查询中

搜索技能

为您的 Agent 寻找最完美的能力。

结果数
53,183
符合搜索条件的技能
当前页
450
共 2660 页
关键词
ai
按名称、标签或描述搜索
security
1.1K

cloud-iam-audit

云 IAM 权限审计与提权。当获取了云平台凭据(AWS AK/SK、Azure SPN、GCP SA、腾讯云 SecretId/SecretKey)需要评估权限范围和提权路径时使用。覆盖 AWS/Azure/GCP/腾讯云的 IAM/CAM 策略分析、常见提权路径(PassRole、AssumeRole、Lambda/SCF 提权)、跨账号攻击、CloudTrail/CloudAudit 规避。发现任何云凭据、AK/SK、SecretId/SecretKey 时都应使用此技能

wgpsec
wgpsec
testing-security
open
security
1.1K

idor-methodology

IDOR 不安全直接对象引用检测与利用。当 API/URL 中出现用户 ID、订单号、文件名等可预测标识符,或需要测试水平越权(访问他人数据)和垂直越权(获取管理员权限)时使用。覆盖 ID 遍历、绕过技巧(参数污染/编码/方法切换)、多步 IDOR 链、文件资源 IDOR、批量操作越权、间接引用枚举、框架特征利用、UUID 猜测、响应对比分析、写操作越权、JWT Claims 篡改。发现 API 端点后务必加载本 skill 检查越权问题

wgpsec
wgpsec
testing-security
open
security
1.1K

jwt-attack-methodology

JWT Token 攻击方法论。当响应头/Cookie 中出现 eyJ 开头的字符串、Authorization: Bearer token、API 返回 token/access_token 字段时使用。包含 alg:none 绕过、弱密钥爆破(hashcat/john/c-jwt-cracker/jwt_tool 完整工具链)、Claims 篡改提权、RS256→HS256 算法混淆、kid 注入(SQL/路径穿越/命令注入)、jku/x5u 替换

wgpsec
wgpsec
testing-security
open
security
1.1K

supply-chain-audit

供应链安全审计。当指纹识别发现 WordPress/Jenkins/Struts/Django 等已知框架、或发现 /package.json /composer.json /package-lock.json /Gemfile 等依赖声明文件时使用。框架和组件版本直接关联 CVE——这是利用链的第一步,也是最容易忽略的攻击面

wgpsec
wgpsec
testing-security
open
security
1.1K

gogo-scan

使用 gogo 进行端口扫描和指纹识别。gogo 是 chainreactors 出品的高速端口扫描器,支持主动/被动指纹识别、智能分组输出、自动 TLS 握手提取证书信息。和 fscan 的区别:gogo 专注于扫描精度和指纹覆盖(2000+ 指纹规则),而 fscan 兼顾弱口令和 POC。当需要精确识别目标服务和中间件版本(而不只是端口开放)时优先使用 gogo。涉及端口扫描、服务识别、指纹识别、资产发现的场景都应考虑此技能

wgpsec
wgpsec
testing-security
open
domain-utilities
1.1K

ad-domain-attack

Active Directory 域环境攻击全链路。当目标主机在域环境中(systeminfo 显示 Domain 非 WORKGROUP)、发现 88/389/636 端口、或获取到域用户凭据时使用。覆盖域信息收集、用户枚举、Kerberoasting、AS-REP Roasting、委派攻击、ACL 滥用、DCSync、Golden/Silver Ticket

wgpsec
wgpsec
tools
open
domain-utilities
1.1K

subdomain-deep

深度子域名挖掘,多源联合枚举。当需要最大化子域名发现覆盖率、常规 DNS 枚举结果不足、或目标使用了 CDN/通配符 DNS 时使用。联合 DNS 爆破、OSINT 引擎、爬虫三种方式交叉发现

wgpsec
wgpsec
tools
open
cms-platforms
1.1K

notion-spec-to-implementation

Turns product or tech specs into concrete Notion tasks that Claude code can implement. Breaks down spec pages into detailed implementation plans with clear tasks, acceptance criteria, and progress tracking to guide development from requirements to completion.

