Loading...
Loading...
Found 11,833 Skills
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports. 中文触发词:漏洞赏金、安全测试、渗透测试、漏洞挖掘、信息收集、子域名枚举、XSS测试、SQL注入、SSRF、安全审计、漏洞报告
Drive the Duvo public API from the terminal via the `duvo` CLI (`@duvoai/cli`). Use when the user wants to script Duvo — managing agents, runs, cases, queues, files, skills, connections, Clarity processes, or hitting an arbitrary endpoint via `duvo api` — instead of clicking through the Duvo web UI or hand-crafting `curl` calls.
Use when creating a new Elastic integration package, scaffolding data streams, answering package layout or structure questions, or running the end-to-end integration build workflow. Covers package topology, scaffold commands, post-scaffold edits, and full orchestration of CEL/pipeline/test subagents.
Use AnalyticsCLI CLI as the deterministic, bounded interface for analytics queries, exports, and SDK validation in coding-agent workflows.
Guide for setting up secured VS Code dev containers for coding agents. Use when creating or hardening a DevContainer to sandbox Claude Code or other coding agents, configuring Docker socket proxies, handling VS Code IPC escape vectors, setting up git worktree support, or verifying security controls. Covers threat model, three-layer defence architecture, Node.js/pnpm setup, and verification testing.
Build AI-native products with agency-control tradeoffs, calibration loops, and eval strategies. Use when building AI agents, LLM features, or products where AI handles user tasks autonomously. Part of the Modern Product Operating Model collection.
Discover available tools and resources in Databricks workspace. Use when: (1) User asks 'what tools are available', (2) Before writing agent code, (3) Looking for MCP servers, Genie spaces, UC functions, or vector search indexes, (4) User says 'discover', 'find resources', or 'what can I connect to'.
Frontend development agent for Resume Matcher. Handles Next.js pages, React components, Tailwind CSS with Swiss International Style, API integration, hooks, and i18n. Use when creating or modifying frontend code.
Full-site blog health assessment scanning all blog files for quality scores, orphan pages, topic cannibalization, stale content, and AI citation readiness. Spawns parallel subagents for comprehensive analysis. Produces per-post scores and a prioritized action queue. Use when user says "audit blog", "blog audit", "site audit", "blog health", "audit all posts", "check all blogs".
Create a new task with a crypto bounty on OpenAnt. Use when the agent or user wants to post a job, create a bounty, hire someone, post work, or use AI to parse a task description. Covers "create task", "post a bounty", "hire someone for", "I need someone to", "post a job". Funding escrow is included by default.
Skill for creating custom lint rules by leveraging the existing linter ecosystems of various programming languages. This is a linter designed for AI Agents rather than humans, and its error messages function as correction instruction prompts for AI. Create custom rules in the `lints/` directory using standard methods for each language, including Rust (dylint), TypeScript/JavaScript (ESLint), Python (pylint), Go (golangci-lint), etc. Use this skill in the following scenarios: (1) When you want AI to enforce project-specific coding rules; (2) When you want to create lint rules that output AI-readable correction instructions when violations occur; (3) When you want to enforce naming conventions, structural patterns, and consistency rules through AI-driven linting. Triggers: "Create a linter rule", "Add a lint rule", "Enforce this pattern", "AI linter", "Custom lint", "Code rules", "Naming rules", "Structural rules", "create a linter rule", "add a lint rule", "enforce this pattern", "AI linter".
Copilot agent that assists with requirements analysis, user story creation, specification definition, and acceptance criteria definition Trigger terms: requirements, EARS format, user stories, functional requirements, non-functional requirements, SRS, requirement analysis, specification, acceptance criteria, requirement validation Use when: User requests involve requirements analyst tasks.