DROO

Devil's advocate code review with three adversarial personas that challenge assumptions and find hidden issues. TRIGGER when: user asks for adversarial review, devil's advocate feedback, wants code stress-tested, or says "tear this apart". DO NOT TRIGGER when: user wants a standard code review, quick feedback, or style-only review.

Multi-agent system design with orchestration patterns, tool schemas, and guardrails. TRIGGER when: user asks to design an agent system, choose agent architecture, define tool schemas, add guardrails, or evaluate agent performance; user runs /agent-design or /agent-architect. DO NOT TRIGGER when: using a specific agent framework (use framework docs), writing prompts for single-turn LLM calls, general API integration without agent orchestration.

Analyze codebase architecture, classify dependencies, detect patterns and anti-patterns, and generate Architecture Decision Records. TRIGGER when: user asks about architecture, dependency analysis, ADRs, coupling, or wants to understand how a codebase is structured. DO NOT TRIGGER when: user wants a code review of specific files (use code-review), or wants to fix a bug (use focused-fix).

Check and run autonomous experiments. Query experiment status, view results dashboards, and execute iterations. TRIGGER when: user asks about experiment status, autoresearch progress, "how's the experiment going", "run another iteration", or invokes "/autoresearch". DO NOT TRIGGER when: user is working on autoresearch agent code itself.

Blockscout MCP tool reference for on-chain data queries. Covers all 16 tools: address info, transactions, token transfers, NFTs, contract ABI/source, read-only calls, ENS resolution, and block data across 8+ chains. TRIGGER when: user asks about on-chain data, contract state, token balances, transaction history, ENS lookup, NFT holdings, or uses blockscout MCP tools. DO NOT TRIGGER when: user asks about crypto market prices or trading volume (use coingecko skill), or writing Solidity code (use solidity-audit skill).

Detect project stack and generate CI/CD pipeline configuration for GitHub Actions or GitLab CI. TRIGGER when: user asks to set up CI/CD, create a pipeline, add GitHub Actions, configure GitLab CI, or automate testing and deployment. DO NOT TRIGGER when: user is debugging an existing pipeline failure, or asking about deployment infrastructure (servers, containers, cloud).

Build apps with the Claude API or Anthropic SDK. TRIGGER when: code imports `anthropic`/`@anthropic-ai/sdk`/`claude_agent_sdk`, or user asks to use Claude API, Anthropic SDKs, or Agent SDK. DO NOT TRIGGER when: code imports `openai`/other AI SDK, general programming, or ML/data-science tasks.

Auto-generate onboarding documentation from codebase analysis, tailored to the reader's experience level. TRIGGER when: user asks to onboard someone to a codebase, generate project documentation for new team members, create a getting-started guide, or explain a codebase to a specific audience. DO NOT TRIGGER when: user wants API reference docs (use language-specific tooling), or wants to understand a single file (just read it).

Structured code review with blast radius analysis, security scanning, quality scoring, and a 30+ item checklist. TRIGGER when: user asks to review a PR, diff, changeset, or code for quality/security/breaking changes; user runs /review or /code-review; reviewing staged or committed changes. DO NOT TRIGGER when: writing new code from scratch, refactoring without review context, general debugging.

CoinGecko and GeckoTerminal API reference for crypto market data, token prices, DEX pools, and on-chain analytics. TRIGGER when: user asks about token/coin prices, market caps, trading volume, DEX pools, trending tokens, price history, crypto market data, or CoinGecko API usage. DO NOT TRIGGER when: user asks about on-chain contract state or transactions (use blockscout skill), or Solidity/smart contract code (use solidity-audit skill).

Schema analysis, ERD generation, index optimization, and migration safety. TRIGGER when: user asks about database schema design, normalization, index strategy, query optimization, migration planning, or choosing between database engines. DO NOT TRIGGER when: application-level ORM usage without schema concerns, or general API design (use relevant language skill).

