Loading...
Loading...
Found 2,247 Skills
WooYun business logic vulnerability methodology — 22,132 real cases across 6 domains (authentication bypass, authorization bypass, payment tampering, information disclosure, logic flaws, misconfiguration) and 33 vulnerability classes. It can be used for ANY security testing, auditing, or code review of web apps, APIs, or business systems, even without explicit "security" keywords. Triggers: penetration testing, security audit, vulnerability, bug bounty, payment security, IDOR, password reset, weak credentials, unauthorized access, race condition, parameter tampering, code review, penetration testing, security audit, vulnerability mining, payment security, privilege escalation, logic vulnerability, business security, SRC, code audit. It also triggers on implicit intent: "test this endpoint", "find bugs", "can I bypass this", "help me test this interface", "can this parameter be modified", "help me find bugs".
Cross-cutting infrastructure security audit skill that checks cloud infrastructure, DNS, TLS, endpoints, access control, network security, containers, CI/CD pipelines, secrets management, logging, and physical security against ALL major compliance frameworks. Use for infrastructure audit, cloud security audit, infrastructure compliance, DNS security audit, TLS audit, endpoint security, access control audit, network security assessment, infrastructure security, cloud compliance, Vanta alternative, compliance automation, security posture assessment, hardware security keys, YubiKey compliance.
This skill should be used when the user asks to "build a Capacitor app", "add Capacitor to a web project", "use Capacitor plugins", "configure Capacitor for iOS or Android", or needs guidance on Capacitor best practices, security, storage, deep links, or the development workflow.
Write secure-by-default Node.js and TypeScript applications following security best practices. Use when: (1) Writing new Node.js/TypeScript code, (2) Creating API endpoints or middleware, (3) Handling user input or form data, (4) Implementing authentication or authorization, (5) Working with secrets or environment variables, (6) Setting up project configurations (tsconfig, eslint), (7) User mentions security concerns, (8) Reviewing code for vulnerabilities, (9) Working with file paths or child processes, (10) Setting up HTTP headers or CORS.
Use for searching CertiK Skynet project scores, looking up blockchain project security ratings, comparing score breakdowns, and integrating the public Skynet project search endpoint. Trigger when the user asks for a project score, tier, score factors, updated time, or how to query Skynet scores by keyword.
Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated and manual testing techniques.
Master smart contract security best practices, vulnerability prevention, and secure Solidity development patterns.
Explicit anti-rationalization enforcement for maximum-rigor task execution. Loads all anti-rationalization patterns, gate enforcement, and pressure resistance as a composable modifier on any task. Use when executing critical production changes, security-sensitive code, complex multi-file refactors, or any task where shortcuts could cause harm. Use for "with rigor", "carefully", "maximum verification", or "no shortcuts". Do NOT use for trivial lookups, documentation-only edits, or simple typo fixes where full gate enforcement would be disproportionate overhead.
4-phase code review methodology: UNDERSTAND changes, VERIFY claims against code, ASSESS security/performance/architecture risks, DOCUMENT findings with severity classification. Use when reviewing pull requests, auditing code before release, evaluating external contributions, or pre-merge verification. Use for "review PR", "code review", "audit code", "check this PR", or "review my changes". Do NOT use for writing new code or implementing features.
Expert knowledge for Azure Lab Services development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when configuring lab plans, VM templates/schedules, VNet-integrated labs, GPU/nested virtualization, or Canvas/Teams integration, and other Azure Lab Services related development tasks. Not for Azure DevTest Labs (use azure-devtest-labs), Azure Virtual Machines (use azure-virtual-machines), Azure Virtual Desktop (use azure-virtual-desktop).
Use when you need to design, review, or improve REST APIs with Spring Boot — including HTTP methods, resource URIs, status codes, DTOs, versioning, deprecation and sunset headers, content negotiation (JSON and vendor media types), ISO-8601 instants in DTOs, pagination/sorting/filtering, Bean Validation at the boundary, idempotency, ETag concurrency, HTTP caching, error handling, security, API documentation, controller advice, and problem details for errors. Part of the skills-for-java project
Systematic retrieval expert covering all areas of Chinese law. ## Core Features - Supports user identity recognition (ordinary person/law student/lawyer/judge/prosecutor) - Provides differentiated services based on different identities - Complete legal source retrieval (laws/administrative regulations/judicial interpretations/guiding cases/typical cases) - Original legal article citation and cross-reference sorting ## Core Trigger Conditions (Trigger if any is met) **High Priority (Must Trigger)**: - Explicit request to find legal articles/regulations/judicial interpretations/regulatory documents - Request to determine legality/illegality ("Is it illegal?""Is it legal?""Am I liable?") - Request to find compensation standards/compensation amounts/liability determination/procedural requirements - Asking "Based on which law?""What does the law stipulate?""What is the legal basis?" **Medium Priority (Trigger based on context)**: - "What to do?""How to defend rights?""Can I sue?" - "What procedures are needed?""What conditions are required?" - "What else can I claim?""Where can I file a complaint?" ## Application Scenarios - Labor disputes: illegal termination, economic compensation, work-related injuries, social security, job transfer, etc. - Contract disputes: deposit, liquidated damages, breach of contract liability, sales contracts, etc. - Tort liability: traffic accidents, personal injury, medical accidents, environmental pollution, etc. - Marriage and family: divorce property, child custody, estate inheritance, etc. - Administrative/criminal/corporate finance, etc. ## Non-Triggering Scenarios - Only asking about legal concepts/terminology explanations (not retrieval-related) - Only requesting lawyer/legal service recommendations - Only discussing legal news/case stories (not involving specific regulations) - Only asking about legal examination/study questions **Note**: Even if the user does not explicitly request a "retrieval report", this skill will be triggered as long as the issue involves searching, organizing, interpreting, or applying legal norms.