Menu
Use when interacting with Kubernetes clusters, pods, deployments, services, namespaces, helm releases, or any k8s resource. Triggers on kubectl, helm, k8s, pod, deployment, namespace, etc.
Use when interacting with Linear.app from the command line. Triggers on any request involving Linear issues, projects, cycles, sprints, teams, roadmaps, milestones, documents, triage, notifications, comments, bulk operations, or any Linear workflow. Also triggers when the user references a Linear issue identifier (e.g. ENG-123, LIN-456), wants to list/create/update/close/assign issues, check sprint status, run burndown charts, import/export Linear data, manage webhooks, or automate Linear tasks from the terminal. Use proactively whenever the user mentions "Linear", "linear issue", "linear sprint", "linear project", "linear ticket", or any Linear-related workflow — even if they don't explicitly ask for the CLI.
Use when addressing, responding to, or resolving pull request review comments and inline code suggestions. Triggers whenever the user wants to work through PR feedback — even if they say 'address the review comments', 'fix the PR feedback', 'apply the suggestions', 'resolve the threads', 'respond to reviewer comments', or just 'let's work through this PR review'. Use proactively after a PR review is received.
Security testing skill for Nuclei — a fast, template-driven vulnerability scanner by ProjectDiscovery. Use this skill to: scan URLs, APIs, or OpenAPI specs for vulnerabilities; run or write nuclei YAML templates and workflows; generate templates from a STRIDE threat model report; or run a full pipeline (threat model → templates → scan). Triggers on: "run nuclei", "scan this URL", "nuclei template", "nuclei workflow", "nuclei from threat model", "web app security scan", "pen test this API", "full security pipeline", "threat model and scan", SQLi, XSS, SSRF, IDOR, auth bypass, CORS misconfig. Use proactively when the user shares a URL, OpenAPI spec, source code, or STRIDE report and wants security testing — even if they haven't mentioned nuclei by name.
Queries Panther SIEM data lake via GraphQL API. Use when the user wants to query Panther logs, run SQL against the data lake, search for indicators of compromise, explore databases/tables/columns, poll for query results, list past queries, build GraphQL scripts, or manage Panther alerts. Triggers on: "query Panther", "Panther data lake", "Panther GraphQL", "search Panther logs", "indicator search in Panther", "executeDataLakeQuery", "executeIndicatorSearchQuery", "panther_logs", "Panther alerts", "list alerts", "alert status", "triage alert", "resolve alert", "assign alert", "mark alert as resolved", "update alert", "comment on alert", or any request to pull log data, hunt threats, or manage security alerts via the Panther API. Also triggers on "search my logs", "find this IP in Panther", "show me my alerts", or "close these alerts".
Interact with the Snyk REST API (v2025-11-05) for vulnerability management, security scanning, and developer security. Use for: listing orgs/projects/targets, querying issues (package vulnerabilities, licenses, cloud misconfigs, SAST), searching audit logs, managing service accounts, memberships, invitations, fetching SBOMs, and looking up package vulnerabilities by PURL. Requires SNYK_TOKEN injected via 1Password `op run`.
Use when interacting with AWS. Triggers on AWS resources, services, or accounts — s3, ec2, iam, kms, secretsmanager, eks, ecs, lambda, cloudwatch, rds, dynamodb, cloudformation, route53, sns, sqs, and more. Use this skill whenever the user wants to inspect, query, troubleshoot, or manage AWS infrastructure, even if they don't say 'AWS' explicitly but reference cloud resources, ARNs, account IDs, regions, or specific AWS service names.
| name | kubectl-cli |
| description | Use when interacting with Kubernetes clusters, pods, deployments, services, namespaces, helm releases, or any k8s resource. Triggers on kubectl, helm, k8s, pod, deployment, namespace, etc. |
| compatibility | Requires kubectl (https://kubernetes.io/docs/tasks/tools/), helm (https://helm.sh/docs/intro/install/), kubectx/kubens (https://github.com/ahmetb/kubectx), and aws CLI v2 for EKS clusters. Cluster auth via ~/.kube/config or `aws eks update-kubeconfig`. |
| metadata | {"author":"Peter Benjamin","version":"0.1.0"} |
A skill for inspecting and managing Kubernetes clusters using kubectl, helm,
kubectx, and kubens.
Read commands (get, describe, logs, top, explain, diff, version,
config view, helm list/get/status/history) are safe to run freely — they
only retrieve information and have no side effects. Mutation commands (apply,
create, delete, patch, edit, rollout, scale,
helm install/upgrade/rollback/uninstall) and interactive commands (exec,
port-forward) change or access live cluster state in ways that can be
difficult to reverse. Before running any of these, show the user the full
command and wait for explicit approval. When in doubt, ask.
# List all available contexts (clusters)
$ kubectl config get-contexts
# Show current active context
$ kubectl config current-context
# List and switch contexts (clusters)
kubectx # list all contexts
kubectx <name> # switch to context
# List and switch namespaces
kubens # list all namespaces
kubens <name> # switch active namespace
# Using kubectl
$ kubectl config use-context <context-name>
If a cluster is not in ~/.kube/config, add it via the aws CLI. Use the account
ID from the ARN to determine the --profile (see aws-cli skill).
$ aws eks update-kubeconfig \
--name <cluster-name> \
--region <region> \
--profile <account-id-or-alias>
# pass --namespace / -n inline
$ kubectl get pods -n <namespace>
See references/patterns.md for kubectl and Helm examples by resource type:
Contexts, Pods, Deployments, Services, ConfigMaps, Secrets, Nodes, Resource
Usage, Events, JSON/YAML output, Helm, and Mutations.