Iso27001 Gap Analyzer - Auto-activating skill for Security Advanced. Triggers on: iso27001 gap analyzer, iso27001 gap analyzer Part of the Security Advanced skill category.
Run any "find all instances of X" sweep — a security audit, a safety audit, a code review, a research question, a compliance check — as an iterative loop that does NOT stop at one…
Harden a repeatedly re-reviewed documentation/contract plan after adversarial reviewers keep finding semantic gaps despite new test rows.
Prüft aus Insolvenzverwalter-, Sachwalter- oder vorläufiger Verwalterperspektive, ob ein Sanierungskonzept auf IDW-S-6-Niveau tragfähig ist.
Drupal development and security patterns from Ivan Grynenko's cursor rules. Covers OWASP Top 10, authentication, access control, injection prevention, cryptography, configuration,…
PDF reader skill using PyMuPDF (fitz) for text extraction and metadata retrieval. Supports encrypted PDFs and handles large documents efficiently.
Izvršni postupak i svi akti u njemu — predlog za izvršenje (na osnovu izvršne isprave ili verodostojne isprave), prigovor na rešenje o izvršenju, žalba na zaključak izvršitelja,…
Use when working with Jackson JSON serialization - migrating from Jackson 2.x to 3.x, configuring JsonMapper, handling date/time types, or troubleshooting serialization issues.
Android APK decompiler that converts DEX bytecode to readable Java source code. Use when you need to decompile APK files, analyze app logic, search for vulnerabilities, find…
Implements Jakarta Security Enterprise API (JSR 375) for Jakarta EE applications with IdentityStore patterns, JWT Bearer tokens, form login, BCrypt password hashing, and container…
Build, review, and refactor Java backend services (Spring Boot). Use for tasks like REST API design, controllers/services/repositories, PostgreSQL persistence (JPA/MyBatis),…
Use when stress-testing the empirical identification strategy for a Journal of Banking & Finance manuscript, including bank panels, policy shocks, event studies, IV, staggered…
Use after a Journal of Business Venturing (JBV) R&R to plan revisions and draft the point-by-point response letter — prioritizing the field editor's concerns, defending or…
Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities — including custom security implementations such as ha — from…
· Advise on product, engineering, design, and business decisions with constructive and adversarial lenses.
Audits Jenkins shared library Groovy scripts for security anti-patterns using the Script Security Plugin API.
Validates Jenkinsfile declarative and scripted pipelines using the Jenkins Pipeline Linter API endpoint.
Audits Jenkins shared libraries for security vulnerabilities using the Jenkins Script Console API and Groovy AST analysis.
Use when judging whether a research question fits the Journal of Financial and Quantitative Analysis (JFQA) — empirical and quantitative financial economics (corporate finance,…
Check JFrog Public Catalog and stored packages for a version, interpret catalog security signals, and download through Artifactory (JFrog Platform locations, remote cache,…
Implement, configure, and customize Streamdown — a streaming-optimized React Markdown renderer with syntax highlighting, Mermaid diagrams, math rendering, and CJK support.
Authenticate with Jira Cloud REST API using API tokens. Use when setting up Jira connections, validating credentials, or handling rate limiting.
Agent Skill: Comprehensive Jira integration through lightweight Python scripts. AUTOMATICALLY TRIGGER when user mentions Jira URLs like 'https://jira.*/browse/*',…
Syncs job application emails from Gmail and updates statuses in your Notion or SQLite tracker — detects offers, rejections, and interview invitations
Uses Claude CLI (WebSearch tool) to find new Data Science and Gen AI job postings across Bengaluru, Hyderabad, Mumbai, and Delhi NCR, scores them by relevance and location weight,…
Save and retrieve job-site credentials in StudyBook encrypted secrets with one consistent key pattern.
Context-aware skill orchestrator. Takes one natural-language goal, reasons about ALL relevant dimensions, routes to the best combination of complementary skills, and executes them…
使用 John the Ripper 进行离线密码破解。当需要破解哈希(MD5/SHA/NTLM/Kerberos/ZIP/RAR/PDF/SSH Key 等)时使用。John 支持自动检测哈希类型、字典攻击、规则变形、增量爆破,内置 *2john 工具链从各种格式提取哈希。任何涉及离线密码破解、哈希还原、密码审计的场景都应使用此技能
English language joint controller agreement template under Article 26 GDPR. Allocates responsibilities for information duties data subject requests security incidents and DPIA.
