Menu
Dedicated security-audit route for OWASP-style risks, secret leaks, auth flaws, injection, unsafe input handling, SSRF/XSS, and sensitive-data exposure. Use instead of code-reviewer when the prompt explicitly asks for security, vulnerability, threat, auth, or OWASP review.
Vibe Code Orchestrator (VCO) is a governed runtime entry that freezes requirements, plans XL-first execution, and enforces verification and phase cleanup.
Comprehensive citation management for academic research. Resolve bibliographic identifiers, extract accurate metadata, validate citations, deduplicate references, and generate properly formatted BibTeX entries. This skill should be used when you need to verify citation information, convert DOIs/PMIDs/arXiv IDs to BibTeX, or ensure reference accuracy in scientific writing.
Conduct comprehensive, systematic literature reviews using multiple academic databases (PubMed, arXiv, bioRxiv, Semantic Scholar, etc.). This skill should be used when conducting systematic literature reviews, meta-analyses, research synthesis, or comprehensive literature searches across biomedical, scientific, and technical domains. Creates professionally formatted markdown documents and PDFs with verified citations in multiple citation styles (APA, Nature, Vancouver, etc.).
Claude Skills meta-skill: extract domain material (docs/APIs/code/specs) into a reusable Skill (SKILL.md + references/scripts/assets), and refactor existing Skills for clarity, activation reliability, and quality gates.
Design experiments and quasi-experiments before analysis. Use when choosing study design, treatment/control structure, outcomes, assumptions, validation plans after scientific experiment failure, or which of DiD, ITS, synthetic control, or regression discontinuity fits the research question. For fitting models or estimating effects on existing data, use performing-causal-analysis instead.
Structured hypothesis formulation from observations. Use when you have experimental observations or data and need to formulate testable hypotheses with predictions, propose mechanisms, and design experiments to test them. Also owns explicit HypoGeniC-style or automated LLM-driven hypothesis generation/testing requests inside this single skill. For open-ended ideation use scientific-brainstorming.
| name | security-reviewer |
| description | Dedicated security-audit route for OWASP-style risks, secret leaks, auth flaws, injection, unsafe input handling, SSRF/XSS, and sensitive-data exposure. Use instead of code-reviewer when the prompt explicitly asks for security, vulnerability, threat, auth, or OWASP review. |
Use this skill after code changes that touch input handling, auth, APIs, data access, uploads, payments, or external integrations.
Use this skill when security is the main question:
Do not use this as the default owner for ordinary maintainability review. If security is only one item in a general PR review, code-reviewer can flag it, but explicit security-audit wording should route here.
security-best-practices for language/framework-specific guidance.code-reviewer for combined correctness + security review.