Orchestrates OWASP ZAP active and passive scans via the ZAP API, automating spider crawls, AJAX spidering with Selenium, and generating SARIF-format vulnerability reports.
Score 70/100
Integrates the OWASP ZAP API to run automated DAST scans against web applications. Parses ZAP JSON reports, triages alerts by CVSS severity, and generates remediation tickets via…
Score 70/100
Deep integration with OWASP ZAP for automated security scanning, vulnerability detection, and API security testing.
Score 70/100
Wraps OWASP ZAP API for automated web application security testing including active scan, spider crawl, and ajax spider endpoints.
Score 70/100
Automates OWASP ZAP active and passive scanning against web applications, parsing alerts into structured vulnerability reports.
Score 70/100
Search for packages and assess security risk before adding as dependencies
Score 70/100
Scans npm, PyPI, and Go module dependencies for known vulnerabilities using the OSV.dev API and GitHub Advisory Database. Generates SBOM reports in CycloneDX format.
Score 70/100
Expert skill for packet capture and analysis using libpcap/Wireshark. Execute tcpdump/tshark commands, write BPF filter expressions, analyze pcap files, decode protocol layers,…
Score 70/100
AI-assisted pair programming with multiple modes (driver/navigator/switch), real-time verification, quality monitoring, and comprehensive testing.
Score 70/100
Install and configure Palantir Foundry SDK authentication with OAuth2 or token auth. Use when setting up a new Foundry integration, configuring API credentials, or initializing…
Score 70/100
Configure Palantir Foundry across development, staging, and production environments. Use when setting up multi-environment Foundry deployments, managing per-environment…
Score 70/100
Apply Palantir Foundry security best practices for credentials, scopes, and access control. Use when securing API tokens, implementing least privilege access, or auditing Foundry…
Score 70/100
Activate threat-vigilant coding stance. Research-backed emotional mode from claude-temper.
Score 70/100
How to use @parshjs/files for typed JSON file storage in a parsh CLI. Use when adding persistent config or state to a CLI (credentials, user prefs, cached state) — anything…
Score 70/100
Password Strength Analyzer - Auto-activating skill for Security Fundamentals. Triggers on: password strength analyzer, password strength analyzer Part of the Security Fundamentals…
Score 70/100
Path Traversal Finder - Auto-activating skill for Security Fundamentals. Triggers on: path traversal finder, path traversal finder Part of the Security Fundamentals skill category.
Score 70/100
Detect patterns, anomalies, and trends in code and data. Use when identifying code smells, finding security vulnerabilities, or discovering recurring patterns.
Score 70/100
Use when working with Payload CMS projects (payload.config.ts, collections, fields, hooks, access control, Payload API).
Score 70/100
Canadian PBMM (Protected B, Medium Integrity, Medium Availability) expert. Provides comprehensive guidance on ITSG-33 controls, CCCS assessment, Canadian data residency, and…
Score 70/100
Process PDF files — read, merge, split, fill forms, watermark, encrypt, extract images, and OCR scanned documents.
Score 70/100
pdfcpu is a Go-based PDF processing library and CLI tool that handles validation, optimization, merging, splitting, watermarking, encryption, and form filling.
Score 70/100
Skill for using the command-line tool pdftk (PDFtk Server) for working with PDF files. Use when asked to merge PDFs, split PDFs, rotate pages, encrypt or decrypt PDFs, fill PDF…
Score 70/100
Static-analysis penetration test that hunts for exploitable vulnerabilities with proof-of-concept payloads and fix code.
Score 70/100
Guide méthodologique pour tests d'intrusion et évaluation de sécurité. À utiliser pour préparer ou conduire un pentest.
Score 70/100
Provide a comprehensive checklist for planning, executing, and following up on penetration tests. Ensure thorough preparation, proper scoping, and effective remediation of…
Score 70/100
Provide a comprehensive command reference for penetration testing tools including network scanning, exploitation, password cracking, and web application testing.
Score 70/100
Autonomous penetration testing coordinator using ReAct methodology. Automatically activates when user provides a target IP or asks to start penetration testing.
Score 70/100
Penetration testing framework for exploit development, vulnerability validation, and authorized security assessments using Metasploit Framework.
Score 70/100
Server intelligence layer for RunCloud-managed Linux servers. Use when the user mentions Perch, /perch_*, RunCloud, nginx-rc, server intelligence, server diagnosis, WordPress site…
Score 70/100
Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised
Score 70/100
Enumerate and audit Active Directory forest trust relationships using impacket for SID filtering analysis, trust
Score 70/100
Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound,
Score 70/100
Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations,
Score 70/100
Detect and respond to Adversary-in-the-Middle (AiTM) phishing attacks that use reverse proxy kits like EvilProxy,
Score 70/100
Configure and execute agentless vulnerability scanning using network protocols, cloud snapshot analysis, and
Score 70/100
Perform systematic alert triage in Elastic Security SIEM to rapidly classify, prioritize, and investigate security
Score 70/100
Performs automated static analysis of Android applications using Mobile Security Framework (MobSF) to identify
Score 70/100
Uses Postman to perform structured API security testing by building collections that test for OWASP API Security
Score 70/100
Simulates ARP spoofing attacks in authorized lab or pentest environments using arpspoof, Ettercap, and Scapy
Score 70/100
Develop and apply a multi-factor asset criticality scoring model to weight vulnerability prioritization based
Score 70/100
Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with
Score 70/100
Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and
Score 70/100
Deploy and operate CAPEv2 sandbox for automated malware analysis with behavioral monitoring, payload extraction,
Score 70/100
Simulates bandwidth throttling and network degradation attacks using tc, iperf3, and Scapy in authorized environments
Score 70/100
Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library.
Score 70/100
Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions,
Score 70/100
Assess Bluetooth Low Energy device security by scanning, enumerating GATT services, and detecting vulnerabilities
Score 70/100
Testing web applications for clickjacking vulnerabilities by assessing frame embedding controls and crafting
Score 70/100
Perform comprehensive cloud asset inventory and relationship mapping using Cartography to build a Neo4j security
Score 70/100
Uses Falco YAML rules for runtime threat detection in containers and Kubernetes, monitoring syscalls for shell
Score 70/100
Hunt for threats in AWS environments using Detective behavior graphs, entity investigation timelines, GuardDuty
Score 70/100
Perform forensic acquisition and analysis of cloud storage services including Google Drive, OneDrive, Dropbox,
Score 70/100
Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed
Score 70/100
Analyze and bypass Content Security Policy implementations to achieve cross-site scripting by exploiting misconfigurations,
Score 70/100
Extract stored credentials from compromised endpoints using the LaZagne post-exploitation tool to recover passwords
Score 70/100
A cryptographic audit systematically reviews an application's use of cryptographic primitives, protocols, and
Score 70/100
Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit
Score 70/100
Leverage the CISA Known Exploited Vulnerabilities catalog alongside EPSS and CVSS to prioritize CVE remediation
Score 70/100
Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and
Score 70/100
Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying
Score 70/100