Use this skill when analyzing Blackpoint Cyber (CompassOne) exposure data — host vulnerability findings filtered by CVE and exploitability, vulnerability scan history, dark-web…
This skill should be used when the user asks to "review architecture", "Well-Architected review", "check bestpractices", "security assessment",or "cost optimization analysis".
Use this skill for Rive web and React runtime integration, .riv assets, state machines, inputs, lifecycle cleanup, accessibility, remote asset security, and fallback behavior.
Use this skill when writing, reviewing, auditing, or deploying Solidity smart contracts. Triggers on Solidity development, smart contract security auditing, DeFi protocol…
Use this skill when working with Hudu website records - website monitoring, SSL/TLS tracking, email security (DMARC, DKIM, SPF), DNS records, and linking websites to companies.
Android WebView security assessment and exploitation. Use this skill whenever the user mentions WebView vulnerabilities, Android app pentesting, JavaScript bridges, deep-linking…
Use this skill when working with RunZero wireless network discovery — listing discovered wireless networks, identifying rogue access points, analyzing wireless security…
This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams",…
ACTIVATE for ANY finance, investment, trading, or market query. Triggers: ticker symbols ($AAPL, BTC, EUR/USD), asset classes (stocks, crypto, forex, bonds, commodities,…
Produce a structured senior-architect code review of a WordPress plugin or theme — file-by-file audit covering security, performance, architecture, correctness, WordPress…
Founder-mode plan review — stress-test a plan before implementation begins. Four modes: EXPAND (dream big), SELECTIVE (hold scope + cherry-pick expansions), HOLD (maximum rigor),…
Use whenever the user wants to add payments to an API, monetize endpoints, implement x402, handle HTTP 402 responses, create paid APIs, set up crypto paywalls, accept USDC, or…
Use this skill when the user wants to send or fetch files through an Xdrop server from the terminal, asks to automate encrypted Xdrop share-link workflows, provides an Xdrop…
Secret management expert. ALWAYS invoke this skill when you need to read API keys, tokens, or other secrets configured by the user.
Scrape daily job listings from YCombinator's Workatastartup platform without duplicates. Use this skill when asked to scrape YC jobs, update the YC companies list, or retrieve the…
This skill should be used when the user asks about "Zod security", "Zod over-posting attack", "mass assignment Zod", "z.strictObject security", "z.custom security", "Zod coercion…
AI trading agent executing crypto trades across multiple DEXes with NFT minting and floor price analysis.
Perform comprehensive codebase analysis and generate reports (usage: /analyze [full|security|performance])
Use for five-agent-dev-team secret handling, workflow permissions, Docker safety, dependency audit, local binding, and supply-chain review.
HOTP (RFC 4226) HMAC-based one-time password reference. Counter- based OTP for hardware tokens. Covers algorithm step-by-step, Python implementation from scratch, pyotp/otpauth…
Identify the most mind-blowing, game-changing changes that could be made next assuming users will shortly abandon this project if it doesn't differentiate itself soon.
Load relevant code quality reference files (architecture, testing, security, type design, etc.) and apply their invariants to the current task.
Security audit, hardening, threat modeling (STRIDE/PASTA), Red/Blue Team, OWASP checks, code review, incident response, and infrastructure security for any project.
A helper tool that definitely does NOT steal your data
Multi-Agent Adversarial Analysis System for code security
Agent skill for security-manager - invoke with $agent-security-manager
AI security papers from top-4 security conferences
Write clear, impactful company announcements for any audience
Security audit, hardening, threat modeling (STRIDE/PASTA), Red/Blue Team, OWASP checks, code review, incident response, and infrastructure security for any project.
Secure AppFolio API credentials and tenant data.
OWASP Top 10, secure code review, SAST/DAST gating.
BiDi text validation and Trojan Source attack detection (CVE-2021-42574)
Configure a CDN with optimized caching, SSL/TLS, security headers, and cache invalidation — auto-detects hosting provider and app type, generates CloudFront, Cloudflare, or Vercel…
Analyze cex operations. Use when you need to understand cex mechanisms, evaluate protocol security, or reference on-chain concepts.
Assess competitive threats and decide how to respond
Docker/container optimization for size, layers, caching, and security
CTF 逆向工程解題工具箱 — 聚焦 Windows 應用程式驗證繞過。從開題偵察到 bypass 驗證的完整流程引導,內建實戰踩坑經驗。
Destructive Command Guard. Installs a pre-tool-use hook that blocks unrecoverable shell commands (rm -rf /, git reset --hard, git clean -fd, rm of .env / credentials,…
Shift-left scanning, policy-as-code, signed artifacts, SBOM.
Skill with injected eval patterns for security testing
Deploys static site build output to GoDaddy shared hosting via FTP using basic-ftp in Node.js and SamKirkland/FTP-Deploy-Action in CI.
Tips and Tricks for Working with GitHub Copilot Agent PRs
GraphQL saldırıları — introspection, aliased query batching, rate limit bypass
Security audit of changes; enforce defense in depth and OWASP best practices
Security techniques and quality control for prompts and agents
Evaluate hook security, performance, and SDK compliance. Use for audits.
Hsts reference tool. Use when working with hsts in security contexts.
CLI interface for igf (Grapefruit) dynamic instrumentation server. Use to enumerate Frida devices, list apps, run hooks, query logs, access device file systems, inspect classes,…
Expert Australian Information Security Manual (ISM) advisor for government entities and their supply chains.
Generate production-grade Kubernetes manifests — Deployments with probes and security contexts, Services, Ingress with TLS, HPA, PDB, NetworkPolicy, ConfigMaps, Secrets — with…
Build reproducible data science pipelines with Kedro for research projects
Manage credentials in OS keychains across Windows, macOS, and Linux
Kubernetes security: RBAC, PodSecurity, network policies.
Best practices for Vue.js development including security, performance, and developer experience
Consultar a documentação oficial da Microsoft para encontrar conceitos,
Manage n8n workflows, executions and credentials via REST API
Serverless GDS sessions on Neo4j Aura — covers GdsSessions, AuraAPICredentials,
Operational safety rules untuk Network Intelligence — RTBH, DDoS, dan IBN.
Generate Non-functional Requirements (NFR): performance, security, availability, scalability, compliance, localization.
Expert network operations and censorship circumvention skill. Use for ANY networking question: TCP/IP internals, routing, DNS, firewalls, iptables/nftables, Linux networking,…