Loading...
Loading...
Found 118 Skills
Guides the agent through migrating SQLite and SQL-style Capacitor plugins to @capgo/capacitor-fast-sql. Use when replacing bridge-based SQL plugins, adding encryption, preserving transactions, or moving key-value storage onto Fast SQL. Do not use for non-SQL storage, generic app upgrades, or plugins that already wrap Fast SQL.
Cryptography techniques for CTF challenges. Use when attacking encryption, hashing, ZKP, signatures, or mathematical crypto problems.
Guides the agent through Capgo OTA release workflows including bundle uploads, compatibility checks, channels, cleanup, and encryption key setup. Use when managing Capgo bundle and channel operations. Do not use for native build requests or organization administration.
Application security covering threat modeling (STRIDE), OWASP Top 10 (2025), OWASP API Security Top 10 (2023), secure coding review, authentication/authorization patterns, input validation, encryption, security headers, supply chain security, compliance (GDPR/HIPAA/SOC2/PCI-DSS), and security monitoring. Use when reviewing code for vulnerabilities, implementing auth patterns, securing APIs, configuring security headers, hardening supply chain, preventing injection attacks, or preparing for compliance audits.
Create security architecture diagrams using PlantUML syntax with identity, encryption, firewall, and compliance stencil icons. Best for IAM flows, zero-trust architectures, encryption pipelines, compliance auditing, and threat detection. NOT for general cloud infra (use cloud skill) or simple flowcharts (use mermaid).
Security engineering that protects applications, data, and users from real-world threatsUse when "security, authentication, authorization, encryption, OWASP, vulnerability, XSS, SQL injection, CSRF, secrets, password, JWT, OAuth, permissions, audit, compliance, security, authentication, authorization, encryption, vulnerabilities, OWASP, compliance, audit" mentioned.
Role of Web Security Testing and Penetration Engineer, focusing on JavaScript reverse engineering and browser security research. Trigger scenarios: (1) JS reverse analysis: identification of encryption algorithms (SM2/SM3/SM4/AES/RSA), obfuscated code restoration, Cookie anti-crawling bypass, WASM reverse engineering (2) Browser debugging: XHR breakpoints, event listening, infinite debugger bypass, Source Map restoration (3) Hook technology: writing XHR/Header/Cookie/JSON/WebSocket/Canvas Hooks (4) Security product analysis: Offensive and defensive analysis of JS security products such as Ruishu, Jiasule, Chuangyudun, etc. (5) Legal scenarios such as CTF competitions, authorized penetration testing, security research, etc.
ESP32 firmware engineering for ESP-IDF projects. Write, review, and debug embedded C/C++ code involving FreeRTOS tasks/queues/timers, GPIO/I2C/SPI/UART/ADC/PWM peripherals, TWAI/CAN, Wi-Fi/BLE networking, OTA updates, Secure Boot and flash encryption, LVGL display integration, build/flash/monitor workflows, logging, crash analysis, memory/code-size optimization, low-power sleep/wakeup design, on-device USB/serial service terminals, and board bring-up. Use when an agent is asked to implement ESP-IDF firmware features, review embedded changes for correctness or race conditions, investigate boot/runtime failures or Guru Meditation panics, interpret serial logs, fix build/link/flash problems, optimize RAM/flash usage, tune deep sleep/light sleep behavior, harden firmware for production, add a service console/CLI, integrate a display with LVGL, or diagnose hardware-software integration issues on ESP32-class devices.
AI-powered JavaScript reverse engineering tool. Senior JavaScript reverse engineering expert assistant. Actions: collect, search, deobfuscate, understand, summarize, detect-crypto, browser, debugger, breakpoint, debug-step, debug-eval, debug-vars, script, hook, stealth, dom, page. Capabilities: obfuscated code analysis, VM cracking, Webpack unpacking, AST transformation, Puppeteer/CDP automation, anti-detection, fingerprint spoofing, encryption identification, parameter extraction, algorithm restoration, Canvas/WebGL fingerprinting, WebDriver hiding, CDP debugging, breakpoint analysis, dynamic tracing, Hook injection, DOM inspection, page control.
Code obfuscation analysis and deobfuscation playbook. Use when reversing binaries protected by junk code, opaque predicates, self-modifying code, control flow flattening, VM protection, or string encryption.
Implement comprehensive cloud security across AWS, Azure, and GCP with IAM, encryption, network security, compliance, and threat detection.
Implement automated secrets rotation for API keys, credentials, certificates, and encryption keys. Use when managing secrets lifecycle, compliance requirements, or security hardening.