全部能力

Test Supabase Realtime WebSocket channels for unauthorized subscriptions and data exposure.

通用任务调度器。在开发工作流（步骤 0-9）中启动、路由和执行任何任务。对每个任务调用 — /task <description>、/task…

Identify and exploit HTML injection vulnerabilities that allow attackers to inject malicious HTML content into web applications. This vulnerability enables…

Test if user signup is open and identify potential abuse vectors in the registration process.

Test for user enumeration vulnerabilities through various authentication endpoints.

Smoke test for alicloud-security-content-moderation-green. Validate minimal authentication, API reachability, and one read-only query path.

Smoke test for alicloud-security-id-verification-cloudauth. Validate minimal authentication, API reachability, and one read-only query path.

Deep-dive usability evaluation of specific user tasks. Simulates novice user cognition step-by-step to identify learnability issues, unclear actions, and…

Expert-level application security, OWASP Top 10, penetration testing, and security best practices

Create a test user (with explicit permission) to audit what authenticated users can access vs anonymous users. Detects IDOR, cross-user access, and privilege…

Evaluate UX/UI using Don Norman's 7 fundamental design principles from The Design of Everyday Things. Audit discoverability, affordances, signifiers, feedback,…

Printing Press CLI for Ahrefs. SEO and competitive intelligence API for backlinks, keywords, rank tracking, site audit, and SERP data.

AI governance audit using ISO 42001 standard. Ensures AI systems are developed and deployed responsibly with risk management, ethics, security, transparency,…

Implement secure payments using Clerk Billing and Stripe without ever touching card data. Use this skill when you need to set up subscription payments, handle…

Use when the user asks to perform security audits, penetration testing, vulnerability scanning, OWASP Top 10 checks, or offensive security assessments. Covers…

FastAPI patterns for async APIs, dependency injection, Pydantic request and response models, OpenAPI docs, tests, security, and production readiness.

Expert-level security auditing, compliance, code review, and vulnerability assessment

Use when preparing ANY app for App Store submission, responding to App Review rejections, or running a pre-submission audit. Covers privacy manifests, metadata…

Security vulnerability scanner and OWASP compliance auditor for codebases. Dependency scanning (npm audit, pip-audit), secret detection (high-entropy strings,…

Use this skill when implementing web accessibility, adding ARIA attributes, ensuring keyboard navigation, or auditing WCAG compliance. Triggers on accessibility, a11y, ARIA roles, screen readers, keyboard navigation, focus management, color contrast, alt text, semantic HTML, and any task requiring WCAG 2.2 compliance or inclusive design.