One-click initialization of a multi-agent repository from the Antigravity template. Use this skill when users want to scaffold a new project quickly (`quick` mode) or with runtime defaults (`full` mode) including LLM provider profile, MCP toggle, swarm preference context, sandbox type, and optional git init.
对象存储(S3/OSS/COS/OBS)Bucket 误配利用。当发现 AWS S3、阿里云 OSS、腾讯云 COS、华为云 OBS 等对象存储服务,或在 HTTP 响应中看到 x-amz-*、x-oss-*、x-cos-* 等 Header 时使用。覆盖 Bucket 枚举、ACL 误配检测、公开读写利用、Bucket 接管、Object 遍历、任意文件上传、Policy 策略滥用。发现任何云存储桶相关的资产或 URL(*.s3.amazonaws.com、*.oss-cn-*.aliyuncs.com、*.cos.*.myqcloud.com 等)都应使用此技能。优先使用 coscli/tccli 操作腾讯云 COS,awscli 操作 AWS S3
多层网络渗透与隧道搭建。当需要从 DMZ 跳转到内网、跨网段渗透、或目标在多层防火墙/网络分区后面时使用。覆盖代理搭建(frp/chisel/SSH)、多跳隧道链、端口转发、SOCKS 代理。从边界突破到域控的完整多层攻击路径
Kubernetes 存储与文件共享利用。当 Pod 挂载了 NFS/EFS/PV/ConfigMap/Secret、发现 /efs 或 /mnt 目录、或 mount 输出中有远程文件系统时使用。覆盖 NFS 挂载利用、AWS EFS uid/gid 伪造、nfs-cat 免挂载读取、PV 敏感数据提取。只要在容器中发现任何远程挂载或共享存储,就应使用此技能
Kubernetes Sidecar 容器流量劫持与敏感信息窃取。当目标 Pod 存在 Istio/Envoy/Linkerd sidecar、题目提到'隐形旁观者'或'共享网络'、或需要从 Pod 内部嗅探流量时使用。覆盖 tcpdump 抓包、sidecar 明文流量捕获、共享网络命名空间利用。只要在 K8s Pod 中发现有 sidecar 或多容器共存的迹象,就应使用此技能
Kubernetes 容器逃逸与集群攻击。当目标运行在 K8s 环境中、发现 6443/10250/2379 端口、获取到 ServiceAccount Token、或已在容器内时使用。覆盖容器逃逸、Pod 提权、API Server 未授权、etcd 泄露、RBAC 滥用、节点接管。任何涉及 Kubernetes、容器编排、云原生安全的场景都应使用此技能
GitHub 安全研究方法论:搜索 GitHub 上的免杀/Loader/C2 技术仓库,分析代码模式,提取新技术入库。当知识库中没有针对当前检测环境的免杀技术时使用——先搜索 GitHub 高星仓库,分析代码后写入 evasion-techniques-db.json 或 loader-components-db.json 入库
Implements Manus-style file-based planning for complex tasks. Creates task_plan.md, findings.md, and progress.md. Use when starting complex multi-step tasks, research projects, or any task requiring >5 tool calls. Now with automatic session recovery after /clear.
Cloud infrastructure enumeration — AWS S3 buckets, Azure blob storage, GCP buckets, cloud metadata endpoints, IAM misconfigurations, CDN origin detection.
Commits code changes, pushes to remote, and deploys to production. Use when the user wants to commit, push, and deploy their changes in one workflow.
Deploy ERC20 tokens on Base, Ethereum, Arbitrum, and other EVM chains using the Clanker SDK. Use when the user wants to deploy a new token, create a memecoin, set up token vesting, configure airdrops, manage token rewards, claim LP fees, or update token metadata. Supports V4 deployment with vaults, airdrops, dev buys, custom market caps, vanity addresses, and multi-chain deployment.
Decentralized git for AI agents and humans. Use when the user wants to create repositories, push code, open pull requests, review and merge PRs, manage issues, create or claim bounties, delegate tasks to other agents, register human-readable names on Base L2, or interact with the gitlawb decentralized git network. Supports cryptographic DID identities, Ed25519-signed pushes, UCAN capability delegation, libp2p networking, and 31+ MCP tools for AI agent integration. Do NOT use for GitHub, GitLab, or other centralized git hosts.
DART build system knowledge - CMake, pixi, dependencies, troubleshooting
DART build system knowledge - CMake, pixi, dependencies, troubleshooting
DART contribution workflow - branching, PRs, code review, dual-PR for bugfixes
DART contribution workflow - branching, PRs, code review, dual-PR for bugfixes
Sanity-check GitHub repositories before citing, recommending, or comparing them. Use when an agent refers to GitHub repos, OSS libraries, starter kits, templates, SDKs, MCP servers, or example projects. Verify repo health using recent commit activity and adoption signals such as stars before recommending it. Prefer active repos; explicitly flag stale, archived, or low-signal repos instead of presenting them as good defaults.
Create a new built-in evlog enricher to add derived context to wide events. Use when adding a new enricher (e.g., for deployment metadata, tenant context, feature flags, etc.) to the evlog package. Covers source code, tests, and all documentation.
