Loading...
Loading...
Found 53 Skills
Automated penetration testing toolkit for security assessment, vulnerability scanning, and automated security reporting
Comprehensive security and privacy evaluation system for MCP (Model Context Protocol) servers. Use when users provide GitHub URLs to MCP servers and request security assessment, privacy evaluation, or ask "is this MCP safe to use." Evaluates security vulnerabilities, privacy risks, code quality, community feedback, and provides actionable recommendations with risk scoring.
RSA attack playbook for CTF and real-world cryptanalysis. Use when given RSA parameters (n, e, c) and need to recover plaintext by exploiting weak keys, small exponents, shared factors, or padding oracles.
AI-powered penetration testing automation CLI using Google Gemini, Claude, or GPT-4 with LangChain for intelligent security assessments
Hunting skill for rce vulnerabilities. Built from 67 public bug bounty reports. Use when hunting rce on any target.
Compare two security audit reports to track remediation progress and identify new vulnerabilities.
Use when user needs Active Directory security analysis, privileged group design review, authentication policy assessment, or delegation and attack surface evaluation across enterprise domains.
Load PROACTIVELY when task involves reviewing code, auditing quality, or validating implementations. Use when user says "review this code", "check this PR", "audit the codebase", or "score this implementation". Covers the 10-dimension weighted scoring rubric (correctness, security, performance, architecture, testing, error handling, type safety, maintainability, accessibility, documentation), automated pattern detection for anti-patterns, and structured review output with actionable findings.
Conduct threat modeling using STRIDE methodology. Identify threats, assess risks, and design security controls. Use when designing secure systems or assessing application security.
Expert at analyzing the quality and effectiveness of Claude Code components (agents, skills, commands, hooks). Assumes component is already technically valid. Evaluates description clarity, tool permissions, auto-invoke triggers, security, and usability to provide quality scores and improvement suggestions.
Plans security penetration tests for web applications. Analyzes codebase, API routes, auth implementation, and infrastructure config to generate comprehensive pentest plans. For authorized testing only.
Professional Skills and Methodologies for Deserialization Vulnerability Testing