Security
Security scanning and vulnerability detection
waf-bypass-hunter
by HacktronAI
Bypass a Coraza WAF protecting a vulnerable Next.js 16 backend. Analyze parser differentials between Go (WAF) and Node.js (backend) to find bypasses.
openclaw-sec
by PaoloRollo
AI Agent Security Suite - Real-time protection against prompt injection, command injection, SSRF, path traversal, secrets exposure, and content policy violations
auto-updates
by mikr13
Configure automatic security updates on Ubuntu/Debian VPS servers to patch vulnerabilities and prevent exploitation of known security flaws.
penetration-testing
by timsonner
Comprehensive penetration testing workflow using Kali Linux tools via MCP. Guides agents through reconnaissance, vulnerability assessment, exploitation, privilege escalation, and reporting. Use when conducting security assessments, CTF challenges, vulnerability testing, or red team exercises.
auth-implementation-patterns
by dmonteroh
"Provides authentication and authorization implementation patterns (JWT, OAuth2/OIDC, sessions, RBAC) for designing, implementing, or reviewing secure access control in applications and APIs."
deps-audit
by dmonteroh
"Produces a local, best-effort dependency audit summary and remediation plan for repos with dependency manifests."
gdpr-data-handling
by dmonteroh
"Implement practical GDPR-compliant data handling (privacy by design, lawful basis, DSARs, retention, vendor/transfer controls, breach readiness). Use when building or reviewing systems that process EU personal data."
secrets-management
by dmonteroh
"Secure secrets handling for CI/CD and runtime: secret inventory, access boundaries, short-lived identity (OIDC/workload identity), rotation, auditing, and leak response. Works across Vault and cloud-native secret managers."
accessibility-compliance-accessibility-audit
by ncdevshiv
"You are an accessibility expert specializing in WCAG compliance, inclusive design, and assistive technology compatibility. Conduct audits, identify barriers, and provide remediation guidance."
anti-reversing-techniques
by ncdevshiv
"Understand anti-reversing, obfuscation, and protection techniques encountered during software analysis. Use when analyzing protected binaries, bypassing anti-debugging for authorized analysis, or u..."
arc-shield
by arc-claw-bot
Output sanitization for agent responses - prevents accidental secret leaks
active-directory-attacks
by ncdevshiv
"This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", ..."
Provenance Guard
by smouj
Supply chain security and integrity verification for software artifacts
analyzing-packed-malware-with-upx-unpacker
by mukul975
'Identifies and unpacks UPX-packed and other packed malware samples to expose the original executable code for
analyzing-memory-dumps-with-volatility
by mukul975
'Analyzes RAM memory dumps from compromised systems using the Volatility framework to identify malicious processes,
analyzing-outlook-pst-for-email-forensics
by mukul975
Analyze Microsoft Outlook PST and OST files for email forensic evidence including message content, headers, attachments,
acquiring-disk-image-with-dd-and-dcfldd
by mukul975
Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through
analyzing-malicious-url-with-urlscan
by mukul975
URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content,
analyzing-ios-app-security-with-objection
by mukul975
'Performs runtime mobile security exploration of iOS applications using Objection, a Frida-powered toolkit that
analyzing-apt-group-with-mitre-navigator
by mukul975
Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps
analyzing-email-headers-for-phishing-investigation
by mukul975
Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify
analyzing-cobalt-strike-beacon-configuration
by mukul975
Extract and analyze Cobalt Strike beacon configuration from PE files and memory dumps to identify C2 infrastructure,
analyzing-network-covert-channels-in-malware
by mukul975
Detect and analyze covert communication channels used by malware including DNS tunneling, ICMP exfiltration,
analyzing-browser-forensics-with-hindsight
by mukul975
Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached