plugins

Use when the user supplies or imports existing security findings, vulnerability reports, or security/vulnerability Jira/Linear tickets from scanners, advisories, GitHub, Atlassian Rovo, Linear, or similar backlog sources and wants static repo-impact triage. Do not use for discovery, duplicate-bug triage, validation, or fixes.

Boltz CLI setup and auth. Use when installing, updating, verifying, or authenticating `boltz-api`, or fixing missing CLI, PATH, sandbox, browser login, or auth errors.

Design new protein binders with Boltz. Use when generating protein, peptide, antibody, nanobody, or custom binder candidates for a target. Not for screening existing proteins or small molecules.

Use when the user asks for a deep, exhaustive, multi-pass, or variance-reducing repository-wide or scoped-path Codex Security scan. Run repeated independent discovery passes over one resolved scope with worker-specific threat models, semantically merge candidates, synthesize one canonical validation threat model, then run validation, attack-path analysis, canonical JSON completion, and generated reporting once. Do not use for PRs, commits, branch diffs, or working-tree diffs.

Use when Codex is already in the finding-discovery phase of a security scan or the user explicitly asks to discover candidate security findings in a repository or code change. Do not use as the primary trigger for full PR, commit, branch, patch, or repository scans.

Use when the user explicitly asks to fix and verify a validated or plausible security finding. Do not use as the primary trigger for full PR, commit, branch, patch, or repository scans.

Use when the user asks for a security review of a pull request, commit, branch diff, working-tree patch, or other Git-backed change set.

Use when the user asks for a repository-wide or scoped-path security scan.

Track validated Codex Security findings in Linear, Jira, GitHub issues, or draft GitHub security advisories. Use it for one finding or an explicitly selected batch of up to 25 findings tracked as Linear, Jira, or GitHub issues. Includes duplicate checks, exact previews, approval-gated writes, and readback. Do not use it for scans or fixes.

Use when Codex is already in the validation phase of a security scan or the user explicitly asks to determine whether one or more candidate security findings are valid. Do not use as the primary trigger for full PR, commit, branch, patch, or repository scans.

Bulk Q&A Answers skill for Datasite deal rooms. Use this skill whenever a sell-side deal team wants to answer multiple buyer questions at once, generate AI draft responses from VDR content, produce a Q&A tracker spreadsheet, or build a Q&A management dashboard. Triggers include: "answer the Q&A", "draft responses to buyer questions", "process the question list", "generate Q&A tracker", "answer all questions", "bulk answer", "Q&A management dashboard", "respond to diligence questions", or any request to systematically work through a list of buyer questions using data room content as the source. Use this skill proactively whenever a buyer has submitted questions and the deal team wants AI-assisted drafting. Do not use for individual one-off questions outside a structured Q&A process. Do not draft answers from general knowledge — all responses must come from the data room.

Document Quality Check skill for Datasite deal rooms. Use this skill whenever a deal team wants to audit document quality before going live to buyers. Triggers include: "check document quality", "flag bad documents", "find password protected files", "check for blank documents", "PII check", "redaction review", "find corrupted files", "document audit", "quality check the data room", "are there any blank or broken files", "check for unredacted personal data", or any request to verify that documents in the data room are complete, accessible, and safe to share. Use this skill proactively before a data room goes live. Do not use for renaming files (use smart-file-renaming) or for identifying missing sections (use gap-analysis).

Data Room Gap Analysis skill for Datasite deal rooms. Use this skill whenever a sell-side deal team wants to audit what is missing, sparse, or incomplete in their data room before going live to buyers. Triggers include: "run a gap analysis", "what's missing from the data room", "check the data room coverage", "flag empty folders", "what haven't we uploaded yet", "data room readiness check", "find gaps before we go live", "are all the contracts in there", "check we have everything", or any request to assess completeness of the data room by section. Use this skill proactively whenever a deal team is preparing to launch a data room and wants to know what still needs to be uploaded or organised. Do not use for document quality issues such as PII or redaction (use document-quality-check), or for drafting Q&A responses (use bulk-qa-answers).

Information Request List (IRL) Tracker skill for Datasite deal rooms. Use this skill whenever a deal team wants to compare VDR content against a buyer's information request list, track document delivery status, or build a due diligence tracker dashboard. Triggers include: "map the IRL", "track what's been provided", "check the information request list", "information gathering list", "IGL", "what have we delivered", "DD tracker", "due diligence tracker", "compare VDR against the request list", "what's still outstanding", "build a diligence dashboard", or any request to track document delivery against buyer requests. Use proactively whenever a buyer has submitted a request list and the deal team needs to manage and track responses. Do not use for overall data room structural gap analysis — use gap-analysis for that.

