aedelon/core-protocols
skills/core-protocols/SKILL.md
Debug errors systematically by searching first, then analyzing, then proposing verified solutions. MUST BE USED when user reports: "error", "bug", "doesn't work", "fails", "crash", stack traces, exception messages, or any troubleshooting scenario. Triggers: "TypeError", "ImportError", "undefined is not a function", "segfault", "panic", "broken", "not working", "unexpected behavior", "regression", "failing", "exception", "traceback", "stack trace", "debug this", "why does this fail", "help me fix". Also enforces confidence levels and output templates. Prevents guessing solutions without research.
$ install --global
skillsauthnpx skillsauth add aedelon/claude-code-blueprint core-protocolsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 29, 2026, 12:18 PM36.6s1 file scanned
SKILL.md
- name:
- core-protocols
- description:
- |-
- MUST BE USED when user reports:
- error", "bug", "doesn't work", "fails", "crash", stack traces,
- Triggers:
- TypeError", "ImportError", "undefined is not a function", "segfault", "panic",
Core Protocols
1. Debugging Protocol
Trigger Conditions
Activate when:
- User reports an error or bug
- Code doesn't work as expected
- Build/test failures occur
- Stack traces or error messages appear
MANDATORY Sequence
NEVER propose solutions before completing Steps 1-2.
Step 1: SEARCH FIRST
1. Extract EXACT error message
2. WebSearch: "[error message] [language/framework] [version]"
3. Context7 if library-related:
- mcp__context7__resolve-library-id(libraryName)
- mcp__context7__get-library-docs(id, topic: "error")
4. Look for GitHub issues / StackOverflow
Step 2: ANALYZE
1. Identify ROOT CAUSE (not symptoms)
2. Check version compatibility
3. Isolate the problem
4. Check changelogs for breaking changes
Step 3: VERIFIED SOLUTION
1. Cite SOURCE of solution
2. State CONFIDENCE level
3. Propose ALTERNATIVES if uncertain
4. Include VALIDATION command
Error Type Quick Reference
| Error Type | First Action | |------------|--------------| | Library/API error | Context7 lookup | | Runtime error | WebSearch exact message | | Build error | Check versions, config | | Type error | Read type definitions | | Import error | Check package installation |
2. Confidence Assessment
Levels
| Level | Criteria | Action | |-------|----------|--------| | HIGH | Verified via tool, 2+ sources | State source | | MEDIUM | Single source, partial verification | Add caveat | | LOW | Memory only, no verification | Warn explicitly | | UNKNOWN | Cannot assess | Say "I don't know" |
Verification Methods
Libraries/APIs: Context7 → cross-reference docs → HIGH if verified Current Events: WebSearch 2024-2025 → multiple sources → HIGH if recent Best Practices: Official docs → community consensus → MEDIUM-HIGH
Mandatory Warnings
| Topic | Warning | |-------|---------| | Pricing | "Verify at official URL" | | Rate limits | "Check your dashboard" | | New features | "As of [DATE], may have changed" | | Model IDs | "Verify current availability" |
3. Output Templates
Code Response
**Intent**: [1-2 sentences]
\`\`\`[language]
[code with comments]
\`\`\`
**Validation**: `[command]`
**Dependencies**: [if new]
**Confidence**: [LEVEL] - [source]
Research Response
## Summary
[3-5 sentences max]
## Sources
1. [Author (Year). Title. DOI/URL]
**Confidence**: [LEVEL] - [justification]
**Limitations**: [what couldn't be verified]
Diagnostic Response
## Problem Identified
[1-2 sentences]
## Root Cause
[Technical explanation]
**Source**: [reference]
## Solution
\`\`\`[language]
[fix]
\`\`\`
## Validation
\`\`\`bash
[command]
\`\`\`
**Confidence**: [LEVEL]
**Prevention**: [how to avoid]
Creative Prompt Response
**Prompt [Tool]**:
[ready-to-use prompt]
**Parameters**: [key settings]
**Variations**: [alternatives]
Anti-Patterns (FORBIDDEN)
- Proposing solutions without searching first
- Guessing based on similar-sounding errors
- Omitting confidence levels
- Skipping validation commands
- Ignoring version information
Related Skills
aedelon/uv-workflow
tools
VerifiedTrustedCommunity
Master uv package manager for Python: project setup, dependency management, virtual environments, lockfiles, CI/CD integration, Docker builds, and migration from pip/poetry. MUST BE USED when user mentions: "uv", "uv add", "uv run", "uv sync", "uv init", "uv lock", "uv venv", "uv pip", "pyproject.toml", "python project setup", "python dependencies", "virtual environment", "venv", "pip install", "poetry to uv", "migrate from pip", "lockfile python", "requirements.txt", "setup.py", "pip freeze", "uv tool", "install package", "add dependency", "python environment", "new python project", "package manager python", "create project", "uv export", "uv cache", "uv python". 10-100x faster than pip. Covers init, add, sync, lock, run, Docker, CI/CD. NOT for npm/pnpm/yarn (JS toolchain), Rust cargo, or deployment (use deployment-assistant).
53SKILL.mdUpdated Mar 27, 2026
aedelon/security-audit
development
VerifiedTrustedCommunity
Proactive security audit: OWASP top 10, dependency vulnerabilities, secrets detection, input validation, auth patterns, and secure defaults. MUST BE USED when user mentions: "security", "vulnerability", "audit", "OWASP", "CVE", "security review", "pentest", "injection", "XSS", "CSRF", "authentication", "authorization", "secrets", "hardcoded password", "secure", "npm audit", "pip-audit", "check security", "is this secure", "security risk", "data leak", "SQL injection", "command injection", "path traversal", "SSRF", "RCE", "privilege escalation", "supply chain", "dependency scan", "snyk", "trivy", "semgrep", "bandit". Scans code for vulnerabilities, checks dependencies, verifies auth patterns. NOT for explaining security concepts (use pedagogical-explain), or general code review (use code-review).
53SKILL.mdUpdated Mar 27, 2026
aedelon/research-protocol
development
VerifiedTrustedCommunity
Conduct rigorous research with proper citations (DOI, arXiv, PMID) and source triangulation. MUST BE USED when user asks: "what is SOTA", "recent developments", "compare X vs Y", "is it true that", "research says", "latest papers on", "scientific evidence", "studies show", "state of the art", "literature review", "find papers", "academic research", "benchmark results", "who published", "when was X released", "current best", "what does the research say", "evidence for", "peer reviewed". Searches multiple sources, evaluates reliability, states confidence level. NOT for verifying API signatures (use anti-hallucination) or general web search (use WebSearch directly).
53SKILL.mdUpdated Mar 27, 2026
aedelon/commit-message
development
VerifiedTrustedCommunity
Ship workflow: review changes, generate conventional commit messages, push, and create PRs. MUST BE USED when user says: "commit", "git commit", "commit this", "save changes", "commit message", "ship", "ship it", "push", "create PR", "pull request", "ready to merge", "deploy this", "stage changes", "what changed", "review my changes", "conventional commit", or after completing a coding task. Reviews changes, generates commit, optionally pushes and creates PR. NOT for git branching/rebasing (use git-workflow), code review (use review command), or deployment configuration (use deployment-assistant).
53SKILL.mdUpdated Mar 27, 2026