Loading...
Loading...
Found 67 Skills
Role of Web Security Testing and Penetration Engineer, focusing on JavaScript reverse engineering and browser security research. Trigger scenarios: (1) JS reverse analysis: identification of encryption algorithms (SM2/SM3/SM4/AES/RSA), obfuscated code restoration, Cookie anti-crawling bypass, WASM reverse engineering (2) Browser debugging: XHR breakpoints, event listening, infinite debugger bypass, Source Map restoration (3) Hook technology: writing XHR/Header/Cookie/JSON/WebSocket/Canvas Hooks (4) Security product analysis: Offensive and defensive analysis of JS security products such as Ruishu, Jiasule, Chuangyudun, etc. (5) Legal scenarios such as CTF competitions, authorized penetration testing, security research, etc.
Guide for performing linear cryptanalysis attacks on FEAL and similar Feistel ciphers. This skill should be used when tasks involve breaking FEAL encryption, recovering cipher keys using known plaintext-ciphertext pairs, or implementing linear cryptanalysis techniques. Applies to cryptographic challenges mentioning "linear attack," "FEAL," "Feistel cipher analysis," or key recovery from plaintext-ciphertext pairs.
Implements authentication, authorization, encryption, secrets management, and security hardening patterns. Use when designing auth flows, managing secrets, configuring CORS, implementing rate limiting, or when asked about JWT, OAuth, password hashing, API keys, RBAC, or security best practices.
Automatically download corresponding media files and deliver them to users after inputting links from various video websites/podcast platforms. Prioritizes using yt-dlp to cover common video websites such as Douyin, Bilibili, YouTube, etc., and can also be used for podcast platforms that directly expose audio addresses (e.g., single episode links from Xiaoyuzhou). When encountering 403/login/age or regional restrictions, it supports retrying with cookies.txt; for platforms that may have DRM/encryption or terms restrictions (such as some Spotify content), users should be prompted to only download content they are authorized to save, and if download is not possible, suggest switching to official offline/export channels or providing original RSS/direct links.
Load PROACTIVELY when task involves security review, vulnerability assessment, or hardening. Use when user says "check for security issues", "audit for vulnerabilities", "scan for secrets", "review auth security", or "check OWASP compliance". Covers authentication and session security, authorization and access control, input validation and injection prevention, data protection and encryption, dependency vulnerability scanning, API security (CORS, rate limiting, headers), and infrastructure hardening. Produces structured reports with severity ratings.
Handles sensitive data securely in Terraform. Use when managing passwords, API keys, database credentials, encryption keys, or other secrets. Covers Google Secret Manager integration, preventing secrets in state, IAM-based secret access, encryption, and security best practices.
Manages environment variables and secrets securely with encryption, rotation, and provider integration. Use when users request "secrets management", "environment variables", "API keys", "credentials storage", or "secret rotation".
This skill should be used when the user asks to "check for cryptographic issues", "analyze encryption", "find weak hashing", "audit password storage", "check for hardcoded keys", or mentions "cryptography", "encryption", "hashing", "TLS", "certificates", or "random number generation" in a security context. Maps to OWASP Top 10 2021 A02: Cryptographic Failures.
Security best practices and threat mitigation patterns for PACT framework development. Use when: implementing authentication or authorization, handling API credentials, integrating external APIs, processing sensitive data (PII, financial, health), reviewing code for vulnerabilities, or enforcing SACROSANCT security rules. Triggers on: security audit, credential handling, OWASP, auth flows, encryption, data protection, backend proxy pattern, frontend credential exposure.
Implement PCI DSS compliance requirements for secure handling of payment card data and payment systems. Use when securing payment processing, achieving PCI compliance, or implementing payment card security measures.
Security & Data Integrity (Architect Level)
Security & Data Integrity (Architect Level)