Wasmtime WASI sandbox for agent-executed code — capability-based security, component model, WASI Preview 2. Isolate untrusted code from the host filesystem/network.
Poll the Anthropic plugin marketplace manifest until "channelhub" appears, then notify the user. Use when waiting for the security review to land — the submission portal shows…
Scan repos for health issues: stale PRs, failing CI, old issues, TODO refs, lockfile problems, and security advisories.
Use when manually monitoring, watching, tracking, or reviewing AI assistant storage, session, transcript, JSONL, or SQLite format drift after official upstream repository,…
3-wave parallel audit — Wave 1 discovery (4 agents), Wave 2 verification (4 agents), Wave 3 cross-optimization (1 synthesizer). Each wave runs agents in parallel.
Generate WaveJSON timing diagrams for digital signals and create HTML viewers to display them. Use when documenting signal timing, creating timing diagrams, analyzing protocol…
Apply modern web development best practices for security, compatibility, and code quality. Use when asked to "apply best practices", "security audit", "modernize code", " — from…
Expert 10x engineer with comprehensive knowledge of web development, internet protocols, and web standards.
Documentação e integração do pacote npm @lina-openx/web-lina-pay-sdk (Lina OpenX / Open Finance). Use este skill sempre que o utilizador pedir ajuda com este SDK: exemplos de…
Authorized web application penetration testing — reconnaissance, vulnerability analysis, proof-based exploitation, and professional reporting.
OWASP Top 10, security headers, CSP, XSS prevention, and vulnerability prevention.
Expert guidance on identifying and mitigating common web vulnerabilities from a bug hunter's perspective.
Hardens websites against common attacks — security headers, CSP policies, input validation, CORS configuration, dependency auditing, and OWASP Top 10 mitigation.
Web application security testing workflow for OWASP Top 10 vulnerabilities including injection, XSS, authentication flaws, and access control issues.
OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments.
Web2 recon pipeline — subdomain enumeration (subfinder, Chaos API, assetfinder), live host discovery (dnsx, httpx), URL crawling (katana, waybackurls, gau), directory fuzzing…
Complete reference for 18 web2 bug classes with root causes, detection patterns, bypass tables, exploit techniques, and real paid examples.
AI-powered tools for Web3 bug bounty automation. Use when you want to automate recon, run autonomous audits, or use AI agents for vulnerability discovery.
Smart contract security audit — 10 DeFi bug classes (accounting desync, access control, incomplete path, off-by-one, oracle, ERC4626, reentrancy, flash loan, signature replay,…
Complete reference for all 10 DeFi smart contract bug classes. Use this when hunting for specific vulnerability types, need attack patterns for accounting desync, access control,…
Expert in building crypto-native communities - token holder communities, NFT communities, DAO governance, alpha groups, and navigating the unique dynamics of Web3 culture.
Master grep command arsenal for Web3 smart contract auditing. Use when starting a new protocol scan, before deep code review, or when hunting specific vulnerability classes.
ZKsync Era (Immunefi) completed hunt — 0 findings after exhaustive 5-session audit. Use as a DEFENSE STUDY — learn what makes a protocol unhuntable, which patterns block all 10…
Complete Foundry PoC writing guide + all cheatcodes + DeFiHackLabs reproduction patterns. Use this when building a proof of concept exploit, setting up a fork test, using Foundry…
Go-to-market strategy for web3 builders - protocols, products, services, and solo founders. Use when planning growth for a crypto protocol, building developer community, crafting…
Use when writing, reviewing, or deploying Solidity smart contracts — token contracts, signature-gated claim systems, merkle-gated staking vaults, allocation modules, role-based…
Master index for the web3 smart contract security knowledge base. Use this to navigate the skill chain. Read files in order — each ends with NEXT.
Bug triage validation system, Immunefi report format, and 20 real paid bounty examples dissected. Use this when validating a finding before submitting, writing an Immunefi report,…
Automated web application vulnerability scanner and exploit generator starting from domains or URLs. Tests for SQLi, XSS, SSRF, IDOR, SSTI, authentication bypass, file upload…
Web server vulnerability scanner for identifying security issues, misconfigurations, and outdated software versions.
