Top Rated
The most starred skills loved by the community. Quality guaranteed!
Pentest Checklist
by jcastillotx
This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements.
Top 100 Web Vulnerabilities Reference
by jcastillotx
This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability definitions, root causes, impacts, and mitigation strategies across all major web security categories.
Windows Privilege Escalation
by jcastillotx
This skill should be used when the user asks to "escalate privileges on Windows," "find Windows privesc vectors," "enumerate Windows for privilege escalation," "exploit Windows misconfigurations," or "perform post-exploitation privilege escalation." It provides comprehensive guidance for discovering and exploiting privilege escalation vulnerabilities in Windows environments.
Wireshark Network Traffic Analysis
by jcastillotx
This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "detect network anomalies", "investigate suspicious traffic", or "perform protocol analysis". It provides comprehensive techniques for network packet capture, filtering, and analysis using Wireshark.
wordpress-best-practices
by jcastillotx
WordPress development standards. Triggers when working with WordPress plugins, themes, hooks, REST API, or Gutenberg blocks.
WordPress Penetration Testing
by jcastillotx
This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies.
Cross-Site Scripting and HTML Injection Testing
by jcastillotx
This skill should be used when the user asks to "test for XSS vulnerabilities", "perform cross-site scripting attacks", "identify HTML injection flaws", "exploit client-side injection vulnerabilities", "steal cookies via XSS", or "bypass content security policies". It provides comprehensive techniques for detecting, exploiting, and understanding XSS and HTML injection attack vectors in web applications.
Security Scanning Tools
by jcastillotx
This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detect malware", "check cloud security", or "evaluate system compliance". It provides comprehensive guidance on security scanning tools and methodologies.
Shodan Reconnaissance and Pentesting
by jcastillotx
This skill should be used when the user asks to "search for exposed devices on the internet," "perform Shodan reconnaissance," "find vulnerable services using Shodan," "scan IP ranges with Shodan," or "discover IoT devices and open ports." It provides comprehensive guidance for using Shodan's search engine, CLI, and API for penetration testing reconnaissance.
SMTP Penetration Testing
by jcastillotx
This skill should be used when the user asks to "perform SMTP penetration testing", "enumerate email users", "test for open mail relays", "grab SMTP banners", "brute force email credentials", or "assess mail server security". It provides comprehensive techniques for testing SMTP server security.
SQL Injection Testing
by jcastillotx
This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems.
Pentest Commands
by jcastillotx
This skill should be used when the user asks to "run pentest commands", "scan with nmap", "use metasploit exploits", "crack passwords with hydra or john", "scan web vulnerabilities with nikto", "enumerate networks", or needs essential penetration testing command references.
SQLMap Database Penetration Testing
by jcastillotx
This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a vulnerable database," or "perform automated database penetration testing." It provides comprehensive guidance for using SQLMap to detect and exploit SQL injection vulnerabilities.
SSH Penetration Testing
by jcastillotx
This skill should be used when the user asks to "pentest SSH services", "enumerate SSH configurations", "brute force SSH credentials", "exploit SSH vulnerabilities", "perform SSH tunneling", or "audit SSH security". It provides comprehensive SSH penetration testing methodologies and techniques.
php-best-practices
by jcastillotx
PHP coding standards and best practices. This skill should be used when writing, reviewing, or refactoring PHP code. Triggers on tasks involving PHP applications, WordPress plugins, Laravel projects, or any PHP-based backend.
supabase-best-practices
by jcastillotx
Supabase development standards. Triggers when working with Supabase projects, Row Level Security, real-time subscriptions, or Edge Functions.
Privilege Escalation Methods
by jcastillotx
This skill should be used when the user asks to "escalate privileges", "get root access", "become administrator", "privesc techniques", "abuse sudo", "exploit SUID binaries", "Kerberoasting", "pass-the-ticket", "token impersonation", or needs guidance on post-exploitation privilege escalation for Linux or Windows systems.
skill-optimizer
by jovermier
Refactors Claude Code skills to reduce token usage 80-95% using Progressive Disclosure Architecture (PDA). Splits monolithic skills into orchestrator + reference files, extracts scripts, creates reference/ directories. Use when optimizing skills, improving skill efficiency, refactoring large/bloated skills, reducing token costs, applying PDA, modularizing skills, breaking down skills, or converting encyclopedia-style skills to orchestrator pattern.
firecrawl
by edxeth
Scrapes and crawls web pages, converting them to clean markdown or structured JSON for LLM consumption. Use when needing to extract content from URLs, crawl entire websites, map site structure, search the web with scraping, or extract structured data from pages. Best for web scraping, site crawling, URL discovery, and converting web content to LLM-ready formats.
css-best-practices
by jabranr
Guidelines for building modern, performant, and accessible CSS using MDN best practices. Use this when styling components, fixing layout shifts, or optimizing CSS performance.
exa
by edxeth
Searches the web using Exa's neural embeddings-based search API. Use when needing real-time web information to answer questions, verify facts, debug issues, find code examples, research topics, or clear doubts with authoritative sources. Best for open-ended research, fact-checking, troubleshooting errors with web context, and getting AI answers with citations.
SaaS Landing Page
by neillock
Hyper-specific conversion-optimized landing page specification for SaaS applications.
agents-commands-creator
by karchtho
Create Claude Code agents and commands with proper markdown structure, YAML frontmatter, and plugin.json arrays. Use when creating commands, slash commands, agents, autonomous assistants, and command-line utilities for Claude Code plugins.
code-reviewer
by karchtho
code review feedback quality analysis best practices consistency checking