Tauri 2.0 project setup, Rust backend + web frontend, plugin system, IPC commands, security model, auto-update, and mobile support.
Expert skill for Tauri (v2) development, covering Rust backend, IPC, security (capabilities/plugins), and frontend integration.
Route a Tauri task to the right skill among 40 Tauri specialists — scaffolding, the security/capability model, IPC and the Rust↔frontend bridge, windows/UI chrome, sidecars,…
Use when configuring permissions, creating capability files, setting up plugin access control, or debugging permission denied errors.
Dedicated to TuneCamp's database architecture and repository patterns. Use for SQLite interactions, migrations, complex queries, and data integrity across the Catalog and Social…
Specialist in TuneCamp's Web3 monetization layer and hybrid payment gateway. Use for smart contract development (Solidity), Base Network integration, Stripe Checkouts, Stripe…
Use when a task requires parallel work by multiple specialized agents — e.g., simultaneous code review + security audit + performance check, or multi-object development where…
Automatically export audit findings, security issues, performance problems, or accessibility violations to Teamwork tasks when other agents complete their analysis.
Technical due diligence for M&A, investment, or acquisition. Reads a target company's codebase and generates a comprehensive tech DD report with architecture assessment, tech debt…
Comprehensive technology stack evaluation and comparison tool with TCO analysis, security assessment, and intelligent recommendations for engineering teams — from…
Expert technical advisor with deep reasoning for architecture decisions, code analysis, and engineering guidance.
Technical analysis capabilities for APIs, data models, integrations, and security requirements. Use when analyzing technical aspects of systems or documenting technical…
Generates technical implementation plans and architectural strategies that enforce the Project Constitution.
Use when auditing a Salesforce org for technical debt: dead code, unused automations, overlapping Flow and Apex triggers, deprecated features, configuration complexity, and legacy…
Systematic technical debt assessment — scans for security issues, correctness gaps, infrastructure debt, maintainability problems, documentation quality, and dependency freshness
TechSmith security basics for Snagit COM API and Camtasia automation. Use when working with TechSmith screen capture and video editing automation.
Validates Tekton pipeline supply chain security using Sigstore cosign verification and SLSA provenance checks.
Use for telecom and 5G security, mobile core, RAN, roaming, SS7, Diameter, GTP, IMS, SBA APIs, network slicing, SIM/eSIM, fraud, signaling, lawful intercept control review, and…
Reverse engineer and security-test Telegram bots — API analysis, callback interception, exploit discovery, and vulnerability documentation
Expert in building and managing Telegram communities. Covers group vs channel strategy, bot automation, anti-spam, and managing large groups.
Implements telehealth privacy compliance covering HIPAA requirements for virtual care, state licensing and recording consent laws, platform security with BAA requirements for…
Use telnet to interact with IoT device shells for pentesting operations including device enumeration, vulnerability discovery, credential testing, and post-exploitation — from…
Use telnet to interact with IoT device shells for pentesting operations including device enumeration, vulnerability discovery, credential testing, and post-exploitation — from…
Expert in tenant creditworthiness assessment and financial statement analysis. Use when evaluating tenant credit quality, analyzing financial ratios, assessing default risk, or…
Drafts tenant estoppel certificates for commercial real estate acquisitions and financings. Produces numbered certifications binding tenants to lease representations for reliance…
Manage Tencent Cloud Lighthouse (轻量应用服务器) — auto-setup mcporter + MCP, query instances, monitoring & alerting, self-diagnostics, firewall, snapshots, remote command execution…
Answer questions using the Tenzir documentation. Use whenever the user asks about TQL syntax, pipeline operators, functions, data parsing or transformation, normalization, OCSF…
Expert guidance for Arcjet, the developer-first security platform that provides rate limiting, bot protection, email validation, and attack detection as a code-first SDK.
Expert guidance for Checkov, the static analysis tool for infrastructure-as-code that scans Terraform, CloudFormation, Kubernetes, Helm, Dockerfile, and ARM templates for security…
Expert guidance for Cosign, the Sigstore tool for signing, verifying, and attaching metadata to container images and other OCI artifacts.
Expert guidance for Falco, the CNCF runtime security tool that detects anomalous behavior in containers and Kubernetes clusters using system call monitoring.
Expert guidance for Grype, the open-source vulnerability scanner by Anchore that finds known vulnerabilities (CVEs) in container images, filesystems, and SBOMs.
Expert guidance for Kyverno, the Kubernetes-native policy engine that validates, mutates, and generates resources using YAML policies (no Rego required).
Expert guidance for OPA (Open Policy Agent), the CNCF policy engine for unified authorization across the stack.
Expert guidance for Semgrep, the fast, open-source static analysis tool that finds bugs, security vulnerabilities, and anti-patterns in code.
Project-specific security patterns for Agenda Systems modules. Use when adding security controls to any module or resource — Security Groups, RDS, ElastiCache, ECS IAM, Secrets…
Use when designing, reviewing, or hardening Terraform remote state and secret handling after the repo/module scaffold exists and security and infrastructure-platform have decided…
[Tier 2 — Non-Functional: Security · ISO 25010] Security test workflow — OWASP Top 10, dependency CVEs, secrets scanning, and auth testing. Run after Tier 1 functional tests pass.
Battle-tested Playwright patterns for writing, debugging, and scaling reliable test suites. Use when you need guidance for E2E, API, component, visual, accessibility, or security…
Tests Android inter-process communication (IPC) through intents for vulnerabilities including intent injection,
Tests APIs for mass assignment (auto-binding) vulnerabilities where clients can modify object properties they
Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated
Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege
Test JWT implementations for critical vulnerabilities including algorithm confusion, none algorithm bypass, kid
Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters,
Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks
Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into
Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater — from mahipal
Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF,
Assessing JSON Web Token implementations for cryptographic weaknesses, algorithm confusion attacks, and authorization
Test and validate ransomware recovery procedures including backup restore operations, RTO/RPO target verification,
Tests WebSocket API implementations for security vulnerabilities including missing authentication on WebSocket
Instrukce pro návrh pytest testů pro Python kód. MUSÍ být použity při analýze testovacího pokrytí — happy path, edge cases, error cases, security regrese, fixtures.
Interpret testssl-inspector normalized findings, recommend remediations, and tie evidence back to SCF anchor controls plus SOC 2 / NIST 800-53 r5 / PCI DSS 4.0.1 / ISO 27002:2022…
Texas Data Privacy and Security Act (TDPSA) compliance. No revenue threshold applies to all businesses.
theHarvester is an open-source OSINT tool for gathering emails, subdomains, hosts, employee names, open ports, and banners from public sources.
Constrói teoria da mudança (insumos → atividades → resultados → impactos) e deriva indicadores de monitoramento com desagregações por grupo vulnerabilizado.
Audit therapy and behavioral health documentation platforms for clinical quality and regulatory compliance.
Run an extremely strict security audit for auth flaws, injection vectors, secrets exposure, broken access control, and boundary validation failures.
Produces an adversarial critique by constructing the strongest case against a proposal or thesis (the best objections an intelligent adversary would raise), then judging which…