Idiomatic Golang design patterns — functional options, constructors, error flow and cascading, resource management and lifecycle, graceful shutdown, resilience, architecture, dependency injection, data handling, and streaming. Apply when designing Go APIs, structuring applications, choosing between patterns, making design decisions, architectural choices, or production hardening.
Golang struct and interface design patterns — composition, embedding, type assertions, type switches, interface segregation, dependency injection via interfaces, struct field tags, and pointer vs value receivers. Use this skill when designing Go types, defining or implementing interfaces, embedding structs or interfaces, writing type assertions or type switches, adding struct field tags for JSON/YAML/DB serialization, or choosing between pointer and value receivers. Also use when the user asks about "accept interfaces, return structs", compile-time interface checks, or composing small interfaces into larger ones.
Structured error handling in Golang with samber/oops — error builders, stack traces, error codes, error context, error wrapping, error attributes, user-facing vs developer messages, panic recovery, and logger integration. Apply when using or adopting samber/oops, or when the codebase already imports github.com/samber/oops.
Go (Golang) naming conventions — covers packages, constructors, structs, interfaces, constants, enums, errors, booleans, receivers, getters/setters, functional options, acronyms, test functions, and subtest names. Use this skill when writing new Go code, reviewing or refactoring, choosing between naming alternatives (New vs NewTypeName, isConnected vs connected, ErrNotFound vs NotFoundError, StatusReady vs StatusUnknown at iota 0), debating Go package names (utils/helpers anti-patterns), or asking about Go naming best practices. Also trigger when the user mentions MixedCaps vs snake_case, ALL_CAPS constants, Get-prefix on getters, or error string casing. Do NOT use for general Go implementation questions that don't involve naming decisions.
Functional programming helpers for Golang using samber/lo — 500+ type-safe generic functions for slices, maps, channels, strings, math, tuples, and concurrency (Map, Filter, Reduce, GroupBy, Chunk, Flatten, Find, Uniq, etc.). Core immutable package (lo), concurrent variants (lo/parallel aka lop), in-place mutations (lo/mutable aka lom), lazy iterators (lo/it aka loi for Go 1.23+), and experimental SIMD (lo/exp/simd). Apply when using or adopting samber/lo, when the codebase imports github.com/samber/lo, or when implementing functional-style data transformations in Go. Not for streaming pipelines (→ See golang-samber-ro skill).
Monadic types for Golang using samber/mo — Option, Result, Either, Future, IO, Task, and State types for type-safe nullable values, error handling, and functional composition with pipeline sub-packages. Apply when using or adopting samber/mo, when the codebase imports `github.com/samber/mo`, or when considering functional programming patterns as a safety design for Golang.
Reactive streams and event-driven programming in Golang using samber/ro — ReactiveX implementation with 150+ type-safe operators, cold/hot observables, 5 subject types (Publish, Behavior, Replay, Async, Unicast), declarative pipelines via Pipe, 40+ plugins (HTTP, cron, fsnotify, JSON, logging), automatic backpressure, error propagation, and Go context integration. Apply when using or adopting samber/ro, when the codebase imports github.com/samber/ro, or when building asynchronous event-driven pipelines, real-time data processing, streams, or reactive architectures in Go. Not for finite slice transforms (-> See golang-samber-lo skill).
Hack, modify, and translate Game Boy / Game Boy Color ROMs using the Gearboy emulator MCP server. Provides workflows for memory searching, value discovery, cheat creation, data modification, sprite/text finding, and translation patching. Use when the user wants to create cheats, find game values in memory, modify ROM data, translate a Game Boy game, patch game behavior, create ROM hacks, discover hidden content, change sprites or graphics, find text strings, apply Game Genie or GameShark codes, do infinite lives or health hacks, search for score or item counters, or reverse engineer data structures in Game Boy or Game Boy Color games. Also use for any ROM hacking, memory poking, or game modification task involving Gearboy.
