AI Agent Skills

Analyze staged changes and write a precise Conventional Commit message — type, scope, summary, and body from the actual diff.

Use when: Before every meaningful commit. Stops you from writing "fix stuff" forever.

Generate a complete pull request title, summary, motivation, implementation notes, and testing checklist from the branch diff.

Use when: Immediately after finishing a feature. Writes the PR body you always skip.

Fix a specific bug, error, or failing test with the minimal change needed. Identifies root cause before writing any code.

Use when: Paste an error message or describe the bug. Gets a precise fix, not a rewrite.

Perform a thorough code review — correctness, security, performance, readability — with severity-rated findings and specific fixes.

Use when: Before merging any PR. Catches what human reviewers miss when they're tired.

Write comprehensive tests for any function, class, or module — happy paths, edge cases, error states, and mocks.

Use when: After writing new code or when coverage is low. Works with any test framework.

Break down any feature request or task into a step-by-step implementation plan before writing a single line of code.

Use when: Before starting any non-trivial feature. Align on the approach before you're 3 hours deep.

Document the current session's progress, open questions, next steps, and context — so any agent or human can continue seamlessly.

Use when: End of a work session, or when switching between AI agents and humans.

Run lint, tests, and build — then automatically diagnose and fix any failures, repeat up to 3 times until everything is green.

Use when: After making changes, to ensure nothing is broken before committing.

Deep security audit covering OWASP Top 10, secrets exposure, insecure dependencies, and auth/authz flaws — with prioritized fixes.

Use when: Before any production deployment, open-source release, or security-sensitive feature.

Reduce complexity, eliminate duplication, improve naming, and remove dead code — without changing behavior.

Use when: After a feature is working and you want to clean it up before the PR.

Pre-deployment checklist — runs tests, checks for secrets, validates env config, confirms migration state, and generates a deployment summary.

Use when: Before every production push. Makes sure you haven't forgotten anything.

Generate a complete CI/CD pipeline — lint, typecheck, test, build, and deploy stages — for GitHub Actions, GitLab CI, or CircleCI.

Use when: New project or existing project with no CI. Get full pipeline in 2 minutes.

Generate an optimized, production-ready Dockerfile — multi-stage build, minimal image, non-root user, and .dockerignore.

Use when: Containerizing a project for the first time, or improving an existing image.

Generate or update documentation — JSDoc/TSDoc inline comments, README, or API reference — for any file or whole project.

Use when: After writing code, or when onboarding new contributors who say "where are the docs?"

Generate a daily standup from git activity — what you did yesterday, what's in progress, and any blockers.

Use when: Every morning before standup. Turns git history into human-readable progress.

Scaffold a complete MCP server from scratch — tool definitions, handlers, auth, error handling, and Claude Desktop config.

Use when: Starting a new MCP server integration for any API or data source.

Diagnose MCP connection and tool call failures — transport, handshake, capability negotiation, and response format errors.

Use when: When your MCP server connects but tools fail, or the client can't connect at all.

Refactor selected code for readability, maintainability, and performance — without changing behaviour.

Use when: When code works but is messy. Stops you shipping tech debt.

Explain what a piece of code does in plain English — layered from one-liner to deep-dive.

Use when: Onboarding to a new codebase or reviewing unfamiliar code before editing it.

Generate a comprehensive test suite for any function, module, or file — happy paths, edge cases, and error paths.

Use when: Starting test coverage from scratch or filling gaps in an existing suite.

Write end-to-end Playwright tests for user flows — Arrange, Act, Assert with role-based selectors.

Use when: Covering critical user journeys: login, checkout, onboarding, key forms.

Analyse test coverage gaps and surface the highest-value missing tests — with ready-to-paste snippets.

Use when: Before a release or code review when you need to know what is actually untested.

Review and harden a system prompt for clarity, scope control, output format, and injection resistance.

Use when: Before shipping any AI feature. Catches prompt weaknesses before users find them.

Design a complete AI agent architecture — tool inventory, memory strategy, routing logic, safety guardrails, and starter code.

Use when: Kicking off an agentic feature or product. Gets you from idea to architecture in one pass.

Generate a structured eval suite — golden dataset, LLM-as-judge rubric, and a runner script — to benchmark any AI feature.

Use when: Before deploying a prompt change or new AI feature to production.

Analyse a slow SQL query for missing indexes, N+1 patterns, non-sargable predicates, and more — then rewrite it.

Use when: Any time a query shows up in slow query logs or runs noticeably slow in dev.

Review a database schema for normalization issues, missing indexes, integrity constraints, and naming inconsistencies.

Use when: Before merging a migration PR or after inheriting an undocumented schema.

