Skip to content

Skill Catalog

Browse 4,314 curated AI agent skills. No account needed.

Security & Compliance

Entra App Registration

Guides Microsoft Entra ID app registration, OAuth 2.0 authentication, and MSAL integration. USE FOR: create app registration, register Azure AD app, configure OAuth, set up authentication, add API permissions, generate service principal, MSAL example, console app auth, Entra ID setup, Azure AD authentication. DO NOT USE FOR: Azure RBAC or role assignments (use azure-rbac), Key Vault secrets (use azure-keyvault-expiration-audit), general Azure resource security guidance.

#broad-capability#development#setupSecurity & Compliance

Eradicating Malware From Infected Systems

Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring complete eradication and preventing re-infection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Evaluating Threat Intelligence Platforms

Evaluates and selects Threat Intelligence Platform (TIP) products based on organizational requirements including feed integration capability, STIX/TAXII support, workflow automation, analyst interface, and total cost of ownership. Use when conducting a TIP procurement, migrating between TIP solutions, or assessing whether the current TIP meets program maturity requirements. Activates for requests involving ThreatConnect, MISP, OpenCTI, Anomali, EclecticIQ, or TIP procurement decisions.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Executing Active Directory Attack Simulation

Executes authorized attack simulations against Active Directory environments to identify misconfigurations, weak credentials, dangerous privilege paths, and exploitable trust relationships that could lead to domain compromise. The tester uses BloodHound for attack path analysis, Mimikatz for credential extraction, and Impacket for protocol-level attacks including Kerberoasting, AS-REP Roasting, and delegation abuse. Activates for requests involving Active Directory pentest, AD attack simulation, domain compromise testing, or Kerberos attack assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Executing Phishing Simulation Campaign

Executes authorized phishing simulation campaigns to assess an organization's susceptibility to email-based social engineering attacks. The tester designs realistic phishing scenarios, builds credential harvesting infrastructure, sends targeted phishing emails, and tracks open rates, click-through rates, and credential submission rates to measure human security awareness. Activates for requests involving phishing simulation, social engineering assessment, email security testing, or security awareness measurement.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Executing Red Team Engagement Planning

Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE), threat model selection, and operational timelines before any offensive testing begins.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Executing Red Team Exercise

Executes comprehensive red team exercises that simulate real-world adversary operations against an organization's people, processes, and technology. The red team operates with stealth as a primary objective, employing the full attack lifecycle from initial reconnaissance through objective completion while testing the organization's detection and response capabilities. This differs from penetration testing by focusing on adversary emulation rather than vulnerability identification. Activates for requests involving red team exercise, adversary simulation, adversary emulation, or full-scope offensive security assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Active Directory Certificate Services Esc1

Exploit misconfigured Active Directory Certificate Services (AD CS) ESC1 vulnerability to request certificates as high-privileged users and escalate domain privileges during authorized red team assessments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Active Directory With Bloodhound

BloodHound is a graph-based Active Directory reconnaissance tool that uses graph theory to reveal hidden and unintended relationships within AD environments. Red teams use BloodHound to identify attac

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting API Injection Vulnerabilities

Tests APIs for injection vulnerabilities including SQL injection, NoSQL injection, OS command injection, LDAP injection, and Server-Side Request Forgery (SSRF) through API parameters, headers, and request bodies. The tester crafts malicious payloads targeting different backend technologies and injection contexts to extract data, execute commands, or access internal services. Maps to OWASP API8:2023 Security Misconfiguration and API7:2023 SSRF. Activates for requests involving API injection testing, SQLi in APIs, NoSQL injection, SSRF testing, or API input validation assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Bgp Hijacking Vulnerabilities

Analyzes and simulates BGP hijacking scenarios in authorized lab environments to assess route origin validation, RPKI deployment, and BGP monitoring defenses against prefix hijacking and route leak attacks on internet routing infrastructure.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Broken Function Level Authorization

