全部能力

Reference skill for Zoom Team Chat. Use after routing to a chat workflow when building user-scoped messaging integrations, chatbot experiences, rich cards,…

RSA attack playbook for CTF and real-world cryptanalysis. Use when given RSA parameters (n, e, c) and need to recover plaintext by exploiting weak keys, small exponents, shared factors, or padding oracles.

Linux lateral movement playbook. Use after gaining initial access to pivot across Linux hosts via SSH hijacking, credential harvesting, internal pivoting, D-Bus exploitation, sudo token reuse, and shared filesystem abuse.

Implement, review, or improve maps and location features in iOS/macOS apps using MapKit and CoreLocation. Use when working with Map views, annotations,…

DeFi attack pattern playbook. Use when analyzing flash loan attacks, price oracle manipulation, MEV sandwich attacks, governance exploits, bridge vulnerabilities, and token standard edge cases in decentralized finance protocols.

Senior GDPR/DSGVO expert and internal/external auditor for data protection compliance. Provides EU GDPR and German DSGVO expertise, privacy impact assessments,…

Google Cloud Platform (GCP) development best practices for Cloud Functions, Cloud Run, Firestore, BigQuery, and Infrastructure as Code.

Security audit and threat model for OpenClaw gateway hosts. Use to verify OpenClaw configuration, exposure, skills/plugins, filesystem hygiene, and to produce…

Use this skill whenever the user wants to create, read, edit, or manipulate Word documents (.docx files). Triggers include: any mention of 'Word doc', 'word…

飞书会话浏览、消息互动与群聊管理。查看聊天记录（单聊/群聊）、搜索群聊、获取消息详情、 Reaction 表情回应、Pin 置顶/取消置顶、删除消息，以及群聊信息管理（获取/更新/解散/成员）。 支持普通群和话题群（话题群自动获取线程回复）。大多数命令需要 User Token；`msg delete` 默认使用 App Token（Bot 撤回自己 24h 内消息），可选传 User Token 让群管理员撤回他人消息。 当用户请求"查看聊天记录"、"读私聊"、"p2p 聊天"、"群聊历史"、"搜索群聊"、 "查群信息/群成员"、"Reaction/表情回应"、"Pin/置顶消息"、"删除消息"、"消息详情"、 "和某人聊了什么"、"群里说了什么"、"总结群消息"、"话题回复 / thread replies"、 "合并转发里有啥"、"读合并转发"、"merge_forward 子消息"时使用。 特性：传 --user-email 或 --user-id 即可直读私聊无需反查 chat_id；消息列表自动附带 sender_names（open_id → 姓名）映射，无需额外调 member list。 即使用户只给出群名或 chat_id 想"浏览消息"而未说"聊天记录"，也应使用此技能。

Build high-performance FastAPI applications with async routes, validation, dependency injection, security, and automatic API documentation. Use when developing modern Python APIs with async support, automatic OpenAPI documentation, and high performance requirements.

macOS security bypass playbook. Use when targeting macOS endpoints and need to bypass TCC, Gatekeeper, SIP, sandbox, code signing, or entitlement-based protections during authorized red team or pentest engagements.

Active Directory ACL 滥用手册。用于利用配置错误的 AD 权限，包括 GenericAll、WriteDACL、DCSync 权限、shadow credentials、LAPS 读取、GPO 滥用以及 BloodHound 引导的攻击路径。

针对 Active Directory 的 Kerberos 攻击手册。用于通过 AS-REP roasting、Kerberoasting、黄金/白银/钻石票据、委派滥用或 pass-the-ticket 攻击定位 AD 认证的场景。

Detect malicious patterns in AI Agent skills — 13 detectors for backdoors, credential theft, data exfiltration, and supply-chain attacks. Based on SlowMist's…

飞书项目（Meego/Meegle）操作工具。支持查询和管理工作项、节点流转、视图查询、个人待办、排期统计等功能。 Use when user needs to work with Feishu/Lark Meego project management — including querying work items, creating/updating work items, completing workflow nodes, checking views, listing todos, analyzing schedules/workloads, or searching with MQL. 关键词：飞书项目、meego、meegle、工作项、需求、任务、缺陷、排期、视图、待办、节点。

下载、导出并检查现有的 Arize traces 和 spans，以了解 LLM 应用的运行状态或调试运行时问题。涵盖按 ID 导出 traces、…

Provides comprehensive code review guidance for React 19, Vue 3, Angular 17+, Svelte 5, Rust, TypeScript, Java, Python, Django, Go, C#/.NET, Kotlin, NestJS, C/C++, and more. Helps catch bugs, improve code quality, and give constructive feedback. Use when: reviewing pull requests, conducting PR reviews, code review, reviewing code changes, establishing review standards, mentoring developers, architecture reviews, security audits, checking code quality, finding bugs, giving feedback on code.

OpenAPI (Swagger) 2.0 specification for describing REST APIs. Use when writing, validating, or interpreting Swagger 2.0 specs, generating clients/docs, or…

Guide for performing Chromium version upgrades in the Electron project. Use when working on the roller/chromium/main branch to fix patch conflicts during `e…