new_skill_recommendations.md

# New Skill Recommendations

## Summary

Based on comprehensive analysis of the 116 existing skills across 20+ categories, the following 10 skills are recommended to fill critical gaps in the Hermes skills ecosystem.

---

## 1. stripe-integration

**Category:** `payments`

**Description:** Process payments, manage subscriptions, and handle webhooks with Stripe API

**Justification:** Payment processing is a common need for businesses, yet completely absent from current skills. Stripe is the dominant payment processor for developers.

**Required Environment Variables:**
- `STRIPE_SECRET_KEY` - API key for authentication
- `STRIPE_WEBHOOK_SECRET` - For webhook verification

**Key Features:**
- Payment Intent creation and management
- Subscription lifecycle management
- Webhook handling and verification
- Customer management
- Refund processing
- Test mode vs live mode guidance

**Related Skills:** None (new category)

**Files:**
- `SKILL.md` - Main documentation
- `references/api-cheat-sheet.md` - Common API calls
- `references/webhook-events.md` - Event type reference
- `templates/subscription-flow.py` - Complete subscription example
- `templates/payment-form.html` - Client-side integration

---

## 2. postgres-admin

**Category:** `databases`

**Description:** PostgreSQL administration, query optimization, backup/restore, and performance tuning

**Justification:** Only vector databases (Qdrant, Chroma, Pinecone, FAISS) are covered. Relational database operations are essential for most applications.

**Required Environment Variables:**
- `DATABASE_URL` - Connection string

**Key Features:**
- Connection management and pooling
- Query optimization and EXPLAIN analysis
- Index creation and management
- Backup and restore procedures
- User and permission management
- Migration strategies
- Performance monitoring

**Related Skills:** `redis-operations` (recommended below)

**Files:**
- `SKILL.md` - Core documentation
- `references/query-optimization.md` - Performance tuning guide
- `references/backup-strategies.md` - Backup methods comparison
- `scripts/schema-analyzer.py` - Schema analysis tool
- `templates/migration-template.sql`

---

## 3. redis-operations

**Category:** `databases`

**Description:** Redis caching patterns, session management, pub/sub, and data structures

**Justification:** Caching is critical for scalable applications. Redis is the most popular caching solution but completely uncovered.

**Required Environment Variables:**
- `REDIS_URL` - Connection string

**Key Features:**
- Data structure selection guide
- Caching patterns and strategies
- Session management implementation
- Pub/sub messaging patterns
- Rate limiting implementations
- Distributed locking
- Memory optimization

**Related Skills:** `postgres-admin`

**Files:**
- `SKILL.md` - Main documentation
- `references/data-structures.md` - When to use each type
- `references/caching-patterns.md` - Cache-aside, write-through, etc.
- `templates/rate-limiter.py` - Production rate limiter
- `templates/session-store.py` - Session management implementation

---

## 4. kubernetes-deploy

**Category:** `devops`

**Description:** Kubernetes deployment, service management, ingress configuration, and troubleshooting

**Justification:** Container orchestration is essential for modern deployment. While `docker-management` exists as optional, Kubernetes is the production standard.

**Required Environment Variables:**
- `KUBECONFIG` - Path to kubeconfig file

**Key Features:**
- Deployment and service creation
- ConfigMaps and Secrets management
- Ingress and TLS configuration
- Rolling updates and rollbacks
- Resource limits and HPA
- Debugging pods and logs
- Helm chart basics

**Related Skills:** `docker-management` (optional), `webhook-subscriptions`

**Files:**
- `SKILL.md` - Core documentation
- `references/kubectl-cheatsheet.md`
- `references/troubleshooting-guide.md`
- `templates/deployment.yaml` - Production-ready template
- `templates/service-ingress.yaml` - Complete service setup

---

## 5. aws-cli

**Category:** `cloud`

**Description:** AWS CLI operations for EC2, S3, RDS, Lambda, and CloudFormation

**Justification:** Only Lambda Labs and Modal are covered for cloud. AWS dominates cloud infrastructure and is essential for many workflows.