Launch Readiness Orchestrator skill for Datasite deal rooms. Use this skill whenever a deal team wants a single pre-go-live readiness check across their data room — combining gap analysis, document quality audit, and risk review into one consolidated "is the room ready?" view. Triggers include: "are we ready to go live", "launch readiness check", "pre-launch audit", "data room readiness", "can we launch", "is the data room ready", "run a full readiness check", "go-live checklist", "pre-launch checklist", or any request to get a single overall assessment before opening the data room to buyers. Use proactively whenever a deal team is approaching their go-live date and wants a structured sign-off view. Do not use other individual audit skills (gap-analysis, document-quality-check, risk-analysis-audit) when this skill is active — this skill orchestrates all three in one pass.

Risk Analysis Audit skill for Datasite deal rooms. Use this skill whenever a sell-side deal team wants to audit, review, or flag risks across a data room before going live. Triggers include: "run a risk audit", "flag risks in the data room", "risk review", "what are the risks in this deal", "audit the data room", "risk analysis", "flag issues before we go live", "what should we fix before launch", or any request to analyse deal risk by workstream (Tax, Finance, Legal, HR, IP, Commercial, Regulatory, ESG). Use this skill proactively whenever the user is preparing a data room for launch and wants a structured view of what might concern a buyer. Do not use for document quality issues like PII or redaction (use document-quality-check), or for identifying missing sections (use gap-analysis).

Smart File Renaming skill for Datasite deal rooms. Use this skill whenever a deal team wants to standardise document names, clean up scanned file names, normalise naming across similar document types, or improve the professionalism of the data room before going live. Triggers include: "rename the files", "clean up the file names", "standardise naming", "the file names are a mess", "fix the document names", "rename scanned documents", "make the naming consistent", "tidy up the data room", or any request to improve, clean, or normalise document naming across a Datasite project. Never apply any rename without explicit user confirmation. Do not use for document quality or PII checks — use document-quality-check for that. Never rename files without explicit user confirmation.

VDR Index Setup skill for Datasite deal rooms. Use this skill whenever a user wants to create, propose, design, or set up a Virtual Data Room (VDR) index or folder structure for a deal. Triggers include: "set up a data room", "create a VDR index", "build a deal room structure", "prepare the index", "set up the fileroom", "I need a data room for [deal/company]", or any request to organise or structure documents for due diligence. Also triggers when a user wants to replicate an existing deal room structure or import an index from a spreadsheet or reference deal. This skill MUST be used whenever the user is starting a new deal room or wants to customise the folder hierarchy before documents are uploaded. Do not use to audit or review an existing data room — use gap-analysis, document-quality-check, or risk-analysis-audit for that.

Cite-checks a brief, motion, or memo (PDF/Word): verifies each cited case is real, supports the proposition, is good law, and quoted accurately. Returns one marked-up .docx with comments and redlines.

Drafts court filings — motions, memoranda of law, appellate briefs — as court-ready .docx, with Midpage research behind every citation. Use to "draft a motion to dismiss," "write the brief."

Writes a formal objective legal research memo (Questions Presented, Brief Answers, Facts, IRAC Discussion, Conclusion) as a .docx. Use to "draft a research memo on whether…" Predicts, never advocates.

Writes public-facing litigation updates — blog posts, client alerts, LinkedIn/X posts — on a federal case or legal development. Use to "write a blog post about…," "draft a client alert on…"

Sets up and configures background workers on Render for queue-based job processing. Use when the user needs to process async jobs, consume from a queue, run Celery/Sidekiq/BullMQ/Asynq/Oban workers, handle graceful shutdown with SIGTERM, wire a worker to Key Value (Redis), or choose between workers and cron jobs for background work. Trigger terms: background worker, async jobs, queue consumer, Celery, Sidekiq, BullMQ, Asynq, Oban, job processing, SIGTERM, graceful shutdown.

Authors and validates render.yaml Blueprints for Render infrastructure. Use when the user needs to write or edit a render.yaml, wire services together with fromDatabase/fromService/fromGroup, set up projects and environments for multi-service apps, configure preview environments, validate against the schema, or fix immutable field errors. Trigger terms: render.yaml, Blueprint, IaC, fromDatabase, fromService, envVarGroups, previews, projects, environments.

Installs and uses the Render CLI for deploys, logs, SSH, psql, Blueprint validation, and automation. Use when the user needs to run Render CLI commands, script deploys in CI/CD, authenticate with an API key, query services non-interactively, or troubleshoot CLI auth issues. Trigger terms: render CLI, render login, render deploys, render logs, render ssh, render psql, render blueprints validate, render skills, RENDER_API_KEY, non-interactive, CI/CD deploy.

Configures and troubleshoots scheduled tasks on Render using cron job services. Use when the user needs to run something on a schedule, write a cron expression, set up a periodic job, migrate from Heroku Scheduler, choose between cron jobs and background workers, or fix a cron that isn't firing. Trigger terms: cron job, scheduled task, periodic job, cron expression, schedule, run every, timer, Heroku Scheduler migration.

