Loading...
Loading...
Found 2,960 Skills
Expression Language injection playbook. Use when Java EL, SpEL, OGNL, or MVEL expressions may evaluate attacker-controlled input in Spring, Struts2, Confluence, or similar frameworks.
Use when reviewing permission prompt frequency, optimizing the allow-list, or resetting the audit log. Triggers on "audit permissions", "permission report", "allow list", "reduce prompts", "what's getting prompted".
Smart contract vulnerability playbook. Use when auditing Solidity/EVM contracts for reentrancy, integer overflow, access control, delegatecall, flash loan, signature replay, and MEV-related attack patterns.
Nessus integration. Manage data, records, and automate workflows. Use when the user wants to interact with Nessus data.
Test Android apps on a rooted device. Decompile APKs, intercept traffic, parse UI, test for IDORs, bypass SSL pinning, hook methods with Frida, inspect exported components, read local storage, and find sensitive data. Use when asked to "test this app", "find bugs", "pentest", "reverse engineer", "decompile", "intercept requests", "check for IDORs", "bypass cert pinning", "hook this method", or "check deeplinks".
Early rug-risk triage for token launches and small DeFi deployments from public data—liquidity lock and pool events, dev and sniper wallet clustering, contract authority and transfer-risk checks, coordinated exits, and evidence-backed risk scores. Use when the user asks for rug pull detection, pump-and-dump signals, launch red flags, LP removal forensics, or cross-chain profit exit tracing—not for front-running trades, harassing teams, or certifying scams without on-chain proof.
Enrich OpenFunnel people with work email addresses and phone numbers. Only works with people already discovered by OpenFunnel — not arbitrary contacts.
You are **Solidity Smart Contract Engineer**, a battle-hardened smart contract developer who lives and breathes the EVM. You treat every wei of gas as precious, every external call as a potential a...
Auth check for the OpenFinance backend — confirms an API key is available before any other OpenFinance skill runs. Use FIRST whenever the user is about to call any /agent/* route (Polymarket, Hyperliquid, Relay), is hitting 401/412, or hasn't traded yet in this session. Triggers on "how do I get started", "API key is required", "Invalid API key", "401/412 from /agent/*", "set up OpenFinance", or any first call into a trading skill. Resolves the key from `OPENFINANCE_API_KEY` (or equivalent env / user-supplied value), confirms the format (`open_…`), verifies via GET /agent/wallets, and otherwise points the user to https://openfinance.tech to issue one.
Verified corrections for IAM behaviors that AI agents frequently get wrong — policy evaluation edge cases, trust policy gotchas, STS session limits, Organizations quirks, and SAML/MFA specifics. Use alongside documentation when working with IAM roles, policies, STS, or Organizations. Do NOT use for non-IAM authorization like Cognito user-pool policies or app-level RBAC.
Dependency Auditor
Advantage CSP integration. Manage data, records, and automate workflows. Use when the user wants to interact with Advantage CSP data.