Tests APIs for Broken Function Level Authorization (BFLA) vulnerabilities where regular users can invoke administrative functions or access privileged API endpoints by directly calling them. The tester identifies admin and privileged endpoints, then attempts to access them with regular user credentials by manipulating HTTP methods, URL paths, and request parameters. Maps to OWASP API5:2023 Broken Function Level Authorization. Activates for requests involving BFLA testing, admin endpoint bypass, function-level access control testing, or API privilege escalation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Broken Link Hijacking

Discover and exploit broken link hijacking vulnerabilities by identifying references to expired domains, decommissioned cloud resources, and dead external services that can be claimed by an attacker.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Constrained Delegation Abuse

Exploit Kerberos Constrained Delegation misconfigurations in Active Directory to impersonate privileged users via S4U2self and S4U2proxy extensions for lateral movement and privilege escalation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Deeplink Vulnerabilities

Tests and exploits deep link (URL scheme and App Link) vulnerabilities in Android and iOS mobile applications to identify unauthorized access, data injection, intent hijacking, and redirect manipulation. Use when assessing mobile app attack surface through custom URI schemes, Android App Links, iOS Universal Links, or intent-based navigation. Activates for requests involving deep link security testing, URL scheme exploitation, mobile intent abuse, or link hijacking.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Excessive Data Exposure In API

Tests APIs for excessive data exposure where endpoints return more data than the client application needs, relying on the frontend to filter sensitive fields. The tester intercepts API responses and analyzes them for leaked PII, internal identifiers, debug information, or sensitive business data that the UI does not display but the API transmits. This maps to OWASP API3:2023 Broken Object Property Level Authorization. Activates for requests involving API data leakage testing, excessive data exposure, response filtering bypass, or API over-fetching.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting HTTP Request Smuggling

Detecting and exploiting HTTP request smuggling vulnerabilities caused by Content-Length and Transfer-Encoding parsing discrepancies between front-end and back-end servers.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Idor Vulnerabilities

Identifying and exploiting Insecure Direct Object Reference vulnerabilities to access unauthorized resources by manipulating object identifiers in API requests and URLs.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Insecure Data Storage In Mobile

Identifies and exploits insecure local data storage vulnerabilities in Android and iOS mobile applications including unencrypted databases, world-readable files, insecure SharedPreferences, plaintext credential storage, and improper keychain/keystore usage. Use when performing mobile penetration testing focused on OWASP M9 (Insecure Data Storage) or assessing compliance with MASVS-STORAGE requirements. Activates for requests involving mobile data storage security, local storage exploitation, SharedPreferences analysis, or mobile data leakage assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Insecure Deserialization

Identifying and exploiting insecure deserialization vulnerabilities in Java, PHP, Python, and .NET applications to achieve remote code execution during authorized penetration tests.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Ipv6 Vulnerabilities

Identifies and exploits IPv6-specific vulnerabilities including SLAAC spoofing, Router Advertisement flooding, and IPv6 tunneling during authorized assessments to test dual-stack security controls and IPv6-aware network defenses.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting JWT Algorithm Confusion Attack

Exploits JWT algorithm confusion vulnerabilities where the server's token verification library accepts the algorithm specified in the JWT header rather than enforcing a fixed algorithm. The tester manipulates the alg header to switch from RS256 to HS256 (using the RSA public key as the HMAC secret), sets alg to none to bypass signature verification, or exploits kid/jku/x5u header injection to supply attacker-controlled keys. Activates for requests involving JWT algorithm confusion, alg none attack, key confusion attack, or JWT signature bypass.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Kerberoasting With Impacket

Perform Kerberoasting attacks using Impacket's GetUserSPNs to extract and crack Kerberos TGS tickets for Active Directory service accounts.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Mass Assignment In Rest Apis

Discover and exploit mass assignment vulnerabilities in REST APIs to escalate privileges, modify restricted fields, and bypass authorization controls by injecting unexpected parameters in API requests.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Ms17 010 Eternalblue Vulnerability

MS17-010 (EternalBlue) is a critical vulnerability in Microsoft's SMBv1 implementation that allows remote code execution. Originally discovered by the NSA and leaked by the Shadow Brokers in 2017, it

