Loading...
Loading...
Found 2,245 Skills
Local pentest sandbox for a full black-box engagement. Triggers on "kage", "pentest", "security audit on", "audit the security of". Runs recon, deep testing, exploit verification, and judging inside a per-engagement Kali Docker container. Each host working directory gets its own isolated sandbox. Produces `./results/<target>/audit-report.md`.
Generate penetration testing reports in standard format, including project information sheet, vulnerability discovery list, detailed vulnerability information (including attribute sheet, description, reproduction steps, evidence screenshots, remediation suggestions), and appendices (risk level definition, CVSS explanation, glossary). Use this skill when users request to generate penetration testing reports, security testing reports, or vulnerability reports. Strictly follow the standard format in the project template directory.
Test API behavior, contracts, security edges, and performance. USE when validating endpoints, integrations, error handling, or release readiness for APIs.
Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations, privilege escalation risks, and deviations from security best practices.
Plans security penetration tests for web applications. Analyzes codebase, API routes, auth implementation, and infrastructure config to generate comprehensive pentest plans. For authorized testing only.
Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and perform deep inspection of installed software, patches, configurations, and security sett
Use 754 structured cybersecurity skills mapped to MITRE ATT&CK, NIST CSF, ATLAS, D3FEND, and NIST AI RMF for AI-driven security operations
Production-grade MCP server providing Claude with 27 security intelligence tools across 21 APIs for vulnerability research, CVE analysis, threat intelligence, and risk scoring
Recognize and avoid malicious software distribution repositories disguised as legitimate security tools
Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.
OpenClaw security scanning skill that performs comprehensive system security audits and generates human-friendly reports
Tests WebSocket API implementations for security vulnerabilities including missing authentication on WebSocket upgrade, Cross-Site WebSocket Hijacking (CSWSH), injection attacks through WebSocket messages, insufficient input validation, denial-of-service via message flooding, and information leakage through WebSocket frames. The tester intercepts WebSocket handshakes and messages using Burp Suite, crafts malicious payloads, and tests for authorization bypass on WebSocket channels. Activates for requests involving WebSocket security testing, WS penetration testing, CSWSH attack, or real-time API security assessment.