The library
Everything we index — ranked by what works, never by stars.
forSalesMarketingHRFinanceLegalOpsProductEngineeringDataProductivitySupportsetup≤ plug & play≤ + a key≤ multi-tool
● works · ● untested / no effect · ● hurts — every rank is measured against a no-skill baseline
untested★1,791→untested★819→untested★1,791→untested★1,791→untested★819→untested★1,791→untested★1,791→untested★819→untested★1,791→untested★1,791→untested★381→untested★1,791→untested★1,791→untested★381→untested★1,791→untested★1,791→untested★381→untested★123→untested★1,791→untested★381→untested★19→untested★1,791→untested★1,791→untested★2,257→untested★1,791→untested★1,791→untested★1,791→untested★82→untested★1,791→untested★0→untested★1,791→untested★1,791→untested★1,791→untested★1→untested★1→untested★1,791→untested★1,791→untested★1,791→untested★1,791→untested★1,791→untested★10→untested★0→untested★1,758→untested★1,758→untested★1→untested★1,758→untested★1→untested★18→untested★1,758→untested★103→
Hunt insecure deserialization RCEskillEngineeringL1
hunt-deserialization · Use for hunt insecure deserialization — java gadget chains (ysoserial), php object injection (phpggc), python pickle rce, .net binaryformatter, ruby marshal.load, jndi/log4shell. rce via deserialization is almost always critical. use when target runs java, php serialization, python pickle, .net, or ruby on rails.
Prüfe Anlagenverweis und TatsachenvortragskillLegalL1
baut-beweislast-benennt-bereits-excel · Use for prüft, ob die anlage eine konkrete darlegung trägt oder nur einen pauschalen anlagenverweis kaschiert; trennt tatsachenvortrag, beweisangebot und bloße hintergrundunterlage im anlagen zu schriftsätzen. liefert priorisierten output mit norm-pinpoints, risikoampel und nächstem arbeitsschritt.
Route to right security testing skillskillEngineeringL1
hunt-dispatch · Use for skill-set loader for /hunt orchestrator. fingerprints the target, picks the right platform attack skills, and loads the red team or wapt skill set. use when /hunt has just received a mode answer (redteam or wapt + blackbox|greybox) and needs to load the appropriate skills and print the taxonomy. not for direct user invocation.
Hunt DOM and client-side vulnerabilitiesskillEngineeringL1
hunt-dom · Use for hunt client-side dom vulnerabilities — dom clobbering (overwrite js globals via html injection), postmessage hijacking (missing origin check), service worker abuse (intercept requests from same-origin script), css injection/exfiltration (attribute selectors → token char-by-char via oob), client-side template injection, dangerouslysetinnerhtml. grounded in named public research: gareth heyes / portswigger dom-clobbering + dom-invader, michał bentkowski dompurify clobbering bypasses, jquery htmlprefilter xss (cve-2020-11022 / cve-2020-11023), d0nut css-exfil research. use when hunting dom-xss, client-side auth bypass, or token exfiltration without server-side interaction.
PE teams needing audit-ready closing documentation with live German legal norm verification instead of templated checklists.skillLegalL1
rechtsabteilung-pe-closing-continuation-fund · PE teams needing audit-ready closing documentation with live German legal norm verification instead of templated checklists.
Hunt file upload RCE and XSSskillEngineeringL1
hunt-file-upload · Security auditors hunting RCE on PHP/JSP/ASPX stacks with publicly-exploitable file-processing chains.
Hunt GraphQL authorization flawsskillEngineeringL1
hunt-graphql · Bug bounty hunters on platform APIs (GitHub, Shopify, Stripe tier) where GraphQL mutations interact with REST APIs.
Prüfe Verbraucherschutz BeweiseskillLegalL1
smart-device-agb-redlinen-beschwerde · German consumer advocates needing to verify statutory deadlines and evidence requirements in smart-device complaints.
Hunt gRPC configuration vulnerabilitiesskillEngineeringL1
hunt-grpc · Security teams hunting microservice architecture vulns where edge-proxy auth is bypassed by reaching backend directly.
Hunt host header injection attacksskillEngineeringL1
hunt-host-header · Security researchers hunting account-takeover on apps behind CDN/reverse proxy where Host is unkeyed in cache.
Investigate bugs with test-first approachskillEngineeringL1
bug-investigation · Teams enforcing TDD discipline to prevent regressions and verify actual bug fix.
Hunt HTTP request smuggling attacksskillEngineeringL1
hunt-http-smuggling · Bug bounty hunters on older deployments (HAProxy <2.4, legacy F5, Citrix ADC) or AWS ALB+origin chains with H2 downgrade.
Hunt insecure direct object referencesskillEngineeringL1
hunt-idor · Use when hunting idor on any target.
Generate Jest unit tests automaticallyskillEngineeringL1
jest-generator · Use for jest-generator tasks and operations.
Hunt Kubernetes and Docker misconfigsskillEngineeringL1
hunt-k8s · Testing container orchestration for auth bypass and RCE.
Hunt Laravel framework vulnerabilitiesskillEngineeringL1
hunt-laravel · Testing PHP Laravel apps for CVE-2021-3129 Ignition.
