This skill should be used when the user asks to "exploit buffer overflow vulnerabilities", "develop stack-based exploits", "find EIP offset", "identify bad characters", "create shellcode payloads", "perform fuzzing for crashes", or "gain remote code execution via memory corruption". It provides comprehensive techniques for discovering and exploiting buffer overflow vulnerabilities in Windows applications.
This skill should be used when the user asks to "test for XSS vulnerabilities", "perform cross-site scripting attacks", "identify HTML injection flaws", "exploit client-side injection vulnerabilities", "steal cookies via XSS", or "bypass content security policies". It provides comprehensive techniques for detecting, exploiting, and understanding XSS and HTML injection attack vectors in web applications.
This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI vulnerabilities", or "access files outside web root". It provides comprehensive file path traversal attack and testing methodologies.
Best practices for Claude Code performance optimization, context management, storage cleanup, and troubleshooting slowdowns
Measure execution time and memory usage of code. Use when analyzing performance characteristics.
Check Mojo code for memory safety issues (ownership violations, use-after-free, etc.). Use to catch memory bugs.
Comprehensive Windows 11 system diagnostics via PowerShell. Diagnoses crashes, freezes, reboots, BSOD, disk health, memory issues, hardware errors, and performance problems. Use when troubleshooting Windows stability issues, analyzing Event Viewer logs, checking disk/memory health, investigating hardware errors, or diagnosing system performance problems.
Use when optimizing end-to-end latency, reducing response times, or improving performance for latency-sensitive applications. Covers latency budgets, geographic routing, protocol optimization, and latency measurement techniques.
Explain compiler/runtime errors in plain language. Use when a junior developer needs help understanding an error message.
Verify memory safety in Mojo code including ownership, borrowing, and lifetime management. Use when reviewing code or debugging memory issues.
Audit Solana programs (Anchor or native Rust) for security vulnerabilities. Use when reviewing smart contract security, finding exploits, analyzing attack vectors, performing security assessments, or when explicitly asked to audit, review security, check for bugs, or find vulnerabilities in Solana programs.
Audit, optimize, and maintain 60fps performance for emotive-mascot animations. Use when diagnosing performance issues, optimizing particle systems, reducing bundle size, or ensuring smooth animations across devices.
Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".
Analyze Ruby and Rails code quality with RubyCritic. Identifies code smells, complexity issues, and refactoring opportunities. Provides detailed metrics, scores files A-F, compares branches, and prioritizes high-churn problem areas. Use when analyzing Ruby code quality, reviewing PRs, or identifying technical debt.
Comprehensive testing patterns with Pest. Use when working with tests, testing patterns, or when user mentions testing, tests, Pest, PHPUnit, mocking, factories, test patterns.
Essential fuzzing payloads: SQL injection, command injection, special characters. Curated essentials for vulnerability testing.
当用户正在进行 CTF 比赛或练习,遇到 Misc 类型题目时触发此 Skill。 适用场景包括: - 用户上传或提及了音频文件(wav/mp3/flac)、图片文件(png/jpg/bmp/gif)、压缩包、pcap 流量包、内存镜像(raw/vmem/dmp)等 - 用户描述了隐写、编码、套娃、文件分析、内存取证相关问题 - 用户明确说"CTF"、"Misc"、"隐写"、"找 flag"、"这是一道题"、"内存取证"、"Volatility"等关键词 - 用户提供了 base64/hex/binary 等编码字符串需要解码 - 用户需要分析可疑文件、提取隐藏数据、还原协议内容、分析内存镜像
Use this skill when asked to analyze, investigate, or report on honeypot server security. Triggers on keywords like "honeypot investigation", "analyze honeypot", "honeypot security", "honeypot report", or when a server name is mentioned with honeypot analysis context. This skill provides comprehensive security analysis including attack patterns, threat intelligence correlation, IP enrichment, vulnerability assessment, and executive report generation.
当用户正在进行 CTF 比赛或练习,遇到 Web 类型题目时触发此 Skill。 适用场景包括: - 用户描述了 SQL 注入、XSS、SSRF、SSTI、XXE、文件包含、命令执行等 Web 安全问题 - 用户需要进行信息搜集、目录扫描、端口扫描等渗透前期工作 - 用户遇到 PHP 特性利用、反序列化、JWT 伪造等高级攻击场景 - 用户提及 "CTF"、"Web"、"渗透"、"注入"、"绕过"、"漏洞" 等关键词 - 用户需要分析 Java 代码审计、区块链安全、组件漏洞利用等问题 - 用户需要构造 payload、编写 exploit、分析 WAF 绕过策略
Use when errors occur deep in execution and you need to trace back to find the original trigger - systematically traces bugs backward through call stack, adding instrumentation when needed, to identify source of invalid data or incorrect behavior
Essential exploitation payloads: anti-virus test files, file name exploits, malicious files. Curated for testing.
Detects when user requests warrant critical analysis via /advise command
