The library
Everything we index — ranked by what works, never by stars.
forSalesMarketingHRFinanceLegalOpsProductEngineeringDataProductivitySupportsetup≤ plug & play≤ + a key≤ multi-tool
● works · ● untested / no effect · ● hurts — every rank is measured against a no-skill baseline
untested★381→untested★1,791→untested★819→untested★0→untested★1,791→untested★0→untested★1,791→untested★819→untested★1,791→untested★1,791→untested★381→untested★1,791→untested★381→untested★1,791→untested★381→untested★0→untested★1,791→untested★1,791→untested★1,749→untested★381→untested★123→untested★1→untested★381→untested★819→untested★381→untested★0→untested★0→untested★1,791→untested★381→untested★0→untested★145→untested★1,791→untested★381→untested★19→untested★1,791→untested★1,791→untested★2,257→untested★1,791→untested★0→untested★381→untested★1,791→untested★1,791→untested★82→untested★1,791→untested★46→untested★0→untested★1,791→untested★1,791→untested★1,791→untested★1→
Set up NexusProvider for web3skillEngineeringL2
nexus-elements-nexus-provider · Use for install and configure the nexusprovider for nexus elements. use when setting up provider context, handleinit on wallet connect, or when any element needs usenexus.
Hunt DOM and client-side vulnerabilitiesskillEngineeringL1
hunt-dom · Use for hunt client-side dom vulnerabilities — dom clobbering (overwrite js globals via html injection), postmessage hijacking (missing origin check), service worker abuse (intercept requests from same-origin script), css injection/exfiltration (attribute selectors → token char-by-char via oob), client-side template injection, dangerouslysetinnerhtml. grounded in named public research: gareth heyes / portswigger dom-clobbering + dom-invader, michał bentkowski dompurify clobbering bypasses, jquery htmlprefilter xss (cve-2020-11022 / cve-2020-11023), d0nut css-exfil research. use when hunting dom-xss, client-side auth bypass, or token exfiltration without server-side interaction.
PE teams needing audit-ready closing documentation with live German legal norm verification instead of templated checklists.skillLegalL1
rechtsabteilung-pe-closing-continuation-fund · PE teams needing audit-ready closing documentation with live German legal norm verification instead of templated checklists.
Audit contact cadence with teamskillOpsL2
people-audit · Teams tracking hundreds of contacts who need to know which relationships are stale before reaching out.
Hunt file upload RCE and XSSskillEngineeringL1
hunt-file-upload · Security auditors hunting RCE on PHP/JSP/ASPX stacks with publicly-exploitable file-processing chains.
Prepare briefing for any meetingskillProductivityL2
meeting-prep · Executives preparing for 1:1s and meetings who need contextual briefings without manually grep-ing notes.
Hunt GraphQL authorization flawsskillEngineeringL1
hunt-graphql · Bug bounty hunters on platform APIs (GitHub, Shopify, Stripe tier) where GraphQL mutations interact with REST APIs.
Prüfe Verbraucherschutz BeweiseskillLegalL1
smart-device-agb-redlinen-beschwerde · German consumer advocates needing to verify statutory deadlines and evidence requirements in smart-device complaints.
Hunt gRPC configuration vulnerabilitiesskillEngineeringL1
hunt-grpc · Security teams hunting microservice architecture vulns where edge-proxy auth is bypassed by reaching backend directly.
Hunt host header injection attacksskillEngineeringL1
hunt-host-header · Security researchers hunting account-takeover on apps behind CDN/reverse proxy where Host is unkeyed in cache.
Investigate bugs with test-first approachskillEngineeringL1
bug-investigation · Teams enforcing TDD discipline to prevent regressions and verify actual bug fix.
Hunt HTTP request smuggling attacksskillEngineeringL1
hunt-http-smuggling · Bug bounty hunters on older deployments (HAProxy <2.4, legacy F5, Citrix ADC) or AWS ALB+origin chains with H2 downgrade.
Deploy Expo apps to storesskillEngineeringL2
expo-deployment · Use for expo-deployment tasks and operations.
Hunt insecure direct object referencesskillEngineeringL1
hunt-idor · Use when hunting idor on any target.
Generate Jest unit tests automaticallyskillEngineeringL1
jest-generator · Use for jest-generator tasks and operations.
Launch product keynote presentationskillMarketingL2
html-ppt-product-launch · Use when announcing a product, launching a feature, or doing a keynote-style reveal.
Hunt Kubernetes and Docker misconfigsskillEngineeringL1
hunt-k8s · Testing container orchestration for auth bypass and RCE.
Hunt Laravel framework vulnerabilitiesskillEngineeringL1
hunt-laravel · Testing PHP Laravel apps for CVE-2021-3129 Ignition.
