Loading...
Loading...
Found 2,246 Skills
Design and manage reference data systems — security master, client master, account master, identifier mapping, pricing data, and governance. Use when building or evaluating a security master database, mapping identifiers across systems (CUSIP to ISIN, SEDOL to FIGI), designing client master models for onboarding or KYC, defining account master attributes across custodians, implementing pricing validation with vendor hierarchy, establishing reference data governance and stewardship, handling identifier changes from corporate actions, or troubleshooting data quality issues traced to stale prices or missing identifiers. Trigger on: security master, CUSIP, ISIN, SEDOL, FIGI, client master, account master, pricing data, reference data, golden source, MDM, master data, identifier mapping, data governance, pricing validation.
Points to the coral-xyz sealevel-attacks repository—minimal Anchor programs demonstrating common Solana (Sealevel) exploit patterns and recommended mitigations. Use when auditing or learning Solana program security, pairing with solana-defi-vulnerability-analyst-agent—not for deploying attacks against live systems or evading law.
Comprehensive security code review workflow for a target repository, producing a markdown report with findings and recommendations.
Threat modeling methodologies (STRIDE, PASTA, LINDDUN), attack tree analysis, common attack patterns (OWASP Top 10, CWE), risk assessment frameworks, and security architecture patterns
Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture changes, or for security audits.
Local pentest sandbox for a full black-box engagement. Triggers on "kage", "pentest", "security audit on", "audit the security of". Runs recon, deep testing, exploit verification, and judging inside a per-engagement Kali Docker container. Each host working directory gets its own isolated sandbox. Produces `./results/<target>/audit-report.md`.
Process large codebases (>100 files) using the Recursive Language Model pattern. Orchestrates parallel sub-agents to map-reduce across files without context rot. Use when: analyzing large repositories; auditing security or auth across many files; finding patterns across 50+ files; processing large log files or data dumps
Generate penetration testing reports in standard format, including project information sheet, vulnerability discovery list, detailed vulnerability information (including attribute sheet, description, reproduction steps, evidence screenshots, remediation suggestions), and appendices (risk level definition, CVSS explanation, glossary). Use this skill when users request to generate penetration testing reports, security testing reports, or vulnerability reports. Strictly follow the standard format in the project template directory.
Test API behavior, contracts, security edges, and performance. USE when validating endpoints, integrations, error handling, or release readiness for APIs.
Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations, privilege escalation risks, and deviations from security best practices.
Plans security penetration tests for web applications. Analyzes codebase, API routes, auth implementation, and infrastructure config to generate comprehensive pentest plans. For authorized testing only.
Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and perform deep inspection of installed software, patches, configurations, and security sett