Create a vanilla tRPC client with createTRPCClient<AppRouter>(), configure link chain with httpBatchLink/httpLink, dynamic headers for auth, transformer on links (not client constructor). Infer types with inferRouterInputs and inferRouterOutputs. AbortController signal support. TRPCClientError typing.
Review pull requests for the MiniMax Skills repository. Use when reviewing PRs, validating new skill submissions, or checking existing skills for compliance. Run the validation script first for hard checks, then apply quality guidelines for content review. Triggers: PR review, pull request, validate skill, check skill.
巴逆逆反指標分析。觸發時機:使用者要求追蹤巴逆逆、分析反指標、抓取社群貼文並推送 Telegram 時。 能力範圍:透過 CLI 抓取 Facebook 貼文、反指標邏輯分析、連鎖效應推導、Telegram 推送。 目標:由 Claude 作為分析引擎,產出直白中文的反指標分析報告。 --- # banini-tracker — 巴逆逆反指標分析 追蹤「股海冥燈」巴逆逆(8zz)的 Facebook 貼文,由你(Claude)進行反指標分析,推送結果到 Telegram。 ## 前置條件 ```bash # 首次使用:初始化設定 npx @cablate/banini-tracker init --apify-token <TOKEN> --tg-bot-token <TOKEN> --tg-channel-id <ID> # 確認設定 npx @cablate/banini-tracker config ``` ## 工作流程 ### Step 1:抓取貼文 ```bash npx @cablate/banini-tracker fetch -s fb -n 3 --mark-seen ``` 輸出是 JSON 陣列,每篇貼文包含: - `id` / `source` - `text`(貼文內容) - `ocrText`(圖片 OCR 文字,可能包含下單截圖) - `timestamp` / `url` / `likeCount` - `mediaType` / `mediaUrl` `--mark-seen` 會自動記錄已讀,下次不重複抓。 ### Step 2:你來分析 讀取 Step 1 的 JSON 後,進行反指標分析。分析要點: **核心邏輯**(方向完全相反,不要搞混): | 她的狀態 | 反指標解讀 | |---------|-----------| | 買入/加碼 | 該標的可能下跌 | | 被套(還沒賣) | 可能繼續跌(她還沒認輸) | | 停損/賣出 | 可能反彈上漲(她認輸 = 底部訊號) | | 看多/喊買 | 該標的可能下跌 | | 看空/喊賣 | 該標的可能上漲 | **分析原則**: - 只根據貼文明確提到的操作判斷,不要腦補 - 停損 = 她之前買了(做多),現在賣掉認賠。不是「放空」 - 標的用正式名稱(信驊、鈦昇),不用她的暱稱(王、渣男) - 當天貼文最重要,注意時序(她的想法可能幾小時內改變) - 語氣越篤定/興奮 → 反指標信號越強 - 善用 WebSearch 查詢標的最新走勢,豐富分析 **連鎖效應推導**: - 她買油正二被套 → 油價可能繼續跌 → 原物料成本降 → 製造業利多 - 她停損鈦昇 → 鈦昇可能反彈 → IC 設計族群連動上漲 - 她停損賣出油正二 → 油價可能反彈 → 通膨壓力回來 ### Step 3:推送 Telegram 將分析結果寫入暫存檔再推送(多行訊息用 `-m` 會被 shell 截斷,務必用 `-f`): ```bash # 寫入暫存檔後推送(推薦) npx @cablate/banini-tracker push -f /tmp/report.txt # 短訊息可用 -m npx @cablate/banini-tracker push -m "短訊息" # 純文字(不解析 HTML) npx @cablate/banini-tracker push -f /tmp/report.txt --parse-mode none ``` ## 其他指令 ```bash # 去重管理 npx @cablate/banini-tracker seen list # 列出所有已讀 ID npx @cablate/banini-tracker seen mark <id...> # 手動標記已讀 npx @cablate/banini-tracker seen clear # 清空已讀紀錄 # 查看/修改設定 npx @cablate/banini-tracker config # 顯示設定(token 遮蔽) # 手動編輯: ~/.banini-tracker.json ``` ## 費用參考 Facebook 每次抓取約 $0.02(Apify CU 計費)。 ## 報告格式建議 推送到 Telegram 時建議用以下 HTML 格式。注意: - 每篇貼文附上原文連結(從 fetch 的 `url` 欄位取得) - `<` `>` `&` 必須轉義(`<` `>` `&`),避免 HTML 解析錯誤 - 多行內容務必寫入檔案後用 `-f` 推送 ``` <b>巴逆逆反指標速
When generating a SuperPlane changelog from merged commits. Use for "what's new" summaries with new integrations, new components/triggers, improvements, security updates, and bug fixes. Output is user-focused markdown in tmp/.
This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.
Provides adversarial code comprehension for security research, mapping architecture, tracing data flows, and hunting vulnerability variants to build ground-truth understanding before or alongside static analysis.
