Allegro
10271c6b44
Replace shell=True with list-based subprocess execution to prevent command injection via malicious user input. Changes: - tools/transcription_tools.py: Use shlex.split() + shell=False - tools/environments/docker.py: List-based commands with container ID validation Fixes CVE-level vulnerability where malicious file paths or container IDs could inject arbitrary commands. CVSS: 9.8 (Critical) Refs: V-001 in SECURITY_AUDIT_REPORT.md
10 KiB
New Skill Recommendations
Summary
Based on comprehensive analysis of the 116 existing skills across 20+ categories, the following 10 skills are recommended to fill critical gaps in the Hermes skills ecosystem.
1. stripe-integration
Category: payments
Description: Process payments, manage subscriptions, and handle webhooks with Stripe API
Justification: Payment processing is a common need for businesses, yet completely absent from current skills. Stripe is the dominant payment processor for developers.
Required Environment Variables:
STRIPE_SECRET_KEY- API key for authenticationSTRIPE_WEBHOOK_SECRET- For webhook verification
Key Features:
- Payment Intent creation and management
- Subscription lifecycle management
- Webhook handling and verification
- Customer management
- Refund processing
- Test mode vs live mode guidance
Related Skills: None (new category)
Files:
SKILL.md- Main documentationreferences/api-cheat-sheet.md- Common API callsreferences/webhook-events.md- Event type referencetemplates/subscription-flow.py- Complete subscription exampletemplates/payment-form.html- Client-side integration
2. postgres-admin
Category: databases
Description: PostgreSQL administration, query optimization, backup/restore, and performance tuning
Justification: Only vector databases (Qdrant, Chroma, Pinecone, FAISS) are covered. Relational database operations are essential for most applications.
Required Environment Variables:
DATABASE_URL- Connection string
Key Features:
- Connection management and pooling
- Query optimization and EXPLAIN analysis
- Index creation and management
- Backup and restore procedures
- User and permission management
- Migration strategies
- Performance monitoring
Related Skills: redis-operations (recommended below)
Files:
SKILL.md- Core documentationreferences/query-optimization.md- Performance tuning guidereferences/backup-strategies.md- Backup methods comparisonscripts/schema-analyzer.py- Schema analysis tooltemplates/migration-template.sql
3. redis-operations
Category: databases
Description: Redis caching patterns, session management, pub/sub, and data structures
Justification: Caching is critical for scalable applications. Redis is the most popular caching solution but completely uncovered.
Required Environment Variables:
REDIS_URL- Connection string
Key Features:
- Data structure selection guide
- Caching patterns and strategies
- Session management implementation
- Pub/sub messaging patterns
- Rate limiting implementations
- Distributed locking
- Memory optimization
Related Skills: postgres-admin
Files:
SKILL.md- Main documentationreferences/data-structures.md- When to use each typereferences/caching-patterns.md- Cache-aside, write-through, etc.templates/rate-limiter.py- Production rate limitertemplates/session-store.py- Session management implementation
4. kubernetes-deploy
Category: devops
Description: Kubernetes deployment, service management, ingress configuration, and troubleshooting
Justification: Container orchestration is essential for modern deployment. While docker-management exists as optional, Kubernetes is the production standard.
Required Environment Variables:
KUBECONFIG- Path to kubeconfig file
Key Features:
- Deployment and service creation
- ConfigMaps and Secrets management
- Ingress and TLS configuration
- Rolling updates and rollbacks
- Resource limits and HPA
- Debugging pods and logs
- Helm chart basics
Related Skills: docker-management (optional), webhook-subscriptions
Files:
SKILL.md- Core documentationreferences/kubectl-cheatsheet.mdreferences/troubleshooting-guide.mdtemplates/deployment.yaml- Production-ready templatetemplates/service-ingress.yaml- Complete service setup
5. aws-cli
Category: cloud
Description: AWS CLI operations for EC2, S3, RDS, Lambda, and CloudFormation
Justification: Only Lambda Labs and Modal are covered for cloud. AWS dominates cloud infrastructure and is essential for many workflows.
Required Environment Variables:
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_REGION
Key Features:
- Authentication and profile management
- S3 bucket operations
- EC2 instance lifecycle
- RDS database management
- Lambda function deployment
- CloudFormation stack management
- IAM policy management
Related Skills: lambda-labs, modal, postgres-admin (RDS)
Files:
SKILL.md- Main documentationreferences/service-matrix.md- Service selection guidereferences/iam-policies.md- Common policy templatestemplates/s3-lifecycle.jsonscripts/cost-estimator.py
6. react-native-build
Category: mobile
Description: React Native app development, build processes, and deployment to App Store/Play Store
Justification: Mobile development is completely absent from skills. React Native covers both iOS and Android with single codebase.
