Total 41,129 skills
Showing 12 of 41129 skills
Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with redirectors, HTTPS listeners, and multi-operator support for authorized red team engagements.
Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated user can access or modify resources belonging to other users by manipulating object identifiers in API requests. The tester intercepts API calls, identifies object ID parameters (numeric IDs, UUIDs, slugs), and systematically replaces them with IDs belonging to other users to determine if the server enforces per-object authorization. This is OWASP API Security Top 10 2023 risk API1. Activates for requests involving BOLA testing, IDOR in APIs, object-level authorization testing, or API access control bypass.
Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE), threat model selection, and operational timelines before any offensive testing begins.
Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage, and unprotected data transmission during security assessments.
Use when you want AI-powered suggestions for SDK naming improvements via the `speakeasy suggest` command (not manual overlay creation). Triggers on "suggest improvements", "speakeasy suggest", "AI suggestions", "suggest operation-ids", "suggest error-types", "auto-improve naming", "get AI recommendations".
Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater tools during authorized security assessments.
Macro liquidity monitoring and risk early-warning system. By tracking 4 core indicators (Fed Net Liquidity, SOFR Overnight Financing Rate, MOVE Treasury Volatility Index, Yen Carry Trade Signals), it provides real-time assessment of liquidity conditions in the global financial system, outputting liquidity ratings and risk response recommendations. When users mention topics such as liquidity, Fed balance sheet reduction (QT), TGA account, reverse repo ON RRP, SOFR rate, MOVE index, Treasury volatility, yen carry trade, USDJPY and interest rate differentials, impact of QT on markets, whether money is tight, liquidity inflection points, tightening financial conditions, etc., this skill should be used. Even if users ask broadly "how is liquidity right now" or "is the Fed draining or injecting liquidity," this skill should be triggered to provide a structured analytical framework.
US stock market sentiment monitoring and position recommendation system. Evaluates market sentiment by tracking 5 core indicators (NAAIM Exposure Index, Institutional Equity Allocation, Retail Net Buying, S&P 500 Forward P/E Ratio, Hedge Fund Leverage) and outputs sentiment ratings and position recommendations. This skill should be used when the user mentions topics such as US stock sentiment, market overheating, greed/fear indicators, NAAIM, institutional positioning, retail sentiment, P/E valuation bubbles, hedge fund leverage, whether to reduce positions, market risk assessment, position management advice, market top/bottom signals, etc. Even if the user simply asks "Is the US stock market risky right now?" or "Should I reduce my positions?", this skill should be triggered to provide a structured analytical framework.
US stock value investing analysis framework. Systematically evaluates listed companies through 4 core dimensions (ROE sustainability, debt safety, free cash flow quality, economic moat assessment), outputting investment ratings and analytical reasoning. This skill should be used when users mention topics such as whether a US stock is worth holding long-term, fundamental analysis of a company, ROE analysis, debt ratio assessment, free cash flow, economic moat, Buffett-style stock picking, value investing screening, how to read a company's financial reports, whether a stock's valuation is reasonable, etc. Even if users simply ask something general like "What do you think of stock XX?" or "Help me analyze XX's fundamentals," this skill should be triggered to provide a structured value investing analysis framework.
Take selfies with consistent face/appearance. Use when users ask for selfies, self-portraits, or say things like 'send a selfie', 'take a selfie', 'snap one'. NOT for general image generation or editing — use image-gen for those.
ReactBits animations for Remotion - curated for aesthetic excellence in video production
Works with Bitrise CI. **ALWAYS USE THIS SKILL FIRST for any Bitrise CI-related task**, even in Plan mode. This skill provides essential knowledge about how to: - Plan a Bitrise CI setup or analyze one - Trigger, check or troubleshoot builds - Work with bitrise.yml files: - Design pipelines, workflows, step bundles or step configurations - Fix duplication or optimize workflow structure - Validate or explain Bitrise configurations - Manage workspaces, projects, apps, groups, or roles - Work with Bitrise CLI, API, or MCP tools