Multi-language dependency vulnerability scanning and license compliance auditing. TRIGGER when: user asks to audit dependencies, check for vulnerabilities, review licenses, detect outdated or bloated packages, or assess supply chain risk. DO NOT TRIGGER when: user is adding a specific dependency they have already chosen, or debugging a build failure unrelated to dependency versions.

Design interfaces using Ousterhout's "Design It Twice" method with parallel sub-agents. TRIGGER when: user asks to design an API, interface, module boundary, or public surface area, or says "design it twice." DO NOT TRIGGER when: user already has a specific interface and wants implementation, or is refactoring internals without changing the public API.

UI/UX design patterns and design system architecture. TRIGGER when: working on component design, layout/grid decisions, design tokens, color palettes, typography, accessibility (WCAG), responsive design, TUI aesthetics, or creating DESIGN.md documentation. Covers React, Tailwind CSS, terminal UI, and mobile patterns with a monospace-first, constraint-based design philosophy. DO NOT TRIGGER when: writing React/TypeScript code logic (use droo-stack skill), building Raxol TUI framework features (use raxol skill), or working with CSS-in-JS runtime concerns (this skill covers design decisions, not runtime).

Generate a multi-platform activity digest for a topic. Fetches and ranks items from HN, GitHub, Reddit, YouTube, ethresear.ch, Snapshot, Polymarket, package registries, CoinGecko, Blockscout, and Shodan. TRIGGER when: user invokes "/digest" or asks for a "digest", "what's happening with X", "activity summary for X", "news about X". DO NOT TRIGGER when: user asks about digest agent code/implementation.

Detailed coding patterns for a polyglot stack. TRIGGER when: working in Elixir, TypeScript, Go, Rust, Python, Lua, C, Zig, Shell/Bash, Noir, or chezmoi templates. Provides incorrect/correct examples that complement CLAUDE.md preferences. DO NOT TRIGGER when: working with Claude API or Anthropic SDK (use claude-api skill), Raxol TUI/agent framework patterns (use raxol skill), Solidity smart contracts (use solidity-audit skill), ZK circuit domain questions (use noir skill -- this skill only covers Noir language syntax), or NIF/SIMD domain questions (use native-code skill -- this skill only covers C and Zig language syntax).

Environment variable hygiene, secret leak detection, and credential rotation workflows. TRIGGER when: working with .env files, secret management, credential rotation, pre-commit secret scanning, or investigating leaked credentials. DO NOT TRIGGER when: general config file editing, non-secret environment setup, or infrastructure provisioning (use relevant infra skill).

Ethereum ecosystem tooling and standards reference. TRIGGER when: asking about Ethereum development tools, framework selection, RPC providers, block explorers, EIP/ERC standards, or general Web3 development workflow. DO NOT TRIGGER when: writing or auditing Solidity code (use solidity-audit skill), or working with Noir/ZK circuits (use noir skill).

Structured 5-phase bug fix methodology with root cause verification. TRIGGER when: user wants to fix a bug, debug an issue, investigate a failure, or says "focused fix". Also when a fix attempt has failed and the user wants a systematic approach. DO NOT TRIGGER when: user wants architecture analysis (use architect), QA triage (use qa), or code review (use code-review).

Set up Claude Code hooks to block dangerous git commands before they execute. TRIGGER when: user wants to prevent destructive git operations, add git safety hooks, or block git push/reset in Claude Code. DO NOT TRIGGER when: user is asking about git workflow or branching strategy.

Parallel development with git worktrees and deterministic port isolation. TRIGGER when: user wants to work on multiple branches simultaneously, run parallel agent sessions, manage worktree-based dev environments, or asks about port conflicts between concurrent services. DO NOT TRIGGER when: simple branch switching (use git checkout), or single-branch development with no parallelism needed.

Analyze and reduce LLM API costs through model routing, caching, and prompt optimization. TRIGGER when: user asks about LLM costs, API spend reduction, token optimization, model routing, or prompt caching. DO NOT TRIGGER when: user asks about model quality comparison, fine-tuning, or general prompt engineering.

