Loading...
Loading...
Found 2,968 Skills
Design and manage reference data systems — security master, client master, account master, identifier mapping, pricing data, and governance. Use when building or evaluating a security master database, mapping identifiers across systems (CUSIP to ISIN, SEDOL to FIGI), designing client master models for onboarding or KYC, defining account master attributes across custodians, implementing pricing validation with vendor hierarchy, establishing reference data governance and stewardship, handling identifier changes from corporate actions, or troubleshooting data quality issues traced to stale prices or missing identifiers. Trigger on: security master, CUSIP, ISIN, SEDOL, FIGI, client master, account master, pricing data, reference data, golden source, MDM, master data, identifier mapping, data governance, pricing validation.
Points to the coral-xyz sealevel-attacks repository—minimal Anchor programs demonstrating common Solana (Sealevel) exploit patterns and recommended mitigations. Use when auditing or learning Solana program security, pairing with solana-defi-vulnerability-analyst-agent—not for deploying attacks against live systems or evading law.
Use when researching, compiling, or assessing best practices for any AWS service, building HA/DR/security checklists from official AWS documentation, or checking whether live AWS resources follow official recommendations. Requires aws-knowledge-mcp-server. Triggers on "best practices", "compile checklist", "summarize HA/DR best practices", "what are the best practices for", "find all best practices", "check my cluster", "audit my redis", "assess my redis", "assessment", "是否符合最佳实践", "检查现有资源", "查找最佳实践", "编译检查清单", "总结最佳实践", "帮我查找", "汇总成表", "帮我检查", "审计一下", "评估一下".
Local pentest sandbox for a full black-box engagement. Triggers on "kage", "pentest", "security audit on", "audit the security of". Runs recon, deep testing, exploit verification, and judging inside a per-engagement Kali Docker container. Each host working directory gets its own isolated sandbox. Produces `./results/<target>/audit-report.md`.
Generate penetration testing reports in standard format, including project information sheet, vulnerability discovery list, detailed vulnerability information (including attribute sheet, description, reproduction steps, evidence screenshots, remediation suggestions), and appendices (risk level definition, CVSS explanation, glossary). Use this skill when users request to generate penetration testing reports, security testing reports, or vulnerability reports. Strictly follow the standard format in the project template directory.
Test API behavior, contracts, security edges, and performance. USE when validating endpoints, integrations, error handling, or release readiness for APIs.
Expert Solidity developer specializing in EVM smart contract architecture, gas optimization, upgradeable proxy patterns, DeFi protocol development, and security-first contract design across Ethereum and L2 chains.
Enables a multi-region AWS CloudTrail trail with S3 log storage, CloudWatch Logs integration, and CloudWatch Logs Insights queries for security monitoring and compliance auditing. Use when setting up centralized API activity logging across all AWS regions.
Protocol and DeFi risk evaluation covering hack history, oracle dependencies, treasury health, TVL concentration, and yield sustainability. Use when the user asks "is X safe", "how risky is", protocol security, risk analysis, or wants to evaluate risk before investing or depositing funds.
Guides cybersecurity isolation controls using MITRE D3FEND—access mediation, content filtering, execution isolation, and network segmentation. Covers access policies, permissions, content validation, process isolation, allowlisting, and traffic filtering. Use when segmenting networks, restricting access, filtering content, or isolating execution—not for detection (d3fend-detect), hardening (d3fend-harden), or deception (d3fend-deceive).
Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.
Security scanning via clearwing — source code vulnerability hunting and network pentesting.