Use when configuring OAuth or social login providers in a Bknd application. Covers Google OAuth, GitHub OAuth, custom OAuth providers, callback URLs, environment variables, and…
Use when implementing password reset or change functionality in a Bknd application. Covers server-side password changes, building forgot-password flows with email tokens, and…
Use when preparing a Bknd application for production deployment. Covers security hardening, environment configuration, isProduction flag, JWT settings, Guard enablement, CORS,…
Use when implementing row-level security (RLS) in Bknd. Covers filter policies, user ownership patterns, public/private records, entity-specific RLS, multi-tenant isolation, and…
Go-based security techniques from "Black Hat Go" extended with macOS, Cloud, Mobile, IoT, Supply Chain, API, Web3, AI/ML, Red Team, ATT&CK, and LLM chapters.
Put an inline firewall and containment layer in front of agent network traffic, tool calls, and MCP traffic before you trust an agent with local secrets.
Scan staged changes, commits, or repositories for secrets before they leave the workstation or CI job, instead of relying on a later platform-side catch.
Master blockchain fundamentals including consensus, cryptography, and distributed systems
Use when building DeFi protocols, implementing AMMs, yield farming strategies, or integrating with Ethereum/L2s - covers smart contract patterns, liquidity pools, and security…
Expert blockchain forensics assistant for investigators and auditors. Covers the full investigation methodology: threat recognition, incident scoping, data collection, transaction…
Expert smart contract security auditor specializing in vulnerability detection, formal verification, exploit analysis, and comprehensive audit report writing for DeFi protocols…
Solidity smart contracts, Web3 development, DeFi protocols, NFTs, EVM chains, Hardhat/Foundry tooling, and blockchain security.
Shared reference for the blockchain-web3 cluster: the adversarial on-chain threat model (immutable, anyone-can-call, MEV), checks-effects-interactions, oracle-manipulation…
Route a blockchain/web3 task to the right specialist among six — Solidity AMM security, autonomous trading-agent security, EVM token-decimal correctness, Node Keccak-256 hashing,…
Blockscout MCP tool reference for on-chain data queries. Covers all 16 tools: address info, transactions, token transfers, NFTs, contract ABI/source, read-only calls, ENS…
Defensive response to red team security findings — analyze each vulnerability, propose a targeted fix, and add a test that covers the fix.
Security OS for autonomous agents and builders on Base. 31 pay-per-use tools across Quantum Security, Agent Safety, Research, Data, and Earn.
Unified story creation and enrichment engine (story-spec v2). Produces implementation-ready stories with real-data confrontation (provider/DB/cloud), external research…
Assesses Non-Functional Requirements (security, performance, reliability, maintainability, observability) with evidence-based codebase analysis.
Orchestriert den kompletten BMAD-Entwicklungszyklus als automatische Pipeline: bmad-create-story → bmad-testarch-atdd → bmad-dev-story → bmad-testarch-test-review →…
Assess NFRs like performance security and reliability. Use when the user says "lets assess NFRs" or "I want to evaluate non-functional requirements
Use when hunting Broken Object Level Authorization (BOLA) or Insecure Direct Object Reference (IDOR) vulnerabilities in APIs or web applications.
記帳系統。解析自然語言記帳指令,寫入 SQLite 資料庫並同步 Beancount 帳本。Use when user wants to record expenses, check spending, query transaction history, or manage accounts.
BorgBackup (Borg) is a deduplicating backup program with optional compression and authenticated encryption.
Use this for securing AI-agent workspaces themselves, including instruction files, MCP setups, memory, external content, prompt-injection surfaces, and least-privilege…
Use this for cybersecurity review, privacy, abuse-case analysis, auth and authorization concerns, trust boundaries, fraud risk, and operational risk evaluation.
Use this for SQL and NoSQL database design across MariaDB, MySQL, PostgreSQL, SQLite, MongoDB, indexing, transactions, migrations, constraints, query plans, and data correctness.
Use this for prompt injection, tool abuse, memory poisoning, untrusted document handling, agent permissions, and AI workspace security.
