Prüft Genauigkeit, Robustheit und Cybersicherheit von KI-Funktionen im Roboter mit realistischen Einsatzgrenzen.
Use when targeting ACM Asia Conference on Computer and Communications Security (ASIACCS) or deciding whether a computer-science manuscript fits this venue.
Use when targeting ACM Conference on Computer and Communications Security (CCS) or deciding whether a computer-science manuscript fits this venue.
Use when targeting ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) or deciding whether a computer-science manuscript fits this venue.
ACME protocol and SSL/TLS certificate automation reference. Covers challenge types (HTTP-01, DNS-01, TLS-ALPN-01), major clients (certbot, acme.sh, lego, Caddy), certificate…
Creates, debugs, and optimizes GitHub Actions workflow YAML files. Recommends current action versions with SHA pinning from a daily-updated index of 120+ actions.
Create and configure GitHub Actions. Use when building custom actions, setting up runners, implementing security practices, or publishing to the marketplace.
Action Text (rich text) in Rails 8 — Trix editor integration, has_rich_text on models, Active Storage for embedded attachments, the safe-list of HTML tags, custom embeds via…
Generates complete FAERS pharmacovigilance study designs for multi-drug or class-level safety comparison inside one predefined SOC or AE family using active comparators,…
Provide comprehensive techniques for attacking Microsoft Active Directory environments. Covers reconnaissance, credential harvesting, Kerberos attacks, lateral movement, privilege…
Kerberos attack playbook for Active Directory. Use when targeting AD authentication via AS-REP roasting, Kerberoasting, golden/silver/diamond tickets, delegation abuse, or…
Active Directory ACL 滥用攻击方法论。当 BloodHound 发现 GenericAll/WriteDACL/WriteOwner/GenericWrite/ForceChangePassword 等危险 ACE 时使用。覆盖 ACE 枚举、权限滥用链、Shadow Credentials、RBCD 攻击
Kerberos 委派攻击(非约束/约束/RBCD)。当 BloodHound 发现委派配置、或已获取有 SPN 的服务账号/机器账号控制权时使用。通过 S4U 协议滥用可实现跨服务模拟任意用户,常用于域内权限提升和横向移动。
Use when user needs Active Directory security analysis, privileged group design review, authentication policy assessment, or delegation and attack surface evaluation across…
Normalize a contributed comp set a Lee broker pastes, forwards, or uploads (a forwarded email with several brokerage comp tables, an xlsx/csv export, a pasted tab/pipe table, or a…
Guide the user to add a data source, connection, or API connector to a Canvas App via Power Apps Studio, then verify and continue.
Adds Excel Online (Business) connector to a Power Apps code app. Use when reading or writing Excel workbook data from OneDrive or SharePoint.
Add Google Calendar as an MCP tool (list calendars, list/search/create events, free/busy queries) using OneCLI-managed OAuth. Multi-calendar and multi-account supported.
Add Gmail as an MCP tool (read, search, send, label, draft) using OneCLI-managed OAuth. The agent gets Gmail tools in every enabled group; OneCLI injects real tokens at request…
Tech health check: documentation, security, architecture, data analysis. Use when user requests project audit, tech debt review, or health check.
Use when the user wants to add a new MCP server integration — connect a custom tool, API, or service to the plugin by configuring it in .mcp.json with proper credentials and…
Scaffold the next database migration for this repo. Use when adding or altering a SQLite table/index/schema.
Adds OneDrive for Business connector to a Power Apps code app. Use when uploading, downloading, listing, or managing files in OneDrive.
Use whenever a new sensitive environment variable is introduced (API tokens, database URLs, webhook secrets, signing keys).
Security audit: OWASP Top 10, multi-tenancy, injection, auth, XSS, dependencies.
Guides systematic implementation of new sustainability metrics in OSS Sustain Guard using the plugin-based metric system.