**Required Environment Variables:**
- `AWS_ACCESS_KEY_ID`
- `AWS_SECRET_ACCESS_KEY`
- `AWS_REGION`

**Key Features:**
- Authentication and profile management
- S3 bucket operations
- EC2 instance lifecycle
- RDS database management
- Lambda function deployment
- CloudFormation stack management
- IAM policy management

**Related Skills:** `lambda-labs`, `modal`, `postgres-admin` (RDS)

**Files:**
- `SKILL.md` - Main documentation
- `references/service-matrix.md` - Service selection guide
- `references/iam-policies.md` - Common policy templates
- `templates/s3-lifecycle.json`
- `scripts/cost-estimator.py`

---

## 6. react-native-build

**Category:** `mobile`

**Description:** React Native app development, build processes, and deployment to App Store/Play Store

**Justification:** Mobile development is completely absent from skills. React Native covers both iOS and Android with single codebase.

**Required Environment Variables:**
- None (but requires Xcode, Android SDK)

**Key Features:**
- Project initialization and structure
- iOS build and signing
- Android build and signing
- Environment configuration
- Navigation patterns
- State management integration
- App Store / Play Store submission
- Over-the-air updates

**Related Skills:** None (new category)

**Files:**
- `SKILL.md` - Core documentation
- `references/build-troubleshooting.md` - Common build issues
- `references/app-store-checklist.md`
- `templates/navigation-structure.js`
- `scripts/build-and-sign.sh`

---

## 7. terraform-iac

**Category:** `infrastructure`

**Description:** Infrastructure as Code with Terraform for AWS, GCP, Azure, and custom providers

**Justification:** Infrastructure management is not covered. Terraform is the standard for declarative infrastructure.

**Required Environment Variables:**
- Variable depending on provider (AWS, GCP, Azure credentials)

**Key Features:**
- Provider configuration
- Resource declaration patterns
- State management and remote backends
- Module creation and reuse
- Workspace management
- Plan and apply workflows
- Importing existing resources
- Drift detection

**Related Skills:** `aws-cli`, `kubernetes-deploy`, `webhook-subscriptions`

**Files:**
- `SKILL.md` - Main documentation
- `references/state-management.md` - State best practices
- `references/provider-matrix.md`
- `templates/aws-vpc-module.tf`
- `templates/gcp-gke-cluster.tf`

---

## 8. prometheus-monitoring

**Category:** `observability`

**Description:** Metrics collection, alerting rules, and dashboard creation with Prometheus and Grafana

**Justification:** No monitoring or observability skills exist. Critical for production operations.

**Required Environment Variables:**
- `PROMETHEUS_URL` - Prometheus server URL
- `GRAFANA_API_KEY` - For dashboard management (optional)

**Key Features:**
- Metric types and naming conventions
- PromQL query writing
- Recording and alerting rules
- Service discovery configuration
- Grafana dashboard creation
- Alertmanager configuration
- Custom exporter development
- SLO/SLI monitoring

**Related Skills:** `dogfood` (complement for self-monitoring)

**Files:**
- `SKILL.md` - Core documentation
- `references/promql-cheatsheet.md`
- `references/alerting-best-practices.md`
- `templates/alerts.yml` - Common alert rules
- `templates/dashboard.json` - Grafana dashboard

---

## 9. elasticsearch-query

**Category:** `search`

**Description:** Full-text search, aggregation queries, and index management with Elasticsearch/OpenSearch

**Justification:** Search functionality is limited to DuckDuckGo web search. Elasticsearch is essential for application search.

**Required Environment Variables:**
- `ELASTICSEARCH_URL`
- `ELASTICSEARCH_API_KEY` (optional)

**Key Features:**
- Index creation and mapping design
- Full-text search queries
- Filtering and boosting
- Aggregation queries
- Relevance tuning
- Cluster health monitoring
- Migration from previous versions
- OpenSearch compatibility

**Related Skills:** `duckduckgo-search` (complementary)

**Files:**
- `SKILL.md` - Main documentation
- `references/query-dsl-guide.md`
- `references/mapping-best-practices.md`
- `templates/search-api.py` - Python search implementation
- `templates/index-template.json`

---

## 10. figma-api

**Category:** `design`

**Description:** Figma API integration for design system management, asset export, and design tokens

**Justification:** Design integration is minimal (only Excalidraw). Figma is the dominant design tool for teams.

**Required Environment Variables:**
- `FIGMA_ACCESS_TOKEN`
- `FIGMA_FILE_KEY` (optional, can be per-request)

**Key Features:**
- Authentication and file access
- Design token extraction
- Asset export automation
- Component library management
n- Design system documentation generation
- Version history access
- Comment and collaboration API
- Webhook integration

