mk-knight23

Django architecture patterns, REST API design with DRF, ORM best practices, caching, signals, middleware, and production-grade Django application structure. Use when building Django APIs, writing ORM queries, setting up REST endpoints, or implementing Django middleware and signals.

Django security best practices: authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment. Use when auditing Django security, hardening a Django app, or implementing secure authentication and authorization.

Idiomatic Go patterns, best practices, and conventions for building robust, efficient, and maintainable Go applications. Use when writing Go code, reviewing Go patterns, setting up Go project structure, or implementing concurrency, error handling, or interfaces in Go.

Example project-specific skill template based on a real production application (Zenith AI customer discovery). Use when creating a new project-specific skill, bootstrapping project guidelines, or adapting this template for your own application context.

Python testing strategies using pytest, TDD methodology, fixtures, mocking, parametrization, and coverage requirements. Use when writing Python tests, setting up pytest fixtures, mocking dependencies, or following TDD for Python code.

Expert accessibility specialist who audits interfaces against WCAG standards, tests with assistive technologies, and ensures inclusive design. Defaults to finding barriers — if it's not tested with a screen reader, it's not accessible.

Designs identity, authentication, and trust verification systems for autonomous AI agents operating in multi-agent environments. Ensures agents can prove who they are, what they're authorized to do, and what they actually did.

Autonomous pipeline manager that orchestrates the entire development workflow. You are the leader of this process.

This skill should be used when the user asks to "start all claws", "start claw gateways", "run all gateways", "start openclaw nanobot picoclaw zeroclaw nanoclaw", "launch claw ecosystem", "stop all claws", "stop gateways", "claw status", "check gateway status", or "open claws". Manages all five Claw ecosystem gateways (OpenClaw, ZeroClaw, NanoBot, PicoClaw, NanoClaw) as a unified fleet.

High-throughput parallel processing of large datasets using Node.js streams and Claude AI. Accepts CSV, JSON, JSONL, or plain text. Processes in configurable chunk sizes with backpressure-aware Node.js Readable/Transform/Writable streams. Tracks progress, retries failures with exponential backoff, estimates cost before run. Adapted from ZeroClaw's Rayon-based batch processor for Node.js streaming architecture.

Dashboard and API layer for monitoring IoT sensors and edge devices from OpenClaw's full-stack environment. Connects to MQTT brokers, HTTP sensor APIs, or PicoClaw agent heartbeats. Renders a live web dashboard, stores readings in Supabase, and sends alerts via any configured channel (Telegram, Slack, WhatsApp). Adapted from PicoClaw's Go iot-monitor for OpenClaw's Node.js full-stack runtime.

Full-stack security audit for OpenClaw's Node.js ecosystem: npm audit for CVEs, Snyk for supply chain, ESLint security plugin for code patterns, OWASP dependency check, and AI review of the 60-repo portfolio for systemic vulnerabilities. Generates SECURITY_REPORT.md. Adapted from ZeroClaw's comprehensive security-scanner, tuned for Node.js/TypeScript and multi-repo portfolios.

Adds Gmail monitoring to OpenClaw using the googleapis library. Creates OAuth2 credentials, polls INBOX for unread messages matching a trigger pattern, drafts AI replies, and sends after approval. Use when you want OpenClaw to monitor and respond to emails. Requires a Google Cloud project with Gmail API enabled and OAuth2 credentials.

Mounts an Obsidian vault as a read-only knowledge source for OpenClaw. Registers a vault_search tool that performs full-text search across all .md files, returning file names and relevant excerpts. Use when you want OpenClaw to answer questions using your personal notes or team knowledge base. Requires the vault to be accessible as a local directory.

Adds Slack integration to OpenClaw using the @slack/bolt framework. Creates a SlackChannel adapter with Socket Mode (no public URL required), handles app_mention events, routes messages through OpenClaw's skill dispatcher, and responds in-thread. Use when you want OpenClaw accessible from Slack workspaces. Requires a Slack app with Socket Mode enabled.

Adds Supabase as OpenClaw's persistent backend. Creates tables for conversation history, skill invocation logs, and agent memory using the Supabase JS client. Wires memory-read and memory-write into the tool registry so skills can persist state across sessions. Requires a Supabase project URL and anon key.

