Procurement & Sourcing Bundle | Prompeteer.ai

Vendor evaluation, RFP/RFQ authoring, contract negotiation, total-cost analysis, and procurement-policy skills.

Included Skills (55)

  1. Plugin Structure Guide — This skill guides users in creating, organizing, and understanding Claude Code plugins, covering structure, configuration, and component management for seamless integration.
  2. Skill Creation Tool — Empower users to create, refine, and evaluate AI skills, ensuring optimal performance and triggering accuracy through iterative development and testing.
  3. Opencli Browser — Use when an agent needs to drive a real Chrome window via opencli — inspect a page, fill forms, click through logged-in flows, or extract data ad-hoc. Covers the selector-first target contract, compound form fields, stale-ref handling, network capture, and the agent-native envelopes the CLI returns. Not for writing adapters — see opencli-adapter-author for that.
  4. Opencli Browser — Use when an agent needs to drive a real Chrome window via opencli — inspect a page, fill forms, click through logged-in flows, or extract data ad-hoc. Covers the selector-first target contract, compound form fields, stale-ref handling, network capture, and the agent-native envelopes the CLI returns. Not for writing adapters — see opencli-adapter-author for that.
  5. Agent Platform Deploy — Deploys open models from Model Garden to Agent Platform endpoints, helping users manage and clean up deployed resources.
  6. GSAP Core Animator — This skill helps developers create and understand GSAP animations using core features like tweens, easing, and responsive design for web projects.
  7. MCP App Builder — This skill helps developers build interactive UI widgets and MCP apps that render components inline within chat surfaces.
  8. Planning With Files — Implements Manus-style file-based planning to organize and track progress on complex tasks. Creates task_plan.md, findings.md, and progress.md. Use when asked to plan out, break down, or organize a multi-step project, research task, or any work requiring 5+ tool calls. Supports automatic session recovery after /clear.
  9. Project Artifact — Generate and publish a project status artifact — an opinionated, tabbed status page for a project too big for one update (overview & success criteria, the workstream sequence, next steps, plus background, plan, risks & open questions, and decisions/FAQ when they earn a tab) — published with the built-in Artifact tool to a default-private claude.ai page the user can share with teammates. Use when a piece of work spans several workstreams and you want a shareable overview kept current. Each artifact is backed by a small per-project config in the plugin data dir, so refreshing it re-gathers live state, redeploys the same URL, and reports only the delta. For software projects whose workstreams are PRs, also read swe.md (the X.Y PR-numbering convention; pulling PR state with gh/git; a per-PR detail block). Needs the built-in Artifact tool (claude.ai login). Not for single-PR changes or public docs.
  10. Checkov — Expert guidance for Checkov, the static analysis tool for infrastructure-as-code that scans Terraform, CloudFormation, Kubernetes, Helm, Dockerfile, and ARM templates for security misconfigurations and compliance violations. Helps developers integrate Checkov into CI/CD pipelines and write custom policies.
  11. Sales Engineer — Analyzes RFP/RFI responses for coverage gaps, builds competitive feature comparison matrices, and plans proof-of-concept (POC) engagements for pre-sales engineering. Use when responding to RFPs, bids, or proposal requests; comparing product features against competitors; planning or scoring a customer POC or sales demo; preparing a technical proposal; or performing win/loss competitor analysis. Handles tasks described as 'RFP response', 'bid response', 'proposal response', 'competitor comparison', 'feature matrix', 'POC planning', 'sales demo prep', or 'pre-sales engineering'.
  12. Legal Document Generator — Generates jurisdiction-aware legal documents like contracts and proposals, providing a strong starting point for business professionals.
  13. Vpe Advisor — VP of Engineering advisory for startups: delivery throughput (DORA 4 metrics + bottleneck identification), engineering hiring funnel (sourcing → screen → onsite → offer conversion + time-to-fill + pipeline gap), engineering team structure (squad/tribe/chapter design + tech-lead manager-trigger thresholds), and production discipline (on-call, deployment cadence, postmortem culture). Use when sprint velocity is dropping, eng hiring is broken, team structure is unclear, or deciding when to add a tech-lead manager. NOT a CTO skill (which owns architecture) — VPE owns delivery operations and how the team ships.
