Env Secret Detector - Auto-activating skill for Security Fundamentals. Triggers on: env secret detector, env secret detector Part of the Security Fundamentals skill category.
Score 70/100
Complete environment and secrets management lifecycle. Covers .env file scaffolding, validation scripts, secret leak detection in git history, credential rotation playbooks, and…
Score 70/100
Environment variables, setup procedures, API configurations, and security for the omer-akben portfolio.
Score 70/100
Audit environmental software for EPA reporting (CEDRI, NetDMR, RCRAInfo), Clean Air Act (Title V, NESHAP, CEMS, TRI), Clean Water Act (NPDES, SWPPP, SPCC), RCRA hazardous waste…
Score 70/100
Discipline epistemique stricte pour eliminer les derives cognitives de Claude. Activation SYSTEMATIQUE sur TOUTES les conversations.
Score 70/100
22 production-ready AI agents with database-driven orchestration for security reviews, code quality analysis, deployment validation, infrastructure checks, and compliance.
Score 70/100
Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring
Score 70/100
Language-specific vulnerability hotspot reference for manual code audit. Trigger when the user asks to: "what sinks should I look for in Java?", "Python security hotspots",…
Score 70/100
Deserialization vulnerability audit skill with gadget chain knowledge for all major languages. Trigger when the user asks to: "audit deserialization", "check for insecure…
Score 70/100
Security-focused pull request and diff review skill for finding newly introduced vulnerabilities, risky regressions, and missing security tests in changed code.
Score 70/100
Security remediation skill for fixing confirmed or likely SAST findings in source code. Trigger when the user asks to: "fix a vulnerability", "patch this security bug", "remediate…
Score 70/100
General-purpose Static Application Security Testing (SAST) skill for code vulnerability analysis. Trigger when the user asks to: "analyze code for vulnerabilities", "review code…
Score 70/100
Serialization and deserialization security review skill for object mappers, parser pipelines, message formats, and state transfer mechanisms.
Score 70/100
Threat modeling skill for new features, services, endpoints, or repositories. Trigger when the user asks to: "threat model this", "analyze attack surface", "find abuse cases",…
Score 70/100
GHSA/CVE variant analysis workflow for finding similar vulnerability patterns across a codebase. Trigger when the user asks to: "find variants of this CVE", "GHSA variant…
Score 70/100
Essential 8 expert for Australian cyber security. Deep knowledge of ACSC Essential Eight mitigation strategies including 8 strategies, 3 maturity levels, implementation guidance,…
Score 70/100
Use when decisions could affect groups differently and need to anticipate harms/benefits, assess fairness and safety concerns, identify vulnerable populations, propose risk…
Score 70/100
EU NIS2 Directive (Directive (EU) 2022/2555) expert. Reference-depth knowledge of essential vs important entity classification, Article 20 governance, the Article 21 ten…
Score 70/100
Evaluates and selects Threat Intelligence Platform (TIP) products based on organizational requirements including
Score 70/100
Use when completed work needs evaluation coverage audited across correctness, security, performance, and quality dimensions
Score 70/100
Shield Event Monitoring: event log types, downloading logs via REST API and SOQL, real-time event monitoring with streaming API, and threat detection policies.
Score 70/100
Implement security best practices for Evernote integrations. Use when securing API credentials, implementing OAuth securely, or hardening Evernote integrations.
Score 70/100
Threat-model a feature described as a user story. Generates evil user stories (AS/I/SO format) mapped to MITRE CWE weaknesses, each paired with a concrete security control.
Score 70/100
Deep EVM bytecode analysis and decompilation capabilities for smart contract security, gas optimization, and reverse engineering.
Score 70/100
Secure Exa API keys, implement content moderation, and manage domain restrictions. Use when securing API keys, auditing Exa security configuration, or implementing content safety…
Score 70/100
Apply Exa security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing Exa security configuration.
Score 70/100
Excalidraw is an open-source virtual whiteboard for creating hand-drawn style diagrams, wireframes, and sketches.
