Aggregates findings from the other security audits into one prioritized security report. Use after running individual security reviews to produce a consolidated report.
Calculate derived football metrics and models. Use when the user wants to compute xG, xGOT, PPDA, passing networks, expected threat, possession value, pressing intensity, or any…
Create and troubleshoot AWS Glue connections to JDBC databases (Oracle, SQL Server, PostgreSQL, MySQL, RDS), Redshift, Snowflake, and BigQuery.
Use when the user asks to triage a ConnectWise board, find unbilled time before an invoice run, check agreement burn against block hours, pull a client account 360, log time on a…
Diagnose Claude Code environment health — context budget, description obesity, trigger collisions, hooks, MCP, plugins, CLAUDE.md, memory, and skill-security scan.
Review a contribution PR for safety, quality, and readiness. Checks for security concerns, test coverage, size appropriateness, and intent alignment.
n8n credential types, REST API credential management, HTTP Request node authentication, predefinedCredentialType vs genericCredentialType, httpCustomAuth JSON format, credential…
分析crypto exchange compliance相关互联网金融合规问题。 覆盖:监管框架、资质要求、合规要点、违规风险。 适用情形:用户提及crypto exchange compliance相关事项。
Empacota uma escalação para Devs, Produto ou Davidson com contexto completo. Use quando um bug precisa de atenção além do suporte normal, vários clientes reportam o mesmo…
Package an escalation for engineering, product, or leadership with full context. Use when a bug needs engineering attention beyond normal support, multiple customers report the…
Research CVEs and security advisories for project dependencies. Uses Exa, NVD API, OSV.dev, and GitHub Advisory Database to find known vulnerabilities.
Scan project dependencies for known CVEs using native audit tools (npm, pip, composer, cargo, go, bundler, dart)
Pull CVEs against the current dependency set (osv.dev / GHSA) and classify each as exploitable / theoretical / not-applicable
SQL query design, optimization, EXPLAIN analysis, index strategy, pagination, upserts, and N+1 prevention for relational databases (PostgreSQL, MySQL, SQL Server, SQLite, Oracle).
Examines all database interactions for injection, access control, encryption, and data-exposure risks. Use when auditing database and data-layer security.
Sync your whole Datto BCDR fleet into local SQLite and answer the questions the per-appliance Partner Portal can't.
Every Datto RMM API operation, plus a local SQLite fleet store and fleet-wide analytics no other Datto tool has.
Analyze code quality, view issues, check metrics, find dependency vulnerabilities, and report test coverage via DeepSource CLI.
Pre-add risk gate for a new dependency — composes vuln history (`vdb vulns`), AI-malware check (`vdb ai-malware`), license compatibility, EOL status, maintainer health,…
Audit npm dependencies across all package.json files — reports outdated, security issues, and unused packages
Dependency-conflict resolution when a `/vulnetix:fix` version bump fails — diagnose the peer-dep tree, find a compatible safe version set, propose package-manager overrides…
Bir tanık veya taraf (isticvap) için duruşma/ifade soru taslağı (outline) hazırlar — şirket içi belgeleri veya UYAP evraklarını çeker, hukuki teori etrafında başlıkları düzenler…
IDS/IPS detection content for a CVE — Snort/Suricata-compatible rules, YARA signatures, ProjectDiscovery Nuclei templates, traffic-filter rules.
Read-only audit dispatch for the active feature on the requested axis — security (OWASP, trust boundary, secrets), perf (measure-first, N+1, CWV), or simplify (Chesterton's Fence,…
Audit software supply chain across every ecosystem (npm, pip, Go, Ruby, Cargo, Maven, Docker, Terraform) — pinning, vulnerabilities, secrets, SBOM, signing, branch protection,…
Every Domotz endpoint, plus a local SQLite fleet mirror that answers cross-site questions. Trigger phrases: `which domotz sites are down`, `list offline devices across all sites`,…
员工侵犯商业秘密风险评估与防控方案。 为企业评估员工侵犯商业秘密风险,识别高风险主体,制定防控方案:竞业限制协议有效性审查、 保密协议执行评估、员工带走信息的技术手段防护(上网行为管理/USB管控/邮件审计)、 离职交接流程规范性检查、证据保全与快速响应机制。 适用情形:员工离职带走商业秘密风险评估、商业秘密保护制度建设、竞业限制与保密协议审查、…
Audit env var usage vs .env.example and code references — surface drift, unused vars, missing docs, and security risks.
Generate a runnable exploit-validation command (Nuclei template, Metasploit module hint, AI-assisted Python script, or curl-based PoC) against a user-specified authorised target.
