Loading...
Loading...
Found 92 Skills
Professional Skills and Methodologies for Network Penetration Testing
Dependency management specialist. Use when updating dependencies, scanning for vulnerabilities, analyzing dependency trees, or ensuring license compliance. Handles npm, pip, maven, and other package managers.
Run testssl.sh to analyze TLS/SSL configurations. Checks cipher suites, protocols, certificate validity, known vulnerabilities (Heartbleed, POODLE, ROBOT), and compliance.
Provides comprehensive security review capability for TypeScript and Node.js applications, validates code against XSS, injection, CSRF, JWT/OAuth2 flaws, dependency CVEs, and secrets exposure. Use when performing security audits, before deployment, reviewing authentication/authorization implementations, or ensuring OWASP compliance for Express, NestJS, and Next.js. Triggers on "security review", "check for security issues", "TypeScript security audit".
Use this skill when you need security analysis of Solidity smart contract code. User cases: auditing Solidity contracts, identifying re-entrancy bugs, detecting access control issues, reviewing unsafe external calls, evaluating code before deployment, gate-checking contracts in transaction pipelines, or performing security assessments.
Audit Go module dependencies: detect outdated packages, check for known vulnerabilities, review go.mod hygiene, identify unused or redundant deps, and evaluate dependency quality. Use when auditing dependencies, checking for CVEs, cleaning up go.mod, upgrading modules, or evaluating third-party packages. Trigger examples: "check dependencies", "audit deps", "go.mod review", "update modules", "vulnerability scan", "govulncheck". Do NOT use for code-level security issues (use go-security-audit) or architecture review (use go-architecture-review).
Perform security operations on OpenClaw environments by calling Alibaba Cloud Security Center (SAS) and ECS APIs via the aliyun CLI. Supports asset queries, vulnerability detection, baseline checks, alert analysis, daily security report generation, and Cloud Assistant command execution. Use this skill when users need to query OpenClaw security status, handle security alerts, check vulnerability risks, execute emergency commands, or generate security reports.
Install, configure, and operate Strix for AI-driven application security testing. Use when you need to run authorized vulnerability scans against local codebases, GitHub repositories, staging URLs, domains, or CI pipelines; configure Docker and LLM providers; choose quick, standard, or deep scan depth; or pass authenticated testing instructions to Strix. Triggers on: strix, ai pentest, vulnerability scan cli, appsec scan, bug bounty automation, strix ci, strix docker, strix scan mode, strix instruction file, headless security scan.
Parses Software Bill of Materials (SBOM) in CycloneDX and SPDX JSON formats to identify supply chain vulnerabilities by correlating components against the NVD CVE database via the NVD 2.0 API. Builds dependency graphs, calculates risk scores, identifies transitive vulnerability paths, and generates compliance reports. Activates for requests involving SBOM analysis, software composition analysis, supply chain security assessment, dependency vulnerability scanning, CycloneDX/SPDX parsing, or CVE correlation.
Use when the user asks to perform security audits, penetration testing, vulnerability scanning, OWASP Top 10 checks, or offensive security assessments. Covers static analysis, dependency scanning, secret detection, API security testing, and pen test report generation.
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.
Universal security and robustness scanner for any codebase. Use when auditing code for vulnerabilities, security issues, bugs, or robustness problems. Automatically detects tech stack, creates custom audit plans, and performs recursive deep analysis.