**Related Skills:** `excalidraw` (complementary)

**Files:**
- `SKILL.md` - Core documentation
- `references/design-tokens-schema.md`
- `references/file-structure.md`
- `scripts/export-assets.py` - Asset export automation
- `templates/design-system-docs.md`

---

## Implementation Priority

### Phase 1 (High Impact, Broad Appeal)
1. **stripe-integration** - Universal business need
2. **postgres-admin** - Core infrastructure skill
3. **aws-cli** - Dominant cloud provider

### Phase 2 (Developer Productivity)
4. **redis-operations** - Common caching need
5. **react-native-build** - Mobile development gap
6. **terraform-iac** - Infrastructure management

### Phase 3 (Production Operations)
7. **kubernetes-deploy** - Container orchestration
8. **prometheus-monitoring** - Observability essential
9. **elasticsearch-query** - Application search
10. **figma-api** - Design workflow integration

---

## New Category Structure

```
skills/
├── payments/
│   └── stripe-integration/
├── databases/
│   ├── postgres-admin/
│   └── redis-operations/
├── mobile/
│   └── react-native-build/
├── infrastructure/
│   └── terraform-iac/
├── observability/
│   └── prometheus-monitoring/
└── search/
    └── elasticsearch-query/
```

---

*Recommendations generated: 2024-03-30*
*Analysis based on: 116 existing skills*
security: fix command injection vulnerabilities (CVSS 9.8) Replace shell=True with list-based subprocess execution to prevent command injection via malicious user input. Changes: - tools/transcription_tools.py: Use shlex.split() + shell=False - tools/environments/docker.py: List-based commands with container ID validation Fixes CVE-level vulnerability where malicious file paths or container IDs could inject arbitrary commands. CVSS: 9.8 (Critical) Refs: V-001 in SECURITY_AUDIT_REPORT.md 2026-03-30 23:15:11 +00:00			`# New Skill Recommendations`

			`## Summary`

			`Based on comprehensive analysis of the 116 existing skills across 20+ categories, the following 10 skills are recommended to fill critical gaps in the Hermes skills ecosystem.`

			`---`

			`## 1. stripe-integration`

			Category: `payments`

			`Description: Process payments, manage subscriptions, and handle webhooks with Stripe API`

			`Justification: Payment processing is a common need for businesses, yet completely absent from current skills. Stripe is the dominant payment processor for developers.`

			`Required Environment Variables:`
			- `STRIPE_SECRET_KEY` - API key for authentication
			- `STRIPE_WEBHOOK_SECRET` - For webhook verification

			`Key Features:`
			`- Payment Intent creation and management`
			`- Subscription lifecycle management`
			`- Webhook handling and verification`
			`- Customer management`
			`- Refund processing`
			`- Test mode vs live mode guidance`

			`Related Skills: None (new category)`

			`Files:`
			- `SKILL.md` - Main documentation
			- `references/api-cheat-sheet.md` - Common API calls
			- `references/webhook-events.md` - Event type reference
			- `templates/subscription-flow.py` - Complete subscription example
			- `templates/payment-form.html` - Client-side integration

			`---`

			`## 2. postgres-admin`

			Category: `databases`

			`Description: PostgreSQL administration, query optimization, backup/restore, and performance tuning`

			`Justification: Only vector databases (Qdrant, Chroma, Pinecone, FAISS) are covered. Relational database operations are essential for most applications.`

			`Required Environment Variables:`
			- `DATABASE_URL` - Connection string

			`Key Features:`
			`- Connection management and pooling`
			`- Query optimization and EXPLAIN analysis`
			`- Index creation and management`
			`- Backup and restore procedures`
			`- User and permission management`
			`- Migration strategies`
			`- Performance monitoring`

			Related Skills: `redis-operations` (recommended below)

			`Files:`
			- `SKILL.md` - Core documentation
			- `references/query-optimization.md` - Performance tuning guide
			- `references/backup-strategies.md` - Backup methods comparison
			- `scripts/schema-analyzer.py` - Schema analysis tool
			- `templates/migration-template.sql`

			`---`

			`## 3. redis-operations`

			Category: `databases`

			`Description: Redis caching patterns, session management, pub/sub, and data structures`

			`Justification: Caching is critical for scalable applications. Redis is the most popular caching solution but completely uncovered.`

