菜单
Phase 3 of security audit pipeline. Writes a failing test that reproduces the top vulnerability from the ranked backlog. Invoke with '/3-security-spec' after Phase 2 is complete. Do NOT fix code — just write the test.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Performs comprehensive, brutally honest full-codebase review as a grumpy but fair senior developer with 20+ years of experience. Use when the user asks for a grumpy dev code review, brutal code review, senior dev review, comprehensive codebase audit, hall-of-shame code smells, or a gut-check on the entire project (not just a PR diff).
Diagnose and fix OneCLI gateway issues — Docker not running, 407 proxy auth, 401 from API (MITM not active), stale aoc_ token, CA cert refresh, secret setup, version pinning. Use when onecliStart fails, update-fathom-db fails, proxy returns 407 or 401, mode=tunnel in logs, or after OneCLI container recreation.
ANY CRM or progress.md write, log call, add contact, pipeline lookup, paste transcript/email. Runs lifecycle routing in Step 0 — delivery work goes to progress.md not Won CRM Next Action. Query before create. For week view use week-scan not this skill. OM-Repo SKILLS-MAP.md.
Convenes a short virtual panel of 2–3 named advisers (verbatim bios below) for questions that merit deeper examination—strategy, ethics, shipping tradeoffs, growth, or inner alignment. Use when the user asks for a board of advisers, adviser panel, stress-test a decision, simulate a debate between perspectives, or when a question is multi-stakeholder and benefits from distinct lenses (not simple factual lookups). Supports two modes: (1) user questions the panel in turns, (2) advisers simulate a conversation with each other. Trigger phrases: adviser panel, board of advisers, simulate the advisers, council of advisers, who should weigh in on this.
Manages Mitch's Notion comedy writing database. Use this skill whenever Mitch wants to interact with his comedy material — creating new bit entries, updating existing bits as material develops, reading what's in the database, changing status, or adding notes. Trigger on phrases like: "add this to my comedy database", "save this bit", "update the vasectomy bit", "what bits do I have", "mark this as ready", "add these lines to that bit about X", "create a new entry for this premise", "what's in my comedy DB", or any time Mitch is developing stand-up material and wants it captured or retrieved. Also trigger when Mitch pastes raw material mid-conversation and wants it saved. Always fuzzy-search before creating — never assume a bit doesn't exist.
LinkedIn organic lead generation system based on the "comment keyword + DM" mechanic. Use this skill whenever Mitch wants to: write a LinkedIn post designed to generate leads, build a resource (checklist, template, list) to use as a CTA, research what topics are getting engagement in a niche, write a DM sequence for comment-based leads, or plan a weekly LinkedIn content cadence. Also trigger when Mitch says things like "write a LinkedIn post", "what should I post about", "make a lead magnet", "build a resource for LinkedIn", "DM sequence", or "keyword CTA". Source: https://www.reddit.com/r/EntrepreneurRideAlong/comments/1shgq8u/i_stopped_chasing_clients_and_let_linkedin_do_it/
| name | 3-security-spec |
| description | Phase 3 of security audit pipeline. Writes a failing test that reproduces the top vulnerability from the ranked backlog. Invoke with '/3-security-spec' after Phase 2 is complete. Do NOT fix code — just write the test. |
| contract | {"tags":["security","audit","security-phase-3","tdd"],"state_source":"security_plan","inputs":{"params":[],"gates":[{"field":"backlog","value":"Ranked"}]},"outputs":{"mutates":[{"field":"current_item.test","sets_to":"Written"}],"side_effects":["Creates test file"]},"next":["4-security-fix"],"human_gate":false} |
Write a failing test that proves the top vulnerability exists. This is the red phase — do not touch the application code.
Read SECURITY_PLAN.md. Pick the top Pending (not DONE) item from the ranked backlog.
Write a test that reproduces the vulnerability.
tests/security/exploit_repro.test.ts)Run the test. Confirm it fails for the right reason (the vulnerability, not a syntax error).
Stop. Report the test file path and what it proves.
The next step is Phase 4: /4-security-fix