Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege
Test JWT implementations for critical vulnerabilities including algorithm confusion, none algorithm bypass, kid
Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters,
Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks
Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into
Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater
Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF,
Assessing JSON Web Token implementations for cryptographic weaknesses, algorithm confusion attacks, and authorization
Test and validate ransomware recovery procedures including backup restore operations, RTO/RPO target verification,
Tests WebSocket API implementations for security vulnerabilities including missing authentication on WebSocket
Instrukce pro návrh pytest testů pro Python kód. MUSÍ být použity při analýze testovacího pokrytí — happy path, edge cases, error cases, security regrese, fixtures.
theHarvester is an open-source OSINT tool for gathering emails, subdomains, hosts, employee names, open ports, and banners from public sources.
Constrói teoria da mudança (insumos → atividades → resultados → impactos) e deriva indicadores de monitoramento com desagregações por grupo vulnerabilizado.
Audit therapy and behavioral health documentation platforms for clinical quality and regulatory compliance.
Deliberately attack your own plans, systems, and assumptions to find weaknesses before adversaries or reality does.
Generate a personalized threat advisory based on your tech stack — what CVEs, breaches, and supply chain attacks matter to YOU.
Use when hunting for threats in an environment, analyzing IOCs, or detecting behavioral anomalies in telemetry.
Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control…
Generate a threat model from spec.md using STRIDE methodology. Use when you need to identify security threats, attack surfaces, and mitigations for a feature before…
Full STRIDE-A threat model analysis and incremental update skill for repositories and systems. Supports two modes: (1) Single analysis — full STRIDE-A threat model of a…
Threat Model Creator - Auto-activating skill for Security Advanced. Triggers on: threat model creator, threat model creator Part of the Security Advanced skill category.
Produces structured threat models for software systems using STRIDE on data flow diagrams. Generates DFDs with trust boundaries, identifies threats per element, scores risks, and…
Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction.
Threat Stack integration. Manage data, records, and automate workflows. Use when the user wants to interact with Threat Stack data.
Discover a codebase's threat surface through systematic investigation — map ecosystem groups, dependency graphs, service connections, authentication mechanisms, and trust…
Analyze cybersecurity threat intelligence, triage security alerts, classify IOCs, map attacks to MITRE ATT&CK kill chain, reduce false positives, and attribute threat actors.
Routed by tia-openness-roadmap. C# Openness implementation of PLC software engineering: program blocks, system blocks, PLC tags and tag tables, user data types, external sources,…
Tinfoil Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with Tinfoil Security data.
Analyzes TLS certificate chains using OpenSSL s_client and the crt.sh Certificate Transparency API. Detects weak algorithms, expiring intermediates, and CT log compliance issues.
Validates TLS/SSL certificate chains using OpenSSL x509 verification and checks OCSP stapling status.
Expert skill for TLS/SSL implementation and certificate management. Generate and validate TLS configurations, create and manage X.509 certificates, analyze cipher suite security,…
Together AI security basics for inference, fine-tuning, and model deployment. Use when working with Together AI's OpenAI-compatible API. Trigger: "together security basics".
Analyze current Claude Code session token usage via Splunk. Shows per-model, per-tool, and subagent token breakdown with cache efficiency metrics.
Security audit of TON/FunC/Tact smart contracts while you develop. Trigger on "audit", "check this contract", "review for security".
Scans TON (The Open Network) smart contracts for 3 critical vulnerabilities including integer-as-boolean misuse, fake Jetton contracts, and forward TON without gas checks.
Explica el propósito y uso de cada herramienta comprimida y utilidad del repositorio de fabricante en el contexto del desarrollo de proyectos de domótica.
Tracecat is an open-source, AI-native security automation platform built as a self-hosted alternative to Tines and Splunk SOAR.
Track cryptocurrency futures, options, and perpetual swaps with funding rates, open interest, liquidations, and comprehensive derivatives market analysis.
Track cryptocurrency portfolio with real-time valuations, allocation analysis, and P&L tracking. Use when checking portfolio value, viewing holdings breakdown, analyzing…
Track real-time cryptocurrency prices across exchanges with historical data and alerts. Provides price data infrastructure for dependent skills (portfolio, tax, DeFi, arbitrage).
Threat actor infrastructure tracking involves monitoring and mapping adversary-controlled assets including command-and-control
Fetches live AI crypto trading signals with entry price, stop-loss, take-profit, leverage, confidence scores, and automated verification. Covers 50+ coins including BTC, ETH, SOL.
Collection of expert-level TRAE agent system prompts for code generation, debugging, optimization, security auditing, and workflow acceleration.
Traefik is a modern cloud-native reverse proxy and load balancer that automatically discovers services and configures routing.
Draft a professional Hebrew letter for an Israeli traffic-ticket appeal — בקשה לביטול דו"ח or בקשה להישפט. Respectful tone, factual claims only, evidence list, requested remedy.
Builds and queries multi-language source code graphs for security analysis. Includes pre-analysis passes for blast radius, taint propagation, privilege boundaries, and entry point…
Transaction Security policy creation and configuration: condition builder, enhanced policies, enforcement actions (block, MFA, notification, end session), real-time monitoring…
Convert a local Markdown file to a sibling PDF via the official `@transloadit/node` CLI. Use when the user wants a `.md` file rendered as a `.pdf`, especially from an agent…
Guide live digital-forensics and incident-response work with human approval gates when the job is evidence review and triage, not general MCP setup.
Analyze a GitHub pull request for security impact, run targeted vulnerability-investigation skills when Stage 1 finds credible threats, and return a structured verdict instead of…
Triages security alerts in Splunk Enterprise Security by classifying severity, investigating notable events,
Performs initial triage of security incidents to determine severity, scope, and required response actions using
Classify and prioritize security incidents using structured IR playbooks to determine severity, assign response
Triage and prioritize vulnerabilities using CISA's Stakeholder-Specific Vulnerability Categorization (SSVC) decision
Runs Aqua Security Trivy against container images, filesystem paths, and Terraform/CloudFormation templates.
Scans Docker and OCI container images with Aqua Trivy for CVEs in OS packages and language dependencies. Outputs filterable vulnerability tables with CVSS scores and fix versions.
Wraps the Trivy CLI for comprehensive container image vulnerability scanning. Outputs results in SARIF format for GitHub Code Scanning API integration and generates OCI artifact…
Integrates Aqua Security Trivy CLI for comprehensive container image vulnerability scanning. Detects OS package CVEs, language-specific dependency vulnerabilities, and IaC…
Automates Aqua Security Trivy scans against Docker images and OCI artifacts to detect CVEs, misconfigurations, and license violations.
Trivy is Aqua Security’s scanner for vulnerabilities, misconfigurations, secrets, SBOMs, and license issues.