Multi-agent advisory squad workflow for implementing or reviewing code changes. Two modes — implement (default) runs classify → score risk → select agents → planner → Gate 1 →…
Sigreturn Oriented Programming (SROP) — sigreturn syscall ile tüm registerları tek payload'da kontrol etme; gadget kıtlığında ROP alternatifi
Use to re-evaluate an already-bootstrapped project for drift, incoherence, and improvement opportunities.
Normalize SKILL.md artifacts into Scheduling-Structural-Logical (SSL) JSON representations using a conservative multi-pass extraction pipeline.
Check SSL/TLS certificates for any hostname — expiry dates, issuer, SANs, protocol version, cipher suite. Use when asked to check if a certificate is valid,...
Audits TLS/SSL configurations using sslyze Python library and SSL Labs API v3. Checks certificate chain validity, HSTS headers, and OCSP stapling status with Certificate…
Performs deep TLS certificate chain validation using OpenSSL and Certificate Transparency logs. Monitors expiration dates via the crt.sh API and checks OCSP responder status.
Manage SSL/TLS certificates with automated provisioning, renewal, and monitoring using Let's Encrypt, ACM, or Vault.
Expert-level guide to ssl contrastive learning. Comprehensive coverage of advanced concepts, production implementation, and optimization strategies.
Configures SSL/TLS certificates, implements secure protocols and ciphers, and sets up security headers.
MUST use WHEN используешь или расширяешь функциональность БСП (Библиотека стандартных подсистем). Provides каталог готовых функций ОбщегоНазначения и правила вызова подсистем без…
Systematic debugging workflow for SSL/proxy connectivity issues with government and institutional websites
Systematic workflow for troubleshooting SSL/proxy connectivity issues with government websites
Systematic approach to diagnosing and resolving SSL/proxy connectivity issues with restricted websites
Validates SSL/TLS certificates using OpenSSL s_client, checks OCSP stapling status, and monitors expiry dates.
Comprehensive TLS/SSL analysis via Qualys SSL Labs — grades cipher suites, certificate chains, protocol versions, and known vulnerabilities
Post-cycle second-pass review of the last `/sst-dev-cycle` commit on any project. Reads what shipped (code + tests + spec + TODO + docs), evaluates it against the spec item it…
Stabilisierungstechniken: Grounding, Sicherer Ort, Containment und Atemuebungen. Soforttechniken bei akuter Belastung und Panikattacken.
Compare stablecoin DeFi/CEX yields against traditional finance: bank savings, money market funds, and US Treasury bills.
Entry point skill for this template stack. Routes tasks to focused skills: Astro, React islands, TypeScript, SCSS, security, brainstorming, and writing implementation plans.
Secure WebContainer deployments: CSP headers, sandbox isolation, input validation. Use when working with WebContainers or StackBlitz SDK. Trigger: "stackblitz security".
Senior Staff Engineer code review with SOLID principles, security analysis, and architecture critique.
Guidance on non-obvious runtime behaviors of Salesforce standard objects — polymorphic lookups, lead conversion field loss, PersonAccount dual-nature, CaseComment trigger…
Use when reviewing work against the team's agreed engineering standards and the technical strategy — at feature kickoff, in PR review, before merge, before release, or after…
Side-channel-resistant cryptography patterns from Stanford SJCL. Constant-time operations, AES-CCM authenticated encryption, PBKDF2 key derivation, random number generation, and…
Inject short-lived, scoped service credentials into Claude Code sessions so agents can reach approved systems without exposing raw secrets.
When the user needs a security assessment — threat modeling, vulnerability review, auth flow audit, dependency scanning, or says "is this secure", "review for vulnerabilities",…
When the user needs to prepare for SOC 2, build a compliance roadmap, assess security posture, quantify security risk, or says "we need SOC 2", "security audit", "complia — from…
Configure and use the `stash` package for project initialization, EQL database setup, encryption schema management, and Supabase integration.
Audit and validate D&D 5e 2024 monster stat blocks for mechanical correctness, format conformity, and internal consistency.
StateRAMP expert for state and local government cloud services. Deep knowledge of State Risk and Authorization Management Program including Low/Moderate impact levels, NIST 800-53…
Implement static code analysis with linters, formatters, and security scanners to catch bugs early. Use when enforcing code standards, detecting security vulnerabilities, or…
DBA Deutschland Bulgarien 2010. Anwendungsfall Outsourcing IT Pflege Holding Beteiligungen. EU-MTRL ergaenzend. Niedrige KSt 10 Prozent. Methodenartikel Anrechnung.
