全部能力

GraphQL and hidden parameter testing playbook. Use when exploring introspection, batching, undocumented fields, hidden parameters, schema abuse, and GraphQL authorization gaps.

Android渗透测试手册。用于在授权移动安全评估期间测试Android应用的SSL pinning绕过、导出组件滥用、WebView漏洞、intent重定向、root检测绕过、tapjacking和备份提取。

Generates unit tests, integration tests, and E2E tests for React/Next.js applications. Scans components to create Jest + React Testing Library test stubs,…

SAML SSO assertion attack playbook. Use when testing signature validation, assertion wrapping, audience restrictions, ACS handling, XML trust boundaries, and enterprise SSO flaws.

Source control and artifact exposure (.git, .svn, .hg, backups, .env). Use when recon finds VCS paths, 403 on hidden dirs, or backup/config leaks during authorized testing.

Multi-agent autonomous startup system for Claude Code. Triggers on "Loki Mode". Orchestrates 100+ specialized agents across engineering, QA, DevOps, security,…

在用户使用 Freqtrade 时调用 — 策略创建、回测、超参数优化、切换策略/交易对/模拟模式、查询实盘机器人状态/余额/…

Prototype pollution testing for JavaScript stacks. Use when user input is merged into objects (query parsers, JSON bodies, deep assign), when configuring libraries via untrusted keys, or when hunting RCE gadgets via polluted Object.prototype in Node or the browser.

Clickjacking playbook. Use when testing whether target pages can be framed, whether X-Frame-Options or CSP frame-ancestors are properly configured, and whether UI redress attacks can trigger sensitive actions.

Supply-chain testing via package-manager dependency confusion: when internal package names resolve to attacker-controlled public registries, leading to malicious install and script execution. Use for npm/pip/gem/Maven/Composer/Docker manifest review and authorized red-team supply-chain exercises.

Master Python 3.12+ with modern features, async programming, performance optimization, and production-ready practices. Expert in the latest Python ecosystem…

API 授权和 BOLA 测试手册。适用于 API 暴露对象标识符、嵌套资源、隐藏可写字段或功能级授权薄弱的情况。

Design pricing, packaging, and monetization strategies based on value, customer willingness to pay, and growth objectives.

Expert in Langfuse - the open-source LLM observability platform.

Browser automation and E2E testing with Playwright. Auto-detects dev servers, writes clean test scripts. Test pages, fill forms, take screenshots, check…

Browser automation powers web testing, scraping, and AI agent interactions. The difference between a flaky script and a reliable system comes down to…

Build type-safe LLM applications with DSPy.rb — Ruby's programmatic prompt framework with signatures, modules, agents, and optimization. Use when implementing…

Reference skill for Zoom Probe SDK. Use after routing to a preflight workflow when testing browser compatibility, media permissions, audio or video…

Email has the highest ROI of any marketing channel. $36 for every

Development skill from everything-claude-code