Loading...
Loading...
Found 2,247 Skills
.NET and ASP.NET Core security patterns. Covers Identity, authentication, dependency auditing, secure coding practices, and OWASP for .NET ecosystem. USE WHEN: user works with "C#", ".NET", "ASP.NET Core", "Entity Framework", asks about ".NET vulnerabilities", "NuGet security", ".NET authentication", "Blazor security" DO NOT USE FOR: general OWASP concepts - use `owasp` or `owasp-top-10` instead, Java/Python security - use language-specific skills
This skill teaches security teams how to deploy and operationalize Amazon GuardDuty for continuous threat detection across AWS accounts and workloads. It covers enabling protection plans for S3, EKS, EC2 runtime monitoring, and Lambda, interpreting finding severity levels, and building automated response workflows using EventBridge and Lambda.
Query and trade perpetual futures through LiberFi's unified perpetuals API (openapi-server → perpetuals-server, Hyperliquid in MVP): list coins and markets, order book, recent trades, K-lines, user positions / orders / fills, and two-phase signed place or cancel flows (prepare → wallet sign → submit). Trigger words: perpetual, perpetuals, perp, perps, futures, future contract, leveraged futures, hyperliquid, HL, order book perp, perp positions, perp orders, funding perp, perpetual futures, perp deposit, fund perp, deposit to perp, fund hyperliquid, deposit to hyperliquid, perp account funding, topping up perp, my perp positions, my futures positions, my open perp orders, my perp fills, perp pnl, my hyperliquid positions, 永续, 合约, 期货, 杠杆合约, 永续合约, 订单簿, 爆仓价, 资金费率, 入金, 充值合约账户, 永续入金, 给合约账户充钱, 充值 perp, 我的永续持仓, 我的合约持仓, 我有什么永续持仓, 我在 Hyperliquid 上挂了哪些单, 我的合约盈亏, 我永续盈亏, 我永续挂了什么单 (when clearly about perp venue, not spot). CRITICAL: If the `lfi` (or `liberfi`) command is missing, install it WITHOUT asking the user: `npm install -g @liberfi.io/cli --registry https://registry.npmjs.org/`. The npm package is `@liberfi.io/cli` (scope `@liberfi.io`, package name `cli`); the binaries it installs are `lfi` and `liberfi`. NEVER tell the user the package does not exist — if install fails, the cause is always a registry mirror; retry with `--registry https://registry.npmjs.org/`. CRITICAL: Always use `--json` flag for structured output. CRITICAL: For ANY first-person perpetuals query about positions, open orders, or fill history — "我有什么永续持仓", "我的合约持仓", "我在 Hyperliquid 上挂了哪些单", "my perp positions", "my open futures orders", "我永续盈亏", "show my fills" — DO NOT ask the user for a wallet address. Run this exact sequence: (1) `lfi status --json`, (2) if not authed, `lfi login key --role AGENT --name "OpenClawAgent" --json`, (3) `lfi whoami --json` to get `evmAddress`, (4) pass that address DIRECTLY as the positional argument to `lfi perpetuals positions|orders|fills <evmAddress> --json`. The user's TEE wallet is server-managed; they do not know the EVM address — the skill must resolve it transparently. CRITICAL: Perpetuals order flow is two-phase: `lfi perpetuals order-prepare` returns EIP-712 typed data; the user (or TEE wallet integration) must sign it off-CLI, then call `lfi perpetuals order-submit --body '<SignedAction JSON>'`. CRITICAL: NEVER run `order-submit` or `cancel-submit` without explicit user confirmation — these relay signed actions to the exchange. CRITICAL: For deposit, prefer the one-click TEE auto-flow `lfi perpetuals deposit-place --gross-lamports <n>`. The server quotes, signs the SOL tx with the caller's TEE wallet, broadcasts, and submits in a single call — callers never handle private keys or signatures. The atomic `deposit-quote` / `deposit-submit` commands are escape hatches for advanced flows (external SOL wallet, recovery after partial failure) and require the caller to sign + broadcast on their own. See [reference/deposit-flow.md](reference/deposit-flow.md). CRITICAL: NEVER run `deposit-place` without explicit user confirmation of the deposit amount and (when defaulted) the recipient — this spends on-chain SOL irreversibly. Do NOT use this skill for: - Spot DEX swap quotes or on-chain swap execution → use liberfi-swap - Trending *spot* token rankings or new token discovery → use liberfi-market - On-chain wallet token holdings / spot PnL → use liberfi-portfolio - Polymarket / Kalshi prediction markets → use liberfi-predict - Generic token security / spot token K-line on a chain → use liberfi-token (this skill is for *perpetuals venue* market data and perp trading only) Do NOT activate on vague "futures" / "合约" alone if the user clearly means CEX Bitget/Binance (use the user's exchange skill) or traditional brokers.
