Skill UI

A risk-paranoid, mandatory review process designed to interrogate any plan that touches sensitive customer data, regulatory compliance, or production access. It forces consideration of critical security pillars including STRIDE threat modeling, blast radius quantification, detection mechanisms (MTTD), incident response runbooks, regulatory notification windows, and third-party vendor security posture. Essential before deploying features handling PII, PHI, or before compliance audits (SOC 2, HIPAA, GDPR).

Pi-hole is a powerful, network-wide DNS ad blocker solution that runs on Linux hosts (like Raspberry Pi). It automatically blocks ads, trackers, and malware domains for every device on your network without requiring browser extensions. This guide details installation via Docker or bare-metal setup, configuring it as the primary DNS server for a home network, managing blocklists, and implementing advanced features like DNS-over-HTTPS (DoH) for enhanced privacy.

A comprehensive guide on segmenting a home network using VLANs to dramatically enhance security. Learn how to isolate different device types—such as IoT gadgets, guests, and servers—from main PCs, preventing cross-segment malware spread and unauthorized communication. Covers setup steps for UniFi, pfSense, and OPNsense.

A comprehensive guide to setting up a fast and secure WireGuard VPN server for remote access to your home network (homelab). Learn keypair generation, advanced Linux firewall (iptables) rules, and how to manage different tunneling modes (split vs. full tunnel) for optimal performance.

A comprehensive skill to automatically detect, install, and initialize the Terraform CLI based on the operating system. It ensures the required environment is set up (including handling provider downloads and network mirrors) and prepares the working directory for infrastructure deployment. Ideal for initial setup or when receiving 'command not found' errors.

A comprehensive guide for securing container images and runtime environments. Covers best practices from Dockerfile authoring (minimal base images, multi-stage builds, non-root users) through advanced runtime enforcement (seccomp, AppArmor) and Kubernetes security controls. Essential for production hardening and maintaining supply chain integrity.

This utility manages all types of DNS records (A, CNAME, MX, TXT, etc.) for domains registered with Namecheap via their dedicated API. It guides users through the full setup process, including public IP detection and credential configuration. Users can list domains, view, add, update, or remove records, and manage nameservers and email forwarding rules.

This skill provides comprehensive management for Opencode's permission system. It allows users to review currently always-allowed commands, suggest safe read-only commands, and configure granular access controls using allow/deny/ask patterns. It is essential for optimizing security, performing system audits, and managing the operational scope of the agent.

Comprehensive skill for managing the KubeSphere ServiceMesh extension, integrating Istio, Kiali, and Jaeger. It provides full lifecycle management, including installation, uninstallation, and detailed status checking. Users can define advanced traffic governance policies (like canary or blue-green deployments) and troubleshoot microservice connectivity, utilizing features such as traffic mirroring and circuit breaking for composed applications.

This guide provides comprehensive details on the OpenPitrix application management system within KubeSphere. It covers the entire application lifecycle, including managing app repositories (Repo), uploading and versioning templates (Application/ApplicationVersion), conducting review processes, and finally deploying/upgrading applications (ApplicationRelease). Use this skill when troubleshooting App Store interactions, understanding KubeSphere's backend APIs, or managing deployed workloads.

This skill provides a comprehensive governance audit for Fabric and Power BI tenant settings. It compares live configurations against a curated baseline to detect setting drift, analyze delegated overrides across capacities, domains, and workspaces, and investigate associated Entra security groups. It delivers authoritative, grounded, and actionable recommendations to ensure optimal enterprise governance.