Loading...
Loading...
Found 2,247 Skills
Guides digital forensics for security incidents—evidence acquisition and chain of custody, disk/memory/mobile/cloud artifact analysis, log and network forensics, timeline correlation, malware artifact triage, and investigation reports for legal/IR and expert-witness preparation outlines (not legal advice). Use when preserving and analyzing forensic artifacts, building super-timelines, documenting acquisition worksheets, triaging malware samples, or preparing forensic findings for counsel—not live incident command (incident-responder), SOC alert queue triage (soc-analyst), authorized penetration testing (penetration-tester), deep binary RE (reverse-engineer), LLM red team (ai-redteam), enterprise ISMS programs (information-security-engineer), audit control mapping (compliance-engineer), or cloud guardrail implementation (cloud-security-engineer).
Explains how to run NemoClaw on a remote GPU instance, including the deprecated Brev compatibility path and the preferred installer plus onboard flow. Use when deploying NemoClaw to a remote VM, onboarding a Brev instance, or migrating away from the legacy `nemoclaw deploy` wrapper. Trigger keywords - deploy nemoclaw remote gpu, nemoclaw brev cloud deployment, nemoclaw plugins, openclaw plugins, install openclaw plugin, nemoclaw onboard from dockerfile, nemoclaw brev web ui, nemoclaw getting started, brev quickstart, nvidia nemotron agent, nemoclaw sandbox hardening, container security, docker capabilities, process limits.
Identify and analyze potentially malicious software distribution repositories disguised as legitimate security software
Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model. Use when the user asks to threat model a codebase or path, enumerate threats or abuse paths, or perform AppSec threat modeling. Do NOT use for general architecture summaries, code review, security best practices (use security-best-practices), or non-security design work.
Analyze and understand Minecraft client modification security risks and malicious patterns
Manage Harness Artifact Registry (AR) via MCP. Configure private registries for Docker, Helm, Maven, npm, and PyPI artifacts, set up upstream proxies for caching public images, configure RBAC and cross-region replication, and define security scanning policies with CVE thresholds and license compliance checks. Use when asked to set up an artifact registry, configure Docker or Helm repositories, manage artifact security scanning, or set up replication. Do NOT use for creating connectors to external registries (use create-connector instead). Trigger phrases: artifact registry, docker registry, helm repository, artifact security, image scanning, private registry, artifact replication, CVE threshold, license compliance, SBOM.
Create OPA governance policies for Harness via MCP. Define policies that enforce compliance rules on pipelines, services, environments, feature flags, artifacts, code repositories, templates, SBOM, security tests, Terraform, GitOps, connectors, secrets, and more. Use when asked to create, write, fix, or explain an OPA policy, Rego rule, deny rule, governance policy, compliance rule, or policy-as-code for any Harness entity. Trigger phrases: create policy, OPA policy, governance policy, compliance rule, rego policy, deny rule, enforce policy, security policy, supply chain governance.
Especialista em dados e infraestrutura de banco de dados no SynkOS. Use esta skill quando o usuário pedir para auditar um schema de banco de dados, criar ou revisar políticas de RLS (Row-Level Security), modelar dados para um novo domínio, planejar ou validar migrações, otimizar queries e índices, ou fazer perguntas como "o schema está correto?", "preciso de uma migration para X", "crie o modelo de dados para Y", "como configurar RLS nessa tabela?", "quais índices estão faltando?". Ative também para revisão de segurança de acesso a dados, normalização de esquemas existentes, e documentação de relacionamentos entre entidades.
Guideline for designing, implementing, and verifying secure Python applications following OWASP Top 10 best practices. Use when the user wants to: (1) review Python code for security vulnerabilities, (2) design a secure Python application architecture, (3) implement security features (authentication, authorization, cryptography, input validation), (4) audit Python dependencies for known vulnerabilities, (5) create security checklists or verification plans, (6) fix security bugs or harden existing Python code, (7) set up security testing and static analysis (bandit, safety, semgrep), or (8) handle any Python security concern including injection prevention, secure deserialization, SSRF protection, secrets management, and secure deployment.
Server-authoritative networking, RemoteEvent validation, rate limiting, exploit prevention, security hardening.
Vendor-neutral skill to track security exception expirations and generate remediation reminders.
Delegate menial, well-scoped coding tasks to a cheap Qwen-backed subagent via the `claude-9arm` command instead of burning Claude tokens/quota. Use when the work is mechanical and low-risk — bulk renames, formatting, boilerplate, find-replace, grep-style search & summarization, reading/condensing logs or files, test/docstring/comment scaffolding, or running builds/linters/tests and reporting pass-fail. Also use when the user says "use qwen", "delegate this", "send it to 9arm/qwen", or "do this cheaply". Do NOT use for architecture, design, debugging judgment, security-sensitive edits, or anything needing this conversation's context.