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Nopac Cve 2021 42278 42287

Exploit the noPac vulnerability chain (CVE-2021-42278 sAMAccountName spoofing and CVE-2021-42287 KDC PAC confusion) to escalate from standard domain user to Domain Admin in Active Directory environments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Nosql Injection Vulnerabilities

Detect and exploit NoSQL injection vulnerabilities in MongoDB, CouchDB, and other NoSQL databases to demonstrate authentication bypass, data extraction, and unauthorized access risks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting OAuth Misconfiguration

Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation, token leakage, and authorization code theft during security assessments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Prototype Pollution In Javascript

Detect and exploit JavaScript prototype pollution vulnerabilities on both client-side and server-side applications to achieve XSS, RCE, and authentication bypass through property injection.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Race Condition Vulnerabilities

Detect and exploit race condition vulnerabilities in web applications using Turbo Intruder's single-packet attack technique to bypass rate limits, duplicate transactions, and exploit time-of-check-to-time-of-use flaws.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Server Side Request Forgery

Identifying and exploiting SSRF vulnerabilities to access internal services, cloud metadata, and restricted network resources during authorized penetration tests.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Smb Vulnerabilities With Metasploit

Identifies and exploits SMB protocol vulnerabilities using Metasploit Framework during authorized penetration tests to demonstrate risks from unpatched Windows systems, misconfigured shares, and weak authentication in enterprise networks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting SQL Injection Vulnerabilities

Identifies and exploits SQL injection vulnerabilities in web applications during authorized penetration tests using manual techniques and automated tools like sqlmap. The tester detects injection points through error-based, union-based, blind boolean, and time-based blind techniques across all major database engines (MySQL, PostgreSQL, MSSQL, Oracle) to demonstrate data extraction, authentication bypass, and potential remote code execution. Activates for requests involving SQL injection testing, SQLi exploitation, database security assessment, or injection vulnerability verification.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting SQL Injection With Sqlmap

Detecting and exploiting SQL injection vulnerabilities using sqlmap to extract database contents during authorized penetration tests.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Template Injection Vulnerabilities

Detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities across Jinja2, Twig, Freemarker, and other template engines to achieve remote code execution.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Type Juggling Vulnerabilities

Exploit PHP type juggling vulnerabilities caused by loose comparison operators to bypass authentication, circumvent hash verification, and manipulate application logic through type coercion attacks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Vulnerabilities With Metasploit Framework

The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Websocket Vulnerabilities

Testing WebSocket implementations for authentication bypass, cross-site hijacking, injection attacks, and insecure message handling during authorized security assessments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Exploiting Zerologon Vulnerability Cve 2020 1472

Exploit the Zerologon vulnerability (CVE-2020-1472) in the Netlogon Remote Protocol to achieve domain controller compromise by resetting the machine account password to empty.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Extracting Browser History Artifacts

Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge for forensic evidence of user web activity.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Extracting Config From Agent Tesla Rat

Extract embedded configuration from Agent Tesla RAT samples including SMTP/FTP/Telegram exfiltration credentials, keylogger settings, and C2 endpoints using .NET decompilation and memory analysis.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Extracting Credentials From Memory Dump

Extract cached credentials, password hashes, Kerberos tickets, and authentication tokens from memory dumps using Volatility and Mimikatz for forensic investigation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Extracting Iocs From Malware Samples

Extracts indicators of compromise (IOCs) from malware samples including file hashes, network indicators (IPs, domains, URLs), host artifacts (file paths, registry keys, mutexes), and behavioral patterns for threat intelligence sharing and detection rule creation. Activates for requests involving IOC extraction, threat indicator harvesting, malware indicator collection, or building detection content from samples.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Extracting Memory Artifacts With Rekall

Uses Rekall memory forensics framework to analyze memory dumps for process hollowing, injected code via VAD anomalies, hidden processes, and rootkit detection. Applies plugins like pslist, psscan, vadinfo, malfind, and dlllist to extract forensic artifacts from Windows memory images. Use during incident response memory analysis.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Extracting Windows Event Logs Artifacts

Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral movement, persistence, and privilege escalation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Presentations & Documents

Epub Accessibility

ePub document accessibility specialist. Use when scanning, reviewing, or remediating .epub files for accessibility. Covers EPUB Accessibility 1.1 (WCAG 2.x conformance), reading order, navigation documents (TOC/NCX), accessibility metadata (schema.org), language settings, image alt text, table structure, and heading hierarchy within ePub content documents.

