claude-code-wsl-setup

Local git operations for syncing, branching, merging, and conflict resolution

GitHub interactions for issues, PRs, releases, and repository management

Use this skill when performing hardware security analysis for System-on-Chip components — threat modeling, verification scaffolding, compliance mapping, executive briefing, microarchitectural attack analysis, physical side-channel assessment, kernel security analysis, emerging hardware security, or TLA+ formal specification. Routes to the appropriate specialist. Trigger phrases include "threat model my SoC", "run STRIDE analysis", "generate SVA assertions", "compliance check against FIPS", "executive summary of findings", "Spectre analysis for cache", "DPA attack assessment", "kernel hardening review", "PQC hardware review", "TLA+ spec for access control". Do NOT use for software-only security, network security, or web application security.

Use when working with Terraform or OpenTofu - creating modules, writing tests (native test framework, Terratest), setting up CI/CD pipelines, reviewing configurations, choosing between testing approaches, debugging state issues, implementing security scanning (trivy, checkov), or making infrastructure-as-code architecture decisions

Security audit checklist for web applications. Use when reviewing, auditing, or hardening a web app's security posture. Covers rate limiting, auth headers, IP blocking, CORS, security middleware, input validation, file upload limits, ORM usage, and password hashing. Triggers on requests like "review security", "harden this app", "security audit", "check for vulnerabilities", or when building/reviewing API endpoints.

Use this skill when connecting AI or LLMs to data platforms. Covers MCP servers for warehouses, natural-language-to-SQL, embeddings for data discovery, LLM-powered enrichment, and AI agent data access patterns. Common phrases: "text-to-SQL", "MCP server for Snowflake", "LLM data enrichment", "AI agent access". Do NOT use for general data integration (use data-integration) or dbt modeling (use dbt-transforms).

Use this skill when scoring or comparing a generated diagram against a human reference. Triggers on "score this diagram", "evaluate my diagram", "compare to reference", or "how accurate is this". Applies when both a generated diagram and a reference image exist and quality assessment is needed. Do NOT use for creating new diagrams (use generate-diagram) or plotting data (use generate-plot).

Use this skill when creating a methodology diagram from research text. Triggers on "make a diagram", "visualize this methodology", "diagram this process", or "generate a figure from this paper". Applies to methodology descriptions, process flows, and research paper sections. Do NOT use for scoring existing diagrams (use evaluate-diagram) or plotting data from CSV/JSON (use generate-plot).

Use this skill when creating a statistical plot or chart from a data file. Triggers on "plot this data", "make a chart", "graph this CSV", or "visualize these results". Applies to CSV, JSON, or tabular data needing bar charts, scatter plots, line graphs, or similar visualizations. Do NOT use for methodology diagrams from text (use generate-diagram) or diagram scoring (use evaluate-diagram).

Use this skill when scoping a new consulting engagement — "help me scope this project," "I need an engagement brief," or gathering client context through conversational clarification. Transforms natural-language descriptions into structured engagement briefs with targeted questions, sensitivity inference, and stakeholder mapping. Do NOT use for technology research (research-skill), risk assessment (assessment-skill), or client-facing deliverables (deliverable-skill).

Use this skill when conducting structured technology research — "research these vendors," "do a landscape scan," "compare these technologies," or gathering evidence for consulting engagements. Performs source-orchestrated research with landscape scans, candidate profiling, evidence gathering, and comparative analysis producing findings for downstream assessment. Do NOT use for risk scoring (assessment-skill), engagement scoping (intake-skill), or client deliverables (deliverable-skill).

Use this skill when extracting requirements from security specifications, tracking compliance status, or producing gap analysis against hardware security standards. Triggers on "compliance check against DICE", "gap analysis", "extract requirements from spec", "FIPS compliance status", "ISO 21434 mapping". Covers DICE, TDISP, CXL, CHERI, SPDM, FIPS 140-3, and ISO 21434. Do NOT use for threat identification (use threat-model-skill) or executive communication (use executive-brief-skill).

Use this skill when analyzing emerging hardware security paradigms — post-quantum cryptography hardware, chiplet/UCIe architectures, heterogeneous compute, or AI accelerator security. Triggers on "PQC hardware review", "UCIe security assessment", "NPU memory isolation", "chiplet trust boundary analysis". Covers migration risk from classical to post-quantum or monolithic to chiplet. Do NOT use for established microarchitectural attacks (use microarch-attack-skill) or kernel-level analysis (use kernel-security-skill).

Use this skill when translating technical security findings into executive communication — BLUF briefs, risk summary tables, or audience-adapted posture reports. Triggers on "executive summary of findings", "brief the CISO", "board-level security update", "summarize risks for leadership". Supports board, CISO, and program-level audiences. Do NOT use for technical analysis (use threat-model-skill or attack-domain specialists) or compliance tracking (use compliance-pipeline-skill).

Use this skill when analyzing kernel security at the hardware/software interface — memory management, process isolation, privilege escalation paths, or IOMMU/SMMU configuration. Triggers on "kernel hardening review", "IOMMU bypass analysis", "privilege escalation audit", "container escape assessment", "KASLR/KPTI evaluation". Do NOT use for microarchitectural attacks (use microarch-attack-skill) or physical side-channels (use physical-sca-skill).

