全部能力

Smart contract vulnerability playbook. Use when auditing Solidity/EVM contracts for reentrancy, integer overflow, access control, delegatecall, flash loan, signature replay, and MEV-related attack patterns.

Implement, review, or improve maps and location features in iOS/macOS apps using MapKit and CoreLocation. Use when working with Map views, annotations,…

Security audit and threat model for OpenClaw gateway hosts. Use to verify OpenClaw configuration, exposure, skills/plugins, filesystem hygiene, and to produce…

Expert patterns for Plaid API integration including Link token

Use this skill whenever the user wants to create, read, edit, or manipulate Word documents (.docx files). Triggers include: any mention of 'Word doc', 'word…

飞书会话浏览、消息互动与群聊管理。查看聊天记录（单聊/群聊）、搜索群聊、获取消息详情、 Reaction 表情回应、Pin 置顶/取消置顶、删除消息，以及群聊信息管理（获取/更新/解散/成员）。 支持普通群和话题群（话题群自动获取线程回复）。大多数命令需要 User Token；`msg delete` 默认使用 App Token（Bot 撤回自己 24h 内消息），可选传 User Token 让群管理员撤回他人消息。 当用户请求"查看聊天记录"、"读私聊"、"p2p 聊天"、"群聊历史"、"搜索群聊"、 "查群信息/群成员"、"Reaction/表情回应"、"Pin/置顶消息"、"删除消息"、"消息详情"、 "和某人聊了什么"、"群里说了什么"、"总结群消息"、"话题回复 / thread replies"、 "合并转发里有啥"、"读合并转发"、"merge_forward 子消息"时使用。 特性：传 --user-email 或 --user-id 即可直读私聊无需反查 chat_id；消息列表自动附带 sender_names（open_id → 姓名）映射，无需额外调 member list。 即使用户只给出群名或 chat_id 想"浏览消息"而未说"聊天记录"，也应使用此技能。

macOS security bypass playbook. Use when targeting macOS endpoints and need to bypass TCC, Gatekeeper, SIP, sandbox, code signing, or entitlement-based protections during authorized red team or pentest engagements.

Build high-performance FastAPI applications with async routes, validation, dependency injection, security, and automatic API documentation. Use when developing modern Python APIs with async support, automatic OpenAPI documentation, and high performance requirements.

Active Directory ACL 滥用手册。用于利用配置错误的 AD 权限，包括 GenericAll、WriteDACL、DCSync 权限、shadow credentials、LAPS 读取、GPO 滥用以及 BloodHound 引导的攻击路径。

针对 Active Directory 的 Kerberos 攻击手册。用于通过 AS-REP roasting、Kerberoasting、黄金/白银/钻石票据、委派滥用或 pass-the-ticket 攻击定位 AD 认证的场景。

飞书项目（Meego/Meegle）操作工具。支持查询和管理工作项、节点流转、视图查询、个人待办、排期统计等功能。 Use when user needs to work with Feishu/Lark Meego project management — including querying work items, creating/updating work items, completing workflow nodes, checking views, listing todos, analyzing schedules/workloads, or searching with MQL. 关键词：飞书项目、meego、meegle、工作项、需求、任务、缺陷、排期、视图、待办、节点。

Google Sheets API for spreadsheets. Use when user mentions "Google Sheets",

下载、导出并检查现有的 Arize traces 和 spans，以了解 LLM 应用的运行状态或调试运行时问题。涵盖按 ID 导出 traces、…

OpenAPI (Swagger) 2.0 specification for describing REST APIs. Use when writing, validating, or interpreting Swagger 2.0 specs, generating clients/docs, or…

Guide for performing Chromium version upgrades in the Electron project. Use when working on the roller/chromium/main branch to fix patch conflicts during `e…

实现基于角色的访问控制（RBAC）、权限管理和授权策略。用于构建具有细粒度权限的安全访问控制系统。

Use when user wants their Claude Code pet (/buddy) to sing a song. Triggers on any request that combines the concept of their Claude Code buddy, pet, or companion with singing or music. Supports multilingual triggers — match equivalent phrases in any language.

Use when working with iOS/macOS Keychain Services (SecItem queries, kSecClass, OSStatus errors), biometric authentication (LAContext, Face ID, Touch ID),…

Comprehensive skill for Adobe Substance 3D Painter texturing and material creation workflow. Use this skill when creating PBR materials, exporting textures for…

Build with Firestore NoSQL database - real-time sync, offline support, and scalable document storage. Use when: creating collections, querying documents, setting up security rules, handling real-time listeners, or troubleshooting permission-denied, quota exceeded, invalid query, or offline persistence errors. Prevents 10 documented errors.