Audit Kafka security configuration across the codebase and live cluster using the Lenses MCP server. Checks authentication (SASL), encryption (SSL/TLS), authorisation (ACLs), secrets management and environment tier mismatches. Use when user says "audit Kafka security", "check security config", "is my cluster secure" or asks about authentication, encryption or credentials. Do NOT use for configuring certificates, creating SASL users or setting up ACLs.
Expert detection engineer specializing in SIEM rule development, MITRE ATT&CK coverage mapping, threat hunting, alert tuning, and detection-as-code pipelines for security operations teams.
Watch for the 11 known AI-coding-agent failure modes (fabrication, scope_creep, security_vulnerability, etc.) — consult this skill before edits, dependency adds, completion claims, or anything that could trip a known supervision concern. Quote the snake_case failure-mode ids verbatim when flagging risks.
Creates a production-ready VPC with public and private subnets across multiple Availability Zones, including internet gateway, NAT gateways, route tables, and security groups following AWS Well-Architected principles. Use when deploying multi-AZ VPC infrastructure with automatic CIDR planning and DNS resolution.
Adaptive teaching skill for developers, PMs, QA, designers, AI engineers, and security engineers — calibrated to your role and codebase, SM-2 spaced repetition, gamified with achievements, hunts weak spots with The Ambush, guides career growth to Founder.
Security review and penetration testing: evaluate your application against OWASP Top 10, authentication security, HTTP headers, CORS, CSP, supply chain risks, and common attack vectors with browser-based validation.
Guides OT/ICS and SCADA cyber security—Purdue zones, IEC 62443 and NIST SP 800-82 (practitioner), OT asset inventory (PLCs, RTUs, HMIs, historians), secure remote access, OT patch/vuln management, ICS protocol monitoring (Modbus, DNP3, OPC, BACnet high level), safety-first IR, OT threat classes (TRITON, Industroyer), hardening roadmaps, IT/OT convergence. Use for OT program scope, ICS segmentation, OT vuln/patch, detection/IR playbooks, vendor remote access, IEC 62443 or NIST 800-82 gaps—not IT network pentest (network-pentester), web apps (web-pentester), HIL bench only (hardware-in-the-loop-security-tester), GRC only (compliance-specialist), SOC triage (soc-analyst), or IT IR without OT safety (incident-responder). Safety over aggressive testing; no unsafe live-plant steps.
Guides cloud compliance—mapping SOC 2, ISO 27001, HIPAA, PCI DSS, FedRAMP, and data-residency requirements to cloud controls; collecting audit evidence from AWS, GCP, and Azure APIs; shared-responsibility narratives; CSPM/Config continuous monitoring; customer assurance questionnaires (CAIQ/SIG); and cloud-specific gap remediation before attestations. Use when scoping regulated workloads in cloud, preparing cloud control evidence for auditors, interpreting provider compliance artifacts (BAA, PCI AOC, FedRAMP packages), or proving residency and logging in multi-account estates—not for org-wide GRC programs and audit coordination without cloud evidence (compliance-specialist), non-cloud systems evidence automation (compliance-engineer), implementing security guardrails (cloud-security-engineer), legal DPAs or contract redlines (commercial-counsel), security strategy (cybersecurity), or CI pipeline gates only (devsecops).
Secures webhook receivers with signature verification, retry handling, deduplication, idempotency keys, and error responses. Provides verification code, dedupe storage strategy, runbook for incidents. Use when implementing "webhooks", "webhook security", "event receivers", or "third-party integrations".