The library
Everything we index — ranked by what works, never by stars.
forSalesMarketingHRFinanceLegalOpsProductEngineeringDataProductivitySupportsetup≤ plug & play≤ + a key≤ multi-tool
● works · ● untested / no effect · ● hurts — every rank is measured against a no-skill baseline
untested★1→untested★2,144→untested★0→untested★2,144→untested★15→untested★0→untested★2,144→untested★45→untested★0→untested★2,144→untested★0→untested★2,144→untested★7→untested★0→untested★2,144→untested★0→untested★2,144→untested★0→untested★2,144→untested★45→untested★0→untested★2,144→untested★0→untested★2,144→untested★19→untested★0→untested★0→untested★2,144→untested★45→untested★0→untested★2,144→untested★0→untested★2,144→untested★12→untested★0→untested★2,144→untested★6→untested★15→untested★0→untested★6→untested★15→untested★0→untested★13→untested★20→untested★2,144→untested★11→untested★2,144→untested★2,144→untested★11→untested★2,144→
Compose prompts for Codex and GPT-5.4skillEngineeringL1
gpt-5-4-prompting · When crafting prompts for Codex subagents or other LLM-heavy workflows.
Run fast security checksskillEngineeringOpsL1
offensive-fast-checking · When needing a quick vulnerability surface scan before in-depth testing.
Map codebase architecture for securityskillEngineeringOpsL2
sast-analysis · When auditing source code in CI/CD or pre-release security review.
Write penetration test reportsskillOpsEngineeringL2
offensive-reporting · When translating raw pentest data into boardroom-ready security reports.
Build and publish TypeScript packagesskillEngineeringL2
ts-library · When releasing TypeScript utility libraries to npm with strong type guarantees.
Find business logic vulnerabilitiesskillEngineeringOpsL3
sast-businesslogic · Finding exploitable gaps in payment, workflow, and authorization logic that scanners miss
Test business logic for exploitsskillOpsEngineeringL2
offensive-business-logic · Finding high-value logic chains in fintech/marketplace apps where scanners miss compound flows
Write tests before implementationskillEngineeringL1
cm-tdd · Catching regressions and hidden edge cases that manual testing cannot verify
Detect file upload vulnerabilitiesskillEngineeringOpsL3
sast-fileupload · Finding RCE paths through file upload that extension blocklists and static analysis miss
Find deserialization vulnerabilitiesskillEngineeringOpsL2
offensive-deserialization · Achieving RCE on Java/.NET/PHP/Python apps that deserialize untrusted objects without allowlists
Detect GraphQL injection vulnerabilitiesskillEngineeringOpsL3
sast-graphql · Finding query string injection that reaches GraphQL parsers (not resolver SQL injection)
Test file upload securityskillEngineeringOpsL2
offensive-file-upload · Finding RCE or XSS through file upload when MIME validation or extension checks are sole defense
Manage Poke agents and session historyskillEngineeringL2
poke-agents-mcp · Headless orchestration of local agent runs without UI when scripting multi-agent workflows
Find hardcoded secrets in codeskillEngineeringOpsL3
sast-hardcodedsecrets · Finding exposed API keys, credentials, and tokens that code review and linters miss
Test GraphQL for security flawsskillEngineeringOpsL2
offensive-graphql · Bypassing GraphQL authorization when individual resolvers don't check permissions uniformly
Detect IDOR vulnerabilitiesskillEngineeringOpsL3
sast-idor · Finding authorization gaps where IDs are trusted directly without ownership verification
Exploit insecure direct object referencesskillEngineeringL2
offensive-idor · Accessing other users' data when IDs are sequential or predictable and authorization is missing
Detect insecure JWT implementationsskillEngineeringL3
sast-jwt · Finding JWT signature bypass, algorithm confusion, and key exposure in token handling
Find and exploit open redirectsskillEngineeringL2
offensive-open-redirect · Chaining open redirect with phishing or SSRF when URL parameters trust user input
Execute code from idea to productionskillEngineeringL3
cm-start · Setting up codymaster scaffolding for new projects without manual config
Detect missing authentication vulnerabilitiesskillEngineeringL3
sast-missingauth · Finding unprotected endpoints that forgot authentication decorators or checks
Exploit HTTP parameter pollutionskillEngineeringL2
offensive-parameter-pollution · Bypassing security controls when backend and frontend parse parameters differently