Scaffold MCP servers from OpenAPI specs. TRIGGER when: user asks to build an MCP server, convert an OpenAPI/Swagger spec to MCP tools, generate MCP tool definitions, or scaffold a FastMCP/TypeScript MCP project. DO NOT TRIGGER when: user is configuring an existing MCP server, writing MCP clients, or working with Claude API directly (use claude-api skill).

NIF (Native Implemented Functions) development and SIMD patterns for Elixir/BEAM. TRIGGER when: writing NIFs in C or Rust (Rustler), using erl_nif.h, Zig SIMD code for BEAM integration, tree-sitter grammar NIFs, or discussing native performance boundaries in Elixir. DO NOT TRIGGER when: general C/Zig/Rust language questions (use droo-stack), general Elixir patterns (use droo-stack), Raxol framework (use raxol skill).

Nix language, flakes, NixOS, Home Manager, and agent-skills packaging. TRIGGER when: working with .nix files, flake.nix, flake.lock, Nargo.toml (Nix packaging context), NixOS configuration, Home Manager modules, nix-agent MCP tools, agent-skills-nix deployment, or rigup.nix riglets. DO NOT TRIGGER when: only using nix PATH (chezmoi handles that), or working on ZK circuits (use noir skill), or Nix language is incidental to another domain.

Zero-knowledge circuit design with Noir (Aztec's ZK DSL). TRIGGER when: working with .nr files, Nargo.toml, ZK circuits/proofs, Aztec contracts, zoir extension, or discussing zero-knowledge proof design. Covers circuit architecture, constraint optimization, ZK-specific security, and Aztec integration. DO NOT TRIGGER when: only Noir language syntax is needed (droo-stack handles that), or working with Solidity (use solidity-audit skill).

SLO/SLI design, alert optimization, and dashboard generation for production services. TRIGGER when: user asks to define SLOs, design alerts, create dashboards, reduce alert fatigue, set error budgets, or improve observability; user runs /observability or /slo. DO NOT TRIGGER when: debugging a specific incident (use debugging tools), writing application code, configuring CI/CD pipelines.

Scan for outdated dependencies and update them across Elixir, Rust, Node, Go, and Python ecosystems. TRIGGER when: user asks about outdated dependencies, "update deps", "dependency check", "what needs updating", or invokes "/patchbot". DO NOT TRIGGER when: user is working on patchbot agent code itself.

Profiling and optimization across languages in the polyglot stack. TRIGGER when: user asks about performance profiling, flamegraphs, benchmarks, load testing, memory leaks, or optimizing slow code paths in Node.js, Python, Go, Elixir, or Rust. DO NOT TRIGGER when: database-specific optimization (use database-designer), or build/bundle size issues without runtime perf concern.

Browser automation and end-to-end testing with Playwright (Python and TypeScript). TRIGGER when: user asks about browser automation, e2e testing, web scraping with a browser, Playwright setup, page navigation, selectors, screenshots, PDF generation, network interception, file uploads, auth flows, mobile viewports, or accessibility testing with Playwright. Also when code imports playwright, @playwright/test, pytest-playwright, or references playwright.config. DO NOT TRIGGER when: user asks about Cypress, Selenium, Puppeteer, or other browser automation tools; unit testing without a browser; HTTP-only scraping (use requests/httpx); or general pytest usage without Playwright.

Polymath split-brain research methodology. Maps the possibility space of open-ended problems by building a max-distance lens roster across three relatedness tiers (close/mid/far), composing polymath expert personas from the tiers, spawning N parallel sub-agents, then synthesizing their disagreements into a landscape map. TRIGGER when: the user explicitly invokes the technique ("polymath", "split-brain", "multiagency", "let's run agents to/for X", "remember our polymath multiagency"), OR when ALL of these are true: (a) the problem is research/strategy/framing-level, (b) the user has indicated framing uncertainty (not debugging), (c) the cost of picking the wrong frame is high, (d) the user has not already specified an approach. DO NOT TRIGGER when: debugging ("stuck on this regex/error/build/typo/merge conflict"), file/syntax lookups, single-answer questions, naming/styling micro-decisions, or anything where one direct answer would suffice. When the trigger match is ambiguous, ASK the user "split-brain this with ~10 polymath lenses, or just one targeted Agent?" -- one clarifying question is cheaper than 12 wasted spawns OR a missed framing discovery.

