The library

research-proposal · scoping novel research projects before implementation

system-info · planning compute resource allocation for ML training

gotchas-with-skill · avoiding costly mistakes in framework usage

document · When producing final audit documents with balanced coupling analysis.

2603-permissions_2c281257 · When you need to configure tool access without constant prompts.

verify · Before committing work to ensure requirements are actually met.

compound · When capturing solutions to reduce repeated debugging and knowledge loss.

harness-help · When discovering available commands and orchestration capabilities.

meta-tags-optimizer · Pages with low CTR needing title/description optimization for search.

schema-markup-generator · E-commerce/content sites needing rich snippets for search visibility.

anti-ai-slop-writing · Content needing AI assistance while maintaining human voice and nuance.

entity-optimizer · Knowledge graph optimization requiring structured entity markup refinement.

memory-management · Systems requiring cache efficiency and memory leak prevention under load.

peer-review · Academic or technical publication pipelines requiring rigorous peer feedback.

sp · C projects when a single-header stdlib replacement eliminates malloc/strlen/strcmp pitfalls.

backlink-analyzer · Link audits when gap analysis vs competitors and disavow recommendations guide strategy.

internal-linking-optimizer · Internal linking when anchor-text optimization and pagerank flow guidance beat manual audits.

on-page-seo-auditor · On-page SEO when element-by-element audit with competitor comparison guides optimization.

dto-generator · NestJS projects scaffold DTOs faster with auto-discovery than manual scaffolding.

content-gap-analysis · Editorial planning beats brainstorming when you compare against a specific competitor set.

next-best-practices · Next.js refactors avoid pitfalls when you follow file conventions and RSC boundaries.

tool-calling-tutor · Tool-calling agents work faster when you debug schema, invocation, and loop patterns.

sequential-think · Complex debugging beats quick answers when you systematize multi-layer reasoning.

universal-design · Inclusive design reaches broader audiences than retrofitting accessibility later.

bb-methodology · Bug bounty sessions gain focus when you apply systematic 5-phase methodology.

value-prop-sharpener · Product positioning when weak generic messaging needs multi-dimensional resonance.

bugcrowd-reporting · Bug bounty submissions when VRT defaults misalign with actual impact severity.

linkedin-post · Professional content distribution when personal voice, audience targeting, and engagement matter.

content-analyst · Library governance when actual document state analysis informs feature prioritization.

strassenentwaesserung · German legal practice when street-drainage rights/obligations require statutory analysis.

linear-iterate-on-plan · Technical planning when proposal quality gates improve before approval.

enterprise-vpn-attack · Perimeter testing when SSL VPN appliances are initial-access points.

evidence-hygiene · Bug-bounty submissions when cookie leakage and unauthorized PII exposure risks matter.

hunt-api-misconfig · API security testing when parameter-binding and object-serialization flaws enable escalation.

hunt-aspnet · Legacy ASP.NET pentesting when ViewState, machineKey, and trace endpoint disclosure matter.

hunt-ato · Authentication testing when multiple ATO paths (password-reset, email-change, JWT, MFA-bypass) require systematic coverage.

eu-ebene-und-better-regulation · German legal practice when proposed rules require EU compliance justification.

feature · Test-driven development when executable specifications guide implementation.

hunt-auth-bypass · SSO security testing when SAML signature stripping and parser-differential attacks apply.

hunt-brute-force · Use for hunt missing/weak rate limiting — login brute force, otp/2fa brute force (10^6 keyspace), password-reset-token brute, credential stuffing, username/email enumeration via error-string / status-code / timing differences, weak password policy, missing captcha, ip-based rate-limit bypass via x-forwarded-for and friends, redos. distinguishes hard lockout vs soft ip-throttle vs captcha-injection vs silent shadow-throttling (avoids false-negative 'no rate limit' conclusions). medium to critical depending on what the brute reaches (otp→ato = critical).