Generate design documentation table of contentsskillProductEngineeringL1
design-index · Creating table of contents for design docs.
Write Rust API documentation commentsskillEngineeringL1
api-doc-comments · Documenting smart contract ABIs where generated docs must be client-accessible and precise.
Detect SAML and SSO attacksskillLegalOpsL1
hunt-saml · Discovering saml vulnerabilities when generic scanners miss domain-specific chains.
Apply Vibecode brand design systemskillMarketingProductL1
vibecode-brand-design · Ensuring visual consistency across branded UI components at scale.
Audit documentation freshness and accuracyskillOpsProductL1
compound-agent-doc-gardener · Orchestrating multi-step task flows with guaranteed validation and tracking.
Find session management vulnerabilitiesskillLegalOpsL1
hunt-session · Discovering session vulnerabilities when generic scanners miss domain-specific chains.
Audit Microsoft SharePoint farmsskillLegalOpsL1
hunt-sharepoint · Discovering sharepoint vulnerabilities when generic scanners miss domain-specific chains.
Execute PRD tasks end-to-endskillProductEngineeringL1
cy-execute-task · Orchestrating multi-step task flows with guaranteed validation and tracking.
Hunt source code and build leaksskillLegalOpsL1
hunt-source-leak · Discovering source leak vulnerabilities when generic scanners miss domain-specific chains.
Detect SQL injection vulnerabilitiesskillLegalOpsL1
hunt-sqli · Discovering sqli vulnerabilities when generic scanners miss domain-specific chains.
Identify SSRF attack vectorsskillLegalOpsL1
hunt-ssrf · Discovering ssrf vulnerabilities when generic scanners miss domain-specific chains.
Upgrade dependencies safelyskillEngineeringOpsL1
upgrade-deps · Implementing upgrade deps workflows that require automation.
Hunt server-side template injectionskillLegalOpsL1
hunt-ssti · Discovering ssti vulnerabilities when generic scanners miss domain-specific chains.
Sync delta specs to main specsskillProductEngineeringL1
openspec-sync-specs · Implementing openspec sync specs workflows that require automation.
Detect subdomain takeover risksskillLegalOpsL1
hunt-subdomain · Discovering subdomain vulnerabilities when generic scanners miss domain-specific chains.
Audit TLS and DNS misconfigurationsskillLegalOpsL1
hunt-tls-network · Discovering tls network vulnerabilities when generic scanners miss domain-specific chains.
Find WebSocket security gapsskillLegalOpsL1
hunt-websocket · Discovering websocket vulnerabilities when generic scanners miss domain-specific chains.
Isolate feature work with git worktreesskillEngineeringOpsL1
using-git-worktrees · When feature work requires complete isolation from current workspace without branch switching.
Search Unity built-in assetsskillProductEngineeringL1
assets-find-built-in · When searching Unity built-in resources by name without needing GUIDs or exact paths.
Hunt XML external entity attacksskillLegalOpsL1
hunt-xxe · When hunting XXE on XML-heavy endpoints, file parsers, or SAML flows where file-read or SSRF payoff is high.
Master red-team operator disciplineskillOpsL1
redteam-mindset · When planning red-team engagements with structured threat modeling versus vulnerability checklist testing.
Format red-team findings reportskillOpsL1
redteam-report-template · When documenting red-team findings with proper impact quantification and evidence chain.
Write bug bounty reports fastskillOpsL1
report-writing · Ensures reports pass triage by enforcing impact-first writing and exact reproduction over theoretical claims.
Validate security findingsskillOpsL1
triage-validation · Filters ineligible findings early (out-of-scope, known, theoretical) saving submission time and maintaining validity ratio.
Access Ableton Live control APIskillL1
ableton-lom · Enables real-time hardware parameter control through Python event listeners without boilerplate.
Archive completed OpenSpec changesskillOpsL1
openspec-archive-change · Automates spec change documentation to ensure migration guides are accurate and complete.
Design PostGIS spatial database tablesskillEngineeringL1
design-postgis-tables · Enables sub-second spatial queries on millions of geometries through proper index design and CRS handling.
Design PostgreSQL table schemasskillEngineeringL1
design-postgres-tables · Prevents common schema mistakes (N+1 queries, missing constraints) by enforcing normalization upfront.
Format World of Warcraft UI textskillEngineeringL1
wow-api-escape-sequences · Displays formatted character data in-game chat without breaking color/link markup.
Identify time-series table conversion candidatesskillEngineeringL1
find-hypertable-candidates · Identifying tables that would benefit from compression and time-series optimization in PostgreSQL.
Instantiate prefabs in game scenesskillEngineeringL1
assets-prefab-instantiate · Programmatically instantiating game prefabs in Unity scenes with custom transforms.
Detect and redact personally identifiable informationskillLegalOpsL1
sanitize · Safely detecting and redacting PII from text files without exposing raw sensitive data.
Manage PostgreSQL databases comprehensivelyskillEngineeringL1
postgres · Use this skill when you need to design or modify postgresql tables, schemas, or.
Reference DSPy agent framework patternsskillEngineeringL1
dspy-agent-framework-quick-ref · Use this skill when you need to dspy agent framework quick ref.