Loading...
Loading...
Found 2,247 Skills
Interact with the JFrog Platform via the JFrog CLI and REST/GraphQL APIs. Use this skill when the user wants to manage Artifactory repositories, upload or download artifacts, manage builds, configure permissions, manage users and groups, work with access tokens, configure JFrog CLI servers, search artifacts, manage properties, set up replication, manage JFrog Projects, run security audits or scans, look up CVE details, query exposures scan results from JFrog Advanced Security, manage release bundles and lifecycle operations, aggregate or export platform data, or perform any JFrog Platform administration task. Also use when the user mentions jf, jfrog, artifactory, xray, distribution, evidence, apptrust, onemodel, graphql, workers, mission control, curation, advanced security, exposures, or any JFrog product name.
Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions, and field definitions from GraphQL endpoints. The tester uses introspection queries to map the attack surface, identifies sensitive fields and mutations, tests for query depth and complexity limits, and exploits GraphQL-specific vulnerabilities including batching attacks, alias-based brute force, and nested query DoS. Activates for requests involving GraphQL security testing, introspection attack, GraphQL enumeration, or GraphQL API penetration testing.
Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain data access and credential theft during security assessments.
Performs a structured code review on the current diff or specified files. Checks for correctness, security vulnerabilities, test coverage, code style, and adherence to the project's architecture patterns. Invoked when the user asks for a review, code check, pr review, or quality assessment.
Analyze and understand Avast Premium Security software distribution repositories for security research and threat intelligence
WARNING - This repository distributes malware disguised as Avast Premium Security cracks and keygens
Design carrier- and enterprise-scale backbone networks—core/distribution/edge topology, OSPF, IS-IS, BGP and route policy, WAN/MPLS/SD-WAN, DCI, peering, transit, IX, anycast, ECMP, BFD, FRR, addressing, backbone QoS, capacity, maintenance domains, and observability (NetFlow, SNMP, telemetry); EVPN/VXLAN spine-leaf where relevant. This skill should be used when the user asks about network backbone, backbone architect, BGP design, OSPF, IS-IS, WAN architecture, MPLS, SD-WAN, data center interconnect, DCI, internet peering, transit provider, IX, core network design, route policy, ECMP, network redundancy, spine-leaf, or EVPN—not app HTTP/API (enterprise-integration-api-developer), cloud landing zone or VPC only (cloud-architect, enterprise-cloud-architect), host or endpoint security (information-security-engineer), cloud/Linux sysadmin (cloud-system-administrator), cabling without routing (infrastructure-engineer), or OT/ICS (scada-ics-cyber-security-specialist).
Guides senior system and solution architecture—cross-service boundaries, integration patterns, non-functional requirements (scale, reliability, security, cost), ADRs, C4-style modeling, architecture review, build-vs-buy, and phased migration (strangler, dual-write). Use when designing multi-service systems, evaluating platform or vendor choices, writing or reviewing architecture decision records, defining standards and principles, or assessing technical risk across domains—not for single-service RFCs and module design (senior-software-engineer), data platform or mesh decisions (data-architect), cloud landing zone, Well-Architected, and migration architecture (cloud-architect), cloud/IaC implementation (infrastructure-engineer, cloud-engineer), internal developer platform product (platform-engineer), or program tracking (technical-program-manager). For business strategy and cases, use business-consultant; for applied AI (RAG, agents, copilots), use applied-ai-architect-commercial-enterprise.
Explains how to run NemoClaw on a remote GPU instance, including the deprecated Brev compatibility path and the preferred installer plus onboard flow. Use when deploying NemoClaw to a remote VM, onboarding a Brev instance, or migrating away from the legacy `nemoclaw deploy` wrapper. Trigger keywords - deploy nemoclaw remote gpu, nemoclaw brev cloud deployment, nemoclaw plugins, openclaw plugins, install openclaw plugin, nemoclaw onboard from dockerfile, nemoclaw brev web ui, nemoclaw getting started, brev quickstart, nvidia nemotron agent, nemoclaw sandbox hardening, container security, docker capabilities, process limits.
Identify and analyze potentially malicious software distribution repositories disguised as legitimate security software
Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model. Use when the user asks to threat model a codebase or path, enumerate threats or abuse paths, or perform AppSec threat modeling. Do NOT use for general architecture summaries, code review, security best practices (use security-best-practices), or non-security design work.
Analyze and understand Minecraft client modification security risks and malicious patterns