Loading...
Loading...
Found 18 Skills
Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates, and unauthorized certificate issuance targeting your organization.
Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify spoofing through SPF, DKIM, and DMARC validation.
Use this skill when the user asks to scan a transaction, check transaction safety, is this transaction safe, pre-execution check, security scan, tx risk check, check if this approve is safe, scan this swap tx, is this token safe, check token security, honeypot check, is this URL a scam, check if this dapp is safe, phishing site check, is this signature safe, check this signing request, check my approvals, show risky approvals, revoke approval, token authorization, ERC20 allowance, Permit2, or mentions transaction security scanning, token risk scanning, DApp/URL phishing detection, message signature safety, pre-execution risk analysis, malicious transaction detection, approval safety checks, or token approval management. Covers token-scan (batch token risk detection), dapp-scan (URL/domain phishing detection), tx-scan (EVM + Solana transaction pre-execution), sig-scan (EIP-712/personal_sign message scanning), and approvals (ERC-20 allowance and Permit2 authorization queries). Chinese: 安全扫描, 代币安全, 蜜罐检测, 貔貅盘, 钓鱼网站, 交易安全, 签名安全, 代币风险, 授权管理, 授权查询, 风险授权, 代币授权. Do NOT use for wallet balance, send, or history — use okx-agentic-wallet. Do NOT use for general programming questions about security.
Teaches AI agents to recognize and avoid security threats during normal activity. Covers phishing detection, credential protection, domain verification, and social engineering defense. Use when building agents that access email, credential vaults, web browsers, or sensitive data.
Email header injection and spoofing playbook. Use when testing contact forms, email APIs, password reset flows, or any feature that constructs SMTP messages with user-controlled fields. Covers CRLF injection in headers, SPF/DKIM/DMARC bypass, and phishing amplification.
When the user faces brand impersonation, fake websites, phishing sites, or trademark infringement. Also use when the user mentions "fake site," "impersonation," "phishing site," "trademark infringement," "domain squatting," or "brand abuse."
Analyze email messages and mailbox data for forensic investigation. Use when investigating phishing attacks, business email compromise, insider threats, or any scenario requiring email evidence analysis. Supports PST, OST, MBOX, EML, and MSG formats.
Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for enterprise mail abuse, OAuth consent, inbox or forwarding rules, transport rules, shared mailbox access, phishing chains, and token-to-mailbox side effects. Use when the user asks to trace mailbox rules, OAuth consent grants, forwarding or delegate abuse, shared mailbox access, message-trace evidence, or explain how mail artifacts turn into persistence, exfiltration, or privilege. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here.
Queries Certificate Transparency logs via crt.sh and pycrtsh to detect phishing domains, unauthorized certificate issuance, and shadow IT. Monitors newly issued certificates for typosquatting and brand impersonation using Levenshtein distance. Use for proactive phishing domain detection and certificate monitoring.
Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters, bypass techniques, and exploitation chains for phishing and token theft.
Secure Solana frontends against phishing, bad prompts, and unsafe signing requests. Use for audits of wallet UX and dApp sites.
Guides Solana-specific on-chain forensics—ATA resolution, SPL instruction parsing, transaction history via RPC and indexers (e.g. Helius-style APIs), fund-flow graphs, Solana clustering heuristics, and program authority review. Use when the user investigates Solana wallets, SPL tokens, DEX/Jito flows, rug or phishing patterns on Solana, or needs evidence-structured tracing reports with public data only.