web▌

Expert 3D web implementation across Three.js, React Three Fiber, Spline, and WebGL with performance optimization. \n \n Covers three primary stacks (Spline for rapid prototyping, React Three Fiber for React apps, Three.js vanilla for maximum control) with decision guidance on when to use each \n Includes 3D model pipeline: format selection, poly-count reduction, texture baking, GLB export, and compression with gltf-transform \n Handles scroll-driven 3D interactions using ScrollControls, GSAP, an

Tactile feedback for web apps using the Web Vibration API across React, Vue, Svelte, and vanilla JavaScript. \n \n Four trigger categories: notifications (success, warning, error), impacts (light, medium, heavy), selection (picker/slider detents), and extra presets (soft, rigid, nudge, buzz) \n Framework-specific hooks and composables for React, Vue, Svelte; vanilla JS class; automatic SSR handling in Nuxt and SvelteKit \n Zero dependencies, silent no-op on unsupported platforms (desktop), no fe

Use this skill to turn a cloud server into a safely reachable web host without leaning on stale distro-specific memory or outdated Debian-10-era tutorials.

使用 MiniMax MCP 服务器进行网络搜索。

Parse Apache and Nginx access logs to detect SQL injection attempts, local file inclusion, directory traversal, web scanner fingerprints, and brute-force patterns. Uses regex-based pattern matching against OWASP attack signatures, GeoIP enrichment for source attribution, and statistical anomaly detection for request frequency and response size outliers.

Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check responsive design, validate UX, test login flows, check links, automate any browser task. Use when user wants to test websites, automate browser interactions, validate web functionality, or perform any browser-based testing. Do NOT use for quick page debugging or network inspection (use chrome-devtools instead).

Use this skill to search the web without a full browser session, returning structured results with URLs, titles, and metadata.

Minimal CDP tools for collaborative site exploration.

Audit UI code against Web Interface Guidelines for compliance and best practices. \n \n Fetches the latest guidelines from Vercel Labs before each review to ensure current rule compliance \n Accepts file paths or patterns as arguments; prompts for files if none specified \n Outputs findings in concise file:line format for quick identification of violations \n Covers accessibility, design patterns, and UX best practices as defined in the guidelines repository \n

Web exploitation techniques for CTF challenges covering injection, authentication, access control, and client-side attacks. \n \n Covers 20+ attack categories: SQLi, XSS, SSTI, SSRF, XXE, command injection, path traversal, JWT/OAuth/SAML, prototype pollution, deserialization, file upload RCE, and race conditions \n Includes quick-reference payloads, filter bypasses, and multi-stage exploitation chains with real CTF examples (HTB, Pragyan, Nullcon) \n Supporting markdown files detail server-side