菜单
Phase 2 of security audit pipeline. Red team review of Phase 1 findings — removes false positives, adds missed risks, ranks the backlog. Invoke with '/2-security-critique' after Phase 1 is complete.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
Performs comprehensive, brutally honest full-codebase review as a grumpy but fair senior developer with 20+ years of experience. Use when the user asks for a grumpy dev code review, brutal code review, senior dev review, comprehensive codebase audit, hall-of-shame code smells, or a gut-check on the entire project (not just a PR diff).
Diagnose and fix OneCLI gateway issues — Docker not running, 407 proxy auth, 401 from API (MITM not active), stale aoc_ token, CA cert refresh, secret setup, version pinning. Use when onecliStart fails, update-fathom-db fails, proxy returns 407 or 401, mode=tunnel in logs, or after OneCLI container recreation.
ANY CRM or progress.md write, log call, add contact, pipeline lookup, paste transcript/email. Runs lifecycle routing in Step 0 — delivery work goes to progress.md not Won CRM Next Action. Query before create. For week view use week-scan not this skill. OM-Repo SKILLS-MAP.md.
Convenes a short virtual panel of 2–3 named advisers (verbatim bios below) for questions that merit deeper examination—strategy, ethics, shipping tradeoffs, growth, or inner alignment. Use when the user asks for a board of advisers, adviser panel, stress-test a decision, simulate a debate between perspectives, or when a question is multi-stakeholder and benefits from distinct lenses (not simple factual lookups). Supports two modes: (1) user questions the panel in turns, (2) advisers simulate a conversation with each other. Trigger phrases: adviser panel, board of advisers, simulate the advisers, council of advisers, who should weigh in on this.
Manages Mitch's Notion comedy writing database. Use this skill whenever Mitch wants to interact with his comedy material — creating new bit entries, updating existing bits as material develops, reading what's in the database, changing status, or adding notes. Trigger on phrases like: "add this to my comedy database", "save this bit", "update the vasectomy bit", "what bits do I have", "mark this as ready", "add these lines to that bit about X", "create a new entry for this premise", "what's in my comedy DB", or any time Mitch is developing stand-up material and wants it captured or retrieved. Also trigger when Mitch pastes raw material mid-conversation and wants it saved. Always fuzzy-search before creating — never assume a bit doesn't exist.
LinkedIn organic lead generation system based on the "comment keyword + DM" mechanic. Use this skill whenever Mitch wants to: write a LinkedIn post designed to generate leads, build a resource (checklist, template, list) to use as a CTA, research what topics are getting engagement in a niche, write a DM sequence for comment-based leads, or plan a weekly LinkedIn content cadence. Also trigger when Mitch says things like "write a LinkedIn post", "what should I post about", "make a lead magnet", "build a resource for LinkedIn", "DM sequence", or "keyword CTA". Source: https://www.reddit.com/r/EntrepreneurRideAlong/comments/1shgq8u/i_stopped_chasing_clients_and_let_linkedin_do_it/
基于 SOC 职业分类
| name | 2-security-critique |
| description | Phase 2 of security audit pipeline. Red team review of Phase 1 findings — removes false positives, adds missed risks, ranks the backlog. Invoke with '/2-security-critique' after Phase 1 is complete. |
| contract | {"tags":["security","audit","security-phase-2"],"state_source":"security_plan","inputs":{"params":[],"gates":[{"field":"findings","value":"Pending"}]},"outputs":{"mutates":[{"field":"backlog","sets_to":"Ranked"}],"side_effects":[]},"next":["3-security-spec"],"human_gate":true} |
Challenge every finding from Phase 1. Tighten the plan before any code is written.
Read SECURITY_PLAN.md. Review every Pending item.
Critique:
Output: Update SECURITY_PLAN.md with a Ranked Backlog. Top item is what Phase 3 will target.
Stop. Present the ranked backlog to the user.
The next step is Phase 3: /3-security-spec