Search for exploits across all vulnerabilities with filtering by ecosystem, severity, source, and EPSS
Reviews file upload and handling for path traversal, type validation, storage, and related logic flaws. Use when auditing file upload or processing security.
Generuje gotowy post na Instagram o projekcie Finora w formacie karuzeli 7 slajdów — format zoptymalizowany pod algorytm Instagrama (maksymalne swipe-through, czas spędzony,…
Verifies that git commits address security audit findings without introducing bugs. This skill should be used when the user asks to "verify these commits fix the audit findings",…
Flutter development skill for Miqotul Khoir TV (MKT) project. Use for: implementing new Flutter features, fixing UI bugs, modifying widgets, creating Cubit state management,…
Cross-agent self-inspection of your AI-agent stack. Audits skills, MCP servers, hooks, plugins, commands, credentials, and memory files across Claude Code, Codex, OpenClaw, and…
Analyze a TypeScript/Node project (Angular, React, or Vue), read its dependencies, flag deprecated/EOL packages and known vulnerabilities, and produce a careful stepwise…
Fast single-pass FXA-specific commit review covering security, conventions, logic/bugs, tests, and migrations. No subagents — runs directly in the main context.
Formats all confirmed pentest findings from findings.json into copy-pasteable GitHub issue markdown blocks, following the AppSec reporting guide template.
Bump Go version across multiple OSS repositories. Use when the user wants to update Go across repos, says "bump go version", "update go", "go version bump", "upgrade go", or…
Security-first audit of the per-repo GitHub setting "Allow GitHub Actions to create and approve pull requests" (can_approve_pull_request_reviews) across an account.
OpenSSF-aligned security posture audit across all repos in a GitHub account: default workflow token permissions, allowed-actions policy, branch protection, secret scanning + push…
Ghost Security - Secrets and credentials scanner. Scans codebase for leaked API keys, tokens, passwords, and sensitive data.
Enforce secure GitHub Actions posture with least-privilege tokens, pinned dependencies, runner risk controls, and workflow supply-chain checks.
Gmail email sending adapter for the 100X Outreach System. Use this skill to send emails via Gmail using the user's own OAuth2 credentials.
[FINANCIAL EXECUTION] Create and launch meme coins and crypto tokens on launchpads (Pump.fun, FourMeme, Bonk, BAGS, Flap, Klik, Clanker, etc.) via bonding curve fair launch, or…
Get crypto and meme token price charts (K-line, candlestick, OHLCV), trending meme coin rankings by volume, and newly launched tokens on launchpads (pump.fun, fourmeme, letsbonk,…
Analyze any crypto wallet by address — holdings, realized/unrealized P&L, win rate, trading history, performance stats, specific token balance, and tokens created by a developer…
[FINANCIAL EXECUTION] Buy and sell meme coins and crypto tokens on Solana, BSC, Base, or Ethereum — single swap, multi-wallet batch trading, limit orders, stop loss, take profit,…
Query GMGN token information — basic info, security, pool, top holders and top traders. Supports sol / bsc / base.
Get real-time crypto buy/sell activity from Smart Money wallets, KOL influencer wallets, and personally followed wallets via GMGN API — alpha signals, whale tracking, meme token…
GoPlus AgentGuard — AI agent security guard. Automatically blocks dangerous commands, prevents data leaks, and protects secrets.
Use when the user asks to push usage counts into Gradient MSP Synthesize for billing reconciliation, see which accounts' counts drifted since the last push, confirm a dispatched…
Use when the user wants Google Search Console data pulled directly into the session instead of manually screenshotting / CSV-exporting from search.google.com.
Use when the user asks to triage their HaloPSA queue, audit SLA breaches, build a per-client situational-awareness card, reconcile contract hours, check agent workload, or run any…
Validate code against HIPAA policy: PHI exposure, missing audit logging, unencrypted transmission/storage, access control gaps, temp file exposure, and missing BAA references
Every Hudu cmdlet, plus an offline SQLite mirror, cross-entity audits, and agent-native output. Trigger phrases: `hudu hygiene scorecard`, `audit hudu documentation`, `find stale…
Initialize a threat hunting case from a signal, detection, intel lead, or analyst suspicion
Initialize a threat hunting program with an environment map, tool inventory, huntmap, and empty execution directories
Create phase plans for a threat hunt with exact telemetry tasks, receipts, and query outputs
Use when the user asks to triage Huntress incidents across client organizations, find coverage gaps or dark agents, trace an indicator's blast radius across the fleet, reconcile…