Loading...
Loading...
Found 1,042 Skills
Path traversal and LFI playbook. Use when file paths, download endpoints, include operations, archive extraction, or wrapper behavior may expose filesystem control.
API authorization and BOLA testing playbook. Use when APIs expose object identifiers, nested resources, hidden writable fields, or weak function-level authorization.
Unauthorized access playbook for common exposed services. Use when Redis, Rsync, PHP-FPM, AJP/Ghostcat, Hadoop YARN, H2 Console, or similar management interfaces are exposed without authentication.
RSA attack playbook for CTF and real-world cryptanalysis. Use when given RSA parameters (n, e, c) and need to recover plaintext by exploiting weak keys, small exponents, shared factors, or padding oracles.
Apply when deciding or implementing permissions and authorization boundaries for VTEX IO apps. Covers manifest policies, outbound-access rules, least-privilege design, and how service routes or integrations map to explicit permissions. Use for deciding who is authorized to call or consume a capability, adding new integrations, exposing protected routes, or reviewing app permissions for overreach or missing access.
Use this skill whenever the user wants to work with survey data using the `survy` Python library. Triggers include: loading or reading survey CSV/Excel/JSON/SPSS files, handling multiselect (multi-choice) questions, computing frequency tables or crosstabs, exporting survey data to SPSS (.sav) or other formats, updating variable labels or value indices, transforming survey data between wide/compact formats, filtering respondents, replacing values, adding/dropping/sorting variables, or any task involving survy's API (read_csv, read_excel, read_json, read_polars, read_spss, crosstab, survey["Q1"], to_spss, to_csv, to_excel, to_json, etc.). Also trigger when the user says things like "analyze my survey", "process questionnaire data", "build a survey analysis script", or "help me with survy". Always read this skill before writing any survy code — it contains the correct API, patterns, and gotchas.
API reference: App Intents. Query for Siri, Shortcuts, Spotlight integration, exposing app functionality.
Use when building Google Play Store screenshot pages, generating exportable marketing screenshots for Android apps, or creating programmatic screenshot generators with Next.js. Triggers on google play store, play store, screenshots, marketing assets, phone mockup.
Query, summarize, export, create, and edit a user's flomo memos through local desktop auth and the flomo API, without Chrome UI automation. Use when the user wants fast memo lookup, tag filtering, markdown export, lightweight memo creation, or direct text edits to existing memos.
This skill helps users extract full article contents from WeChat using the BrowserAct API. The Agent should proactively apply this skill when users express needs like finding full WeChat articles for specific keywords, tracking WeChat public accounts for industry trends, extracting WeChat article contents for media research, monitoring public relations on WeChat platforms, collecting competitor updates from WeChat, getting full article body from WeChat links, monitoring brand exposure on WeChat articles, retrieving structured WeChat data for sentiment analysis, summarizing daily news from WeChat, getting author and publication date for WeChat articles, or automating WeChat content extraction without scraping.
Troubleshoot public network IPv4/IPv6 egress, country/region, ASN/organization, DNS, default route, utun status, as well as browser-side Server Response and WebRTC exposure on macOS + Chrome. Applicable for scenarios where users need to check IP and region consistency, VPN/proxy takeover status, IPv6 issues or browser network exposure, and output detailed O&M reports and review links.
Use this skill whenever calling agent-uml MCP tools (design_create, diagram_upsert, design_feedback, design_export) to render PlantUML diagrams on the collaborative canvas. Covers three tiers — rendering safety (syntax that prevents HTTP 400 blank canvas), conversation mechanics (when to push a version vs ask a question, what to write in the message parameter), and design effectiveness (decomposition thresholds, cross-diagram traceability, export readiness). Trigger even when the task seems simple — a missing `as alias` makes elements un-annotatable, and a skinparam mismatch makes diagrams unreadable on the warm