  14. CCPA Compliance Assistant — Helps businesses comply with CCPA/CPRA by implementing data privacy features and responding to consumer data requests.
  15. Slash Command Factory — Generate custom Claude Code slash commands through intelligent 5-7 question flow. Creates powerful commands for business research, content analysis, healthcare compliance, API integration, documentation automation, and workflow optimization. Outputs organized commands to generated-commands/ with validation and installation guidance.
  16. Quality Manager Qms Iso13485 — ISO 13485 Quality Management System implementation and maintenance for medical device organizations. Provides QMS design, documentation control, internal auditing, CAPA management, and certification support. Use when working with medical device quality systems, preparing for ISO 13485 audits, managing regulatory compliance documentation, setting up corrective actions, or building audit preparation programs. Useful for quality management, audit preparation, regulatory compliance, medical device documentation, and corrective action workflows.
  17. Docker Configuration Assistant — Assists developers in building, debugging, and optimizing Docker configurations, including Dockerfiles and docker-compose setups, following best practices.
  18. Product Strategy Guide — Provides expert product strategy guidance, empowering product leaders to define vision, positioning, and outcome-driven roadmaps.
  19. Docker Development Assistant — This skill optimizes Dockerfiles, orchestrates docker-compose configurations, and hardens container security for developers following container best practices.
  20. Vpe Advisor — VP of Engineering advisory for startups: delivery throughput (DORA 4 metrics + bottleneck identification), engineering hiring funnel (sourcing → screen → onsite → offer conversion + time-to-fill + pipeline gap), engineering team structure (squad/tribe/chapter design + tech-lead manager-trigger thresholds), and production discipline (on-call, deployment cadence, postmortem culture). Use when sprint velocity is dropping, eng hiring is broken, team structure is unclear, or deciding when to add a tech-lead manager. NOT a CTO skill (which owns architecture) — VPE owns delivery operations and how the team ships.
  21. Fda Consultant Specialist — FDA regulatory consultant for medical device companies. Provides 510(k)/PMA/De Novo pathway guidance, QMSR (21 CFR 820, which incorporates ISO 13485:2016 by reference since 2026-02-02; formerly QSR) compliance, HIPAA assessments, and device cybersecurity. Use when user mentions FDA submission, 510(k), PMA, De Novo, QMSR, QSR, ISO 13485 for FDA, premarket, predicate device, substantial equivalence, HIPAA medical device, or FDA cybersecurity.
  22. Compliance Os — Compliance OS — meta-orchestrator that lets compliance teams CONFIGURE which frameworks apply, COMPUTE cross-framework control overlap, SIMULATE internal audits, and CONSOLIDATE evidence across multiple frameworks. Four decisions: (1) Given a company profile, which of the 12 supported frameworks apply (ISO 27001/13485/42001/14971, EU AI Act, MDR 745, GDPR, SOC 2, FDA QSR, NIST CSF 2.0, NIS2, HIPAA)? (2) Across selected frameworks, which controls overlap and how much evidence reuses? (3) For a given framework + scope, what does a realistic mock audit produce — drawing from the 205-scenario library? (4) Across selected frameworks, what's the unified evidence checklist with reuse map? Use when standing up a multi-framework program, planning the annual audit calendar, or preparing for certification stage 1. Does NOT replace per-framework skills (it orchestrates them).
  23. Information Security Manager Iso27001 — ISO 27001 ISMS implementation and cybersecurity governance for HealthTech and MedTech companies. Use when designing an ISMS, running security risk assessments, implementing controls, pursuing ISO 27001 certification, preparing security audits, responding to security incidents, or verifying compliance. Covers ISO 27001, ISO 27002, healthcare security, and medical device cybersecurity.