Use when running a pre-submission pre-mortem on a Journal of Political Economy (JPE) manuscript to anticipate the price-theory, general-equilibrium, and identification objections…
Best practices for jQuery AJAX with JSON data handling including sending/receiving JSON, error handling, security (CSRF protection, XSS prevention), promise patterns, caching, and…
jrnl is a command-line journal application that lets you capture thoughts and notes without leaving the terminal.
Extract endpoints, secrets, and hidden routes from JavaScript files using LinkFinder, SecretFinder, JSluice, and source-map analysis.
Full JavaScript analysis methodology for pentesting and bug bounty — JS file discovery, secret extraction, endpoint mapping, DOM XSS, prototype pollution, postMessage abuse,…
AI-powered JavaScript reverse engineering tool. 资深JavaScript逆向工程专家助手。Actions: collect, search, deobfuscate, understand, summarize, detect-crypto, browser, debugger, breakpoint,…
Centralized JSON validation for AGENT_SUCCESS_CRITERIA with defensive parsing and injection attack prevention (CVSS 8.2)
CTF flag 评判检查清单。当需要判断 CTF 挑战是否完成(flag 是否已获取)、分析攻击失败原因、或为下一步攻击提供精确指导时使用。覆盖 flag 搜索验证、漏洞发现评估、漏洞利用评估、flag 位置推断、常见题型模式匹配(SQLi/LFI/RCE/IDOR/SSRF/反序列化)
Use when a diff may introduce security risk — authZ, injection, secrets, unsafe deserialization, SSRF, XSS, mass assignment — dispatched by /review-changes, /do-and-judge, /judge.
Assesses a legal argument, submission, or piece of structured reasoning from the perspective of a judge reading it cold under time pressure.
Apply Juicebox security best practices. Trigger: "juicebox security", "juicebox api key security".
Security management for Hostinger VPS srv759970 - Fail2ban, WordPress security audits (25+ checks, 0-100% scoring), infrastructure audit.
Coleta e consulta dados de leiloeiros oficiais de todas as 27 Juntas Comerciais do Brasil. Scraper multi-UF, banco SQLite, API FastAPI e exportacao CSV/JSON. — from renat
Level 2 patterns - vulns, lic, sbom, doctor (security, compliance, environment health)
Shared reference for the JVM cluster: the language × framework decision (Kotlin vs Java; Spring Boot vs Quarkus vs Ktor), the build/test/coverage toolchain, the persistence choice…
Route a JVM task to the right skill among 16 specialists — Kotlin language/coroutines/Exposed/Ktor, Java coding standards, the Spring Boot stack (patterns, TDD, security,…
Audit JWT implementation for algorithm confusion, secret weakness, claim validation issues, and token handling vulnerabilities. Use when reviewing authentication systems using JWT.
Detect JWT implementation vulnerabilities including algorithm confusion, none algorithm acceptance, weak secrets, and JWK injection attacks.
Comprehensive JWT authentication expert for senior developers (10+ years experience). Intelligently detects project language/framework and implements production-ready JWT auth…
Full JWT attack methodology — alg:none, RS256-to-HS256 confusion, weak secret brute-force, kid injection, jku/jwk injection, and claim tampering.
JWT/JWS/JWE token patterns for Swarm Bus agent identity. Sign JWTs with ES256/RS256, verify claims, encrypt payloads with JWE (A256GCM), short-lived token rotation, and…
Guidelines for implementing JWT authentication with security best practices for token creation, validation, and storage
Jwt Token Validator - Auto-activating skill for Security Fundamentals. Triggers on: jwt token validator, jwt token validator Part of the Security Fundamentals skill category.
Comprehensive guide for implementing NetworkPolicy, PodSecurityPolicy, RBAC, and Pod Security Standards in Kubernetes.
Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security.
Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security.
Professional security audit for AI agents. Checks URLs for SSRF, analyzes content for prompt injection, validates commands for shell injection, integrates with skill-scanner for…
· Administer Kali: apt, branches, metapackages, images, live USB persistence, NetHunter, wireless/GPU.
Local-first backlog workflow. Use when planning work, creating/updating backlog items, writing ADRs, enforcing Ready gate, generating views, or maintaining derived indexes…
Comprehensive Kargo GitOps continuous promotion platform skill. Use when implementing progressive delivery pipelines, promotion workflows, freight management, ArgoCD integration,…
Use this when: red-team my optimization metric, find ways to game my metric, metric pre-mortem, adversarial metric evaluation, gaming vectors for my KPI, what could an agent…