Loading...
Loading...
Found 230 Skills
Local pentest sandbox for a full black-box engagement. Triggers on "kage", "pentest", "security audit on", "audit the security of". Runs recon, deep testing, exploit verification, and judging inside a per-engagement Kali Docker container. Each host working directory gets its own isolated sandbox. Produces `./results/<target>/audit-report.md`.
[Hyper] Use when working on TanStack Start projects and the task involves auth, sessions, cookies, CSRF, secrets, env exposure, server functions/routes, headers/CSP, webhooks, or security review/fixes. Triggers on protecting routes, hardening auth flows, preventing secret leaks, securing server boundaries, or reviewing HTTP/security behavior in a TanStack Start app.
Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and perform deep inspection of installed software, patches, configurations, and security sett
Run targeted linting, formatting, and code quality checks on modified files. Use this to validate code style, type safety, security, and other quality metrics before committing. Supports running all checks or targeting specific checks on specific files for efficient validation.
Android/Kotlin 코드를 리뷰하고 개선점을 제안합니다. 코드 리뷰, 안드로이드 리뷰, Kotlin 리뷰 요청 시 사용됩니다.
OWASP Top 10 security vulnerabilities and mitigations. Use when conducting security audits, implementing security controls, or reviewing code for common vulnerabilities.
OWASP Security Checklist
Analyze code quality, security, performance, and architecture. Use when user asks to analyze code, review codebase health, or identify issues.
Detect accidentally committed secrets, credentials, and sensitive information in code.
Run MobSF (Mobile Security Framework) for automated static and dynamic analysis of Android and iOS apps. Detects insecure storage, weak crypto, hardcoded secrets, and permission issues.
Software engineering best practices for code review. Use when reviewing code, analyzing code quality, checking for bugs, security vulnerabilities, or providing feedback on code changes.
Use when user asks to "deep review the code", "thorough code review", "multi-pass review", or when orchestrating the Phase 9 review loop. Provides review pass definitions (code quality, security, performance, test coverage), signal detection patterns, and iteration algorithms.