Auth
Authentication and authorization
task-tracking-dots
by Randroids-Dojo
Manages Dots task tracking with the dot CLI, dependencies, and completion reasons. Use when tracking work items across sessions or coordinating task dependencies.
git-workflow
by LangConfig
"Expert guidance for Git workflows, branching strategies, and version control best practices. Use when managing repositories, resolving conflicts, or establishing team workflows."
codebase-navigator
by leegonzales
Semantic code search using osgrep for understanding codebases, finding implementations, and navigating large projects. Use when asked "where is", "how does", "find the code that", or any question about code location or implementation.
clerk-validator
by shipshitdev
Validate Clerk authentication configuration and detect deprecated patterns. Ensures proper proxy.ts usage (Next.js 16), ClerkProvider setup, and modern auth patterns. Use before any Clerk work or when auditing existing auth implementations.
adventure
by SimHacker
Room-based exploration with narrative evidence collection
🛒 GROCERIES
by SimHacker
skills/inventory — General inventory tracking
neon-auth
by neondatabase
Sets up Neon Auth for your application. Configures authentication, creates auth routes, and generates UI components. Use when adding authentication to Next.js, React SPA, or Node.js projects.
generic-fullstack-ux-designer
by travisjneuman
Professional UI/UX design expertise for full-stack applications. Covers design thinking, user psychology (Hick's/Fitts's/Jakob's Law), visual hierarchy, interaction patterns, accessibility, performance-driven design, and design critique. Use when designing features, improving UX, solving user problems, or conducting design reviews.
codex-claude-cursor-loop
by bear2u
Orchestrates a triple-AI engineering loop where Claude plans, Codex validates logic and reviews code, and Cursor implements, with continuous feedback for optimal code quality
acl-abuse
by blacklanternsecurity
Exploits misconfigured Active Directory ACLs for privilege escalation. Covers GenericAll, GenericWrite, WriteDACL, WriteOwner, ForceChangePassword, targeted Kerberoasting via SPN manipulation, shadow credentials (msDS-KeyCredentialLink → PKINIT), and AdminSDHolder persistence.
ldap-injection
by blacklanternsecurity
Exploit LDAP injection vulnerabilities during authorized penetration testing.
password-spraying
by blacklanternsecurity
Performs password spraying against authentication services with lockout-safe techniques. Works against AD (SMB/Kerberos/LDAP), SSH, web login forms, OWA, and any service with username/password auth. Service-agnostic — the orchestrator passes target services and spray intensity tier.
jwt-attacks
by blacklanternsecurity
Exploit JWT (JSON Web Token) vulnerabilities during authorized penetration testing.
trust-attacks
by blacklanternsecurity
Enumerates Active Directory trust relationships and exploits them for cross-domain and cross-forest privilege escalation. Covers trust enumeration (nltest, PowerView, BloodHound), SID history injection (child domain to forest root via golden/diamond ticket with extra SIDs), inter-realm TGT forging using trust keys, cross-forest trust abuse (SID filtering bypass, RBCD, Kerberoasting via trust account), and PAM trust exploitation (shadow principals in bastion forests).
pass-the-hash
by blacklanternsecurity
Authenticates to AD services using NTLM hashes, AES keys, or Kerberos tickets without cracking passwords. Covers Pass-the-Hash, Over-Pass-the-Hash, Pass-the-Key, and Pass-the-Ticket for lateral movement.
ad-persistence
by blacklanternsecurity
Establishes persistent access in Active Directory environments after domain compromise. Covers DCShadow (rogue DC attribute modification), Skeleton Key (LSASS master password), custom SSP injection (credential logging via mimilib/memssp), security descriptor backdoors (WMI/WinRM/ DCOM/registry ACL modification), ADFS Golden SAML (DKM key extraction and forged SAML tokens), SID history persistence (DA SID in regular user), and certificate-based persistence (golden certificate, renewal, enrollment agent).
smb-exploitation
by blacklanternsecurity
Exploit remote SMB vulnerabilities for unauthenticated code execution on Windows hosts.
idor
by blacklanternsecurity
Exploit Insecure Direct Object Reference (IDOR) and broken access control vulnerabilities during authorized penetration testing.
ad-discovery
by blacklanternsecurity
Enumerates Active Directory domains and maps attack surface for penetration testing.
red-team
by geekatron
"Offensive security team skill providing methodology guidance for penetration testing and red team engagements. Invoked when users request penetration testing, reconnaissance, vulnerability analysis, exploitation methodology, social engineering, C2 infrastructure, or engagement reporting. Routes to 11 specialized agents covering the full MITRE ATT&CK kill chain. All engagements require red-lead scope authorization before any other agent. Follows PTES, OSSTMM, and ATT&CK methodology frameworks."
saucer-boy
by geekatron
"Session conversational voice with McConkey personality. Invoke for Saucer Boy energy during work sessions — ambient personality that makes working with Jerry fun, or explicit McConkey invocation for on-demand persona responses. Use when you want McConkey-style commentary, encouragement, or perspective. Personality disengages automatically for hard stops, security, and governance."
voiceover-direction
by guia-matthieu
"Master the art of directing voice talent to deliver performances that match your brand vision, using Anne Ganguzza's storytelling approach and industry best practices. Use when: Hiring and briefing voiceover artists for a project; Giving direction during recording sessions; Writing scripts that are easy for talent to deliver; Matching voice characteristics to brand personality; Reviewing auditions and selecting the right talent"
git-commit-formatter
by rominirani
Formats git commit messages according to Conventional Commits specification. Use this when the user asks to commit changes or write a commit message.
basecamp-cli
by openclaw
Manage Basecamp (via bc3 API / 37signals Launchpad) projects, to-dos, messages, and campfires via a TypeScript CLI. Use when you want to list/create/update Basecamp projects and todos from the terminal, or when integrating Basecamp automation into Clawdbot workflows.