			`Required Environment Variables:`
			- `REDIS_URL` - Connection string

			`Key Features:`
			`- Data structure selection guide`
			`- Caching patterns and strategies`
			`- Session management implementation`
			`- Pub/sub messaging patterns`
			`- Rate limiting implementations`
			`- Distributed locking`
			`- Memory optimization`

			Related Skills: `postgres-admin`

			`Files:`
			- `SKILL.md` - Main documentation
			- `references/data-structures.md` - When to use each type
			- `references/caching-patterns.md` - Cache-aside, write-through, etc.
			- `templates/rate-limiter.py` - Production rate limiter
			- `templates/session-store.py` - Session management implementation

			`---`

			`## 4. kubernetes-deploy`

			Category: `devops`

			`Description: Kubernetes deployment, service management, ingress configuration, and troubleshooting`

			Justification: Container orchestration is essential for modern deployment. While `docker-management` exists as optional, Kubernetes is the production standard.

			`Required Environment Variables:`
			- `KUBECONFIG` - Path to kubeconfig file

			`Key Features:`
			`- Deployment and service creation`
			`- ConfigMaps and Secrets management`
			`- Ingress and TLS configuration`
			`- Rolling updates and rollbacks`
			`- Resource limits and HPA`
			`- Debugging pods and logs`
			`- Helm chart basics`

			Related Skills: `docker-management` (optional), `webhook-subscriptions`

			`Files:`
			- `SKILL.md` - Core documentation
			- `references/kubectl-cheatsheet.md`
			- `references/troubleshooting-guide.md`
			- `templates/deployment.yaml` - Production-ready template
			- `templates/service-ingress.yaml` - Complete service setup

			`---`

			`## 5. aws-cli`

			Category: `cloud`

			`Description: AWS CLI operations for EC2, S3, RDS, Lambda, and CloudFormation`

			`Justification: Only Lambda Labs and Modal are covered for cloud. AWS dominates cloud infrastructure and is essential for many workflows.`

			`Required Environment Variables:`
			- `AWS_ACCESS_KEY_ID`
			- `AWS_SECRET_ACCESS_KEY`
			- `AWS_REGION`

			`Key Features:`
			`- Authentication and profile management`
			`- S3 bucket operations`
			`- EC2 instance lifecycle`
			`- RDS database management`
			`- Lambda function deployment`
			`- CloudFormation stack management`
			`- IAM policy management`

			Related Skills: `lambda-labs`, `modal`, `postgres-admin` (RDS)

			`Files:`
			- `SKILL.md` - Main documentation
			- `references/service-matrix.md` - Service selection guide
			- `references/iam-policies.md` - Common policy templates
			- `templates/s3-lifecycle.json`
			- `scripts/cost-estimator.py`

			`---`

			`## 6. react-native-build`

			Category: `mobile`

			`Description: React Native app development, build processes, and deployment to App Store/Play Store`

			`Justification: Mobile development is completely absent from skills. React Native covers both iOS and Android with single codebase.`

			`Required Environment Variables:`
			`- None (but requires Xcode, Android SDK)`

			`Key Features:`
			`- Project initialization and structure`
			`- iOS build and signing`
			`- Android build and signing`
			`- Environment configuration`
			`- Navigation patterns`
			`- State management integration`
			`- App Store / Play Store submission`
			`- Over-the-air updates`

			`Related Skills: None (new category)`

			`Files:`
			- `SKILL.md` - Core documentation
			- `references/build-troubleshooting.md` - Common build issues
			- `references/app-store-checklist.md`
			- `templates/navigation-structure.js`
			- `scripts/build-and-sign.sh`

			`---`

			`## 7. terraform-iac`

			Category: `infrastructure`

			`Description: Infrastructure as Code with Terraform for AWS, GCP, Azure, and custom providers`

			`Justification: Infrastructure management is not covered. Terraform is the standard for declarative infrastructure.`

			`Required Environment Variables:`
			`- Variable depending on provider (AWS, GCP, Azure credentials)`

			`Key Features:`
			`- Provider configuration`
			`- Resource declaration patterns`
			`- State management and remote backends`
			`- Module creation and reuse`
			`- Workspace management`
			`- Plan and apply workflows`
			`- Importing existing resources`
			`- Drift detection`

			Related Skills: `aws-cli`, `kubernetes-deploy`, `webhook-subscriptions`

			`Files:`
			- `SKILL.md` - Main documentation
			- `references/state-management.md` - State best practices
			- `references/provider-matrix.md`
			- `templates/aws-vpc-module.tf`
			- `templates/gcp-gke-cluster.tf`