Use ZAP from Codex to spider targets, run scans, inspect alerts, and review web security findings.
Check stock prices, market indices, gold, and cryptocurrency prices using web search.
Professional stock price tracking, fundamental analysis, and financial reporting tool. Supports global markets (US, KR, etc.), Crypto, and Forex with real-time data.
Dynamic pricing engine for short-term rentals (Airbnb, VRBO, Booking.com, Direct) — sets nightly rates based on a comp set (40+ filters: bedrooms, bathrooms, amenities, location…
Falschgestaendnisse: Typologie nach Kassin (freiwillig, gefuegig-akkommodiert, internalisiert), Risikofaktoren (Vernehmungsdauer, junge Erwachsene, Intelligenzminderung,…
Bandenbetrug § 263 Abs. 5 StGB: Anwendungsfall Verteidigung in Bandenstrukturen bei Online-Betrug, Phishing, Enkeltrick, Schockanruf, Cybertrading.
Bedrohung nach § 241 StGB. Verschaerfung 2021 durch das Gesetz zur Bekaempfung des Rechtsextremismus und der Hasskriminalitaet.
Computerbetrug § 263a StGB: Anwendungsfall Verteidigung bei Manipulation EC- und Kreditkarte, Skimming, Phishing, missbraeuchliche Online-Banking-Nutzung, Crypto-Wallet-Drainage.
Verteidigung in Verfahren mit dem Tatkomplex haeuslicher Gewalt: Tatbestandsbuendel (§ 223 KV, § 224 gefaehrliche KV, § 240 Noetigung, § 241 Bedrohung, § 238 Stalking, § 177…
Mord nach § 211 StGB. Praxisleitfaden fuer Verteidigung und Nebenklage zu den Mordmerkmalen Heimtuecke / niedrige Beweggruende / Habgier / Verdeckungsabsicht / grausam /…
Use when rebuilding a scoped section of legacy code clean-room — when the existing implementation is polluting attempts to improve it and a from-scratch rewrite is wanted.
Plan orbital maneuver and fuel budgeting to preserve mission endurance during contested-space operations.
Reads a strategy doc and writes a red-team critique with gaps, risks, and missing assumptions. Adopts an adversarial but constructive stance.
Red-team a PRD, roadmap, or strategy by attacking its load-bearing assumptions before reality does. Steelmans then attacks each claim, ranks failure modes by impact × likelihood ×…
Architect-level Streamlit development for building, refactoring, debugging, testing, and deploying Streamlit apps (single-page or multipage) with correct…
Orchestrates parallel vulnerability scanning across 7 specialized agents, consuming the URL pools built by stress-recon. Agent 1: Injection (SQLi, SSTI, CRLF).
Run a STRIDE threat-modelling pass against an access-surface map a software engineer has already produced for a feature they're about to ship.
Systematically identify and classify threats using the software-centric STRIDE framework across six categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of…
Use the Stripe Link CLI as an agent wallet to create spend requests, generate one-time-use payment credentials, and complete 402 / Machine Payment Protocol (MPP) payment flows on…
Rotates the active Stripe account of a SpecBox project safely. Wraps the switch_stripe_account MCP tool with a UX layer: shows current alias store, asks for from/to, runs dry-run,…
Use when validating incoming Stripe webhook requests in a Node.js or Next.js backend before processing any payment event.
Verifies Stripe webhook payload signatures using the Stripe.js SDK and the stripe.webhooks.constructEvent method.
Use when asked to map, crosswalk, align, compare, or gap-analyze any two cybersecurity frameworks, control catalogs, or regulatory requirements using NIST IR 8477 Set-Theory…
Contexto completo del proyecto Structify CLI. Leer SIEMPRE al inicio de cualquier sesión de trabajo en este proyecto antes de tocar código, planificar tareas, o responder…
Tactic: Full attack lifecycle — threat surface enumeration, attack vector generation, systematic probing, and finding aggregation across all surfaces.
Audit a media production studio or post-production facility. Analyzes facility scheduling and utilization, equipment lifecycle tracking, editorial and VFX pipelines, color grading…
Detects CNAME records pointing to cloud services that may be dangling, and configurations referencing external services vulnerable to takeover.