#broad-capability#accessibility#a11yPresentations & Documents

Epub Scan Config

Internal helper agent. Invoked by orchestrator agents via Task tool. Manages .a11y-epub-config.json scan configuration for ePub accessibility audits. Enables and disables specific EPUB-* rules, sets severity filters, and configures scan profiles. Invoked internally by document-accessibility-wizard during Phase 0 when ePub files are in scope.

#broad-capability#accessibility#a11yPresentations & Documents

Excel Accessibility

Excel workbook accessibility specialist. Use when scanning, reviewing, or remediating .xlsx files for accessibility. Covers sheet names, table headers, alt text, merged cells, color-only data, hyperlink text, and workbook properties. Enforces Microsoft Accessibility Checker rules mapped to WCAG 2.1 AA.

#broad-capability#accessibility#a11yPresentations & Documents

Excel Automation

Create, parse, and control Excel files on macOS. Professional formatting with openpyxl, complex xlsm parsing with stdlib zipfile+xml for investment bank financial models, and Excel window control via AppleScript. Use when creating formatted Excel reports, parsing financial models that openpyxl cannot handle, or automating Excel on macOS.

#broad-capability#research#documentsPresentations & Documents

Excel Automation

>

#work-life#office#productivityPresentations & Documents

Eyeball

Document analysis with inline source screenshots. When you ask Copilot to analyze a document, Eyeball generates a Word doc where every factual claim includes a highlighted screenshot from the source material so you can verify it with your own eyes.

#github-copilot#documentsPresentations & Documents

Personal Productivity

Software Engineering

Error Messages

Write consistent, actionable validation error messages in gh-aw.

#broad-capability#agentic-workflows#github-actionsSoftware Engineering

Error Pattern Safety

Apply safe error-pattern matching rules for agentic engines.

#broad-capability#agentic-workflows#github-actionsSoftware Engineering

Error Recovery Patterns Skill

Design gh-aw error handling, retry, recovery, and debugging flows.

#broad-capability#agentic-workflows#github-actionsSoftware Engineering

Eval Driven Dev

Improve AI application with evaluation-driven development. Define eval criteria, instrument the application, build golden datasets, observe and evaluate application runs, analyze results, and produce a concrete action plan for improvements. ALWAYS USE THIS SKILL when the user asks to set up QA, add tests, add evals, evaluate, benchmark, fix wrong behaviors, improve quality, or do quality assurance for any Python project that calls an LLM model.

#github-copilot#testingSoftware Engineering

Executing Plans

Use when you have a written implementation plan to execute in a separate session with review checkpoints

#broad-capability#agent-skills#designSoftware Engineering

Existing Repo

Analyze existing repositories, maintain structure, setup guardrails and best practices

#claude-bootstrap#bootstrap#codeSoftware Engineering

Experiment

Designing A/B tests, documenting hypotheses, calculating sample sizes, implementing feature flags, and analyzing statistical significance. Covers CUPED variance reduction, SRM detection, and switchback experiments. Use when hypothesis validation is needed.

