agent

验证 AI 智能体插件、工具和依赖项的供应链完整性。在以下场景使用此技能： - 为智能体插件或工具包生成 SHA-256 完整性清单 - 验证已安装插件与其发布的清单是否匹配 - 检测智能体工具目录中被篡改、修改或未跟踪的文件 - 审计智能体组件的依赖固定和版本策略 - 为智能体插件推广构建来源链（开发 → 预发布 → 生产） - 任何类似"验证插件完整性"、"生成清单"、"检查供应链"或"签名此插件"的请求

在用户需要与 X (Twitter) 交互时使用——搜索推文、查找用户/粉丝、下载媒体、实时监控账号等。

Audit MCP (Model Context Protocol) server configurations for security issues. Use this skill when: - Reviewing .mcp.json files for security risks - Checking MCP server args for hardcoded secrets or shell injection patterns - Validating that MCP servers use pinned versions (not @latest) - Detecting unpinned dependencies in MCP server configurations - Auditing which MCP servers a project registers and whether they're on an approved list - Checking for environment variable usage vs. hardcoded credentials in MCP configs - Any request like "is my MCP config secure?", "audit my MCP servers", or "check .mcp.json" keywords: [mcp, security, audit, secrets, shell-injection, supply-chain, governance]

Manage Elasticsearch RBAC: native users, roles, role mappings, document- and field-level security. Use when creating users or roles, assigning privileges, or mapping external realms like LDAP/SAML.

Diagnose and resolve Elasticsearch security errors: 401/403 failures, TLS problems, expired API keys, role mapping mismatches, and Kibana login issues. Use when the user reports a security error.

Enable, configure, and query Elasticsearch security audit logs. Use when the task involves audit logging setup, event filtering, or investigating security incidents like failed logins.

Entry P0 primary router for HackSkills. Use when the task involves web application testing, API security assessment, recon, vulnerability triage, exploit path planning, or choosing the right next category skill before any deep topic skill.

Reverse-engineer product specs.

Enable and configure Kibana audit logging for saved object access, logins, and space operations. Use when setting up Kibana audit, filtering events, or correlating Kibana and ES audit logs.

Triage Elastic Security alerts — gather context, classify threats, create cases, and acknowledge. Use when triaging alerts, performing SOC analysis, or investigating detections.

Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Codex's…

Creates Elastic Cloud Serverless projects (Elasticsearch, Observability, or Security) via the REST API, saves credentials to file, and bootstraps a scoped Elasticsearch API key. Use when creating a new serverless project, provisioning a search or observability environment, or spinning up a new Elastic Cloud project.

Manage Elastic Cloud organization access: invite users, assign roles to Serverless projects, and create or revoke Cloud API keys. Use when granting, modifying, or auditing user access.

Linux lateral movement playbook. Use after gaining initial access to pivot across Linux hosts via SSH hijacking, credential harvesting, internal pivoting, D-Bus exploitation, sudo token reuse, and shared filesystem abuse.

AI/ML 安全手册。用于评估模型供应链攻击（pickle RCE、投毒权重）、对抗样本、模型投毒、模型窃取、数据隐私攻击（成员推断、模型逆向）以及自主智能体安全风险。

Detect malicious patterns in AI Agent skills — 13 detectors for backdoors, credential theft, data exfiltration, and supply-chain attacks. Based on SlowMist's…

下载、导出并检查现有的 Arize traces 和 spans，以了解 LLM 应用的运行状态或调试运行时问题。涵盖按 ID 导出 traces、…

Use when working with iOS/macOS Keychain Services (SecItem queries, kSecClass, OSStatus errors), biometric authentication (LAContext, Face ID, Touch ID),…

Detect and neutralize prompt injection attacks in OpenClaw skill content, user inputs, and external data sources.

在 Arize 上处理 LLM-as-judge 评估工作流，包括创建/更新评估器、在 span 或 experiment 上运行评估、管理任务等。