Complete reference for 18 web2 bug classes with root causes, detection patterns, bypass tables, exploit techniques, and real paid examples.
Automated web application vulnerability scanner and exploit generator starting from domains or URLs. Tests for SQLi, XSS, SSRF, IDOR, SSTI, authentication bypass, file upload…
Web server vulnerability scanner for identifying security issues, misconfigurations, and outdated software versions.
Automated SQL injection detection and exploitation tool for web application security testing. Use when: (1) Testing web applications for SQL injection vulnerabilities in…
CLI para organizar PDFs y libros con metadata generada por IA, búsqueda full-text (SQLite FTS5) y backups a iCloud o S3.
使用 xray 进行 Web 漏洞自动化扫描。当需要对 Web 应用进行全面漏洞扫描(XSS/SQLi/命令注入/SSRF/XXE/路径穿越/文件上传/弱口令等)时使用。xray 是长亭科技出品的综合性 Web 安全评估工具,支持主动扫描、被动代理扫描、基础爬虫扫描三种模式,内置丰富的检测插件和社区 POC。任何涉及 xray 漏洞扫描、Web…
Use when writing or reviewing Visualforce pages, Apex controllers, or LWC components that output user-supplied data, build dynamic queries, or construct HTTP responses.
Execute comprehensive client-side injection vulnerability assessments on web applications to identify XSS and HTML injection flaws, demonstrate exploitation techniques for session…
Prévenir les attaques XSS. Utiliser quand on affiche du contenu dynamique ou sanitize des entrées utilisateur.
Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater tools during authorized security assessments.
Xss Vulnerability Scanner - Auto-activating skill for Security Fundamentals. Triggers on: xss vulnerability scanner, xss vulnerability scanner Part of the Security Fundamentals…
Orchestrates OWASP ZAP security scans via the ZAP API with automated spider, active scanner, and authentication sequence configuration.
How to identify and test for account takeover vulnerabilities in web applications. Use this skill whenever the user mentions account takeover, authentication bypass, password…
Three-file state management for session continuity. Maintains STATE.md, DECISIONS.md, and PROGRESS.md as human-readable session context alongside the SQLite ticket database.
SQLite-based ticket tracking for structured development workflows. Use this skill when the user asks to initialize a ticket database, import requirements, list tickets, get the…
Check any AI agent codebase against the OWASP Agentic Security Initiative (ASI) Top 10 risks. Use this skill when: - Evaluating an agent system's security posture before…
Use this skill when securing web applications, preventing OWASP Top 10 vulnerabilities, implementing input validation, or designing authentication.
This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with…
This skill should be used when working on security aspects of a Chrome extension or when the user asks about Chrome extension security best practices.
Build agent-facing web experiences with ATXP-based authentication, following the ClawDirect pattern. Use this skill when building websites that AI agents interact with via MCP…
Connects an existing AWS Lambda function to Amazon API Gateway by creating a REST or HTTP API with resource/method setup, Lambda proxy integration, permissions, and deployment.
Use this skill when the user says 'CSP', 'Content-Security-Policy', 'security headers', 'HSTS', 'X-Frame-Options', 'clickjacking', 'unsafe-inline', 'unsafe-eval', or needs to…
This skill automates database backups using the database-backup-automator plugin. It creates scripts for scheduled backups, compression, encryption, and restore procedures across…
This skill should be used when deploying Fastify to production, configuring Fastify security headers, setting up reverse proxy with Fastify, implementing graceful shutdown,…
This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or…
This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD
iOS data persistence expert skill covering SwiftData (@Model, ModelContainer, @Query, #Predicate, migrations, CloudKit), Core Data (NSPersistentContainer, NSFetchRequest, batch…
Skill: Leiloeiros das Juntas Comerciais do Brasil workflow skill. Use this skill when the user needs Coleta e consulta dados de leiloeiros oficiais de todas as 27 Juntas…
libSQL is an open-source, open-contribution fork of SQLite by Turso that adds embedded replicas, server mode, and WebAssembly UDFs.
This skill should be used when working on security aspects of a Next.js application or when the user asks about Next.js security best practices.
This skill uses the owasp-compliance-checker plugin to automatically identify potential security vulnerabilities based on the OWASP Top 10 (2021) list.
Use this skill when the user says 'OWASP audit', 'OWASP top 10', 'security audit', 'vulnerability assessment', 'full security check', or needs a comprehensive web application…
Command-line task management tool for AI coding agents and humans. Provides local SQLite-based task boards for tracking work items, checklists, and comments without requiring an…
This skill should be used when the user is securing a React application, asking about "XSS in React", "dangerouslySetInnerHTML security", "Server Actions security", "React data…
This skill enables Claude to conduct a security-focused code review using the security-agent plugin. It analyzes code for potential vulnerabilities like SQL injection, XSS,…
Establish a security baseline for a website or web app. Use this skill when configuring HTTPS and TLS, setting security headers, planning secrets management, evaluating CSP…
This skill automates security vulnerability testing. It is triggered when the user requests security assessments, penetration tests, or vulnerability scans.
SQL Server and Azure SQL best practices for developers and DBAs. Use this skill whenever the user asks about T-SQL, stored procedures, query performance, indexes, schema design,…
This skill should be used when implementing security for Stripe webhook endpoints, handling "webhook rate limiting", "Stripe secret management", "webhook abuse prevention", "log…
This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about…
This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about…
Use this skill when adding or evolving Myco's SQLite vault database schema and its Cloudflare D1 cloud counterpart — even if the user doesn't explicitly ask for "schema work."…
Use this skill whenever you need to add, modify, or remove tables, columns, or indexes in the Myco vault SQLite schema — even if the user just asks to "add a column" or "create a…
Scrape daily job listings from YCombinator's Workatastartup platform without duplicates. Use this skill when asked to scrape YC jobs, update the YC companies list, or retrieve the…
Security audit, hardening, threat modeling (STRIDE/PASTA), Red/Blue Team, OWASP checks, code review, incident response, and infrastructure security for any project.
Security audit, hardening, threat modeling (STRIDE/PASTA), Red/Blue Team, OWASP checks, code review, incident response, and infrastructure security for any project.
OWASP Top 10, secure code review, SAST/DAST gating.
Security audit of changes; enforce defense in depth and OWASP best practices
OWASP Top 10 vulnerability scanning and remediation
Revisa código contra as 10 falhas mais comuns antes de merge
NoSQL Injection detection for MongoDB, Redis, CouchDB, and Elasticsearch
Sempre considera vetores OWASP top-10 ao escrever/revisar código
OWASP Top 10, authentication, and secure coding practices
Especialista em segurança OWASP, LGPD e threat modeling para sistemas modernos.
TeyvatGuide 项目 SKILL。处理 Vue+Tauri+TypeScript 项目开发,包括组件开发、API 集成、SQLite 操作或代码规范。
Web application security scanner with proxy and active/passive scanning
Kuroco API設計・実装およびコンテンツ管理(CRUD操作)のベストプラクティス。使用キーワード:「Kuroco…
Execute this skill enables AI assistant to automatically scan for xss
Inspect and reset Hekate SQLite and Redis runtime state