agent

Security audit and vulnerability scanner for AI agent skills before installation. Use when: (1) evaluating a skill from an untrusted source, (2) auditing a skill directory or git repo URL for malicious code, (3) pre-install security gate for Claude Code plugins, OpenClaw skills, or Codex skills, (4) scanning Python scripts for dangerous patterns like os.system, eval, subprocess, network exfiltration, (5) detecting prompt injection in SKILL.md files, (6) checking dependency supply chain risks, (7) verifying file system access stays within skill boundaries. Triggers: "audit this skill", "is this skill safe", "scan skill for security", "check skill before install", "skill security check", "skill vulnerability scan".

Master smart contract security with auditing, vulnerability detection, and incident response

Create and manage agentic wallets with Cobo. Use for autonomous onchain operations via the caw CLI: token transfers, contract calls, pact creation and…

Security audit for LLM and GenAI applications using OWASP Top 10 for LLM Apps 2025. Assess prompt injection, data leakage, supply chain, and 7 more critical…

Use when conducting security assessments — OWASP Top 10 / API / LLM, CWE Top 25, CVSS scoring — auditing PHP/TYPO3 (v14.3 LTS: #109585, HashService removal,…

This skill should be used when the user wants to "create a skill", "add a skill to plugin", "write a new skill", "improve skill description", "organize skill…

Generate 3D models, textures, images, rig characters, animate them, and prepare for 3D printing using the Meshy AI API. Handles API key detection, task…

通用任务调度器。在开发工作流（步骤 0-9）中启动、路由和执行任何任务。对每个任务调用 — /task <description>、/task…

Upload, download, search, and share files on Google Drive. Create folders and manage permissions. Use when asked to share a file, upload to gdrive, search…

RESTful API design, error handling, versioning, and best practices. Use when designing APIs, reviewing endpoints, implementing error responses, or setting up…

Audits web applications to ensure declared privacy policies match actual technical data collection practices. Use to identify discrepancies in cookie usage,…

统一审查技能 — 自动检测计划或代码，组装合适的面板，运行带有严重性门控的有限审查-修复循环。在计划或……时使用

Audits agent skill instructions and system prompts for vulnerabilities to prompt hijacking and indirect injection. Use when designing new agent skills or…

Comprehensive security audit and vulnerability detection for JavaScript/TypeScript applications following OWASP Top 10. Use when (1) Users say 'audit…

Performs STRIDE threat modeling, DREAD risk scoring, secret detection, and secure architecture design. Use when conducting threat models, reviewing code for security vulnerabilities, designing defense-in-depth architectures, or scanning for hardcoded secrets and credentials.

Deep-dive usability evaluation of specific user tasks. Simulates novice user cognition step-by-step to identify learnability issues, unclear actions, and…

Evaluate UX/UI using Don Norman's 7 fundamental design principles from The Design of Everyday Things. Audit discoverability, affordances, signifiers, feedback,…

AppSec patterns aligned with OWASP Top 10:2025 and NIST SSDF. Use when implementing auth, input validation, crypto, or reviewing security posture.

AI governance audit using ISO 42001 standard. Ensures AI systems are developed and deployed responsibly with risk management, ethics, security, transparency,…

Fortify integration. Manage data, records, and automate workflows. Use when the user wants to interact with Fortify data.