Mine text data for humanities researchskillDataL2
digital-humanities-guide · Analyzing historical texts and correspondence networks.
Generate design documentation table of contentsskillProductEngineeringL1
design-index · Creating table of contents for design docs.
Write Rust API documentation commentsskillEngineeringL1
api-doc-comments · Documenting smart contract ABIs where generated docs must be client-accessible and precise.
Auto-format and lint code to standardsskillEngineeringL2
code-sanitizer · Ensuring consistent code style across a data pipeline before completion checklist.
Manage pull requests and git workflowsskillEngineeringL2
git-workflow · Submitting feature patterns to upstream community repositories with clean history.
Prüfen Markenrecht Benutzungsschonfrist FashionskillLegalL2
benutzungsschonfrist-und-rechtserhaltende-benutzung · Preparing evidence bundles to defend luxury/fashion trademarks against non-use revocation.
Query ClickHouse for analytics and metricsskillDataL2
clickhouse-query · Debugging event analytics on replica clusters without writing custom export code.
Set up Koin dependency injection for AndroidskillEngineeringL2
android-di-koin · Setting up DI scoping per feature layer without manual constructor plumbing.
Evaluate LLM agent responses against rubricsskillProductDataL2
evaluating-llms · Validating agent responses against business rules without manual test review.
Hunt NTLM information disclosure on WindowsskillOpsEngineeringL2
hunt-ntlm-info · Lateral movement in Windows domains when Kerberos is unavailable.
Audit code for OWASP Top 10 security risksskillEngineeringL2
security-scan · Baseline security assessment before manual penetration testing.
Architect React Native app structureskillEngineeringProductL2
mobile-architect · Scaling Android/iOS apps to 10+ features without DI complexity explosion.
Audit artifact skills for complianceskillOpsL2
skill-usage-audit · Verifying governance compliance across codebases without manual file inspection.
Detect SAML and SSO attacksskillLegalOpsL1
hunt-saml · Discovering saml vulnerabilities when generic scanners miss domain-specific chains.
Apply Vibecode brand design systemskillMarketingProductL1
vibecode-brand-design · Ensuring visual consistency across branded UI components at scale.
Audit documentation freshness and accuracyskillOpsProductL1
compound-agent-doc-gardener · Orchestrating multi-step task flows with guaranteed validation and tracking.
Find session management vulnerabilitiesskillLegalOpsL1
hunt-session · Discovering session vulnerabilities when generic scanners miss domain-specific chains.
Audit Microsoft SharePoint farmsskillLegalOpsL1
hunt-sharepoint · Discovering sharepoint vulnerabilities when generic scanners miss domain-specific chains.
Execute PRD tasks end-to-endskillProductEngineeringL1
cy-execute-task · Orchestrating multi-step task flows with guaranteed validation and tracking.
Hunt source code and build leaksskillLegalOpsL1
hunt-source-leak · Discovering source leak vulnerabilities when generic scanners miss domain-specific chains.
Compress LLM KV cache with TurboQuantskillEngineeringDataL2
turboquant-pytorch · Implementing turboquant pytorch workflows that require automation.
Build RAG pipeline for knowledge extractionskillEngineeringDataL2
llm-pipeline · Extracting structured knowledge from unstructured messaging with high-signal batching.
Detect SQL injection vulnerabilitiesskillLegalOpsL1
hunt-sqli · Discovering sqli vulnerabilities when generic scanners miss domain-specific chains.
Identify SSRF attack vectorsskillLegalOpsL1
hunt-ssrf · Discovering ssrf vulnerabilities when generic scanners miss domain-specific chains.
Upgrade dependencies safelyskillEngineeringOpsL1
upgrade-deps · Implementing upgrade deps workflows that require automation.
Hunt server-side template injectionskillLegalOpsL1
hunt-ssti · Discovering ssti vulnerabilities when generic scanners miss domain-specific chains.
Build industrial control protocolsskillEngineeringOpsL2
industrial · Implementing industrial workflows that require automation.
Sync delta specs to main specsskillProductEngineeringL1
openspec-sync-specs · Implementing openspec sync specs workflows that require automation.
Detect subdomain takeover risksskillLegalOpsL1
hunt-subdomain · Discovering subdomain vulnerabilities when generic scanners miss domain-specific chains.
Audit TLS and DNS misconfigurationsskillLegalOpsL1
hunt-tls-network · Discovering tls network vulnerabilities when generic scanners miss domain-specific chains.
Find WebSocket security gapsskillLegalOpsL1
hunt-websocket · Discovering websocket vulnerabilities when generic scanners miss domain-specific chains.
Isolate feature work with git worktreesskillEngineeringOpsL1
using-git-worktrees · When feature work requires complete isolation from current workspace without branch switching.