Debug failed Render deployments by analyzing logs, metrics, and database state. Identifies errors (missing env vars, port binding, OOM, etc.) and suggests fixes. Use when deployments fail, services won't start, or users mention errors, logs, or debugging.

Deploy applications to Render by analyzing codebases, generating render.yaml Blueprints, and providing Dashboard deeplinks. Use when the user wants to deploy, host, publish, or set up their application on Render's cloud platform.

Attaches and manages persistent disks on Render services—mount paths, sizing, snapshots, file transfers, and single-instance constraints. Use when the user needs persistent storage, file uploads, a custom database on disk, CMS media storage, or needs to understand why their service can't scale horizontally or use zero-downtime deploys. Trigger terms: persistent disk, disk, storage, mount path, sizeGB, SSD, file uploads, snapshots, disk restore, ephemeral filesystem.

Builds and deploys Docker containers on Render—Dockerfiles, multi-stage builds, Blueprint Docker fields, private registries, layer caching, and platform constraints. Use when the user mentions Docker, Dockerfile, container images, multi-stage builds, container registry, GHCR, ECR, BuildKit, dockerContext, runtime docker or image, or optimizing Docker builds on Render.

Configures custom domains and TLS certificates on Render—DNS setup, CNAME records, apex domains, wildcard domains, and certificate troubleshooting. Use when the user needs to add a custom domain, configure DNS, set up HTTPS/TLS, troubleshoot certificate issuance, disable the onrender.com subdomain, or add a wildcard domain. Trigger terms: custom domain, DNS, CNAME, TLS, SSL, HTTPS, certificate, apex domain, wildcard domain, onrender.com, domain verification.

Configures environment variables, secrets, and env groups on Render. Use when the user needs to set env vars, wire secrets between services, create env groups, use generateValue, set sync: false, or troubleshoot missing or incorrect environment variable values in Blueprints or the Dashboard.

Provisions and configures Render Key Value (Redis-compatible Valkey 8) instances for caching, session storage, and job queues. Use when the user needs Redis, Key Value, Valkey, a cache, session store, job queue backend, or needs to configure maxmemory policy, ipAllowList, connection strings, or internal vs external access. Trigger terms: Key Value, Redis, Valkey, cache, session store, REDIS_URL, maxmemory, ipAllowList, allkeys-lru, noeviction.

Connects and configures the Render MCP server for AI coding tools—setup per tool (Cursor, Claude Code, Codex), authentication, workspace selection, tool catalog, and troubleshooting. Use when MCP is not configured, list_services() fails, the user asks about Render MCP setup, or an action skill needs MCP but it's not connected yet. Trigger terms: MCP, Render MCP, list_services, MCP setup, MCP server, API key, Bearer token, mcp.render.com, workspace selection.

Monitor Render services in real-time. Check health, performance metrics, logs, and resource usage. Use when users want to check service status, view metrics, monitor performance, or verify deployments are healthy.

Connects Render services over the private network—internal DNS, service discovery, and cross-service communication. Use when the user needs to wire services together, resolve internal hostnames, troubleshoot connectivity between services, configure environment isolation, or understand which services can reach each other.

Sets up and optimizes Managed PostgreSQL on Render—connection strings (internal vs external), creation constraints, storage autoscaling, connection limits, high availability, read replicas, backups, and MCP inspection. Use when the user mentions Postgres, PostgreSQL, Render database, connection string, DATABASE_URL, backups, snapshots, replicas, HA, disk storage, connection pooling, or troubleshooting DB connectivity.

Configures Render private services—internal-only apps that accept traffic exclusively from other Render services over the private network. Use when the user needs an internal API, microservice, gRPC server, sidecar, or any service that should not be publicly accessible. Also use when choosing between a private service and a background worker. Trigger terms: private service, pserv, internal service, internal API, microservice, gRPC, not public, private network service.

Scales Render services—configures autoscaling targets, chooses instance types, sets manual instance counts, and optimizes cost. Use when the user needs to handle more traffic, set up autoscaling, pick the right instance type, reduce costs, or troubleshoot scaling behavior like slow scale-down or stuck instances.

Deploys and configures static sites on Render's global CDN—build commands, publish paths, SPA routing, redirects, custom headers, and PR previews. Use when the user needs to deploy a static site, set up a React/Vue/Hugo/Gatsby frontend, configure SPA fallback routing, add redirect rules, customize response headers, or choose between a static site and a web service for their frontend. Trigger terms: static site, CDN, SPA, single-page app, React deploy, Vue deploy, Hugo, Gatsby, Docusaurus, Jekyll, staticPublishPath.