Parallel processing of large datasets using Python asyncio + Claude AI transforms. Accepts CSV, JSON, Parquet, or JSONL as input. Splits into configurable chunk sizes, processes each chunk concurrently using Haiku (cost-efficient), aggregates results, and writes output. Includes progress tracking, error retry with exponential backoff, and cost estimation before run. Cross-ported from ZeroClaw's Rayon-based batch processor.

Deploy a Python AI agent or app to multiple platforms in one command: Railway, Fly.io, Docker Hub, AWS Lambda, and GitHub Actions CI. Generates Dockerfile, platform-specific configs, environment variable templates, and a deployment checklist. Adapted from OpenClaw's multi-platform deployment pipeline. Use when you want to ship Nanobot-powered tools to production without manual config per platform.

Adds Gmail monitoring to Nanobot using the Google Gmail API with OAuth2. Creates channels/gmail.py that polls INBOX for unread messages, passes them to the agent, and sends replies after approval. Use when you want Nanobot to process and respond to emails. Requires a Google Cloud project with Gmail API enabled.

Mounts an Obsidian vault as a read-only knowledge base for Nanobot. Registers a vault_search tool (async, full-text, scores by match density) so the agent can search your notes during any task. Use when you want Nanobot to reference your personal Obsidian vault for context. Requires the vault accessible as a local directory.

Adds Slack integration to Nanobot via the Slack Bolt SDK for Python (async mode). Creates channels/slack.py with Socket Mode support, listens for app_mention events, routes through the skill dispatcher, and replies in thread. Use when you want Nanobot in a Slack workspace. Requires a Slack app with app_mentions:read and chat:write scopes and Socket Mode enabled.

Adds Supabase as Nanobot's persistent backend using the supabase-py client. Creates tables for agent memory, skill invocations, and conversation history. Registers memory_read and memory_write as tools so skills can persist state across sessions. Requires a Supabase project URL and anon key.

Adds a Telegram bot channel to Nanobot. Installs python-telegram-bot (v20+, async), creates channels/telegram.py with an async handler, registers it in the channel router, and wires trigger-word filtering. Use when you want Nanobot to receive and respond to Telegram messages. Requires a bot token from @BotFather.

Auto-generates a pytest test suite from an OpenAPI spec (YAML or JSON) and runs it against a live endpoint. Discovers all operations, generates parametric tests for success, error, and edge cases, runs them with httpx async client, and outputs API_TEST_REPORT.md. Use when you have an OpenAPI spec and want instant test coverage for an API. Requires a running API endpoint or mock server.

Rust static analysis + AI review using clippy (all lints), rustfmt, and cargo-semver-checks. AI pass focuses on: ownership violations, lifetime issues, unnecessary clones, panic risk in library code, and WASM-compatibility issues. Outputs CODE_REVIEW.md with CRITICAL/HIGH/MEDIUM/LOW severity. Adapted from Nanobot's Python code-reviewer for Rust's ownership model and zero-cost abstraction philosophy.

Build and deploy ZeroClaw Rust binaries to all supported targets: WASM32-WASI (Cloudflare Workers, Deno, Wasmtime), Linux musl (Docker, Lambda, edge), native Linux (x86_64, ARM64, RISC-V), and WebAssembly browsers. Generates platform-specific configs, CI/CD pipelines, and deployment scripts. Uses cargo-cross for cross-compilation and cargo-component for WASM components. Adapted from OpenClaw's deploy-everywhere for Rust's cross-compilation ecosystem.

Embedded Rust sensor monitoring for no_std environments and WASM edge targets. Reads from GPIO, I2C, SPI interfaces via embedded-hal traits, processes readings with zero-allocation algorithms, and publishes alerts to Telegram or MQTT without heap allocation. Designed for microcontrollers (STM32, RP2040) and Cloudflare Workers edge runtime. Cross-ported from PicoClaw's Go iot-monitor for Rust/embedded-hal ecosystem.

Adds Gmail monitoring to ZeroClaw via async IMAP over TLS using async-imap + tokio. Creates src/channels/gmail.rs with a GmailChannel struct, polls INBOX for unread messages matching a trigger pattern, and sends replies via lettre (SMTP). Zero CGo, zero external runtime. Requires a Gmail App Password (not your Google account password).

Mounts an Obsidian vault as a read-only knowledge source for ZeroClaw. Creates src/tools/vault_search.rs using walkdir + regex crates for efficient file traversal and pattern matching. Registers the tool in the agent's tool registry. Zero heap allocation per search except for matched results. Requires vault accessible as a filesystem path.