			`---`

			`## 8. prometheus-monitoring`

			Category: `observability`

			`Description: Metrics collection, alerting rules, and dashboard creation with Prometheus and Grafana`

			`Justification: No monitoring or observability skills exist. Critical for production operations.`

			`Required Environment Variables:`
			- `PROMETHEUS_URL` - Prometheus server URL
			- `GRAFANA_API_KEY` - For dashboard management (optional)

			`Key Features:`
			`- Metric types and naming conventions`
			`- PromQL query writing`
			`- Recording and alerting rules`
			`- Service discovery configuration`
			`- Grafana dashboard creation`
			`- Alertmanager configuration`
			`- Custom exporter development`
			`- SLO/SLI monitoring`

			Related Skills: `dogfood` (complement for self-monitoring)

			`Files:`
			- `SKILL.md` - Core documentation
			- `references/promql-cheatsheet.md`
			- `references/alerting-best-practices.md`
			- `templates/alerts.yml` - Common alert rules
			- `templates/dashboard.json` - Grafana dashboard

			`---`

			`## 9. elasticsearch-query`

			Category: `search`

			`Description: Full-text search, aggregation queries, and index management with Elasticsearch/OpenSearch`

			`Justification: Search functionality is limited to DuckDuckGo web search. Elasticsearch is essential for application search.`

			`Required Environment Variables:`
			- `ELASTICSEARCH_URL`
			- `ELASTICSEARCH_API_KEY` (optional)

			`Key Features:`
			`- Index creation and mapping design`
			`- Full-text search queries`
			`- Filtering and boosting`
			`- Aggregation queries`
			`- Relevance tuning`
			`- Cluster health monitoring`
			`- Migration from previous versions`
			`- OpenSearch compatibility`

			Related Skills: `duckduckgo-search` (complementary)

			`Files:`
			- `SKILL.md` - Main documentation
			- `references/query-dsl-guide.md`
			- `references/mapping-best-practices.md`
			- `templates/search-api.py` - Python search implementation
			- `templates/index-template.json`

			`---`

			`## 10. figma-api`

			Category: `design`

			`Description: Figma API integration for design system management, asset export, and design tokens`

			`Justification: Design integration is minimal (only Excalidraw). Figma is the dominant design tool for teams.`

			`Required Environment Variables:`
			- `FIGMA_ACCESS_TOKEN`
			- `FIGMA_FILE_KEY` (optional, can be per-request)

			`Key Features:`
			`- Authentication and file access`
			`- Design token extraction`
			`- Asset export automation`
			`- Component library management`
			`n- Design system documentation generation`
			`- Version history access`
			`- Comment and collaboration API`
			`- Webhook integration`

			Related Skills: `excalidraw` (complementary)

			`Files:`
			- `SKILL.md` - Core documentation
			- `references/design-tokens-schema.md`
			- `references/file-structure.md`
			- `scripts/export-assets.py` - Asset export automation
			- `templates/design-system-docs.md`

			`---`

			`## Implementation Priority`

			`### Phase 1 (High Impact, Broad Appeal)`
			`1. stripe-integration - Universal business need`
			`2. postgres-admin - Core infrastructure skill`
			`3. aws-cli - Dominant cloud provider`

			`### Phase 2 (Developer Productivity)`
			`4. redis-operations - Common caching need`
			`5. react-native-build - Mobile development gap`
			`6. terraform-iac - Infrastructure management`

			`### Phase 3 (Production Operations)`
			`7. kubernetes-deploy - Container orchestration`
			`8. prometheus-monitoring - Observability essential`
			`9. elasticsearch-query - Application search`
			`10. figma-api - Design workflow integration`

			`---`

			`## New Category Structure`

			```
			`skills/`
			`├── payments/`
			`│ └── stripe-integration/`
			`├── databases/`
			`│ ├── postgres-admin/`
			`│ └── redis-operations/`
			`├── mobile/`
			`│ └── react-native-build/`
			`├── infrastructure/`
			`│ └── terraform-iac/`
			`├── observability/`
			`│ └── prometheus-monitoring/`
			`└── search/`
			`└── elasticsearch-query/`
			```

			`---`

			`Recommendations generated: 2024-03-30`
			`Analysis based on: 116 existing skills`