agent

README 优先的 AI 仓库复现主编排器。当用户需要端到端、最小可信复现流程，且该流程会读取仓库…

构建全面的攻击树以可视化威胁路径。适用于梳理攻击场景、识别防御盲点，或向……传达安全风险。

根据 OWASP Agentic Security Initiative (ASI) Top 10 风险检查任意 AI agent 代码库。在以下场景使用此技能： - 生产部署前评估 agent 系统安全态势 - 针对 OWASP ASI 2026 标准运行合规检查 - 将现有安全控制映射到 10 项 agentic 风险 - 生成安全审查或审计用的合规报告 - 对比 agent 框架安全特性与标准差异 - 处理类似"我的 agent 是否符合 OWASP 标准"、"检查 ASI 合规性"或"agentic 安全审计"的请求

Agent memory management — cloud backup, restore, and local vector search of .md memory files

验证 AI 智能体插件、工具和依赖项的供应链完整性。在以下场景使用此技能： - 为智能体插件或工具包生成 SHA-256 完整性清单 - 验证已安装插件与其发布的清单是否匹配 - 检测智能体工具目录中被篡改、修改或未跟踪的文件 - 审计智能体组件的依赖固定和版本策略 - 为智能体插件推广构建来源链（开发 → 预发布 → 生产） - 任何类似"验证插件完整性"、"生成清单"、"检查供应链"或"签名此插件"的请求

Reverse-engineer product specs.

Evaluate UX/UI using Jakob Nielsen's 10 usability heuristics. Comprehensive audit of visibility, control, consistency, error prevention, recognition,…

Security audit and vulnerability scanner for AI agent skills before installation. Use when: (1) evaluating a skill from an untrusted source, (2) auditing a skill directory or git repo URL for malicious code, (3) pre-install security gate for Claude Code plugins, OpenClaw skills, or Codex skills, (4) scanning Python scripts for dangerous patterns like os.system, eval, subprocess, network exfiltration, (5) detecting prompt injection in SKILL.md files, (6) checking dependency supply chain risks, (7) verifying file system access stays within skill boundaries. Triggers: "audit this skill", "is this skill safe", "scan skill for security", "check skill before install", "skill security check", "skill vulnerability scan".

Security audit for LLM and GenAI applications using OWASP Top 10 for LLM Apps 2025. Assess prompt injection, data leakage, supply chain, and 7 more critical…

Deep-dive usability evaluation of specific user tasks. Simulates novice user cognition step-by-step to identify learnability issues, unclear actions, and…

Evaluate UX/UI using Don Norman's 7 fundamental design principles from The Design of Everyday Things. Audit discoverability, affordances, signifiers, feedback,…

AI governance audit using ISO 42001 standard. Ensures AI systems are developed and deployed responsibly with risk management, ethics, security, transparency,…

Expert MCP (Model Context Protocol) server developer creating safe, performant, production-ready servers with proper security, error handling, and developer…

AI trustworthiness testing using OWASP AI Testing Guide v1. Execute 44 test cases across 4 layers (Application, Model, Infrastructure, Data) with practical…

Route LangSmith work into one workflow packet before touching SDK code. Use when the user needs LangSmith tracing, offline evals, annotation/review queues, prompt-registry decisions, audit/gap review, or cross-service trace propagation for an LLM app or agent workflow. Choose one packet: trace-debug, eval, review, prompt-registry, propagation, or audit. Triggers on: LangSmith, LangChain tracing, `@traceable` / `traceable`, `wrap_openai` / `wrapOpenAI`, datasets, experiments, annotation queues, feedback criteria, Prompt Hub, run trees, trace IDs, or production confidence for an AI feature. Not for generic SLO/alert design, non-LangSmith deployment orchestration, or runtime guardrails outside LangSmith.

AI risk assessment using NIST AI RMF 1.0 framework. Evaluate AI systems across 4 core functions (Govern, Map, Measure, Manage) for trustworthy and responsible…

Scans for security vulnerabilities including XSS, SQL injection, CSRF, and auth flaws using OWASP Top 10 methodology. Use when conducting SAST/DAST scans,…