Docker 容器逃逸技术。当在 Docker 容器内部需要逃逸到宿主机、发现 docker.sock 挂载、容器以特权模式运行、procfs 被挂载、Docker API 端口暴露、或需要利用容器配置错误时使用。覆盖特权容器逃逸、socket 逃逸、procfs 逃逸、Remote API 利用、用户组提权、挂载逃逸、内核漏洞、运行时 CVE、capabilities 滥用。发现容器环境就应使用此技能
CTF 逆向工程技术。当挑战提供未知二进制文件需要分析算法逻辑、游戏客户端需要破解验证、混淆代码需要还原、自定义 VM 需要解释执行时使用。覆盖 Ghidra/IDA 静态分析、GDB/Frida 动态调试、反调试绕过、WASM/.NET/APK/Python 字节码/Go/Rust 多平台逆向
REST/GraphQL API 安全测试方法论。当目标有 API 端点(/api/、JSON 响应)、Swagger/OpenAPI 文档暴露、通过 js-api-extract 或目录扫描获得端点列表时使用。覆盖 API 发现、认证测试、框架识别、语义分析智能 Fuzz(根据端点语义推断参数名/类型/业务含义构造精准 payload)、Prototype Pollution、请求走私。IDOR → idor-methodology | GraphQL → graphql-methodology | CSRF → csrf-methodology。任何涉及 API 端点安全测试、参数发现、权限边界测试的场景都应使用此 skill
移动 App 后端 API 安全测试。当目标是移动应用的后端接口、发现 /api/v1/ 等移动端 API 路径、或需要测试 App 与服务器之间的通信安全时使用。覆盖 API 端点发现、认证机制测试、业务逻辑漏洞、移动端特有的安全问题
数据库横向移动与跨库攻击。当已获取一个数据库权限(PostgreSQL/MySQL/MSSQL)需要横向到其他数据库或内网服务时使用。覆盖 PostgreSQL dblink 跨库连接、MSSQL Linked Server 横向、MySQL 联邦引擎跨库、数据库→SSRF→内网探测。当目标网络隔离但数据库可通信时(数据库通常有比应用服务器更宽松的网络策略),这是突破隔离的关键路径。发现任何数据库间通信需求、内网数据库横向、跨库查询场景都应使用此技能
Playwright Browser MCP 与 xterm.js 终端交互方法论。当需要通过浏览器操作网页内嵌终端、CTF 靶场伪终端、Cloud Shell、在线 IDE 中的终端时使用。覆盖终端内容读取(5 种方法)、命令执行、输出捕获、screenshot 降级策略。只要目标页面中有任何形式的 Web 终端(xterm.js/hterm/jQuery Terminal),就应使用此技能
使用 Responder 进行 LLMNR/NBT-NS/MDNS 投毒和 NTLMv2 哈希捕获。当处于 Windows 域网络中、需要被动捕获凭据或进行中间人攻击时使用。Responder 监听网络中的名称解析广播请求(LLMNR/NBT-NS/MDNS),伪造响应诱使目标发送 NTLMv2 认证哈希。抓到的哈希可用 hashcat 离线破解或通过 ntlmrelayx 中继到其他服务。涉及 LLMNR 投毒、NBT-NS 投毒、WPAD 代理、NTLMv2 捕获、中间人攻击的场景使用此技能
使用 zombie 进行多协议暴力破解。zombie 是 chainreactors 出品的高性能暴力破解工具,支持 SSH/FTP/MySQL/MSSQL/PostgreSQL/Redis/SMB/RDP/SNMP/LDAP/VNC 等 20+ 协议,内置智能字典生成和分布式模式。与 hydra 的区别:zombie 支持更多协议、更快的并发、以及基于规则的字典生成。当需要批量弱口令检测、凭据喷洒时使用此技能
Shellcode Loader 组合生成:从知识库选择 storage/allocator/copier/executor 四类组件组合生成 C/C++/Rust Loader。当已获 shellcode、需要生成可在目标环境运行的 Loader 二进制时使用。先读 references/loader-scenarios.json 确认不存在重复场景,再选择 4 组件组合生成
Impacket Windows 协议工具集。当需要通过 Windows 协议(SMB/MSRPC/LDAP/Kerberos/WMI/DCOM/MSSQL)进行远程操作时使用。Impacket 提供了完整的 Windows 协议 Python 实现,核心工具包括 secretsdump(导出凭据)、psexec/smbexec/wmiexec/dcomexec(远程命令执行)、GetNPUsers/GetUserSPNs(Kerberos 攻击)、ntlmrelayx(NTLM 中继)。这是域渗透和 Windows 横向移动的基础工具集。涉及 Windows 远程执行、凭据导出、Kerberos 攻击、NTLM 中继、SMB 操作的场景都应使用此技能
Transforms conversations and discussions into structured documentation pages in Notion. Captures insights, decisions, and knowledge from chat context, formats appropriately, and saves to wikis or databases with proper organization and linking for easy discovery.
Turns product or tech specs into concrete Notion tasks that Claude code can implement. Breaks down spec pages into detailed implementation plans with clear tasks, acceptance criteria, and progress tracking to guide development from requirements to completion.
Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).
Movie character personality skill with configurable missions - choose your character and watch themed workflows unfold
UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient.