Automated SQL injection detection and exploitation tool for web application security testing. Use when: (1) Testing web applications for SQL injection vulnerabilities in…
Web security assessment. USE WHEN web assessment, pentest, security testing, vulnerability scan. SkillSearch('webassessment') for docs.
Execute Webflow production deployment checklist — token security, rate limit hardening, health checks, circuit breakers, gradual rollout, and rollback procedures.
Apply Webflow API security best practices — token management, scope least privilege, OAuth 2.0 secret rotation, webhook signature verification, and audit logging.
Validates AWS readiness for website deployment. Checks CLI tools, credentials, SES, Route 53, and ACM. Produces a report with pass/fail and action items.
Read WeChat local data from SQLite databases. Supports listing contacts, chat sessions, searching messages, and viewing favorites.
Expert WeChat Mini Program developer specializing in 小程序 development with WXML/WXSS/WXS, WeChat API integration, payment systems, subscription messaging, and the full WeChat…
Use when conducting a formal Salesforce Well-Architected Framework (WAF) review of an org or solution design.
Ask WG Code Sentinel to review your code for security issues. Use when applying Project Glasswing code sentinel security patterns.
Detect antibot vendors on one or more URLs without opening a browser session. Use when the user asks what antibot, bot protection, WAF, captcha, or challenge provider a site uses,…
Genera Flow JSON válido y listo para usar en WhatsApp Business Platform. Úsalo siempre que el usuario pida crear, construir o escribir un WhatsApp Flow, un Flow JSON, un…
WhatsApp skill with a 3-rule security gate. Your agent speaks only when spoken to — in the right chat, by the right person.
Use when the user is facing, or about to face, a negotiation where the counterparty's first move is shock-and-awe — a maximalist demand, a public ultimatum, a surprise threat, or…
Code style and conventions audit with auto-fix capabilities for comprehensive style enforcement
Comprehensive security auditing across static analysis, dynamic testing, dependency vulnerabilities, secrets detection, and OWASP compliance
Advanced GitHub Actions workflow automation with AI swarm coordination, intelligent CI/CD pipelines, and comprehensive repository management.
Configure Claude Code sandbox security with file system and network isolation boundaries. Ensures safe code execution with proper access controls and resource limits.
Use when conducting comprehensive code review for pull requests across multiple quality dimensions. Orchestrates 12-15 specialized reviewer agents across 4 phases using star…
Configure Claude Code sandbox network isolation with trusted domains, custom access policies, and environment variables for secure network communication.
Complete WordPress white-labeling using FREE plugins only - ASE, Branda, White Label CMS, Admin Menu Editor.
Defensive security and mechanization fleet for the Port Daddy whitepapers (Bonded Commons, Anchor Protocol).
WhiteHat Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with WhiteHat Security data.
Database operations including querying, schema exploration, and data analysis. Activates for tasks involving PostgreSQL, MySQL, MariaDB, SQLite, MongoDB, Redis, Elasticsearch, or…
WHTOOLs CalculiX & Python FEA multi-physics simulation agent skill. Extends capabilities in geometry, meshing, solver assembling, and result processing with full SQLite/Vector RAG…
Diagnose and fix WiFi problems - slow speeds, dead zones, interference, connection drops, and security issues with step-by-step solutions.
Comprehensive guide for installing, configuring, operating, and troubleshooting OpenClaw — a self-hosted, multi-channel AI agent gateway.
When tackling a task that requires domain expertise beyond general coding ability — architecture patterns, framework-specific gotchas, deployment strategies, security…
Windows security boundary attacks — kernel/user boundary, sandbox escape, AppContainer/LPAC bypass, COM/RPC boundary, integrity levels, PPL exploitation
Run local AI services on Windows — port binding, firewall, WSL2 networking, and common pitfalls.
Provide systematic methodologies for discovering and exploiting privilege escalation vulnerabilities on Windows systems during penetration testing engagements.