#broad-capability#development#securitySoftware Engineering

Expert Vue.js Frontend Engineer

Expert Vue.js frontend engineer specializing in Vue 3 Composition API, reactivity, state management, testing, and performance with TypeScript

#github-copilot#frontend#developmentSoftware Engineering

Expo API Routes

Guidelines for creating API routes in Expo Router with EAS Hosting

#react-native#expo#apiSoftware Engineering

Science & Simulation

Mobile App Development

Data, AI & Research

Estimate Analysis

Deep-dive into analyst estimates and revision trends for any stock using Yahoo Finance data. Use when the user wants to understand analyst estimate direction, how EPS or revenue forecasts changed over time, compare estimate distributions, or analyze growth projections across periods. Triggers: "estimate analysis for AAPL", "analyst estimate trends for NVDA", "EPS revisions for TSLA", "how have estimates changed for MSFT", "estimate revisions", "EPS trend", "revenue estimates", "consensus changes", "analyst estimates", "estimate distribution", "growth estimates for", "estimate momentum", "revision trend", "forward estimates", "next quarter estimates", "annual estimates", "estimate spread", "bull vs bear estimates", "estimate range", or any request about tracking or comparing analyst estimates/revisions. Use this skill when the user asks about estimates beyond a simple lookup — if they want context, trends, or analysis, this is the right skill.

#work-life#productivity#financeData, AI & Research

Etf Premium

Calculate ETF premium/discount vs NAV via Yahoo Finance, and decompose single-day surges into NAV-driven vs structural components (gamma squeeze, dealer hedging, blocked AP arbitrage). Use whenever the user asks about an ETF's premium or discount, NAV comparison, why an ETF diverged from its holdings, or how much of a move is dealer-hedging-driven. Triggers: "ETF premium", "ETF discount", "NAV premium", "is SPY at a premium", "BITO premium", "IBIT premium", "bond ETF discount", "trading above/below NAV", "ETF premium screener", "biggest discount", "compare ETF NAV", "ETF arbitrage", "ETF gamma squeeze", "ETF premium surge", "decompose ETF move", "dealer gamma exposure", "GEX for ETF", "why did this ETF jump", "premium convergence", "AP arbitrage blocked", or any request about the gap between an ETF's price and underlying value. Especially relevant for leveraged, inverse, international, bond, commodity, and crypto ETFs.

#work-life#productivity#financeData, AI & Research

ETL / Data Pipeline Construction

Build data pipelines (Airflow, Prefect, Dagster, or custom scripts) that are reliable, idempotent, testable, and observable.

#etl#data-pipeline#data-qualityData, AI & Research

ETL Pipeline

Design and automate Extract, Transform, Load data pipelines for data integration and analytics

#work-life#office#productivityData, AI & Research

Evaluating Code Models

Evaluates code generation models across HumanEval, MBPP, MultiPL-E, and 15+ benchmarks with pass@k metrics. Use when benchmarking code models, comparing coding abilities, testing multi-language support, or measuring code generation quality. Industry standard from BigCode Project used by HuggingFace leaderboards.

#broad-capability#creative#llmData, AI & Research

Evaluating LLMs Harness

Evaluates LLMs across 60+ academic benchmarks (MMLU, HumanEval, GSM8K, TruthfulQA, HellaSwag). Use when benchmarking model quality, comparing models, reporting academic results, or tracking training progress. Industry standard used by EleutherAI, HuggingFace, and major labs. Supports HuggingFace, vLLM, APIs.

#broad-capability#creative#llmData, AI & Research

Evaluating LLMs Harness

lm-eval-harness: benchmark LLMs (MMLU, GSM8K, etc.).

#broad-capability#development#creativeData, AI & Research

Evaluating Machine Learning Models

Evaluate trained machine learning models with the right metrics and comparison logic. Use for benchmark review, threshold selection, calibration, validation, and model comparison; not for feature engineering or leakage auditing.

#broad-capability#creative#llmData, AI & Research

Evaluation Methods for Agent Systems

Evaluate agent systems differently from traditional software because agents make dynamic decisions, are non-deterministic between runs, and often lack single correct answers. Build evaluation frameworks that account for these characteristics, provide actionable feedback, catch regressions, and validate that context engineering choices achieve intended effects.

#broad-capability#agent-skills#designData, AI & Research

Exa Search

AI-powered web search via Exa with content extraction. Use when user says "exa search", "web search with content", "find similar pages", or needs broad web results beyond academic databases (arXiv, Semantic Scholar).