Adds Slack integration to ZeroClaw using reqwest for the Slack API and tokio-tungstenite for the Socket Mode WebSocket connection. Creates src/channels/slack.rs with a SlackChannel struct, handles app_mention events, routes to the skill dispatcher, and posts threaded replies. Compiles to a static binary. Requires Slack bot token and app-level token with Socket Mode enabled.

Adds Supabase as ZeroClaw's persistent backend using the Supabase REST API via reqwest. Creates typed Rust structs for each table (serde Deserialize/Serialize), db/supabase.rs with async CRUD helpers, and memory_read/memory_write tools. Zero CGo, no heavy ORM. Requires a Supabase project URL and anon key.

Adds a Telegram bot channel to ZeroClaw using the teloxide library. Creates src/channels/telegram.rs with an async handler struct, registers it with the tokio runtime in main.rs, and wires trigger-word dispatch. Compiles to a stripped static binary under 5MB. Requires a bot token from @BotFather.

Static analysis + AI review on Go code targeting edge and embedded systems. Runs go vet, staticcheck, gosec, and errcheck — then an AI pass focused on concurrency safety, goroutine leaks, context propagation, and low-memory patterns critical for <10MB edge deployments. Outputs CODE_REVIEW.md with CRITICAL/HIGH/MEDIUM/LOW severity. Adapted from Nanobot's Python code-reviewer for Go/edge runtime.

Cross-compile PicoClaw Go binaries for all supported hardware targets and deploy them in one command. Supports: LicheeRV Nano (RISC-V), Raspberry Pi Zero (ARMv6), Pi 3/4/5 (ARM64), MIPS routers, old Android phones (ARM64), and x86_64 servers. Generates platform-specific init scripts (systemd/OpenWrt procd/Android service), then SCP-deploys and restarts. Adapted from OpenClaw's multi-platform deployment skill for Go cross-compilation.

Go security audit for edge deployments: govulncheck for CVEs in Go modules, gosec for code-level security patterns, nancy for supply chain vulnerabilities, and analysis of network exposure on edge hardware (open ports, default credentials, TLS config). Generates SECURITY_REPORT.md. Adapted from ZeroClaw's Rust security-scanner for Go and IoT edge deployments.

Adds Gmail monitoring to PicoClaw via IMAP over TLS using pure Go. Creates channels/gmail.go with an IMAP poller using the go-imap library, polls INBOX for unread messages, drafts replies through the agent, and sends via SMTP. Compiles to a static binary with no CGo. Requires a Gmail App Password (not your Google account password).

Mounts an Obsidian vault as a read-only knowledge source for PicoClaw. Creates tools/vault_search.go using Go's filepath.WalkDir and strings.Contains for fast zero-allocation search. Registers vault_search as a tool available to the agent. Works on any directory of Markdown files — synced vault, remote mount, or local copy. Requires the vault accessible as a filesystem path.

Adds Slack integration to PicoClaw using the Slack Real Time Messaging API over WebSocket in pure Go. Creates channels/slack.go using gorilla/websocket, handles app_mention events, routes to the skill dispatcher, and replies in-thread. Compiles to a static binary. Requires a Slack bot token and app token with Socket Mode enabled.

Adds Supabase as PicoClaw's persistent backend using the Supabase REST API via Go's net/http. No heavy ORM — plain HTTP requests with JSON marshaling. Creates db/supabase.go with typed table helpers, db/migrations/001_init.sql for schema, and registers memory tools. Compiles to a static binary with zero CGo. Requires a Supabase project URL and anon key.

Adds a Telegram bot channel to PicoClaw using the go-telegram-bot-api library. Creates channels/telegram.go with a TelegramChannel struct using long-polling, registers it in main.go, and runs in its own goroutine. Compiles to a single static binary — no external dependencies at runtime. Requires a bot token from @BotFather.

Runs ESLint, TypeScript type checking (tsc --noEmit), and AI-driven review on any JavaScript/TypeScript Node.js codebase or diff. Identifies bugs, type issues, security vulnerabilities (via eslint-plugin-security), async pitfalls, and style violations. Outputs a CODE_REVIEW.md report with CRITICAL/HIGH/MEDIUM/LOW severity ratings. Use before committing or merging Node.js code. Adapted from Nanobot's Python code-reviewer for Node.js/TypeScript runtimes.