Prat011
Prat011
development
open
content-creation
1.1K

copywriting

Generate brand-aligned copy with precise constraints for every touchpoint. Use this skill when a user needs a tagline, brand philosophy statement, brand voice definition, business card text, social media bio, social media cover text, brand manifesto, or any short-form copy that must fit strict character and word limits within a brand identity context.

dp-archive
dp-archive
content-media
open
design
1.1K

code-to-diagram

Generate architecture diagrams, ER diagrams, sequence diagrams, flowcharts, and class diagrams from codebases using Mermaid.js. Use when users ask to visualize code structure, draw architecture diagrams, create ER diagrams from database models, generate sequence diagrams from API flows, or produce any diagram from source code. Triggers on: 'draw architecture', 'generate diagram', 'visualize code', 'ER diagram', 'sequence diagram', 'class diagram', 'flowchart from code', 'module dependency graph'.

dp-archive
dp-archive
content-media
open
education
1.1K

ai-writing-detection

Comprehensive AI writing detection patterns and methodology. Provides vocabulary lists, structural patterns, model-specific fingerprints, and false positive prevention guidance. Use when analyzing text for AI authorship or understanding detection patterns.

dp-archive
dp-archive
documentation
open
academic
1.1K

humanizer

Remove signs of AI-generated writing from text. Use when editing or reviewing text to make it sound more natural and human-written. Based on Wikipedia's comprehensive "Signs of AI writing" guide. Detects and fixes patterns including: inflated symbolism, promotional language, superficial -ing analyses, vague attributions, em dash overuse, rule of three, AI vocabulary words, negative parallelisms, and excessive conjunctive phrases.

dp-archive
dp-archive
research
open
academic
1.1K

humanizer-zh

去除文本中的 AI 生成痕迹。适用于编辑或审阅文本,使其听起来更自然、更像人类书写。 基于维基百科的"AI 写作特征"综合指南。检测并修复以下模式:夸大的象征意义、 宣传性语言、以 -ing 结尾的肤浅分析、模糊的归因、破折号过度使用、三段式法则、 AI 词汇、否定式排比、过多的连接性短语。

dp-archive
dp-archive
research
open
frontend
1.1K

ui-ux-pro-max

UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient.

likaia
likaia
development
open
data-engineering
1.1K

evaluate-rag

Guides evaluation of RAG pipeline retrieval and generation quality. Use when evaluating a retrieval-augmented generation system, measuring retrieval quality, assessing generation faithfulness or relevance, generating synthetic QA pairs for retrieval testing, or optimizing chunking strategies.

hamelsmu
hamelsmu
data-ai
open
data-engineering
1.1K

generate-synthetic-data

Create diverse synthetic test inputs for LLM pipeline evaluation using dimension-based tuple generation. Use when bootstrapping an eval dataset, when real user data is sparse, or when stress-testing specific failure hypotheses. Do NOT use when you already have 100+ representative real traces (use stratified sampling instead), or when the task is collecting production logs.

hamelsmu
hamelsmu
data-ai
open
lab-tools
1.1K

validate-evaluator

Calibrate an LLM judge against human labels using data splits, TPR/TNR, and bias correction. Use after writing a judge prompt (write-judge-prompt) when you need to verify alignment before trusting its outputs. Do NOT use for code-based evaluators (those are deterministic; test with standard unit tests).

hamelsmu
hamelsmu
research
open
code-quality
1.1K

write-judge-prompt

Design LLM-as-Judge evaluators for subjective criteria that code-based checks cannot handle. Use when a failure mode requires interpretation (tone, faithfulness, relevance, completeness). Do NOT use when the failure mode can be checked with code (regex, schema validation, execution tests). Do NOT use when you need to validate or calibrate the judge — use validate-evaluator instead.

hamelsmu
hamelsmu
testing-security
open
testing
1.1K

clawteam-dev

This skill should be used when the user asks to "run e2e test", "test clawteam", "end-to-end test", "test agent team", "verify clawteam works", "dev test", or wants to validate the full ClawTeam lifecycle. Runs a complete end-to-end test: cleanup → create team → create tasks with dependencies → spawn agents → wait for completion → verify results → cleanup.

win4r
win4r
testing-security
open
ide-plugins
1.1K

build-review-interface

Build a custom browser-based annotation interface tailored to your data for reviewing LLM traces and collecting structured feedback. Use when you need to build an annotation tool, review traces, or collect human labels.

hamelsmu
hamelsmu
tools
open
上一页
第 450 页 / 共 2660 页
下一页