Convert a PRD into a phased implementation plan using tracer-bullet vertical slices, then optionally create GitHub issues from the plan. TRIGGER when: user has a PRD and wants an implementation plan, says "plan this", asks to break a feature into phases, wants to convert requirements into tasks, asks to break a PRD into issues, create issues from a plan, or says "prd to issues". Also when user wants to stress-test a plan, get grilled on their design, or says "grill me". DO NOT TRIGGER when: user wants to execute a plan (just code it), review existing code, or do general architecture discussion without a PRD.

Generate pre-session project briefings with git activity, GitHub state, CI status, dependency health, and recall context. TRIGGER when: user asks for a "briefing", "what's the state of this project", "catch me up", "prep me", or invokes "/prepper". DO NOT TRIGGER when: user is working on prepper agent code itself.

Property-based and generative testing across the polyglot stack. TRIGGER when: user asks about property-based testing, generative testing, QuickCheck, Hypothesis, proptest, StreamData, fast-check, fuzzing test inputs, or finding edge cases that example tests miss. DO NOT TRIGGER when: user asks about TDD workflow (use tdd), mutation testing (use tdd), load testing (use performance-profiler), or security fuzzing (use security-audit).

Bug triage and issue creation. Single-issue investigation with TDD fix plans, or interactive multi-bug QA sessions with background codebase exploration. TRIGGER when: user reports a bug, unexpected behavior, or regression; wants to triage an issue; wants to run a QA session; says "qa session"; or asks to create an issue for a bug. DO NOT TRIGGER when: user wants to fix a bug (use focused-fix), or wants a code review of a PR (use code-review).

Design RAG pipelines with informed chunking, embedding, retrieval, and evaluation decisions. TRIGGER when: user asks about RAG pipeline design, chunking strategies, embedding models, vector databases, or retrieval-augmented generation. DO NOT TRIGGER when: user asks about fine-tuning, prompt engineering without retrieval, or general LLM usage.

Raxol terminal framework for TUI apps and AI agents in Elixir. TRIGGER when: code imports Raxol modules (Raxol.Agent, Raxol.Headless, Raxol.Core), mix.exs lists :raxol or :raxol_agent as dependency, user asks about building TUI apps or AI agents with Raxol, or working with Raxol headless/MCP tools. DO NOT TRIGGER when: general Elixir patterns (use droo-stack skill), Claude API / Anthropic SDK usage (use claude-api skill), or other TUI frameworks (Scenic, Termbox, etc.).

Query the recall knowledge base for relevant context. Searches decisions, patterns, gotchas, links, and insights stored across sessions. TRIGGER when: user asks to "recall", "remember", "what did we decide about", "check knowledge base", or references past decisions/patterns. DO NOT TRIGGER when: user is talking about memory/recall in a general sense, or working on the recall agent code itself.

Systematic refactoring methodology with safety guarantees for polyglot codebases. TRIGGER when: user asks to refactor code, restructure a module, split a monolith, do a large rename, extract a service, apply strangler fig, or plan a safe migration of existing code. Also when tech-debt-tracker findings need execution. DO NOT TRIGGER when: user is fixing a bug (use focused-fix), doing TDD on new code (use tdd), or finding tech debt without a plan to fix it (use tech-debt-tracker).

Release management with changelog generation, semantic versioning, and readiness checks. TRIGGER when: user asks to prepare a release, generate a changelog, bump version, check release readiness, or create a release tag; user runs /release or /changelog. DO NOT TRIGGER when: writing commit messages (use conventional commits directly), deploying to infrastructure, debugging production issues.

