全部能力

Payments Apps API 使支付服务提供商能够将其支付解决方案与 Shopify 的结账流程相集成。

Systematically verifies suspected security bugs to eliminate false positives. Produces TRUE POSITIVE or FALSE POSITIVE verdicts with documented evidence for…

>

Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes. Use when reviewing API designs, configuration…

使用 dmux（面向 AI 智能体的 tmux 窗格管理器）进行多智能体编排。适用于 Claude Code、Codex、OpenCode 及其他工具的并行智能体工作流模式……

Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.

Provides guidance for property-based testing across multiple languages and smart contracts. Use when writing tests, reviewing code with…

Identifies security vulnerabilities, generates structured audit reports with severity ratings, and provides actionable remediation guidance. Use when…

用于AI输出的三层验证管道。提取可验证的声明，通过网络搜索查找支持或反驳的来源，并运行对抗性审查…

Enforces authenticated gh CLI workflows over unauthenticated curl/WebFetch patterns. Use when working with GitHub URLs, API access, pull requests, or issues.

Golang 的安全最佳实践与漏洞防范。涵盖注入攻击（SQL、命令、XSS）、密码学、文件系统安全、网络安全等……

Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, missing signer/ownership checks, and sysvar spoofing.…

配置和管理 GitHub Dependabot 的综合指南。当用户询问有关创建或优化 dependabot.yml 文件、管理 Dependabot 拉取请求、配置依赖项更新策略、设置分组更新、monorepo 模式、多生态系统分组、安全更新配置、自动分类规则，或任何与 Dependabot 相关的 GitHub Advanced Security (GHAS) 供应链安全主题时，请使用此技能。对于通过 GitHub MCP Server 在 AI 编码代理中进行 pre-commit 依赖项漏洞扫描，此技能会引用 Advanced Security 插件 (`advanced-security@copilot-plugins`)。当代理需要在提交前扫描依赖项的已知漏洞时，请使用此技能。

Use when implementing infrastructure as code with Terraform across AWS, Azure, or GCP. Invoke for module development (create reusable modules, manage module…

MCP 服务器，包含 39 个工具，用于 Word、Excel、PowerPoint、PDF 和 OCR 操作

Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state,…

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static…

Prepares codebases for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes…

Techniques for patching code to overcome fuzzing obstacles. Use when checksums, global state, or other barriers block fuzzer progress.

Coverage analysis measures code exercised during fuzzing. Use when assessing harness effectiveness or identifying fuzzing blockers.