#broad-capability#wanshuiyin-aris#ml-researchData, AI & Research

Experiment Audit

Audit experiment integrity before claiming results. Uses cross-model review (external reviewer backend) to check for fake ground truth, score normalization fraud, phantom results, and insufficient scope. Use when user says "审计实验", "check experiment integrity", "audit results", "实验诚实度", or after experiments complete before writing claims.

#broad-capability#wanshuiyin-aris#ml-researchData, AI & Research

Experiment Audit

Audit experiment integrity before claiming results. Uses cross-model review (GPT-5.5) to check for fake ground truth, score normalization fraud, phantom results, and insufficient scope. Use when user says "审计实验", "check experiment integrity", "audit results", "实验诚实度", or after experiments complete before writing claims.

#broad-capability#wanshuiyin-aris#ml-researchData, AI & Research

Experiment Bridge

Workflow 1.5: Bridge between idea discovery and auto review. Reads EXPERIMENT_PLAN.md, implements experiment code, deploys to GPU, collects initial results. Use when user says "实现实验", "implement experiments", "bridge", "从计划到跑实验", "deploy the plan", or has an experiment plan ready to execute.

#broad-capability#wanshuiyin-aris#ml-researchData, AI & Research

Experiment Plan

Turn a refined research proposal or method idea into a detailed, claim-driven experiment roadmap. Use after `research-refine`, or when the user asks for a detailed experiment plan, ablation matrix, evaluation protocol, run order, compute budget, or paper-ready validation that supports the core problem, novelty, simplicity, and any LLM / VLM / Diffusion / RL-based contribution.

#broad-capability#wanshuiyin-aris#ml-researchData, AI & Research

Experiment Plan

Turn a refined research proposal or method idea into a detailed, claim-driven experiment roadmap. Use after `research-refine`, or when the user asks for a detailed experiment plan, ablation matrix, evaluation protocol, run order, compute budget, or paper-ready validation that supports the core problem, novelty, simplicity, and any LLM / VLM / Diffusion / RL-based contribution.

#broad-capability#wanshuiyin-aris#ml-researchData, AI & Research

Experiment Queue

SSH job queue for multi-seed/multi-config ML experiments with OOM-aware retry, stale-screen cleanup, and wave-transition race prevention. Use when user says "batch experiments", "队列实验", "run grid", "multi-seed sweep", "auto-chain experiments", or when /run-experiment is insufficient for 10+ jobs that need orchestration.

#broad-capability#wanshuiyin-aris#ml-researchData, AI & Research

Experiment Queue

SSH job queue for multi-seed/multi-config ML experiments with OOM-aware retry, stale-screen cleanup, and wave-transition race prevention. Use when user says "batch experiments", "队列实验", "run grid", "multi-seed sweep", "auto-chain experiments", or when /run-experiment is insufficient for 10+ jobs that need orchestration.

#broad-capability#wanshuiyin-aris#ml-researchData, AI & Research

Experiment Tracking Swanlab

Provides guidance for experiment tracking with SwanLab. Use when you need open-source run tracking, local or self-hosted dashboards, and lightweight media logging for ML workflows.

#broad-capability#ai-research#machine-learningData, AI & Research

Exploratory Data Analysis

Perform comprehensive exploratory data analysis on scientific data files across 200+ file formats. This skill should be used when analyzing any scientific data file to understand its structure, content, quality, and characteristics. Automatically detects file type and generates detailed markdown reports with format-specific analysis, quality metrics, and downstream analysis recommendations. Covers chemistry, bioinformatics, microscopy, spectroscopy, proteomics, metabolomics, and general scientific data formats.

#broad-capability#creative#dataData, AI & Research

Exposure Coach

Generate a one-page Market Posture summary with net exposure ceiling, growth-vs-value bias, participation breadth, and new-entry-allowed vs cash-priority recommendation by integrating signals from breadth, regime, and flow analysis skills.

#work-life#productivity#financeData, AI & Research

Business, Marketing & Sales

Education & Writing

Design, Media & Creative

DevOps & Cloud