  24. Mdr 745 Specialist — EU MDR 2017/745 compliance specialist for medical device classification, technical documentation, clinical evidence, and post-market surveillance. Covers Annex VIII classification rules, Annex II/III technical files, Annex XIV clinical evaluation, Art. 86 PSUR schedules, and EUDAMED integration. Use when classifying a medical device under MDR, building or gap-checking a technical file, planning clinical evaluation or PMS/PSUR cadence, or preparing for notified body review (e.g., 'what class is my device under MDR', 'review my PSUR schedule').
  25. Quality Manager Qmr — Senior Quality Manager Responsible Person (QMR) for HealthTech and MedTech companies. Provides quality system governance, management review leadership, regulatory compliance oversight, and quality performance monitoring per ISO 13485 Clause 5.5.2. Use when leading management reviews, setting quality policy and objectives, monitoring quality KPIs and cost of quality, or exercising QMR governance and regulatory oversight responsibilities.
  26. Senior Secops — Senior SecOps engineer skill for application security, vulnerability management, compliance verification, and secure development practices. Runs SAST/DAST scans, generates CVE remediation plans, checks dependency vulnerabilities, creates security policies, enforces secure coding patterns, and automates compliance checks against SOC2, PCI-DSS, HIPAA, and GDPR. Use when conducting a security review or audit, responding to a CVE or security incident, hardening infrastructure, implementing authentication or secrets management, running penetration test prep, checking OWASP Top 10 exposure, or enforcing security controls in CI/CD pipelines.
  27. Eu AI Act Specialist — EU AI Act (Regulation (EU) 2024/1689) operational compliance for compliance teams. Three Article-level decisions: (1) What's the risk tier of this AI system — prohibited (Art. 5), high-risk (Art. 6 + Annex III), limited-risk (Art. 50), or minimal-risk? (2) For high-risk systems, what's the Article 43 conformity assessment route (Module A internal control vs Module H full QMS + notified body) and what goes in the Annex IV technical documentation? (3) Per organizational role (provider / deployer / importer / distributor / authorized representative), what are the active obligations and deadlines? Use during AI system intake review, when planning conformity assessment, or when scoping deployer obligations. Cites Articles + Annexes for every output. NOT executive AI strategy (see chief-ai-officer-advisor). NOT a legal substitute.
  28. Eu AI Act Specialist — EU AI Act (Regulation (EU) 2024/1689) operational compliance for compliance teams. Three Article-level decisions: (1) What's the risk tier of this AI system — prohibited (Art. 5), high-risk (Art. 6 + Annex III), limited-risk (Art. 50), or minimal-risk? (2) For high-risk systems, what's the Article 43 conformity assessment route (Module A internal control vs Module H full QMS + notified body) and what goes in the Annex IV technical documentation? (3) Per organizational role (provider / deployer / importer / distributor / authorized representative), what are the active obligations and deadlines? Use during AI system intake review, when planning conformity assessment, or when scoping deployer obligations. Cites Articles + Annexes for every output. NOT executive AI strategy (see chief-ai-officer-advisor). NOT a legal substitute.
  29. Gdpr Dsgvo Expert — GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests with Art. 12(3) one-month deadlines. Use when running GDPR compliance assessments, privacy audits, data protection planning, DPIA generation, or data subject rights (DSAR) management (e.g., 'check this service for GDPR risks', 'track an access request deadline'). Final compliance determinations route to the DPO or legal counsel.
  30. Checkov Security Scanner — This skill provides expert guidance for using Checkov to scan infrastructure-as-code for security misconfigurations and compliance violations, aiding developers.
  31. API Endpoint Generator — This skill generates production-ready REST API endpoints with validation, authentication, error handling, and documentation, assisting backend developers.
  32. API Endpoint Generator — This skill generates production-ready REST API endpoints with validation, authentication, error handling, and documentation, assisting backend developers.
  33. Accessibility Audit Tool — This skill scans, fixes, and verifies WCAG 2.2 Level A/AA compliance in web codebases, aiding developers and compliance teams.
  34. Expense Report Generator — This skill organizes and summarizes business expenses from receipts, CSVs, or manual entries, creating reports for reimbursement or tax preparation.
  35. HIPAA Compliance Implementation — This skill helps developers implement HIPAA compliance in healthcare applications, covering PHI handling, encryption, audit logging, and access controls.
