Loading...
Loading...
Found 21 Skills
Web application security expert. OWASP Top 10, XSS, SQLi, CSRF, SSRF, authentication bypass, IDOR. Use for web app security testing.
Professional Skills and Methodologies for Vulnerability Assessment
Read/write config files (.env, YAML, TOML, JSON, docker-compose, etc.) safely. Use this instead of Read/Write/Edit tools whenever touching config files that may contain API keys, tokens, passwords, or other secrets — it auto-detects and redacts them.
Analyzes indicators of compromise (IOCs) including IP addresses, domains, file hashes, URLs, and email artifacts to determine maliciousness confidence, campaign attribution, and blocking priority. Use when triaging IOCs from phishing emails, security alerts, or external threat feeds; enriching raw IOCs with multi-source intelligence; or making block/monitor/whitelist decisions. Activates for requests involving VirusTotal, AbuseIPDB, MalwareBazaar, MISP, or IOC enrichment pipelines.
Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guidance, cryptography patterns, and security scanning tools.
This skill should be used when the user asks to "follow red team methodology", "perform bug bounty hunting", "automate reconnaissance", "hunt for XSS vulnerabilities", "enumerate su...
Test skill for security scanning
Runs available security scanning tools against the current project and produces a consolidated markdown report. Auto-detects installed tools (gitleaks, semgrep, grype, npm audit, bandit, pip-audit, gosec, govulncheck, cargo audit, bundle-audit) and activates language-specific scanners based on project files. Gracefully skips missing tools and provides installation hints. By default scans the entire target directory. Pass --full to make the intent explicit (useful in workflows that combine full-codebase and diff-only scans). Use when running security scans, checking for vulnerabilities, detecting leaked secrets in git history, or validating security posture before commits or releases. Pairs with security-review for a complete security workflow.
Secure credential management for trading platforms