Loading...
Loading...
Found 3,729 Skills
Pinia v3 Vue state management with defineStore, getters, actions. Use for Vue 3 stores, Nuxt SSR, Vuex migration, or encountering store composition, hydration, testing errors.
Cross-site scripting (XSS) vulnerability detection and exploitation. Supports reflected XSS, stored XSS, DOM-based XSS, and blind XSS testing. Use this skill when user mentions XSS, cross-site scripting, script injection, or needs to test JavaScript injection in parameters, forms, headers, or DOM sources.
Create custom QA agent personalities for project-specific testing needs. Guided builder that asks about the specialty, tools, and test scenarios, then generates a personality file and registers it in the QA config. Trigger on "create a QA personality", "add a custom test agent", "build a webhook tester", or when the user needs a project-specific QA agent. Also triggered by /qa-create-personality.
Set up Syncfusion Blazor components — project creation, NuGet packages, service registration, script loading, bUnit testing, and localization & globalization configuration
Testing web applications for Cross-Site Request Forgery vulnerabilities by crafting forged requests that exploit authenticated user sessions during authorized security assessments.
This skill should be used when the user asks to "test on iOS simulator", "run app on iPhone", "take iOS screenshot", "tap button in simulator", "automate iOS UI", "install app on simulator", "boot simulator", or when working with iOS apps, Xcode, Simulator, simctl, idb, UI automation, or iOS testing. It automates iOS Simulator workflows including device lifecycle (create/boot/erase), app management (install/launch), push notifications, privacy grants, screenshots, and accessibility-based UI navigation.
Guides microservice design and delivery—bounded contexts, service boundaries, REST/gRPC/event APIs, sync vs async tradeoffs, resilience (timeouts, retries, circuit breakers, bulkheads), per-service data ownership, saga and outbox patterns, twelve-factor containers, observability (logs, metrics, trace propagation), API versioning at gateways/meshes, and contract testing. Use for microservices developer, service boundary, bounded context, gRPC between services, circuit breaker, saga pattern, outbox pattern, twelve-factor, contract testing microservices, service decomposition, or event-driven microservice—not K8s platform ops (platform-engineer, site-reliability-engineer), enterprise iPaaS (enterprise-integration-api-developer), monolith-first apps (senior-software-engineer), or classified pipelines (classified-software-devsecops-engineer).
Guides the agent through creating and maintaining Capacitor plugins from scratch. Covers scaffolding a new plugin project, designing the TypeScript API, implementing native iOS (Swift) and Android (Java/Kotlin) bridges, implementing the web layer, defining TypeScript type definitions, plugin configuration values, plugin hooks, development workflow with local testing, documentation generation, and publishing to npm. Do not use for installing existing plugins into an app, upgrading existing plugins to newer Capacitor versions, adding SPM support to plugins, or non-Capacitor plugin frameworks.
Automate and control Firefox browser through MCP using WebDriver BiDi for AI-assisted web testing, scraping, and interaction
Guardian is an AI-powered penetration testing automation CLI that leverages multiple AI providers (OpenAI, Claude, Gemini) and 19+ security tools to orchestrate intelligent, step-by-step penetration testing workflows with comprehensive evidence capture.
Guardrails for adding unit tests in bklit-ui without over-testing. Use when the user mentions unit test, unit tests, tests, test coverage, add tests, write tests, vitest, jest, or asks whether something should be tested.
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports. 中文触发词:漏洞赏金、安全测试、渗透测试、漏洞挖掘、信息收集、子域名枚举、XSS测试、SQL注入、SSRF、安全审计、漏洞报告