testing
4K
credential-tester
Reference tool for devtools — covers intro, quickstart, patterns and more. Quick lookup for Credential Tester concepts, best practices, and implementation pa...
openclaw
testing-security
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
testing
4K
ai-workflow-red-team-lite
对 AI 自动化流程做轻量红队演练,聚焦误用路径、边界失败和数据泄露风险。;use for red-team, ai, workflow workflows;do not use for 输出可直接滥用的攻击脚本, 帮助破坏系统.
openclaw
testing-security
testing
4K
api-contract-auditor
审查 API 文档、示例和字段定义是否一致,输出 breaking change 风险。;use for api, contract, audit workflows;do not use for 直接改线上接口, 替代契约测试平台.
openclaw
testing-security
testing
4K
env-diff-explainer
比较 dev/staging/prod 配置差异,并把技术差异翻译成业务风险。;use for env, config, diff workflows;do not use for 输出敏感密钥值, 直接覆盖配置.
openclaw
testing-security
testing
4K
qa-scenario-synthesizer
把需求拆成功能、异常、跨端、脏输入和恢复场景测试集。;use for qa, test-scenarios, edge-cases workflows;do not use for 宣称已经完成测试, 忽略关键用户路径.
openclaw
testing-security
testing
4K
regression-story-builder
基于历史问题生成回归测试故事集、风险等级和优先级。;use for regression, testing, qa workflows;do not use for 宣称已经执行测试, 跳过高风险路径.
openclaw
testing-security
testing
4K
skill-smoke-test-author
自动为 Skill 生成 smoke test 模板,覆盖依赖缺失、空输入和标准路径。;use for skills, testing, smoke-test workflows;do not use for 写无法执行的测试, 忽略失败路径.
openclaw
testing-security
testing
4K
spec-to-checklist
把 PRD、接口文档或需求规格拆成验收、联调、测试和上线清单。;use for spec, checklist, acceptance workflows;do not use for 替代真实测试执行, 伪造通过结果.
openclaw
testing-security
testing
4K
study-revision-planner
Convert a syllabus, exam scope, or course notes into a revision calendar with spaced review, mock tests, and weak-point loops.
openclaw
testing-security
testing
4K
skill-test-sandbox
将用户给出的任意非技术话题用三行打油诗(每行字数相近、押韵或顺口)进行趣味总结。不调用任何工具。 在用户要求测试 Skill、沙盒演示、打油诗总结、或明确说与充电业务无关的玩笑/练习时使用。
openclaw
testing-security
code-quality
4K
plugin-integration-checker
Check if a skill is part of a plugin and verify its integration with commands and agents. Use after creating or modifying a skill to ensure proper plugin architecture. Triggers on "check plugin integration", "verify skill integration", "is this skill in a plugin", "check command-skill-agent integration", or after skill creation/modification when the skill path contains ".claude-plugins" or "plugins/".
libukai
testing-security
security
4K
vscode-httpyac-config
Configure VSCode with httpYac for API testing and automation. This skill should be used specifically when converting API documentation to executable .http files (10+ endpoints), setting up authentication flows with pre-request scripts, implementing request chaining with response data, organizing multi-file collections with environment management, or establishing Git-based API testing workflows with CI/CD integration.
libukai
testing-security
code-quality
4K
env-configuration
Adding or reading env vars, updating .env.example, or validating config at startup with parseEnv / parseEnvOptional.
latitude-dev
testing-security
security
3.9K
ciso-assistant-bootstrap
Bootstrap CISO Assistant for new users by guiding them through initial setup. Use when: (1) User wants to set up CISO Assistant from scratch (2) User mentions "bootstrap", "initial setup", "getting started", or "onboarding" with CISO Assistant (3) User needs help creating their organizational structure, loading frameworks, or configuring risk assessments Covers: domains/folders, perimeters, industry-based framework selection, assets, risk assessment type (qualitative vs quantitative), third-party entities and solutions, and compliance vs risk focus.
intuitem
testing-security
security
3.9K
sqlmap-database-penetration-testing
This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a vulnerable database," or "perform automated database penetration testing." It provides comprehensive guidance for using SQLMap to detect and exploit SQL injection vulnerabilities.
zebbern
testing-security
security
3.9K
cloud-penetration-testing
This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms.
zebbern
testing-security
security
3.9K
aws-penetration-testing
This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.
zebbern
testing-security
security
3.9K
top-100-web-vulnerabilities-reference
This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability definitions, root causes, impacts, and mitigation strategies across all major web security categories.
zebbern
testing-security
security
3.9K
broken-authentication-testing
This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.
zebbern
testing-security
security
3.9K
api-fuzzing-for-bug-bounty
This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques.
zebbern
testing-security
security
3.9K
active-directory-attacks
This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.
zebbern
testing-security
security
3.9K
smtp-penetration-testing
This skill should be used when the user asks to "perform SMTP penetration testing", "enumerate email users", "test for open mail relays", "grab SMTP banners", "brute force email credentials", or "assess mail server security". It provides comprehensive techniques for testing SMTP server security.
zebbern
testing-security
security
3.9K
security-scanning-tools
This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detect malware", "check cloud security", or "evaluate system compliance". It provides comprehensive guidance on security scanning tools and methodologies.
zebbern
testing-security