Score 70/100
Executes authorized attack simulations against Active Directory environments to identify misconfigurations,
Score 70/100
Execute a comprehensive AI-driven development workflow with planning, implementation, multi-layer review (Sub-agents + /review + CodeRabbit CLI), automated fixes, and PR creation.
Score 70/100
Executes authorized phishing simulation campaigns to assess an organization''s susceptibility to email-based
Score 70/100
Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE),
Score 70/100
Executes comprehensive red team exercises that simulate real-world adversary operations against an organization''s
Score 70/100
Use when designing or configuring public pages on an Experience Cloud site — guest user profile setup, page-level access settings in Experience Builder, object/field visibility…
Score 70/100
Use when configuring access controls, sharing, or site security for authenticated or guest Experience Cloud (community) users: external OWD, Sharing Sets, Share Groups, CSP,…
Score 70/100
Selects the most relevant experiences, projects, awards, and credentials from the master context based on JD keywords.
Score 70/100
Dispatches `forge-expert` subagents in parallel — one per chosen domain — to produce focused analyses of a feature against the codebase before a plan is drafted.
Score 70/100
Systematic methodology for developing reliable exploits from vulnerability discovery to weaponization
Score 70/100
Develop working exploits using pwntools. Includes exploit template and common patterns.
Score 70/100
Exploit researcher persona specializing in attack surface analysis, exploit scenario generation, and vulnerability chaining
Score 70/100
Comprehensive knowledge about vulnerability exploitation and initial access. Provides expertise on finding and adapting exploits, adapting proof-of-concepts, gaining shells, and…
Score 70/100
Exploit misconfigured Active Directory Certificate Services (AD CS) ESC1 vulnerability to request certificates
Score 70/100
BloodHound is a graph-based Active Directory reconnaissance tool that uses graph theory to reveal hidden and
Score 70/100
Tests APIs for injection vulnerabilities including SQL injection, NoSQL injection, OS command injection, LDAP
Score 70/100
Analyzes and simulates BGP hijacking scenarios in authorized lab environments to assess route origin validation,
Score 70/100
Tests APIs for Broken Function Level Authorization (BFLA) vulnerabilities where regular users can invoke administrative
Score 70/100
Discover and exploit broken link hijacking vulnerabilities by identifying references to expired domains, decommissioned
Score 70/100
Exploit Kerberos Constrained Delegation misconfigurations in Active Directory to impersonate privileged users
Score 70/100
Tests and exploits deep link (URL scheme and App Link) vulnerabilities in Android and iOS mobile applications
Score 70/100
Tests APIs for excessive data exposure where endpoints return more data than the client application needs, relying
Score 70/100
Detecting and exploiting HTTP request smuggling vulnerabilities caused by Content-Length and Transfer-Encoding
Score 70/100
Identifying and exploiting Insecure Direct Object Reference vulnerabilities to access unauthorized resources
Score 70/100
Identifies and exploits insecure local data storage vulnerabilities in Android and iOS mobile applications including
Score 70/100
Identifying and exploiting insecure deserialization vulnerabilities in Java, PHP, Python, and .NET applications
Score 70/100
Identifies and exploits IPv6-specific vulnerabilities including SLAAC spoofing, Router Advertisement flooding,
Score 70/100
Exploits JWT algorithm confusion vulnerabilities where the server''s token verification library accepts the
Score 70/100
Perform Kerberoasting attacks using Impacket's GetUserSPNs to extract and crack Kerberos TGS tickets for Active
Score 70/100
Discover and exploit mass assignment vulnerabilities in REST APIs to escalate privileges, modify restricted fields,
Score 70/100
MS17-010 (EternalBlue) is a critical vulnerability in Microsoft's SMBv1 implementation that allows remote code
Score 70/100
Exploit the noPac vulnerability chain (CVE-2021-42278 sAMAccountName spoofing and CVE-2021-42287 KDC PAC confusion)
Score 70/100
Detect and exploit NoSQL injection vulnerabilities in MongoDB, CouchDB, and other NoSQL databases to demonstrate
Score 70/100