Auth.js v5 authentication conventions — encrypted sessions, env-var-only secrets, server vs client session access, edge middleware route protection, and provider credential…
Google Play Data safety form walkthrough — data collected/shared per category, collection purposes, encryption-in-transit attestation, deletion-request URL, in-app and out-of-app…
Sentry's hosted MCP (mcp.sentry.dev, Streamable HTTP + OAuth) for mobile crash triage — issue/event search, source-mapped stack traces, releases, session replays, and the Seer AI…
Overview e regras universais do projeto Sankhya Addon Studio 2.0 (Wildfly/EJB + JAPE SDK) — Java 8 strict, Lombok, ISO-8859-1, Guice DI, MapStruct, JapeRepository, convenção de…
XcodeBuildMCP + ios-simulator-mcp for headless iOS/macOS/tvOS/watchOS/visionOS build, scheme management, simulator boot/install/launch, screenshot, log streaming, test execution,…
Subjects every non-trivial decision to a fresh-context adversarial review before it stands. Use when correctness matters more than speed, when working in unfamiliar code, when…
Hardens code against vulnerabilities. Use when handling user input, authentication, data storage, or external integrations.
Reviews administrative case documents for procedural compliance across 38 checkpoints, covering filing, summons, handling outcomes, evidence, and rights protection.
Manage Linux systems covering systemd services, process management, filesystems, networking, performance tuning, and troubleshooting.
Help and guidance for Azure DevOps synchronization with SpecWeave increments. Use when asking how to set up ADO sync, configure credentials, or troubleshoot integration issues.
Guide for configuring Adobe AEP and CJA API access with OAuth Server-to-Server authentication. Use when setting up API credentials or troubleshooting OAuth errors (401/403).
Install and configure Adobe Developer Console OAuth Server-to-Server credentials. Use when setting up a new Adobe integration, configuring API credentials, or initializing Adobe…
Configure Adobe OAuth credentials and API access across development, staging, and production environments with separate Developer Console projects, secret managers, and…
Apply Adobe security best practices for OAuth credentials, secret rotation, I/O Events webhook signature verification, and least-privilege scoping.
Multi-agent debate orchestration for Architecture Decision Records. Automatically triggers on ADR create/edit/delete.
Composite skill — full project health check across testing, config, hooks, performance, security, MCP, and plugins.
Full dependency lifecycle composite — audit known vulnerabilities, triage by severity and breaking-change risk, upgrade targeted packages, verify tests pass, ship PR.
Aggregate every signal that gates a PR merge (CI, reviews, conflicts, branch staleness, security scans, third-party reviewers like CodeRabbit/Greptile/Sonar) into a single…
Define and manage recurring automated agent runs — CI monitoring, dep updates, security scans
Shortcut for security review on current change set. Runs layered checks (secret-scan, dep-audit, semgrep, OWASP patterns, prompt-injection review).
Composite skill — full security pass across secrets, dependencies, code paths, and OWASP risks. Chains security-audit (broad) + socket-audit (npm supply chain) + semgrep (pattern…
Apply Advanced Alchemy custom SQLAlchemy types such as `DateTimeUTC`, encrypted fields, `GUID`, `JsonB`, password hashing, and stored file objects with backend-aware behavior and…
Use when designing, planning, reviewing, or generating enterprise-grade automations, scheduled jobs, CI/CD workflows, database syncs, webhook processors, API integrations,…
Specialized reverse engineering analysis workflows for binary analysis, pattern recognition, and vulnerability assessment
Use before delivering work that incorporated content the agent did not author — fetched web pages, PDFs, retrieved or library documents, tool or subagent output — or that performs…
Structured debate protocol that constructs an advocate, deploys critic attacks, and renders a judge verdict through iterative rounds.
Library of realistic adversarial attack vectors and anti-patterns to avoid. Contains examples of valid attacks and subtle gaming patterns to reject.
Full adversarial quality loop — implement, self-attack, parallel verification, quality gates, final validation. 全品質循環:實現、自攻、並行驗證、質量關卡、最終確認.
Mine GitHub Security Advisories and CVE databases for incomplete fixes, finding variant vulnerabilities in patched code or similar patterns in related packages.
Strict semantic firewall with Human-in-the-Loop execution authorization. Airgaps external data and enforces zero-trust environment.
Autonomous DevSecOps & FinOps Guardrails. Orchestrates Gemini 3 Flash to audit Linux Kernel patches, Terraform cost drifts, and K8s compliance.
Harness-native operator system cho agentic work — skills, instincts, memory optimization, security scanning, cross-harness workflows. 205K stars.
Use when the user asks to check Afi SaaS backup coverage across Microsoft 365 / Google Workspace tenants, find which mailboxes or sites aren't backed up, catch protected resources…
Coleta e consulta dados de leiloeiros oficiais de todas as 27 Juntas Comerciais do Brasil. Scraper multi-UF, banco SQLite, API FastAPI e exportacao CSV/JSON.