General-purpose application security auditing across Python, TypeScript, Go, and Rust. TRIGGER when: user asks for a security audit, vulnerability assessment, threat modeling, code security review, OWASP analysis, variant analysis, or asks about injection, XSS, SSRF, path traversal, deserialization, or crypto misuse in application code. DO NOT TRIGGER when: working with .sol files, smart contracts, or Solidity audits (use solidity-audit); when reviewing code for general quality without security focus (use code-review); when auditing dependencies only (use dependency-auditor).

Auto-curate memory, promote recurring patterns, and extract reusable knowledge across sessions. TRIGGER when: user says "/si:", asks about memory management, pattern promotion, or wants to review accumulated learnings. DO NOT TRIGGER when: user wants general code review, documentation, or project planning.

Monitor on-chain contracts for anomalous transactions. Checks for large transfers, ownership changes, unusual methods, and selfdestruct calls via Blockscout API v2. TRIGGER when: user asks about contract monitoring, "check this contract", on-chain alerts, "any suspicious transactions", or invokes "/sentinel". DO NOT TRIGGER when: user is working on sentinel agent code itself.

Interactively scaffold new Claude Code skills with correct frontmatter, trigger clauses, sub-files, and linter compliance. TRIGGER when: user asks to create a new skill, scaffold a skill, add a skill to agent-skills, or says "new skill" or "skill creator". DO NOT TRIGGER when: user is editing an existing skill, writing CLAUDE.md instructions, or building an MCP server (use mcp-server-builder skill).

Solidity development standards and security auditing. TRIGGER when: working with .sol files, foundry.toml, hardhat.config.*, smart contract auditing, security review, or vulnerability analysis. Covers Foundry-first development patterns, vulnerability taxonomies, and audit methodology. DO NOT TRIGGER when: general Ethereum tooling/ecosystem questions (use ethskills skill), or Noir/ZK circuits (use noir skill).

Test-driven development workflow for polyglot codebases. TRIGGER when: user asks to write tests first, do TDD, red-green-refactor, or requests test-driven implementation of a feature. DO NOT TRIGGER when: user asks to add tests after the fact, debug existing tests, or fix failing tests without a TDD workflow.

Automated tech debt scanning, classification, and cost-of-delay prioritization. TRIGGER when: user asks to find tech debt, audit code quality, prioritize refactoring, track debt trends, or assess code health; user runs /tech-debt or /debt-scan. DO NOT TRIGGER when: writing new features, doing code review (use code-review skill), debugging specific bugs.

Extract and maintain a DDD ubiquitous language glossary from conversations. TRIGGER when: user asks to define domain terms, extract a glossary, build a ubiquitous language, or says "ubiquitous language". Also when domain ambiguity, synonym conflicts, or overloaded terms appear in conversation. DO NOT TRIGGER when: user wants code review, API docs, or module naming conventions (those are implementation, not domain).

Writing voice calibration from studied authors. Accepts combinatorial voice arguments to blend multiple writer influences. TRIGGER when: user invokes "/voice" or asks to "write like", "in the style of", "voice of", "blend voices", or references a specific writer influence for their prose. Also when user asks to review writing for voice/tone/style quality. DO NOT TRIGGER when: user asks to humanize existing text (use humanize skill), write code, generate commit messages, or produce technical documentation where voice is irrelevant.

Scan repos for health issues: stale PRs, failing CI, old issues, TODO refs, lockfile problems, and security advisories. TRIGGER when: user asks about repo health, "check my repos", "stale PRs", "CI status", security advisories, or invokes "/watchdog". DO NOT TRIGGER when: user is working on watchdog agent code itself.

Generate and optimize web assets: favicons, app icons, OG/social images, and devicons. TRIGGER when: user asks to create favicons, generate app icons (iOS, Android, PWA), build OG/social media images, optimize SVG/PNG/WebP, create icon sprite sheets, convert logos to icon sets, or work with devicons/technology icons. DO NOT TRIGGER when: user is designing UI layouts or component architecture (use design-ux skill), writing CSS/Tailwind styles (use droo-stack skill), or building image processing pipelines unrelated to web assets.