  36. API Fuzzing Tool — Automatically test APIs by generating test cases from OpenAPI/GraphQL schemas, helping developers find bugs and validate API contracts.
  37. SOC2 Compliance Assistant — Helps SaaS companies achieve SOC 2 Type II compliance by implementing controls and preparing for audits to meet enterprise requirements.
  38. API Testing Tool — Test REST and GraphQL APIs with structured assertions and reporting, helping developers validate endpoints and debug API calls.
  39. Xquik Twitter — Use when the user needs X (Twitter) data through Xquik: tweet search, user lookup, follower export, media download, monitoring, webhooks, MCP, SDK setup, or confirmation-gated publishing workflows. Read-only by default, API-key only, no X login material, and every write, private read, monitor, webhook, or metered bulk job requires explicit approval.
  40. Modern Angular Architect — This skill assists developers in building and modernizing Angular applications (v20+) using Signals, Standalone Components, and reactive patterns.
  41. Interactive 3D Web — This skill empowers developers to build interactive 3D web experiences using Three.js, React, and related technologies.
  42. AI Safety Guardrails — Implement safety guardrails for AI systems, including content filtering and prompt injection detection, to ensure responsible AI practices.
  43. Systematic Debugging — Use when encountering any bug, test failure, or unexpected behavior, before proposing fixes
  44. Cognito Authentication Skill — This skill automates Amazon Cognito authentication implementation, assisting developers with user pools, identity pools, and JWT token management.
  45. Capacity Planner — Use when an ops leader (Director of CX, Head of Support, VP Ops, Head of BizOps, Head of IT ops, Head of Finance ops) is sizing ops capacity, building a headcount plan, modeling utilization risk, planning Q3 capacity or annual support capacity, or designing CS coverage — and needs Erlang-C queueing math, P90 demand sizing, shrinkage-adjusted FTE, manager-trigger thresholds, and a quarterly hiring sequence with ramp + attrition. Apply when sustained team utilization is above 80% or when the team is growing >50% in 12 months. Run before committing the headcount budget. This is NOT engineering capacity (see vpe-advisor for DORA + cycle time) and NOT strategic 3-year workforce planning (see chro-advisor).
  46. AI Presentation Generator — This skill generates complete presentations, from outlines to polished slides, assisting users in creating impactful visual content.
  47. PowerPoint Presentation Manager — This skill enables users to generate, edit, and read PowerPoint presentations, streamlining presentation workflows for improved productivity.
  48. Audio Waveform Generator — Generates waveform visualizations from audio files, assisting users in creating audio player interfaces and podcast episode previews.
  49. Bookkeeping Workflow Automation — Automates bookkeeping tasks like parsing statements, categorizing transactions, reconciling accounts, and generating reports, benefiting accountants and business owners.
  50. ACR Management Tool — Enables developers and DevOps engineers to manage container images and repositories within Azure Container Registry using the Python SDK.
  51. Market Opportunity Evaluator — Assess market opportunities using a 10-factor framework, helping entrepreneurs and product managers make informed go/no-go decisions.
  52. AI Presentation Generator — This skill generates complete presentations, from outlines to polished slides, assisting users in creating compelling visual content.
  53. AI Security Assessor — Assess AI/ML systems for vulnerabilities like prompt injection, model inversion, and data poisoning, aiding security engineers and AI developers.
  54. Azure OpenAI Service — This skill provides access to OpenAI models on Azure, offering enterprise compliance and Azure-native authentication for developers and organizations.
  55. Chief Customer Officer Advisor — Chief Customer Officer advisory for startups: retention decomposition (gross retention vs NRR honesty, churn root-cause taxonomy), customer segmentation strategy (differential investment across tiers + ICP fit scoring), CS team coverage model (pooled vs named CSM thresholds + ratio math), and CS team org evolution (CS vs Support vs AM distinctions). Use when designing retention strategy, segmenting customers for differential investment, sizing CS team, or sequencing CS hires. Strategic only — does not duplicate engineering/business-growth tactical skills.