Use this skill when analyzing microarchitectural attack surfaces — transient execution, cache side-channels, branch predictor attacks, or shared-resource contention. Triggers on "Spectre analysis", "cache side-channel review", "check for Meltdown variants", "microarchitectural isolation audit". Covers CPU/GPU/accelerator components. Do NOT use for physical side-channels (use physical-sca-skill) or kernel-level privilege escalation (use kernel-security-skill).

Use this skill when analyzing physical side-channel and fault injection attack surfaces — power analysis, electromagnetic emanation, voltage/clock/laser glitching, or combined attacks. Triggers on "DPA assessment", "fault injection resistance", "power side-channel review", "EM leakage analysis", "TVLA evaluation". Includes JIL scoring and ISO 17825 mapping. Do NOT use for microarchitectural side-channels (use microarch-attack-skill) or software-level isolation (use kernel-security-skill).

Use this skill when performing structured threat modeling for SoC hardware components — STRIDE analysis, attack tree construction, or standards-derived threat identification. Triggers on "threat model this block", "STRIDE analysis", "build an attack tree", "identify threats for". Covers Confidential AI, TDISP/CXL, Supply Chain, Secure Boot/DICE, and CHERI domains. Do NOT use for verification planning (use verification-scaffold-skill) or compliance tracking (use compliance-pipeline-skill).

Use this skill when formalizing security properties into TLA+ specifications for model checking with TLC. Triggers on "formalize this security invariant", "TLA+ spec for this protocol", "model check this property", "write a TLA+ security spec". Translates threat findings and protocol behaviors into temporal logic. Do NOT use for threat identification (use threat-model-skill) or verification scaffolding without formal methods (use verification-scaffold-skill).

Use this skill when generating verification artifacts from threat findings — SVA assertion templates, security review checklists, or tiered verification plans. Triggers on "generate assertions for these threats", "verification checklist", "SVA template", "map threats to verification". Expects upstream ThreatFinding input. Do NOT use for threat identification (use threat-model-skill) or compliance gap analysis (use compliance-pipeline-skill).

Use when a user reports CSS, layout, or styling issues in a Next.js application — "element overlapping," "spacing is wrong," "responsive layout broken," "dark mode not working," "Tailwind classes not applying," or "alignment off." Diagnoses through a 6-phase pipeline that mirrors browser evaluation order, covering token resolution, cascade conflicts, layout models, stacking contexts, and viewport responsiveness. Handles Tailwind, CSS Modules, styled-components, and vanilla CSS. Not for JavaScript logic bugs, data fetching issues, or server-side rendering errors — route those to ui-bug-investigator.

Use when investigating any frontend issue before diagnosis or debugging — maps a Next.js route to its full component tree. Resolves "what components render on this page," "show me the component tree for /dashboard," or "trace imports for this route." Produces a ComponentMap artifact with server/client boundaries, props, hooks, data fetching, and styling metadata consumed by all downstream QA skills. Not for diagnosing bugs, fixing code, or generating tests — those are handled by specialist skills after mapping is complete.

Use when a user reports a frontend bug, visual defect, or unexpected behavior in a Next.js/TypeScript application. Orchestrates a multi-phase QA pipeline — component mapping, diagnosis, fix, and regression testing — by classifying symptoms and dispatching to the appropriate specialist skill. Does not perform diagnosis or fixes directly; delegates all domain work to specialists. Not for backend-only issues, infrastructure problems, or build/deployment failures.

Use when a user reports a non-CSS UI bug in a Next.js App Router application — "blank page," "data not loading," "click does nothing," "hydration mismatch," "flicker on navigation," or "state not updating." Runs symptom-targeted diagnostic checks against a component map to identify rendering, state, event handling, and data flow issues. Not for CSS layout, styling, or visual design problems — route those to css-layout-debugger.

Design component interaction specs with all visual states, transitions, and accessibility requirements

Map complete user journeys with entry points, states, emotions, and decision points

Design ML workflows — experiment tracking, feature stores, model training, serving, monitoring for drift

Design data pipelines — ETL vs ELT, orchestration, batch vs streaming, idempotency, data quality, lineage

Evaluate and design data warehouse schemas — star, snowflake, data vault, OBT — with grain definition, SCD strategies, and normalization trade-offs

REST/RPC endpoint contracts with request/response types and error handling

Deep infrastructure analysis and context briefing for all council agents

Migration-ready database schema design with normalization and indexing strategies

Token hierarchy, theming strategy, and cross-platform consistency

Animation principles, micro-interaction specs, and reduced-motion support

Structured visual design critique with specific actionable feedback

Architecture Decision Record creation with options analysis and review triggers

Changelog entries and migration guides for breaking changes with version strategy

Documentation architecture with audience mapping, onboarding paths, and maintenance schedules

Audit codebase patterns and conventions, evaluate proposed changes for consistency

Design comprehensive test strategies with test pyramid coverage and quality gates