From syncable-cli-skills
Runs deep security scans, vulnerability checks, and IaC validation using sync-ctl for pre-deployment audits and compliance verdicts.
npx claudepluginhub syncable-dev/syncable-cli --plugin syncable-cli-skillsThis skill uses the workspace's default tool permissions.
Deep multi-layered security review for pre-deployment gates or compliance. Uses thorough/paranoid scan modes and includes IaC validation. Stricter than project-assessment.
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
Deep multi-layered security review for pre-deployment gates or compliance. Uses thorough/paranoid scan modes and includes IaC validation. Stricter than project-assessment.
sync-ctl analyze <PATH> --agent
Determine: IaC files present (gates step 4), dependencies present (gates step 3). Save full_data_ref.
Success criteria: You know which IaC types and dependency files exist.
PR review / pre-merge:
sync-ctl security <PATH> --mode thorough --agent
Production / compliance:
sync-ctl security <PATH> --mode paranoid --agent
Success criteria: JSON with severity counts. All critical/high findings captured with file locations.
sync-ctl vulnerabilities <PATH> --agent
Decision: No dependencies in step 1 → skip, note in report.
Success criteria: CVE counts by severity captured.
sync-ctl validate <PATH> --agent
Decision: No IaC files in step 1 → skip.
Filter if types known: --types dockerfile,compose
Success criteria: Lint violations captured with severity and file locations.
| Condition | Action |
|---|---|
| PR review context | --mode thorough in step 2 |
| Pre-deploy / compliance | --mode paranoid in step 2 |
| No IaC files in step 1 | Skip step 4 |
| No dependencies in step 1 | Skip step 3 |
If critical findings exist: Explicitly warn user. If part of deploy pipeline, recommend blocking deployment.
| Mistake | Reality |
|---|---|
| "Project looks simple, lightning mode is fine" | Security audits require thorough or paranoid. That's what distinguishes this from project-assessment. |
| Skipping IaC validation because "it's just Dockerfiles" | Dockerfile misconfigurations are a top attack vector. Always validate if IaC exists. |
| Reporting verdict without running all applicable steps | Every applicable step must complete before issuing a PASS/WARN/FAIL verdict. |
Save each step's full_data_ref. Use sync-ctl retrieve <ref_id> --query "..." for drill-down. Do NOT re-run commands.