Detect path traversal vulnerabilitiesskillEngineeringL3
sast-pathtraversal · Large codebases needing path traversal scanned in parallel without overwhelming context
Exploit race condition bugsskillEngineeringL2
offensive-race-condition · Bug bounty race condition testing on registration, payments, and single-use tokens
Stage and commit code changesskillEngineeringL1
commit · Rapid multi-file commits with auto-generated messages matching repo conventions
Detect remote code execution flawsskillEngineeringL3
sast-rce · Finding command injection and eval-like RCE across large codebases in parallel
Generate consolidated security reportskillEngineeringL1
sast-report · Executive-facing security report consolidating 10+ vulnerability types into one prioritized list
Exploit HTTP request smugglingskillEngineeringL2
offensive-request-smuggling · Bug bounty request smuggling on multi-tier proxies and load balancers (Nginx, HAProxy, AWS ALB)
Generate codebase documentationskillEngineeringL1
cm-dockit · One-shot knowledge base generation from source code without writing separate documentation
Detect SQL injection vulnerabilitiesskillEngineeringL3
sast-sqli · Finding SQLi across authentication and bulk data endpoints in large codebases
Test SQL injection exploitsskillEngineeringL2
offensive-sqli · Bug bounty exploitation of SQL injection on login and export endpoints
Detect server-side request forgeryskillEngineeringL3
sast-ssrf · Finding SSRF that reaches internal microservices, cloud metadata (169.254.169.254), or database servers
Exploit server-side request forgeryskillEngineeringL2
offensive-ssrf · AWS/GCP credential theft via IMDSv1 metadata endpoint and internal database access
Scan for sensitive data before commitskillEngineeringL1
check-before-commit · Pre-commit quality gates preventing style/error commits from reaching main
Detect server-side template injectionskillEngineeringL3
sast-ssti · Finding SSTI in microtemplate rendering (Jinja2, ERB, Handlebars) on dynamic pages
Exploit template injection flawsskillEngineeringL2
offensive-ssti · RCE via template injection on Jinja2, ERB, and Handlebars endpoints
Visualize codebase structure instantlyskillEngineeringL1
project-structure-viewer · Quick understanding of unfamiliar codebase layout without reading all files
Niri window manager referenceskillEngineeringL1
niri · Rapid keyboard-driven workflow setup for developers using Linux Wayland
Detect XSS vulnerabilities automaticallyskillEngineeringL3
sast-xss · Use for specialized sast-xss scenarios where standard approaches are insufficient.
Build Arbitrum dApps with StylusskillEngineeringL3
arbitrum-dapp-skill · Opinionated guide for building dApps on Arbitrum using Stylus (Rust) and/or Solidity
GNOME desktop environment guideskillEngineeringL1
gnome · Use for specialized gnome scenarios where standard approaches are insufficient.
Find XXE injection vulnerabilitiesskillEngineeringL3
sast-xxe · Use for specialized sast-xxe scenarios where standard approaches are insufficient.
Get second opinion on code changesskillEngineeringL2
cross-review · Run a cross-review using the opposite CLI reviewer for proposal review and change assessment
Master GitHub CLI operationsskillEngineeringL2
gh-cli · GitHub CLI (gh) comprehensive reference for repositories, issues, pull requests, Actions, projects, releases, gists, codespaces,...
Execute BLE penetration testsskillEngineeringL4
offensive-bluetooth-ble · Bluetooth Low Energy (BLE) attack methodology — GATT enumeration, characteristic read/write without auth, pairing downgrade...
Shrink browser prompts 95%skillEngineeringL2
predicate-snapshot · ML-powered DOM pruning for 95% smaller browser prompts
Attack Bluetooth Classic devicesskillEngineeringL4
offensive-bluetooth-classic · Bluetooth Classic (BR/EDR) attack methodology — device discovery, service enumeration via SDP, LMP/L2CAP layer attacks,...
Execute WiFi deauth attacksskillEngineeringL4
offensive-deauth-disassoc · Deauthentication and disassociation attacks against 802
Apply Laravel production patternsskillEngineeringL1
laravel-best-practices · Laravel best practices and architecture patterns for building production-ready applications
Deploy evil twin access pointsskillEngineeringL4
offensive-evil-twin · Evil Twin / KARMA / Mana access point methodology — rogue AP construction with hostapd-mana...