Subfinder is a passive subdomain discovery tool by ProjectDiscovery that finds valid subdomains for websites using curated online sources.
使用 subfinder 进行被动子域名枚举。当需要发现目标域名的子域名、扩展攻击面时使用。subfinder 是 ProjectDiscovery 出品的被动子域名发现工具,聚合 Shodan、Censys、SecurityTrails、VirusTotal 等多数据源,快速且隐蔽。任何涉及子域名枚举、攻击面发现、被动信息收集的场景都应使用此技能
SaaS and subscription business revenue intelligence. Track MRR/ARR, calculate churn rate, net revenue retention (NRR), customer lifetime value (LTV), cohort analysis, and payback…
Framework for rapid-fire, highly satisfying behind-the-scenes data visualizations and portfolio construction compilations.
Scans Substrate/Polkadot pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, incorrect weights, and bad origin checks.
Add Sui zkLogin for Google, Apple, Facebook, or Twitch sign-in. Use when the user mentions zkLogin, social login, or OAuth-based Sui auth.
Supabase /auth/v1/authorize silently ignores redirect_to values not in uri_allow_list — falls back to site_url with no error. Add the redirect URL to allow list before use.
Apply Supabase security best practices: anon vs service_role key separation, RLS enforcement, policy patterns, JWT verification, and API hardening.
Ahli keamanan Supabase untuk audit RLS (Row Level Security), RBAC, database relasional, dan pencegahan kebocoran data (hardcoded secrets).
Make AI-powered phone calls with custom personas and goals. Uses OpenAI Realtime API + Twilio for ultra-low latency voice conversations.
Guides implementation of technical, contractual, and organisational supplementary measures for international data transfers per EDPB Recommendations 01/2020.
Supply chain security: bad-version detection, incident response, lockfile audit, artifact scan.
External recon for software supply-chain attack surface — package-namespace squatting candidates, dependency-confusion vulnerabilities, GitHub Actions injection openings,…
Analyze project dependencies for supply chain risks. Checks maintainer count, commit frequency, CVE history, abandonment signals, bus factor, and security policy presence for each…
Behavioural-first software supply chain defense - catches poisoned npm/PyPI packages in the publish-to-advisory window that CVE tools miss.
Detect and remediate software supply chain attacks in npm, PyPI, crates.io, GitHub Actions, and CI/CD pipelines by scanning for known compromised packages, malicious versions,…
Configure install-time cooldowns for npm/bun (minimum release age) and run a sandboxed pre-install scan when the cooldown has to be bypassed.
Assess supply chain risk exposure and resilience posture. Analyzes supplier dependency mapping (Tier 1/2/3), geographic concentration risk, single-source vulnerability, disruption…
Activate when reviewing or modifying dependency resolution, lockfile schema, package downloaders, signature/integrity checks, file integration cleanup, or anything that could…
Use when the user wants crypto data — token prices, on-chain SQL, prediction-market positions, CEX order books, wallet labels/net-worth, social mindshare, news, or a Surf-1.5 chat…
Multi-agent consensus and coordination patterns for YAMTAM agent swarms. Quorum voting with majority and super-majority thresholds, security-team veto protocol, inter-agent…
Deploy full honeynet infrastructure within a multi-agent swarm. Decoy agent prompts, honey-vault canary tokens, ghost file-system monitoring, runtime mutation of compromised…
Search public GitHub broadly for leaked secrets and triage exposures when the workflow is recon and remediation, not generic secret scanning.
Use when working with iOS/macOS Keychain Services (SecItem queries, kSecClass, OSStatus errors), biometric authentication (LAContext, Face ID, Touch ID), CryptoKit (AES-GCM,…
Perform a detailed SWOT analysis — strengths, weaknesses, opportunities, and threats with actionable recommendations.
SWOT 分析(Strengths, Weaknesses, Opportunities, Threats)的结构化思维工具。基于 Albert Humphrey、 Mintzberg、Porter 等 10 个来源的深度调研,提炼 5 个核心原理和完整的操作协议。…
Performs a structured Strengths-Weaknesses-Opportunities-Threats (SWOT) analysis plus a Threats-Opportunities-Weaknesses-Strengths (TOWS) matrix that pairs internal strengths and…
Comprehensive reference for all 38 Symfony framework components with PHP 8.3+ and Symfony 7.x patterns.
Writes Symfony PHP — DI container, bundles, Doctrine, Messenger, Security voters, console commands. For Laravel / Eloquent / Artisan use `laravel`.
