Loading...
Loading...
Found 5,140 Skills
Tunneling and pivoting playbook. Use when establishing network tunnels through compromised hosts including SSH tunneling, Chisel, Ligolo-ng, socat, DNS/ICMP/HTTP tunneling, ProxyChains, and multi-layer pivoting strategies.
Format string exploitation playbook. Use when printf-family functions receive user-controlled format strings, enabling arbitrary stack reads (%p/%s), arbitrary memory writes (%n/%hn/%hhn), GOT/hook overwrites, and canary/libc/PIE leaks.
DeFi attack pattern playbook. Use when analyzing flash loan attacks, price oracle manipulation, MEV sandwich attacks, governance exploits, bridge vulnerabilities, and token standard edge cases in decentralized finance protocols.
Audit MCP (Model Context Protocol) server configurations for security issues. Use this skill when: - Reviewing .mcp.json files for security risks - Checking MCP server args for hardcoded secrets or shell injection patterns - Validating that MCP servers use pinned versions (not @latest) - Detecting unpinned dependencies in MCP server configurations - Auditing which MCP servers a project registers and whether they're on an approved list - Checking for environment variable usage vs. hardcoded credentials in MCP configs - Any request like "is my MCP config secure?", "audit my MCP servers", or "check .mcp.json" keywords: [mcp, security, audit, secrets, shell-injection, supply-chain, governance]
Claude Code skill that designs and builds high-converting questionnaire-style app onboarding flows modelled on proven conversion patterns from top subscription apps like Noom, Headspace, and Duolingo.
AI-powered X (Twitter) content strategy skill that distills methodologies from 6 top creators + open-source algorithm data into actionable writing, growth, and monetization guidance.
Adversarial thinking partner for founders and executives. Stress-tests plans, prepares for board meetings, dissects decisions with no good options, forces honest post-mortems, and identifies blind spots before competitors or board members do. Use when you need plan validation, board preparation, hard decision frameworks, assumption stress-testing, failure analysis, or when user mentions stress test, challenge, board prep, hard decision, pre-mortem, post-mortem, devil's advocate, plan review, or executive coaching.
Systematically audit, improve, and enforce test coverage in any repository. Use when asked to improve coverage, add missing tests, set up coverage thresholds, audit test gaps, or wire coverage into CI/hooks. Works across ecosystems (TypeScript, Python, Go, Rust, etc.). Composes with the hk skill for pre-commit enforcement. Triggers on: test coverage, missing tests, coverage threshold, coverage report, untested code, coverage gap, coverage audit.
Read-only GitHub triage for issues AND PRs. 1 item = 1 background task (category: quick). Analyzes all open items and writes evidence-backed reports to /tmp/{datetime}/. Every claim requires a GitHub permalink as proof. NEVER takes any action on GitHub - no comments, no merges, no closes, no labels. Reports only. Triggers: 'triage', 'triage issues', 'triage PRs', 'github triage'.
Set up or update the agent-first engineering harness for any repository. Implements the complete scaffolding that makes AI coding agents effective: knowledge maps (AGENTS.md as a concise TOC), structured documentation, architecture boundaries, enforcement rules (.harness/*.yml specs), quality scoring, and process patterns for agent-driven development. Use this skill whenever someone wants to make a repo agent-ready, set up AGENTS.md or docs/ structure, define domain boundaries or golden principles, generate .harness/ configuration, audit agent readiness, or update an existing harness. Also trigger when a user reports problems with agent effectiveness, context management, or architectural drift — these are symptoms of a missing or stale harness. Trigger on: "harness this repo", "set up harness", "agent-first setup", "make this agent-ready", "update the harness", "assess agent readiness", "set up AGENTS.md", "organize for agents", or any discussion about structuring a codebase for AI agent workflows.
Scrape and extract public data from 27+ social media platforms using the ScrapeCreators REST API. Covers TikTok, Instagram, YouTube, LinkedIn, Facebook, Twitter/X, Reddit, Threads, Bluesky, Pinterest, Snapchat, Twitch, Kick, Truth Social, TikTok Shop, Google, and link-in-bio services (Linktree, Komi, Pillar, Linkbio, Linkme, Amazon Shop). Use when the user asks to scrape, fetch, extract, search, or look up social media profiles, posts, videos, reels, comments, transcripts, followers, ads, hashtags, trending content, or engagement metrics from any social platform. Also use when user mentions ScrapeCreators, social media API, ad library, or creator data.
Conduct technical and on-page SEO audits covering crawlability, site speed, mobile-friendliness, and content optimization. Use this skill when the user needs to improve search rankings, diagnose traffic drops, audit a website for SEO issues, or plan an SEO strategy — even if they say 'why is our traffic dropping', 'audit our SEO', 'how do we rank higher on Google', or 'our site is slow'.