Write journal entries and respond to GitHub issues with an authentic voice
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports. 中文触发词:漏洞赏金、安全测试、渗透测试、漏洞挖掘、信息收集、子域名枚举、XSS测试、SQL注入、SSRF、安全审计、漏洞报告
Activate when code touches token management, credential resolution, git auth flows, GITHUB_APM_PAT, ADO_APM_PAT, AuthResolver, HostInfo, AuthContext, or any remote host authentication — even if 'auth' isn't mentioned explicitly. --- # Auth Skill [Auth expert persona](../../agents/auth-expert.agent.md) ## When to activate - Any change to `src/apm_cli/core/auth.py` or `src/apm_cli/core/token_manager.py` - Code that reads `GITHUB_APM_PAT`, `GITHUB_TOKEN`, `GH_TOKEN`, `ADO_APM_PAT` - Code using `git ls-remote`, `git clone`, or GitHub/ADO API calls - Error messages mentioning tokens, authentication, or credentials - Changes to `github_downloader.py` auth paths - Per-host or per-org token resolution logic ## Key rule All auth flows MUST go through `AuthResolver`. No direct `os.getenv()` for token variables in application code.
AWS API Gateway for REST and HTTP API management. Use when creating APIs, configuring integrations, setting up authorization, managing stages, implementing rate limiting, or troubleshooting API issues.
Invoke after any implementation task completes or before merging. Reviews the diff, auto-fixes safe issues, runs specialist security and architecture reviewers on large diffs. Not for exploring ideas or debugging.
Web accessibility patterns for WCAG 2.2 compliance including ARIA, keyboard navigation, screen readers, and testing
skill-sample/ ├─ SKILL.md ⭐ Required: skill entry doc (purpose / usage / examples / deps) ├─ manifest.sample.json ⭐ Recommended: machine-readable metadata (index / validation / autofill) ├─ LICENSE.sample ⭐ Recommended: license & scope (open source / restriction / commercial) ├─ scripts/ │ └─ example-run.py ✅ Runnable example script for quick verification ├─ assets/ │ ├─ example-formatting-guide.md 🧩 Output conventions: layout / structure / style │ └─ example-template.tex 🧩 Templates: quickly generate standardized output └─ references/ 🧩 Knowledge base: methods / guides / best practices ├─ example-ref-structure.md 🧩 Structure reference ├─ example-ref-analysis.md 🧩 Analysis reference └─ example-ref-visuals.md 🧩 Visual reference
More Agent Skills specs Anthropic docs: https://agentskills.io/home
├─ ⭐ Required: YAML Frontmatter (must be at top) │ ├─ ⭐ name : unique skill name, follow naming convention │ └─ ⭐ description : include trigger keywords for matching │ ├─ ✅ Optional: Frontmatter extension fields │ ├─ ✅ license : license identifier │ ├─ ✅ compatibility : runtime constraints when needed │ ├─ ✅ metadata : key-value fields (author/version/source_url...) │ └─ 🧩 allowed-tools : tool whitelist (experimental) │ └─ ✅ Recommended: Markdown body (progressive disclosure) ├─ ✅ Overview / Purpose ├─ ✅ When to use ├─ ✅ Step-by-step ├─ ✅ Inputs / Outputs ├─ ✅ Examples ├─ 🧩 Files & References ├─ 🧩 Edge cases ├─ 🧩 Troubleshooting └─ 🧩 Safety notes
Skill files are scattered across GitHub and communities, difficult to search, and hard to evaluate. SkillWink organizes open-source skills into a searchable, filterable library you can directly download and use.
We provide keyword search, version updates, multi-metric ranking (downloads / likes / comments / updates), and open SKILL.md standards. You can also discuss usage and improvements on skill detail pages.
Quick Start:
Import/download skills (.zip/.skill), then place locally:
~/.claude/skills/ (Claude Code)
~/.codex/skills/ (Codex CLI)
One SKILL.md can be reused across tools.
Everything you need to know: what skills are, how they work, how to find/import them, and how to contribute.
A skill is a reusable capability package, usually including SKILL.md (purpose/IO/how-to) and optional scripts/templates/examples.
Think of it as a plugin playbook + resource bundle for AI assistants/toolchains.
Skills use progressive disclosure: load brief metadata first, load full docs only when needed, then execute by guidance.
This keeps agents lightweight while preserving enough context for complex tasks.
Use these three together:
Note: file size for all methods should be within 10MB.
Typical paths (may vary by local setup):
One SKILL.md can usually be reused across tools.
Yes. Most skills are standardized docs + assets, so they can be reused where format is supported.
Example: retrieval + writing + automation scripts as one workflow.
Some skills come from public GitHub repositories and some are uploaded by SkillWink creators. Always review code before installing and own your security decisions.
Most common reasons:
We try to avoid that. Use ranking + comments to surface better skills:
