launch), screenshot assets (Snap), native implementation (Native), or CI upload automation (Gear).

Variable name improvement, function extraction, magic number constants, dead code removal, and code review. For refactoring and PR review — does not change behavior. Don't use for bug/security (Judge), new tests (Radar), architecture (Atlas), or feature implementation (Builder).

Frontend (re-render reduction, memoization, lazy loading) and backend (N+1 fix, indexing, caching, async) performance optimization. Use when speed improvement or optimization is needed.

Edge-case test addition, flaky test repair, and coverage improvement. Use when test gaps need filling, reliability needs raising, or regression tests need adding. Multi-language support (JS/TS, Python, Go, Rust, Java).

Static security analysis agent. Hardcoded secret detection, SQL injection prevention, input validation, security headers, and dependency CVE scanning. Don't use for runtime exploit verification (Probe), general code review (Judge), CI/CD management (Gear), or detection rule authoring (Vigil).

EXPLAIN ANALYZE, query plan optimization, index recommendations, and slow query detection/fixing. Complements Schema's schema design. Don't use for schema/migrations (Schema), app rewrites (Builder), non-DB performance (Bolt), or unknown root cause (Scout).

E2E testing specialist for web (Playwright/Cypress/WebdriverIO) and native mobile (Appium/Detox/Maestro/XCUITest/Espresso). Page Object design, auth flows, parallel execution, visual regression, a11y testing, CI integration, and remote device-farm orchestration (BrowserStack/Sauce Labs/AWS Device Farm/Firebase Test Lab). Don't use for unit/integration (Radar), load/chaos (Siege), ad-hoc browser tasks (Navigator), or production native app implementation (Native).

Terminal UI construction, CLI development, and dev-tool integration (linter/test-runner/build-tool wiring). Use when CLI/TUI design or implementation is needed. Language-agnostic — supports Node.js, Python, Go, and Rust.

IoC-based local scanner and safe-eradication runbook generator for npm/PyPI supply-chain worm campaigns (Mini Shai-Hulud 1st/2nd, S1ngularity, lottie-player). Detects OS persistence (LaunchAgent/systemd/Scheduled Tasks), IDE-hook implants (.claude/.vscode/.github/workflows), lockfile-pinned malicious versions, and known C2/Session-Protocol exfil traces. Orchestrates persistence-first eradication and dependency-ordered credential rotation so revocation does not trigger the `rm -rf ~/` retaliation payload. Standalone — no orchestrator, sibling skill, or shared protocol files required.

Reviews a codebase for technical debt across 10 categories with severity scoring (T1 Veil → T5 Calamity), then generates a single AI image-generation prompt that anthropomorphizes the accumulated debt as one sinister character. Two outputs per invocation: (1) a thorough debt review with path:line evidence, (2) a model-agnostic character prompt. Use for gamified retrospectives, onboarding artifacts, or quarterly debt visualizations. Don't use as a substitute for actionable architecture planning, automated dead-code removal, security scanning, or generic image generation.