Loading...
Loading...
Found 2,247 Skills
Tests authentication and authorization mechanisms in mobile application APIs to identify broken authentication, insecure token management, session fixation, privilege escalation, and IDOR vulnerabilities. Use when performing API security assessments against mobile app backends, testing JWT implementations, evaluating OAuth flows, or assessing session management. Activates for requests involving mobile API auth testing, token security assessment, OAuth mobile flow testing, or API authorization bypass.
Execute a wireless network penetration test to assess WiFi security by capturing handshakes, cracking WPA2/WPA3 keys, detecting rogue access points, and testing wireless segmentation using Aircrack-ng and related tools.
Performs systematic security testing of web applications following the OWASP Web Security Testing Guide (WSTG) methodology to identify vulnerabilities in authentication, authorization, input validation, session management, and business logic. The tester uses Burp Suite as the primary interception proxy alongside manual testing techniques to find flaws that automated scanners miss. Activates for requests involving web app pentest, OWASP testing, application security assessment, or web vulnerability testing.
Israeli Privacy Protection Law compliance guidance including Amendment 13 (effective August 14, 2025), database registration, consent requirements, data security, cross-border transfers, breach notification, privacy protection officer appointment, and AI governance. Use when user asks about Israeli privacy law, "haganat pratiut", "tikun 13", data protection in Israel, GDPR compliance for Israeli companies, privacy policy requirements, or database registration. Covers the Privacy Protection Law 1981, Amendment 13, and 2017 Security Regulations. Do NOT use for EU GDPR-only questions without Israeli context.
Use when you need to design, review, or improve security in Spring Boot applications — including SecurityFilterChain, OAuth2/JWT resource server patterns, form login basics, method security (@PreAuthorize), CSRF and CORS for APIs, session fixation, security headers, exception handling, password encoding, and sensitive-data-safe logging. This should trigger for requests such as Add Spring Boot security support; Review Spring Boot security configuration; Improve API authorization in Spring Boot; Add JWT resource server security in Spring Boot; Harden Spring Boot security headers and CSRF settings. Part of cursor-rules-java project
Guides VP-level cloud program leadership—multi-year cloud strategy and migration/modernization portfolio, landing zone and CCoE operating model at org scale, hyperscaler enterprise agreement and commit governance, hybrid/multi-cloud posture, cloud center of excellence and talent, and board/CFO/CTO cloud narratives. Use when setting cloud direction, prioritizing migration waves, governing EA/MACC and cloud spend envelope, designing federated cloud org model, steering CCoE and standards adoption, preparing executive or board cloud updates, or adjudicating product vs platform vs security cloud trade-offs—not for Terraform/K8s implementation (cloud-engineer, infrastructure-engineer), landing zone technical design (enterprise-cloud-architect, cloud-architect), monthly CUR FinOps (finops-analyst), TCO/NPV modeling (cloud-economist), full infra portfolio including DC capex (vp-of-infrastructure), or GL close (compute-accounting-manager).
This skill should be used when the user asks for a cryptographer, cryptography review, help to choose a cipher (AES-GCM, ChaCha20-Poly1305, ECDH, RSA tradeoffs), key management, PKI design, TLS configuration, protocol security or handshake review, authenticated encryption, digital signature scheme design, post-quantum migration at architecture level, ProVerif or Tamarin modeling concepts, nonce reuse or IV misuse analysis, HKDF vs password hashing (Argon2), HSM or KMS usage patterns, secure randomness, side-channel and constant-time requirements, or cryptographic agility and algorithm deprecation—not general OWASP web app review only (information-security-engineer), secure coding checklists without crypto depth, Solidity or smart contract audits, blockchain wallet tracing, legal export classification, or shipping custom production crypto without design and review gates.
Guides embedded real-time firmware—MCU tradeoffs, bare-metal vs RTOS (FreeRTOS/Zephyr patterns), task priorities/deadlines/jitter, ISR deferred work, stack/heap policy, WCET/timing analysis, concurrency and priority inversion, drivers/HAL, JTAG/SWD/trace, power modes, MISRA C awareness, safety-aware automotive/medical/industrial patterns without certification claims. Use for embedded firmware, RTOS scheduling, drivers/HAL, IRQ design, memory policy, WCET, bring-up, low-power—not HIL security (hardware-in-the-loop-security-tester), backend apps (senior-software-engineer), SCADA/OT (scada-ics-cyber-security-specialist), server perf (performance-engineer), RTL-only without firmware, CI gates (build-validator), tiering only (mission-critical).
Configure an AI agent to send OpenTelemetry traces to Coval. Use when a user wants to add Coval tracing, instrument an agent for simulations or conversation monitoring, make traces show up in Coval, handle SIP/PSTN/WebSocket trace correlation, or replace the one-command wizard with a security-reviewable manual setup.
Analyze and understand malware distribution tactics, cracked software risks, and security threat detection patterns
Use when working on TypeScript code and needing to choose the smallest focused TypeScript skill for coding standards, boundaries, composition, configs, async control, error handling, observability, security, or testing.
Invoke a Rubber Duck Reviewer subagent to independently critique plans and implementations before proceeding. Use when the agent is about to implement a non-trivial plan (multi-file changes, architectural decisions, security-sensitive logic, database schema changes), after completing a self-contained unit of work (module, endpoint, feature), when stuck or facing repeated failures (same test fails 2+ times, unexpected results), or when the agent wants independent validation of assumptions and design decisions. Triggers on any non-trivial implementation task where independent critique would catch blind spots before they become costly mistakes.