Generate a safe database migration with a full rollback plan — including lock analysis and zero-downtime notes.

Use when: Before any schema change that touches a production table.

Write an Architecture Decision Record (ADR) in MADR format — options considered, decision, consequences, and trade-offs.

Use when: Any time the team makes a non-obvious technical decision worth preserving for future contributors.

Design a REST or GraphQL API — resource structure, status codes, pagination, error shape, versioning, and an OpenAPI/SDL spec.

Use when: Starting a new API surface or reviewing an existing one before it ships.

Generate or update a professional README — features, quick start, installation, usage, config table, and badges.

Use when: New projects, open-source repos, or any repo whose README is missing or out of date.

Generate production-ready Terraform for AWS, GCP, or Azure — VPC, compute, storage, IAM, and remote state with best-practice module structure.

Use when: Scaffolding cloud infrastructure from scratch or codifying existing resources as IaC.

Generate a complete GitHub Actions CI/CD pipeline — lint, test, build, security scan, and deploy — with environment protection rules.

Use when: Setting up CI/CD for a new repo or replacing a brittle pipeline with a production-grade workflow.

Audit all dependencies for known CVEs, license risks, and outdated packages. Outputs a prioritized fix list with upgrade commands.

Use when: Before every release and on any new dependency addition. Catches supply-chain risks early.

Generate a STRIDE threat model for the codebase — identify trust boundaries, data flows, attack surfaces, and prioritized mitigations.

Use when: Before a security review, launching a public API, or onboarding a pentester.

Draft a structured RFC (Request for Comments) document — problem, proposal, alternatives, trade-offs, and rollout plan.

Use when: Before implementing a significant architectural change or cross-team feature.

Generate k6 or Artillery load test scripts for API endpoints — ramp-up scenarios, thresholds, and smoke/load/stress test stages.

Use when: Before a launch or traffic spike. Validates SLOs under realistic load before prod.

Craft a production-grade LLM system prompt — persona, constraints, output format, edge case handling, and jailbreak resistance.

Use when: Before shipping any LLM-powered feature. Closes the gap between demo and prod behavior.

Design and scaffold a production RAG pipeline — chunking strategy, embedding model, vector store, retrieval, and reranking.

Use when: Adding document Q&A, semantic search, or knowledge-base retrieval to any app.

Generate an OpenAPI 3.1 spec from the codebase — routes, request/response schemas, auth, and examples — ready for Swagger UI or Scalar.

Use when: Documenting a REST API for external consumers, SDK generation, or API gateway import.

Design an event-driven schema — event types, CloudEvents envelope, versioning strategy, and AsyncAPI spec — for queues, Kafka, or webhooks.

Use when: Building event-driven services, designing webhooks, or migrating from REST to async patterns.

Scaffold a fully-typed MCP client — connects to a server, discovers tools, and exposes them as type-safe callable functions.

Use when: Integrating an MCP server into your app or agent without writing low-level transport code.

Generate realistic seed and fixture data for databases — consistent relationships, edge cases, and volume options for dev, test, and demo environments.

Use when: Setting up a dev database, populating a demo environment, or creating test fixtures.

Scaffold a complete OpenClaw workspace — SOUL.md, AGENTS.md, MEMORY.md, TOOLS.md, USER.md, and IDENTITY.md with security gates and token-efficient defaults.

Use when: Starting a new OpenClaw agent from scratch or migrating a bare agent to a structured workspace.

Craft a production SOUL.md — persona, values, communication style, and decision-making principles that make an OpenClaw agent feel intentional.

Use when: Defining a consistent agent personality before deploying it to users or automating workflows.

Curate daily session logs into MEMORY.md — extract iron-law rules, remove redundancy, and keep long-term memory lean and token-efficient.

Use when: End-of-week memory hygiene. Converts raw daily logs into durable facts the agent carries forever.

Audit an OpenClaw workspace for token bloat, redundancy, stale content, missing security gates, and exposed credentials.

Use when: Before deploying an agent to production or when response quality starts degrading from context overload.

Create a new ClawHub-compatible OpenClaw skill from a workflow description — SKILL.md with full frontmatter, input/output schemas, and step-by-step instructions.

Use when: Turning any repeatable workflow into a reusable, shareable OpenClaw skill.

Harden an OpenClaw agent for production — credential gating, MEMORY.md sub-agent isolation, PII redaction rules, and least-privilege tool allowlists.

Use when: Before giving an OpenClaw agent access to production systems, user data, or external APIs.

Generate production-ready Kubernetes manifests — Deployment, Service, ConfigMap, HPA, and Ingress with TLS.

Use when: First-time Kubernetes deployment or templating manifests for a new service.