OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its
Build structured communication templates for malware incidents including stakeholder notifications, executive
Expert at integrating Model Context Protocol (MCP) servers into Claude Code plugins. Auto-invokes when the user wants to add external tool integrations, configure MCP servers, set…
Establish a structured operational process to triage, test, and deploy Microsoft Patch Tuesday security updates
Implement a phishing report button in email clients with automated triage workflow that analyzes user-reported
Builds a structured ransomware incident response playbook aligned with the CISA StopRansomware Guide and NIST
Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents for
Build a structured SOC escalation matrix defining severity tiers, response SLAs, escalation paths, and notification
Builds SOC performance metrics and KPI tracking dashboards measuring Mean Time to Detect (MTTD), Mean Time to
Builds a structured SOC incident response playbook for ransomware attacks covering detection, containment, eradication,
Expert for building user stories using Test-Driven Development (TDD) with NestJS and @lenne.tech/nest-server.
Build comprehensive threat actor profiles using open-source intelligence (OSINT) techniques to document adversary
Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence
Build a systematic threat hunt hypothesis framework that transforms threat intelligence, attack patterns, and
Build automated threat intelligence enrichment pipelines in Splunk Enterprise Security using lookup tables, modular
Builds automated threat intelligence feed integration pipelines connecting STIX/TAXII feeds, open-source threat
Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified
Implement a vulnerability aging dashboard and SLA tracking system to measure remediation performance against
Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication,
Build a vulnerability exception and risk acceptance tracking system with approval workflows, compensating controls
Builds a structured vulnerability scanning workflow using tools like Nessus, Qualys, and OpenVAS to discover,
Use when implementing Kubernetes security patterns including RBAC, NetworkPolicies, Pod Security Standards, secrets management, image scanning with Trivy, Cosign signing, and Dapr…
Use when designing or hardening external-to-Salesforce integrations that orchestrate Bulk API 2.0 ingest or query jobs: OAuth-backed job lifecycle, mandatory UploadComplete,…
Patrones de colas de tareas asíncronas con Bull/BullMQ en NestJS para producción. Usar PROACTIVAMENTE cuando se trabaje con jobs programados, recordatorios, notificaciones…
Update Endstone to support a new Bedrock Dedicated Server (BDS) version - regenerate the symbol offset tables and port src/bedrock to the new ABI.
Use when integrating Drizzle ORM with Bun's SQLite driver for type-safe schema definitions and migrations.
Comprehensive Bun runtime expertise covering all major features. Use when working with Bun projects, migrating from Node.js, or leveraging Bun-specific APIs.
Use for bun:sqlite, SQLite operations, prepared statements, transactions, and queries.
Detects API keys, private keys, and credentials accidentally included in npm/pip packages via missing .npmignore or .pypiignore.
Integrate Bunny.net services (CDN, Storage, Stream, DNS, Edge Scripting, Shield, Magic Containers, Optimizer, Database).
Burp Suite integration. Manage data, records, and automate workflows. Use when the user wants to interact with Burp Suite data.
Execute comprehensive web application security testing using Burp Suite's integrated toolset, including HTTP traffic interception and modification, request analysis and replay,…
Entry P1 category router for business logic testing. Use when workflow abuse, race conditions, pricing flaws, or multi-step state attacks matter more than parser-level input…
Fact-check scientifique BYAN (Demonstrable, Quantifiable, Reproductible). Invoquer quand un claim technique est fait, quand l'utilisateur utilise des absolus…
Professional Crypto Trading on Bybit - Automated spot, futures, and options trading with advanced order types, risk management, and portfolio analytics.
Drafts a Bring Your Own Device (BYOD) policy for U.S. employers governing personal device access to company systems.
Performs comprehensive C/C++ security review for memory corruption, integer overflows, race conditions, and platform-specific vulnerabilities.
Drafts a U.S. C-TPAT Security Profile for CBP submission covering physical, personnel, procedural, conveyance, and IT security domains.
C2框架免杀方法论:分析 C2 源码、搜索检测规则(YARA/Sigma/Snort)、逐规则分析、修改源码绕过检测。当遇到 YARA/Sigma/Snort 规则触发告警、beacon/implant 被杀软检测到时使用。第一步:确认 implant/beacon 语言和架构;第二步:搜索对应检测规则并逐规则分析修改
Caddy is a fast, extensible web server written in Go that provides automatic HTTPS via Let's Encrypt and ZeroSSL.
Deploy Caddy (no Docker) on a remote Linux host to expose a local HTTP backend as trusted HTTPS, prioritizing first-party domain + Let's Encrypt (HTTP-01), with DuckDNS DNS-01…
Scans Cairo/StarkNet smart contracts for 6 critical vulnerabilities including felt252 arithmetic overflow, L1-L2 messaging issues, address conversion problems, and signature…
Use when determining the amount of alimony under Polish KRO — calculating justified needs of the entitled person vs. earning/property capacity of the obligor (art.
Calculate cryptocurrency tax obligations with cost basis tracking, capital gains computation, and Form 8949 generation.
Structures NAV calculation with security pricing, accruals, expense allocation, and reconciliation. Use when calculating fund NAV, pricing portfolios, or reconciling NAV…
Use when designing or troubleshooting Apex callouts that approach governor limits: choosing between synchronous callouts, @future, Queueable, Continuation, or async chaining…
Use when building, reviewing, or debugging outbound Apex HTTP callouts, Named Credentials, request/response handling, timeout behavior, or mock-based tests.
Capture frames or clips from RTSP/ONVIF cameras. Grabs snapshots, video clips, and motion events from IP cameras, security cameras, and video streams.
IC-specific security patterns for canister development in Motoko and Rust. Covers access control, anonymous principal rejection, reentrancy prevention (CallerGuard pattern), async…
Standards compliance assessment and gap analysis agent. Evaluates codebases against OWASP/WCAG/OpenAPI/ISO 25010 and other standards, detects violations, and provides actionable…
Set up Canva Connect API OAuth 2.0 PKCE authentication and project scaffolding. Use when creating a new Canva integration, setting up OAuth credentials, or initializing a Canva…
Configure Canva Connect API across development, staging, and production environments. Use when setting up multi-environment deployments, managing OAuth credentials per…
Apply Canva Connect API security best practices for OAuth tokens and access control. Use when securing OAuth credentials, implementing least-privilege scopes, or auditing Canva…
Develops Canvas code execution features with Pyodide/iframe sandboxing. Use when working on Python/JS execution, package management, or sandbox security.
vibe-editor の Canvas モード (@xyflow/react) に新しいカード種 (CardType) や hand-off エッジを追加するときに使う skill。`src/renderer/src/stores/canvas.ts` の `CardType` ユニオン拡張、`CardData` 設計、zustand persist…
Detect installed security binaries (nuclei, snort, yara, semgrep, syft, grype, trivy, cosign, gh, package managers) and repo signals (manifests, Dockerfiles, IaC, CI configs);…
Guides the agent through general Capacitor app development topics. Covers core concepts (native bridge, plugins, web layer), Capacitor CLI usage, app configuration…
A comprehensive starting point for AI agents to work with Capacitor. Covers core concepts, CLI, app creation, plugins, framework integration, best practices, storage, security,…
Review a pull request as an independent reviewer. Shows findings privately before posting to GitHub. Checks code quality, conventions, security, accessibility practices, and PR…
Watch live Linux and container activity through eBPF so you can triage suspicious runtime behavior before it disappears into guesswork.