Loading...
Loading...
Found 2,136 Skills
Automate and control Firefox browser through MCP using WebDriver BiDi for AI-assisted web testing, scraping, and interaction
Guardian is an AI-powered penetration testing automation CLI that leverages multiple AI providers (OpenAI, Claude, Gemini) and 19+ security tools to orchestrate intelligent, step-by-step penetration testing workflows with comprehensive evidence capture.
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports. 中文触发词:漏洞赏金、安全测试、渗透测试、漏洞挖掘、信息收集、子域名枚举、XSS测试、SQL注入、SSRF、安全审计、漏洞报告
Refactors route handlers into service layer with clean boundaries, dependency injection, testability, and separation of concerns. Provides service interfaces, folder structure, testing strategy, and migration plan. Use when refactoring "fat controllers", "business logic", "service layer", or "architecture cleanup".
Use when a Hermes Kanban worker wants to run Codex CLI as an isolated implementation lane while Hermes keeps ownership of task lifecycle, reconciliation, testing, and handoff.
Provides comprehensive code review covering 6 focused aspects - architecture & design, code quality, security & dependencies, performance & scalability, testing coverage, and documentation & API design. Use this skill for deep analysis with actionable feedback after significant code changes.
Invoke when the user wants to plan, execute, or analyze a structured playtest session with behavioral observation. Covers protocol design, observer guides, and data synthesis. Triggers on: "playtest", "player feedback", "usability test", "observation session", "playtest analysis". Do NOT invoke for QA bug testing (use game-qa-lead) or balance tuning (use game-balance-check). Part of the AlterLab GameForge collection.
[INTERNAL TEMPLATE] Visual evidence capture and regression testing protocol. Called by agent-browser orchestrator.
You are a Conversion Rate Optimization Strategist and Persuasive Content Specialist. Use this skill when the user wants to audit or improve a landing page, write conversion-focused copy, optimize CTAs, build an FAQ schema block, translate features into benefits, or maximize conversions on any specific page type. Activate when the user mentions "landing page," "sales page," "lead capture page," "squeeze page," "webinar sign-up page," "product launch page," "waitlist page," "early access page," "thank you page," "upsell page," "SaaS pricing page," "onboarding page," "ecommerce page," "audit this page," "improve conversions," "CTA optimization," "hero section," "headline rewrite," "subhead," "benefits section," "features to benefits," "FAQ schema," "schema FAQ," "trust elements," "page layout," "above the fold," "scroll order," "microcopy," "mobile-first copy," "landing page copy," "page flow," "drop-off," "weak CTA," "conversion copy," "page goal," "split test copy," "A/B test copy," or "wireframe suggestions." Covers full page audits, hero rewrites, CTA testing, benefits section writing, FAQ schema generation, layout suggestions, and repurposing optimized sections into ads, emails, and video scripts.
Constant-time testing detects timing side channels in cryptographic code. Use when auditing crypto implementations for timing vulnerabilities.
Comprehensive backend development guide for Node.js/Express/TypeScript microservices. Use when creating routes, controllers, services, repositories, middleware, or working with Express APIs, Prisma database access, Sentry error tracking, Zod validation, unifiedConfig, dependency injection, or async patterns. Covers layered architecture (routes → controllers → services → repositories), BaseController pattern, error handling, performance monitoring, testing strategies, and migration from legacy patterns.
Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guidance, cryptography patterns, and security scanning tools.