The library

competitor-analysis · Competitive analysis when gap analysis vs top competitors informs content/keyword prioritization.

fusion-vereine · German association mergers need Vereinsrecht-specific compliance mapping.

dto-generator · NestJS projects scaffold DTOs faster with auto-discovery than manual scaffolding.

content-gap-analysis · Editorial planning beats brainstorming when you compare against a specific competitor set.

gsap-greensock · Web animations achieve principle polish faster with GSAP than pure CSS for tweens.

keyword-research · SEO planning systematizes keyword discovery better than intuition-driven topic selection.

serp-analysis · Ranking strategy beats guessing when you analyze live SERP composition and top-10 patterns.

next-best-practices · Next.js refactors avoid pitfalls when you follow file conventions and RSC boundaries.

consult-chatgpt · Multi-agent debugging beats solo guessing when you cache questions and budget calls.

tool-calling-tutor · Tool-calling agents work faster when you debug schema, invocation, and loop patterns.

sequential-think · Complex debugging beats quick answers when you systematize multi-layer reasoning.

universal-design · Inclusive design reaches broader audiences than retrofitting accessibility later.

semantic-grep · Security scanning is faster and more reliable when you use semantic rules vs regex.

bb-methodology · Bug bounty sessions gain focus when you apply systematic 5-phase methodology.

session-trends · Progress tracking improves with aggregated deltas vs single-point observations.

value-prop-sharpener · Product positioning when weak generic messaging needs multi-dimensional resonance.

bugcrowd-reporting · Bug bounty submissions when VRT defaults misalign with actual impact severity.

linkedin-post · Professional content distribution when personal voice, audience targeting, and engagement matter.

content-analyst · Library governance when actual document state analysis informs feature prioritization.

strassenentwaesserung · German legal practice when street-drainage rights/obligations require statutory analysis.

linear-iterate-on-plan · Technical planning when proposal quality gates improve before approval.

enterprise-vpn-attack · Perimeter testing when SSL VPN appliances are initial-access points.

bio-microbiome-functional-prediction · Metagenomics when shotgun sequencing is unavailable and KEGG/MetaCyc function prediction suffices.

evidence-hygiene · Bug-bounty submissions when cookie leakage and unauthorized PII exposure risks matter.

ai-assisted-operations · GitHub issue triage at scale when AI summarization and tagging reduce manual work.

hunt-api-misconfig · API security testing when parameter-binding and object-serialization flaws enable escalation.

hunt-aspnet · Legacy ASP.NET pentesting when ViewState, machineKey, and trace endpoint disclosure matter.

nx-cli · Monorepo development when task discovery and affected-scope analysis speed up iteration.

hunt-ato · Authentication testing when multiple ATO paths (password-reset, email-change, JWT, MFA-bypass) require systematic coverage.

eu-ebene-und-better-regulation · German legal practice when proposed rules require EU compliance justification.

feature · Test-driven development when executable specifications guide implementation.

hunt-auth-bypass · SSO security testing when SAML signature stripping and parser-differential attacks apply.

hunt-brute-force · Use for hunt missing/weak rate limiting — login brute force, otp/2fa brute force (10^6 keyspace), password-reset-token brute, credential stuffing, username/email enumeration via error-string / status-code / timing differences, weak password policy, missing captcha, ip-based rate-limit bypass via x-forwarded-for and friends, redos. distinguishes hard lockout vs soft ip-throttle vs captcha-injection vs silent shadow-throttling (avoids false-negative 'no rate limit' conclusions). medium to critical depending on what the brute reaches (otp→ato = critical).

pm-organization-scale-adaptive · Use for adjust planning depth and agent behavior based on prd complexity level

codegen · Use for code generation utilities for json-render. use when generating code from ui specs, building custom code exporters, traversing specs, or serializing props for @json-render/codegen.

hunt-business-logic · Use for hunting skill for business logic vulnerabilities. built from 12 public bug bounty reports. covers coupon-race-stacking (instacart, stripe, reverb), negative-quantity-in-cart price tampering (upserve, eternal/zomato), decimal/fraction price-field overflow (shipt), client-side checkout amount trust on paypal redirect (wordpress.org), price-per-unit mass-assignment (krisp), and archived-price swap / cart-toctou (stripe). use when hunting business logic — heavy emphasis on financial-impact-demonstrated cases.

