Loading...
Loading...
Found 56 Skills
Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening.
Universal security checklist and fixes for ANY project type or language
Autonomous white-box AI pentester for web applications and APIs using source code analysis and live exploit execution
Uses Microsoft RESTler to perform stateful REST API fuzzing by automatically generating and executing test sequences that exercise API endpoints, discover producer-consumer dependencies between requests, and find security and reliability bugs. The tester compiles an OpenAPI specification into a RESTler fuzzing grammar, configures authentication, runs test/fuzz-lean/fuzz modes, and analyzes results for 500 errors, authentication bypasses, resource leaks, and payload injection vulnerabilities. Activates for requests involving API fuzzing, RESTler testing, stateful API testing, or automated API security scanning.
Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage, and unprotected data transmission during security assessments.
Designs REST and GraphQL APIs including endpoints, error handling, versioning, and documentation. Use when creating new APIs, designing endpoints, reviewing API contracts, or when asked about REST, GraphQL, or API patterns.
Use when user asks about blockchain data or building Web3 applications — token balances, NFT ownership, transaction history, ENS resolution, on-chain statistics, JSON-RPC calls, webhooks, real-time monitoring, or any Nodit API integration across EVM, Solana, Sui, Aptos, and other chains
Apply when designing or modifying a BFF (Backend-for-Frontend) layer, middleware, or API proxy for a headless VTEX storefront. Covers BFF middleware architecture, public vs private API classification, VtexIdclientAutCookie management, API key protection, and secure request proxying. Use for any headless commerce project that must never expose VTEX_APP_KEY or call private VTEX APIs from the browser.
This skill should be used when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Use for Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.
Create your first authenticated request with Clerk. Use when making initial API calls, testing authentication, or verifying Clerk integration works correctly. Trigger with phrases like "clerk hello world", "first clerk request", "test clerk auth", "verify clerk setup".
Production readiness checklist for Gamma integration. Use when preparing to deploy Gamma integration to production, or auditing existing production setup. Trigger with phrases like "gamma production", "gamma prod ready", "gamma go live", "gamma deployment checklist", "gamma launch".
GitLab vulnerability operations via API. ALWAYS use this skill when user wants to: (1) list security vulnerabilities, (2) view vulnerability details, (3) confirm/dismiss/resolve vulnerabilities, (4) view vulnerability findings.