Loading...
Loading...
Found 53 Skills
Comprehensive pentesting toolkit using Kali Linux Docker container. Provides direct access to 200+ security tools without MCP overhead. Use when conducting security assessments, penetration testing, vulnerability scanning, or security research. Works via direct docker exec commands for maximum efficiency.
This skill should be used when the user asks to "plan a red team engagement", "scope a penetration test", "design a security assessment methodology", "create rules of engagement", or "plan an adversary simulation".
Professional Skills and Methodologies for Insecure Direct Object Reference (IDOR) Testing
Validate CORS policies for security issues and misconfigurations. Use when reviewing cross-origin resource sharing. Trigger with 'validate CORS', 'check CORS policy', or 'review cross-origin'.
Uses Managed Agents' 14.5-hour runtime to audit an entire codebase overnight. Security, performance, accessibility, dependency issues. You wake up to a full report.
This skill should be used when the user wants to review code, audit a diff, get a second opinion on changes, or run an adversarial review of files in the current working tree. Common triggers include "review this code", "audit this diff", "find issues in", "second opinion on this", "harsh review of", "adversarial review", and "security review of". Picks one or more reviewer personas (adversarial, security, architecture, performance). Reviews local files, `git diff`, or `git diff --staged` only — does not fetch external content. Runs in one of four modes: single-agent (one persona in the current agent), cross-model handoff (independent second opinion via another local AI CLI, with secret-shield preflight + prompt-shield wrap), multi-bg-agent (one persona per parallel background subagent), or agent-team (Claude Code Teams or equivalent on supporting agents). Skip when the user wants formatting fixes (use a linter) or refactoring patterns (use ts-best-practices or ts-best-practices-functional).
Review code through hostile perspectives to find bugs, security issues, and unintended consequences the author missed. Use when reviewing PRs, auditing codebases, or before critical deployments.
Comprehensive review of local uncommitted changes using specialized agents with code improvement suggestions
Think and act like an attacker to identify security vulnerabilities, weaknesses, and penetration vectors through adversarial security testing
Reviews Forge apps for security vulnerabilities, architecture issues, cost inefficiencies, performance problems, and trigger/scheduling waste before deployment. Use when the user says "review my Forge app", "check my app", "pre-deploy check", "is my app ready to deploy", "audit my Forge app", "check for security issues", "check performance", "review manifest", "check my Forge app for problems", "app review", "optimize my Forge app costs", "reduce invocations", "why is my app expensive", "check my triggers", or any request to evaluate a Forge app's quality, safety, cost efficiency, or readiness. Also triggers when users ask about Forge best practices, permission scopes, resolver optimization, storage efficiency, cold start reduction, frontend offloading, trigger filtering, scheduled trigger frequency, N+1 API calls, bulk API usage, verbose logging, or Forge platform pricing.
Execute web cache deception attacks by exploiting path normalization discrepancies between CDN caching layers and origin servers to cache and retrieve sensitive authenticated content.
Perform a full AWS Well-Architected Framework review of a workload, evaluating all six pillars and producing a prioritized findings report with actionable recommendations.