pm-organization-scale-adaptive · Use for adjust planning depth and agent behavior based on prd complexity level

hunt-business-logic · Use for hunting skill for business logic vulnerabilities. built from 12 public bug bounty reports. covers coupon-race-stacking (instacart, stripe, reverb), negative-quantity-in-cart price tampering (upserve, eternal/zomato), decimal/fraction price-field overflow (shipt), client-side checkout amount trust on paypal redirect (wordpress.org), price-per-unit mass-assignment (krisp), and archived-price swap / cart-toctou (stripe). use when hunting business logic — heavy emphasis on financial-impact-demonstrated cases.

hunt-cache-poison · Use for hunting skill for cache poison vulnerabilities. built from 10 public bug bounty reports including x-forwarded-host poisoning, x-http-method-override / gcs cache, reflected→stored xss via cache, classic omer-gil web cache deception, cloudflare cache deception armor bypass, session-token cache deception, akamai hop-by-hop smuggling → server-side edge poisoning, and kettle's 2024 path-normalization wcd against cloudflare/fastly/gcp. use when hunting cache poisoning, web cache deception, cdn-fronted apps.

memory-management · Use for persistent memory for claude across conversations. use when starting any task, before writing or editing code, before making decisions, when user mentions preferences or conventions, when user corrects your work, or when completing a task that overcame challenges. ensures claude never repeats mistakes and always applies learned patterns.

hunt-cloud-misconfig · Use for hunt cloud / infrastructure misconfigurations. aws: public s3 buckets (s3:getobject anonymous), permissive bucket policies (putobjectacl public-write), exposed cloudfront origin, public lambda function url, public rds snapshot, iam credentials in js bundles, aws metadata accessible via ssrf. gcp: public gcs buckets, exposed cloud run services, leaked service account json. azure: public blob containers, exposed function app. (kubernetes/docker exposure is owned by hunt-k8s; ci/cd pipeline attacks by hunt-cicd; post-credential iam escalation by cloud-iam-deep.) detection: targeted dorking, certificate transparency, js bundle secret extraction, port scan for known service ports. validate: actual data read / write / rce. use when hunting cloud-native storage and compute misconfig (s3/gcs/blob, imds-via-ssrf, serverless, public managed services).

gsap-timeline · Use for official gsap skill for timelines — gsap.timeline(), position parameter, nesting, playback. use when sequencing animations, choreographing keyframes, or when the user asks about animation sequencing, timelines, or animation order (in gsap or when recommending a library that supports timelines).

hunt-cors · Use for hunt cors misconfiguration — origin-reflection with credentials, null-origin trust, subdomain-regex bypass (unanchored vs unescaped-dot vs prefix-only), pre-flight (options) gating bypass, postmessage origin checks. high only when an attacker-controlled origin can perform a credentialed cross-origin read of sensitive data and you have proven it in a browser. use when testing api endpoints, spas, or any app emitting access-control-* headers.

cove · Use for apply chain-of-verification (cove) prompting to improve response accuracy through self-verification. use when complex questions require fact-checking, technical accuracy, or multi-step reasoning.

hunt-csrf · Use for hunting skill for csrf vulnerabilities. built from 15 public bug bounty reports including modern variants — samesite=lax sibling-subdomain bypass (argo cd cve-2024-22424), graphql mutations-via-get (gitlab $3,370), framework-wide csrf middleware disabled (stripe dashboard $5,000), path-traversal csrf-token bypass (github enterprise cve-2022-23732 $10k), origin-omission bypass (tiktok $2,500), oauth-state null-byte (streamlabs), websocket csrf / cswsh (coda), default-samesite email-change → ato (yoyo games $400), social-account-link csrf (hackerone), json-csrf via text/plain on email-change (tiktok $500). use when hunting modern csrf — heavy emphasis on chain-to-ato patterns.

tunit · Use for run tunit tests with playwright. use when user asks to run tests, execute tests, or check if tests pass.