tanweai
@tanweai
Public Skills
pua-debugging
by tanweai
"Use when any task fails two or more times, when about to give up or say 'I cannot', when deflecting to the user ('you should manually...', 'please check...', 'you may need to...'), blaming the environment without verification ('might be a permissions issue', 'could be a network problem'), producing any excuse to stop trying, spinning in circles (repeatedly tweaking the same code/parameters without new information — busywork/磨洋工), fixing only the surface issue without checking for related problems, skipping verification after a fix and claiming 'done', giving suggestions instead of actual code/commands, saying 'this is beyond scope' or 'this requires manual intervention', encountering permission/network/auth errors and stopping instead of trying alternatives, or showing any passive behavior (waiting for user instructions instead of proactively investigating). Also triggers on user frustration phrases in any language: '你怎么又失败了', '为什么还不行', '换个方法', '你再试试', '不要放弃', '继续', '加油', 'why does this still not work', 'try harder', 'you keep failing', 'stop giving up', 'try again', 'don't give up', 'keep going', 'figure it out'. Applies to ALL task types: debugging, implementation, config, deployment, research, DevOps, infrastructure, API integration, data processing. Do NOT trigger on first-attempt failures or when a known fix is already in progress."
p7
by tanweai
"P7 Senior Engineer mode — solution-driven execution under P8 supervision. Use when user says 'P7模式', '方案驱动', or when spawned as sub-task executor by P8. Produces: implementation plan + code + 3-question self-review, delivered via [P7-COMPLETION]."
vuln-analysis-expert
by tanweai
WooYun漏洞分析专家系统。基于88,636个真实漏洞案例提炼的元思考方法论、测试流程、利用技巧、绕过方法。覆盖SQL注入、XSS、命令执行、逻辑漏洞、文件上传、未授权访问等主要漏洞类型。当用户进行漏洞挖掘、渗透测试、安全审计、代码审计时触发。
vuln-research
by tanweai
安全研究元思考方法论 - 从先知社区5600+篇安全文档中提炼的漏洞挖掘方法论框架。 Use this skill when: - 进行漏洞挖掘和安全研究时,需要系统化的思考框架 - 分析特定类型漏洞(Web注入、反序列化、二进制、域渗透等)的攻击路径 - 需要了解绕过防护措施(WAF、EDR、沙箱)的思维模式 - 进行代码审计需要Source-Sink分析方法论 - 红队攻防需要完整攻击链规划 - CTF竞赛需要快速解题思路 - 逆向分析恶意软件需要方法论指导 Triggers: 漏洞挖掘、安全研究、渗透测试、代码审计、红队攻防、CTF、逆向分析、 WAF绕过、免杀、提权、横向移动、域渗透、反序列化、二进制安全、Fuzzing