AES-256 symmetric encryption for agent memory cache protection. CryptoJS AES encrypt/decrypt, HMAC integrity, secure key derivation, and encrypting agent session state at rest.
Synchronize a security issue in with the state of its GitHub discussion, the mailing thread, and any PRs that fix it.
Configure Content Security Policy (CSP) for Syncfusion Blazor components across Blazor Server, WebAssembly, and Auto render modes � self-hosted and CDN scenarios
Create and manipulate PDF documents using Syncfusion Flutter PDF library. Supports two modes — generate Dart code for the user's Flutter project or provide code snippets.
Syndizierte Kredite, Facility Agent und Security Trustee prüfen: Rollen, Mehrheitsentscheidungen, Sicherheitenpool, Parallel Debt, deutsches Recht, Enforcement und Sanierungsfall.
Generate synthetic data from scratch through an interactive dialog — ask the user table-by-table about columns, types, foreign keys, and constraints; render the data model as…
Setup Ubuntu server Nginx fail2ban backup monitoring disaster recovery — sysadmin ครบมือ
System architecture skill for designing scalable, maintainable software systems. Covers microservices/monolith decisions, API design, DB selection, caching, security, and…
Use when practitioners need to understand system-managed fields (CreatedDate, LastModifiedDate, SystemModstamp, CreatedById, LastModifiedById, IsDeleted) — their update behavior,…
Encrypted backups, integrity verification, and data retention enforcement for Greek legal requirements (5-20 year retention). AES-256.
Route a systems-language task to the right skill among 7 specialists — Go (patterns, testing), C++ (Core Guidelines coding standards, GoogleTest/CTest testing), and Perl (modern…
AATMF T5 — Model & API Exploitation. Rate-limit abuse, token-cost amplification, schema bypass, model-version manipulation.
Adversaries may attempt to access cached domain credentials used to allow authentication to occur in the event a domain controller is unavailable.
Table hook registration and materialization/retrieval for different data frameworks. Use when working on register_table, PandasTableHook, PolarsTableHook, SQLAlchemyTableHook,…
Native database client cho developers — free, open source, fast. PostgreSQL, MySQL, SQLite, MongoDB. Swift/macOS. 4.3K stars.
Domain knowledge for the tachi orchestrator agent: input format detection, DFD classification, trust boundary notation, STRIDE-per-Element dispatch rules, coverage requirements…
Domain knowledge for PDF security report assembly — artifact detection patterns with tier selection rules, Typst data variable contract with type specifications and image path…
Domain knowledge for quantitative risk scoring — four-dimensional scoring model (CVSS 3.1, exploitability, scalability, reachability), CVSS base vector mappings, composite score…
Domain knowledge for narrative threat report generation — executive summary structure, architecture overview patterns, per-category narrative templates, attack tree construction…
Set up the three GitHub secrets needed for CI-to-cluster access via Tailscale: TS_OAUTH_CLIENT_ID, TS_OAUTH_SECRET, and PI_SSH_KEY.
Taiwan E-Invoice API integration specialist for ECPay, SmilePay, and Amego. Use when developing invoice systems, implementing B2C/B2B invoice issuance, invoice printing, allowance…
Taiwan Payment API integration specialist for ECPay, NewebPay, PAYUNi, SmilePay, PChomePay, ezPay, PayNow, Shopline Payments, LINE Pay v4, and TapPay payment gateways.
Analysis of how suppressing volatility creates fragile systems vulnerable to black swan events
TalentLMS integration. Manage Users, Branchs, Categories, Rules, Certificates, Tags and more. Use when the user wants to interact with TalentLMS data.
Build TAM databases from scratch using a 7-phase methodology (Source Discovery → Keyword Expansion → Config → Collection → Dedup → Exclusion → Enrichment hand-off).
Write and debug Tampermonkey userscripts for browser automation, page modification, and web enhancement.
Research and build a target system profile via SSH — discovers OS, services, users, network baseline, and security stack
Target discovery methodology for finding high-quality npm/PyPI/GitHub packages to audit for vulnerabilities, with evaluation criteria and search strategies.
Manages task tracking with the HTML-backed Dots fork from Randroids-Dojo/dots-html. Use when tracking work items across sessions with dot-html CLI files stored as .html documents.
Premium brand-kit image generation skill for creating high-end brand-guidelines boards, logo systems, identity decks, and visual-world presentations.
Shared reference for the Tauri cluster: the v2 security model (capabilities → permissions → scopes), the IPC trust boundary and command contract, the process/runtime model, CSP,…