Loading...
Loading...
Found 2,961 Skills
Autonomous white-box AI pentester for web applications and APIs using source code analysis and live exploit execution
This skill should be used when the user wants to "package an MCP server", "bundle an MCP", "make an MCPB", "ship a local MCP server", "distribute a local MCP", discusses ".mcpb files", mentions bundling a Node or Python runtime with their MCP server, or needs an MCP server that interacts with the local filesystem, desktop apps, or OS and must be installable without the user having Node/Python set up.
Designs REST and GraphQL APIs including endpoints, error handling, versioning, and documentation. Use when creating new APIs, designing endpoints, reviewing API contracts, or when asked about REST, GraphQL, or API patterns.
Analiza cambios staged en git para detectar bugs, vulnerabilidades de seguridad, malas prácticas, y genera descripciones detalladas de commits con mensaje en formato Conventional Commits. Usa este skill siempre que el usuario quiera revisar cambios antes de commitear o pushear, analizar un diff staged, detectar bugs o malas prácticas en código que está por commitear, generar un mensaje o descripción de commit, o hacer code review previo al commit. Se activa con frases como "revisá mis cambios staged", "analiza mi commit", "qué bugs tiene lo que cambié", "generame el mensaje de commit", "review antes de push", "detecta errores en mis cambios", "haceme un análisis antes de commitear", o "necesito una descripción para mi commit". NO usar para: code review de archivos sueltos sin contexto de commit, configurar linters, escribir tests, debugging de producción, o crear código nuevo. Este skill es específicamente para el momento previo al commit.
Use when you need to implement or improve Java logging and observability — including selecting SLF4J with Logback/Log4j2, applying proper log levels (ERROR, WARN, INFO, DEBUG, TRACE), parameterized logging, secure logging without sensitive data exposure, environment-specific configuration, log aggregation and monitoring, or validating logging through tests. Part of the skills-for-java project
Bitcoin Taproot M-of-N multisig coordination between agents — share x-only Taproot pubkeys, sign BIP-341 sighashes with Schnorr, verify co-signer signatures, and navigate the OP_CHECKSIGADD workflow. Proven on mainnet (2-of-2 block 937,849 and 3-of-3 block 938,206).
Verifica a Stack do Redis. Além disso analisa parâmetros, rotas Traefik, volumes, recursos e conformidade do stack Redis de Acordo com as Recomendações da Promovaweb.
Use this skill to prevent destructive operations when working on production systems or running agents autonomously.
Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for prompt-injection, retrieval poisoning, memory contamination, planner drift, MCP or tool-boundary abuse, and agent exfiltration challenges. Use when the user asks to analyze prompt injection, retrieval poisoning, memory contamination, planner drift, tool-argument corruption, or secret exposure caused by an agent chain. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here.
Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for crypto, encoding, steganography, APK, IPA, and mobile trust-boundary challenges. Use when the user asks to decode a blob, recover a transform chain or key, inspect hidden media payloads, hook an APK or IPA signer, inspect app storage, or replay mobile request-signing logic. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here.
Reconnaissance and methodology playbook. Use when mapping assets, discovering endpoints, fingerprinting technology, and building a structured testing plan for a new target.
SAML SSO assertion attack playbook. Use when testing signature validation, assertion wrapping, audience restrictions, ACS handling, XML trust boundaries, and enterprise SSO flaws.