dotnet-add-testing · Use for >-

hunt-cache-poison · Use for hunting skill for cache poison vulnerabilities. built from 10 public bug bounty reports including x-forwarded-host poisoning, x-http-method-override / gcs cache, reflected→stored xss via cache, classic omer-gil web cache deception, cloudflare cache deception armor bypass, session-token cache deception, akamai hop-by-hop smuggling → server-side edge poisoning, and kettle's 2024 path-normalization wcd against cloudflare/fastly/gcp. use when hunting cache poisoning, web cache deception, cdn-fronted apps.

memory-management · Use for persistent memory for claude across conversations. use when starting any task, before writing or editing code, before making decisions, when user mentions preferences or conventions, when user corrects your work, or when completing a task that overcame challenges. ensures claude never repeats mistakes and always applies learned patterns.

devex-review · Use for |

hunt-cloud-misconfig · Use for hunt cloud / infrastructure misconfigurations. aws: public s3 buckets (s3:getobject anonymous), permissive bucket policies (putobjectacl public-write), exposed cloudfront origin, public lambda function url, public rds snapshot, iam credentials in js bundles, aws metadata accessible via ssrf. gcp: public gcs buckets, exposed cloud run services, leaked service account json. azure: public blob containers, exposed function app. (kubernetes/docker exposure is owned by hunt-k8s; ci/cd pipeline attacks by hunt-cicd; post-credential iam escalation by cloud-iam-deep.) detection: targeted dorking, certificate transparency, js bundle secret extraction, port scan for known service ports. validate: actual data read / write / rce. use when hunting cloud-native storage and compute misconfig (s3/gcs/blob, imds-via-ssrf, serverless, public managed services).

gsap-timeline · Use for official gsap skill for timelines — gsap.timeline(), position parameter, nesting, playback. use when sequencing animations, choreographing keyframes, or when the user asks about animation sequencing, timelines, or animation order (in gsap or when recommending a library that supports timelines).

hunt-cors · Use for hunt cors misconfiguration — origin-reflection with credentials, null-origin trust, subdomain-regex bypass (unanchored vs unescaped-dot vs prefix-only), pre-flight (options) gating bypass, postmessage origin checks. high only when an attacker-controlled origin can perform a credentialed cross-origin read of sensitive data and you have proven it in a browser. use when testing api endpoints, spas, or any app emitting access-control-* headers.

cove · Use for apply chain-of-verification (cove) prompting to improve response accuracy through self-verification. use when complex questions require fact-checking, technical accuracy, or multi-step reasoning.

hunt-csrf · Use for hunting skill for csrf vulnerabilities. built from 15 public bug bounty reports including modern variants — samesite=lax sibling-subdomain bypass (argo cd cve-2024-22424), graphql mutations-via-get (gitlab $3,370), framework-wide csrf middleware disabled (stripe dashboard $5,000), path-traversal csrf-token bypass (github enterprise cve-2022-23732 $10k), origin-omission bypass (tiktok $2,500), oauth-state null-byte (streamlabs), websocket csrf / cswsh (coda), default-samesite email-change → ato (yoyo games $400), social-account-link csrf (hackerone), json-csrf via text/plain on email-change (tiktok $500). use when hunting modern csrf — heavy emphasis on chain-to-ato patterns.

tunit · Use for run tunit tests with playwright. use when user asks to run tests, execute tests, or check if tests pass.

hunt-deserialization · Use for hunt insecure deserialization — java gadget chains (ysoserial), php object injection (phpggc), python pickle rce, .net binaryformatter, ruby marshal.load, jndi/log4shell. rce via deserialization is almost always critical. use when target runs java, php serialization, python pickle, .net, or ruby on rails.

baut-beweislast-benennt-bereits-excel · Use for prüft, ob die anlage eine konkrete darlegung trägt oder nur einen pauschalen anlagenverweis kaschiert; trennt tatsachenvortrag, beweisangebot und bloße hintergrundunterlage im anlagen zu schriftsätzen. liefert priorisierten output mit norm-pinpoints, risikoampel und nächstem arbeitsschritt.

cloudflare · Use for comprehensive cloudflare platform skill covering workers, pages, storage (kv, d1, r2), ai (workers ai, vectorize, agents sdk), networking (tunnel, spectrum), security (waf, ddos), and infrastructure-as-code (terraform, pulumi). use for any cloudflare development task.

hunt-dispatch · Use for skill-set loader for /hunt orchestrator. fingerprints the target, picks the right platform attack skills, and loads the red team or wapt skill set. use when /hunt has just received a mode answer (redteam or wapt + blackbox|greybox) and needs to load the appropriate skills and print the taxonomy. not for direct user invocation.