Required Environment Variables:
- None (but requires Xcode, Android SDK)
Key Features:
- Project initialization and structure
- iOS build and signing
- Android build and signing
- Environment configuration
- Navigation patterns
- State management integration
- App Store / Play Store submission
- Over-the-air updates
Related Skills: None (new category)
Files:
SKILL.md- Core documentationreferences/build-troubleshooting.md- Common build issuesreferences/app-store-checklist.mdtemplates/navigation-structure.jsscripts/build-and-sign.sh
7. terraform-iac
Category: infrastructure
Description: Infrastructure as Code with Terraform for AWS, GCP, Azure, and custom providers
Justification: Infrastructure management is not covered. Terraform is the standard for declarative infrastructure.
Required Environment Variables:
- Variable depending on provider (AWS, GCP, Azure credentials)
Key Features:
- Provider configuration
- Resource declaration patterns
- State management and remote backends
- Module creation and reuse
- Workspace management
- Plan and apply workflows
- Importing existing resources
- Drift detection
Related Skills: aws-cli, kubernetes-deploy, webhook-subscriptions
Files:
SKILL.md- Main documentationreferences/state-management.md- State best practicesreferences/provider-matrix.mdtemplates/aws-vpc-module.tftemplates/gcp-gke-cluster.tf
8. prometheus-monitoring
Category: observability
Description: Metrics collection, alerting rules, and dashboard creation with Prometheus and Grafana
Justification: No monitoring or observability skills exist. Critical for production operations.
Required Environment Variables:
PROMETHEUS_URL- Prometheus server URLGRAFANA_API_KEY- For dashboard management (optional)
Key Features:
- Metric types and naming conventions
- PromQL query writing
- Recording and alerting rules
- Service discovery configuration
- Grafana dashboard creation
- Alertmanager configuration
- Custom exporter development
- SLO/SLI monitoring
Related Skills: dogfood (complement for self-monitoring)
Files:
SKILL.md- Core documentationreferences/promql-cheatsheet.mdreferences/alerting-best-practices.mdtemplates/alerts.yml- Common alert rulestemplates/dashboard.json- Grafana dashboard
9. elasticsearch-query
Category: search
Description: Full-text search, aggregation queries, and index management with Elasticsearch/OpenSearch
Justification: Search functionality is limited to DuckDuckGo web search. Elasticsearch is essential for application search.
Required Environment Variables:
ELASTICSEARCH_URLELASTICSEARCH_API_KEY(optional)
Key Features:
- Index creation and mapping design
- Full-text search queries
- Filtering and boosting
- Aggregation queries
- Relevance tuning
- Cluster health monitoring
- Migration from previous versions
- OpenSearch compatibility
Related Skills: duckduckgo-search (complementary)
Files:
SKILL.md- Main documentationreferences/query-dsl-guide.mdreferences/mapping-best-practices.mdtemplates/search-api.py- Python search implementationtemplates/index-template.json
10. figma-api
Category: design
Description: Figma API integration for design system management, asset export, and design tokens
Justification: Design integration is minimal (only Excalidraw). Figma is the dominant design tool for teams.
Required Environment Variables:
FIGMA_ACCESS_TOKENFIGMA_FILE_KEY(optional, can be per-request)
Key Features:
- Authentication and file access
- Design token extraction
- Asset export automation
- Component library management n- Design system documentation generation
- Version history access
- Comment and collaboration API
- Webhook integration
Related Skills: excalidraw (complementary)
Files:
SKILL.md- Core documentationreferences/design-tokens-schema.mdreferences/file-structure.mdscripts/export-assets.py- Asset export automationtemplates/design-system-docs.md
Implementation Priority
Phase 1 (High Impact, Broad Appeal)
- stripe-integration - Universal business need
- postgres-admin - Core infrastructure skill
- aws-cli - Dominant cloud provider
Phase 2 (Developer Productivity)
- redis-operations - Common caching need
- react-native-build - Mobile development gap
- terraform-iac - Infrastructure management
Phase 3 (Production Operations)
- kubernetes-deploy - Container orchestration
- prometheus-monitoring - Observability essential
- elasticsearch-query - Application search
- figma-api - Design workflow integration
New Category Structure
skills/
├── payments/
│ └── stripe-integration/
├── databases/
│ ├── postgres-admin/
│ └── redis-operations/
├── mobile/
│ └── react-native-build/
├── infrastructure/
│ └── terraform-iac/
├── observability/
│ └── prometheus-monitoring/
└── search/
└── elasticsearch-query/
Recommendations generated: 2024-03-30 Analysis based on: 116 existing skills