Automated portfolio hygiene for Node.js repositories. Updates package.json dependencies to latest stable, migrates CommonJS to ESM, upgrades TypeScript config to strict mode, adds missing .gitignore patterns, adds GitHub Actions CI, generates missing README sections, and standardizes the project structure. Cross-ported from OpenClaw's repo-modernizer. Use when a repository is stale or missing modern Node.js conventions.

Node.js security audit: npm audit for known CVEs, Snyk for supply chain vulnerabilities, eslint-plugin-security for code patterns (eval, prototype pollution, path traversal), and AI-driven analysis of container isolation boundaries. Generates SECURITY_REPORT.md with CRITICAL/HIGH/MEDIUM severity ratings. Adapted from ZeroClaw's Rust security-scanner for Node.js/npm ecosystem. Run before any release or dependency update.

Transformation skill to add high-fidelity Discord support. Installs discord.js, creates a multi-channel adapter with thread support, and configures bot intents/tokens. Enables rich embeds and slash command registration.

Transformation skill to add robust CI/CD via GitHub Actions. Configures workflows for linting, testing, and auto-deployment. Adds secrets management and PR automation hooks.

Transforms NanoClaw to add Gmail monitoring and composition. Installs the googleapis dependency, creates a Gmail channel adapter in src/channels/, adds OAuth2 flow, and registers it at startup. Run /add-gmail when you want to monitor your inbox and compose AI-drafted replies via NanoClaw. Requires Google OAuth2 credentials from Google Cloud Console.

Transformation skill to add Linear integration. Installs linear-sdk, configures OAuth/API keys, and adds handlers for issue tracking and project management. Mounts Linear team context into agent containers.

Transforms NanoClaw to mount and query your Obsidian vault. Mounts the vault directory read-only into the container context, adds a VaultSearch tool that Claude can call, and enables weekly digest generation from your notes. Run /add-obsidian when you want NanoClaw to reference your personal knowledge base. Requires your vault path.

Full-stack engineering across 15+ languages, REST/GraphQL/gRPC APIs, React/Next.js/Vue/Svelte frontends, mobile (React Native/SwiftUI), databases, architecture patterns, refactoring, code review, and technical documentation. Activate for: build, code, implement, architect, refactor, API, frontend, backend, mobile, database.

DevOps and infrastructure specialist for CI/CD pipelines, cloud architecture (AWS/GCP/Azure), Kubernetes, monitoring (Prometheus/Grafana), IaC (Terraform/Pulumi), deployment strategies, cost optimization, SRE, platform engineering, and disaster recovery. Activate for: deploy, CI/CD, infrastructure, kubernetes, cloud, monitor, terraform, docker, scaling.

Automation and integrations specialist for workflow automation, SaaS integrations, bot development, no-code/low-code platforms, CRM/PM/communication tool connections, MCP tool architecture, circuit breaker patterns, event-driven systems, and ML pipeline orchestration. Activate for: automate, integrate, bot, workflow, MCP, webhook, Zapier, Slack bot, pipeline, n8n.

AI/ML engineering for LLM applications, RAG systems, prompt engineering, multi-agent systems, eval-driven development, data pipelines, MLOps, context management, and model selection. Activate for: AI, ML, LLM, RAG, data pipeline, prompt, eval, multi-agent, model training, vector database.

Research, strategy, and intelligence for competitive analysis, market sizing, trend identification, financial modeling, executive briefings, user research synthesis, cultural intelligence, behavioral psychology, weak signal detection, and data storytelling. Activate for: research, analyze, competitive, market, trend, financial model, strategy, executive brief, investor materials.

Design and UX mastery for design systems, UI/UX design, accessibility audits (WCAG 2.1), user research synthesis, spatial/XR interfaces, brand identity, UX writing, cultural intelligence, and developer handoff. Activate for: design, UX, UI, accessibility, WCAG, brand, design system, spatial, XR, handoff, user research.

Product management, growth strategy, and marketing engine for PRDs, roadmaps, OKRs, content marketing, social media strategy, SEO, pricing, competitive analysis, behavioral psychology, CRO, and launch planning. Activate for: PRD, roadmap, OKR, growth, marketing, SEO, pricing, launch, competitive analysis, funnel, content strategy.

Security and compliance guardian for threat modeling (STRIDE/DREAD), penetration testing, OWASP Top 10, secure code review, auth implementation, compliance (GDPR/SOC2/HIPAA/PCI DSS), agentic identity security, post-quantum readiness, and DevSecOps. Activate for: security, audit, pentest, compliance, threat model, OWASP, vulnerability, auth review.