Use this for multi-tenant data isolation, organization scoping, cross-tenant leaks, authorization boundaries, row-level access, and SaaS tenant security review.
Autonomously inspects a live OpenClaw instance across 5 health domains (hardware, config, security, skills, autonomy) and delivers a quantified traffic-light report with…
Add better-route 0.5.0 ownership checks for user-owned REST resources. Use when a route or Resource DSL endpoint must ensure the authenticated user owns the order, record, token,…
Static analysis security vulnerability scanner for Ruby on Rails applications. Use when analyzing Rails code for security issues, running security audits, reviewing code for…
Premium brand-kit image generation skill for creating high-end brand-guidelines boards, logo systems, identity decks, and visual-world presentations.
Comprehensive Brazilian financial regulatory compliance guide. Use when implementing LGPD data protection, BCB regulations, PIX/Boleto standards, or financial security patterns…
Red team engineering agent. Designs attack scenarios, builds threat models, applies MITRE ATT&CK/OWASP frameworks, runs Purple Team exercises, and performs AI/LLM red teaming.
Implements technical breach detection capabilities including SIEM integration, DLP alert configuration, anomaly detection rules, and insider threat monitoring.
Conducts digital forensics investigations following a personal data breach, covering evidence preservation, chain of custody documentation, log analysis, scope determination, and…
Summarizes cybersecurity breach incidents into structured legal and compliance records. Trigger when synthesizing incident reports, forensics, logs, or notifications into a…
PFLICHT vor jeder externen Aktion. Wird automatisch geladen wenn ein Agent mit externen Services interagiert, Browser-Aktionen durchfuehrt, Accounts verwaltet, APIs aufruft,…
Daily news briefing generator — produces a conversational radio-host-style audio briefing + DOCX document covering weather, X/Twitter trends, web trends, world news, politics,…
Bright Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with Bright Security data.
Apply Bright Data security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing Bright Data security…
Identify and exploit authentication and session management vulnerabilities in web applications. Broken authentication consistently ranks in the OWASP Top 10 and can lead to…
Store credentials once, then inject them into outbound agent requests at runtime so agents can call services without receiving raw secrets.
Alpaca broker limitations: crypto shorts blocked (broker doesn't support), stock shorts allowed. Trigger when: (1) shorting gate blocks wrong assets, (2) SELL signals blocked, (3)…
Index local coding-agent sessions into a searchable SQLite-backed view so you can inspect usage, compare failures, and recover prior context quickly.
Browser extension development with security and cross-browser support. Use when: - Building Chrome, Firefox, or Safari extensions - Requesting permissions in manifest -…
Analyze web browser artifacts for forensic investigation. Use when investigating user browsing activity, downloaded files, cached content, or web-based attacks.
Real-time Bitcoin trading intelligence API providing market data, AI trade signals, derivatives flow, liquidation heatmaps, live crypto news, economic calendar, historical OHLCV,…
Comprehensive bug audit for Node.js web projects. Activate when user asks to audit, review, check bugs, find vulnerabilities, or do security/quality review on a project.
Bug bounty program management and security disclosure expertise for smart contracts. Covers program setup on Immunefi, vulnerability triage, responsible disclosure coordination,…
Target-agnostic bug bounty hunting methodology with parallel recon, systematic testing workflows, and vulnerability-specific exploitation guidance
Activates for any bug bounty, penetration testing, or vulnerability research request. Triggers on: "start recon on [target]", "check for IDOR/SSRF/XSS on [endpoint]", "map attack…
Use Arcade MCP to create custom MCP servers and tools with OAuth-aware authorization, evals, and deployment paths for agent tool-calling workflows.
Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library
Builds an automated malware submission and analysis pipeline that collects suspicious files from endpoints and
Build effective detection rules using Splunk Search Processing Language (SPL) correlation searches to identify
Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms
Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning,
Builds real-time incident response dashboards in Splunk, Elastic, or Grafana to provide SOC analysts and leadership