security
1.1K
post-exploit-windows
Windows 系统后渗透全流程。当通过 RCE/webshell/RDP 获取到 Windows shell 后使用。覆盖系统信息收集、UAC 绕过、本地提权、凭据提取(SAM/LSASS/浏览器)、域信息侦察。适用于独立主机和域环境
wgpsec
testing-security
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
security
1.1K
recon-full
主动式全流程资产侦察。当需要对目标进行从零到漏洞发现的完整侦察、渗透测试的第一阶段、或需要全面了解目标攻击面时使用。覆盖子域名枚举→端口扫描→存活检测→指纹识别→POC 扫描的完整链条
wgpsec
testing-security
security
1.1K
hashcat-crack
使用 hashcat 进行密码哈希离线破解。当获取到密码哈希(NTLM/NTLMv2/Kerberos TGS/AS-REP/SHA/MD5/bcrypt/NetNTLMv2)需要还原明文密码时使用。hashcat 是 GPU 加速的密码破解工具,比 john 快几十倍。覆盖哈希类型识别、字典攻击、规则攻击、掩码攻击、组合攻击。拿到 hashdump/secretsdump/Kerberoast/AS-REP 输出后必用此技能
wgpsec
testing-security
security
1.1K
credential-access
Credential extraction and capture — LSASS dumping, SAM/SECURITY hive extraction, DPAPI decryption, NTLM relay, Responder poisoning, password spraying, hash cracking.
PurpleAILAB
testing-security
security
1.1K
privilege-escalation
Host privilege escalation — Windows token impersonation, UAC bypass, service abuse, DLL hijacking, Linux SUID/sudo/kernel exploits, automated enumeration.
PurpleAILAB
testing-security
security
1.1K
erc-8004
Register AI agents on Ethereum mainnet using ERC-8004 (Trustless Agents). Use when the user wants to register their agent identity on-chain, create an agent profile, claim an agent NFT, set up agent reputation, or make their agent discoverable. Handles bridging ETH to mainnet, IPFS upload, and on-chain registration.
BankrBot
testing-security
security
1.1K
helixa
Helixa — Onchain identity, reputation, and Cred Scores for AI agents on Base. Use when an agent wants to mint an identity NFT, check its Cred Score, verify social accounts, update traits/narrative, query agent reputation data, check staking info, or search the agent directory. Supports SIWA (Sign-In With Agent) auth and x402 micropayments. Also use when asked about Helixa, AgentDNA, ERC-8004, Cred Scores, $CRED token, or agent identity.
BankrBot
testing-security
security
1.1K
quotient-api
Accesses Quotient market intelligence through either x402 micropayments or API key auth, with explicit 402 challenge/settle handling when using x402.
BankrBot
testing-security
security
1.1K
pr-review-appsec-vendored
Stack-specific application security checklist for this repo's frameworks: better-auth, SpiceDB/AuthZed, and Next.js RSC. Extends the generalizable pr-review-appsec agent with patterns that require framework-specific knowledge to detect. Loaded by pr-review-appsec.
inkeep
testing-security
security
1.1K
slack-manifest
Guide for modifying the Slack app manifest — adding/removing bot scopes, event subscriptions, slash commands, shortcuts, or OAuth config. Ensures single-source-of-truth via slack-app-manifest.json. Triggers on: slack scope, bot scope, slack manifest, slack permission, add slack scope, remove slack scope, slack event subscription, slash command, slack OAuth, slack-app-manifest.
inkeep
testing-security
security
1.1K
secrets-manager
AWS Secrets Manager for secure secret storage and rotation. Use when storing credentials, configuring automatic rotation, managing secret versions, retrieving secrets in applications, or integrating with RDS.
itsmostafa
testing-security
security
1K
migrate-nullable-references
Enable nullable reference types in a C# project and systematically resolve all warnings. USE FOR: adopting NRTs in existing codebases, file-by-file or project-wide migration, fixing CS8602/CS8618/CS86xx warnings, annotating APIs for nullability, cleaning up null-forgiving operators, upgrading dependencies with new nullable annotations. DO NOT USE FOR: projects already fully migrated with zero warnings (unless auditing suppressions), fixing a handful of nullable warnings in code that already has NRTs enabled, suppressing warnings without fixing them, C# 7.3 or earlier projects. INVOKES: Get-NullableReadiness.ps1 scanner script.
dotnet
testing-security
security
1K
request-validator-generator
Request Validator Generator - Auto-activating skill for Backend Development. Triggers on: request validator generator, request validator generator Part of the Backend Development skill category.
jeremylongshore
testing-security
security
1K
checking-infrastructure-compliance
This skill allows Claude to check infrastructure compliance against industry standards such as SOC2, HIPAA, and PCI-DSS. It analyzes existing infrastructure configurations and reports on potential compliance violations. Use this skill when the user asks to assess compliance, identify security risks related to compliance, or generate reports on compliance status for SOC2, HIPAA, or PCI-DSS. Trigger terms include: "compliance check", "SOC2 compliance", "HIPAA compliance", "PCI-DSS compliance", "compliance report", "infrastructure compliance", "security audit", "assess compliance".
jeremylongshore
testing-security
security
1K
checking-infrastructure-compliance
This skill allows Claude to check infrastructure compliance against industry standards such as SOC2, HIPAA, and PCI-DSS. It analyzes existing infrastructure configurations and reports on potential compliance violations. Use this skill when the user asks to assess compliance, identify security risks related to compliance, or generate reports on compliance status for SOC2, HIPAA, or PCI-DSS. Trigger terms include: "compliance check", "SOC2 compliance", "HIPAA compliance", "PCI-DSS compliance", "compliance report", "infrastructure compliance", "security audit", "assess compliance".
jeremylongshore
testing-security
security
1K
checking-infrastructure-compliance
This skill allows Claude to check infrastructure compliance against industry standards such as SOC2, HIPAA, and PCI-DSS. It analyzes existing infrastructure configurations and reports on potential compliance violations. Use this skill when the user asks to assess compliance, identify security risks related to compliance, or generate reports on compliance status for SOC2, HIPAA, or PCI-DSS. Trigger terms include: "compliance check", "SOC2 compliance", "HIPAA compliance", "PCI-DSS compliance", "compliance report", "infrastructure compliance", "security audit", "assess compliance".
jeremylongshore
testing-security
security
1K
rate-limit-middleware
Rate Limit Middleware - Auto-activating skill for Backend Development. Triggers on: rate limit middleware, rate limit middleware Part of the Backend Development skill category.
jeremylongshore
testing-security
security
1K
cert-manager-setup
Cert Manager Setup - Auto-activating skill for DevOps Advanced. Triggers on: cert manager setup, cert manager setup Part of the DevOps Advanced skill category.
jeremylongshore
testing-security
security
1K
kubernetes-rbac-analyzer
Analyze kubernetes rbac analyzer operations. Auto-activating skill for Security Advanced. Triggers on: kubernetes rbac analyzer, kubernetes rbac analyzer Part of the Security Advanced skill category. Use when analyzing or auditing kubernetes rbac analyzer. Trigger with phrases like "kubernetes rbac analyzer", "kubernetes analyzer", "analyze kubernetes rbac r".
jeremylongshore
testing-security