The library

memory-management · Use for persistent memory for claude across conversations. use when starting any task, before writing or editing code, before making decisions, when user mentions preferences or conventions, when user corrects your work, or when completing a task that overcame challenges. ensures claude never repeats mistakes and always applies learned patterns.

devex-review · Use for |

hunt-cloud-misconfig · Use for hunt cloud / infrastructure misconfigurations. aws: public s3 buckets (s3:getobject anonymous), permissive bucket policies (putobjectacl public-write), exposed cloudfront origin, public lambda function url, public rds snapshot, iam credentials in js bundles, aws metadata accessible via ssrf. gcp: public gcs buckets, exposed cloud run services, leaked service account json. azure: public blob containers, exposed function app. (kubernetes/docker exposure is owned by hunt-k8s; ci/cd pipeline attacks by hunt-cicd; post-credential iam escalation by cloud-iam-deep.) detection: targeted dorking, certificate transparency, js bundle secret extraction, port scan for known service ports. validate: actual data read / write / rce. use when hunting cloud-native storage and compute misconfig (s3/gcs/blob, imds-via-ssrf, serverless, public managed services).

gsap-timeline · Use for official gsap skill for timelines — gsap.timeline(), position parameter, nesting, playback. use when sequencing animations, choreographing keyframes, or when the user asks about animation sequencing, timelines, or animation order (in gsap or when recommending a library that supports timelines).

hunt-cors · Use for hunt cors misconfiguration — origin-reflection with credentials, null-origin trust, subdomain-regex bypass (unanchored vs unescaped-dot vs prefix-only), pre-flight (options) gating bypass, postmessage origin checks. high only when an attacker-controlled origin can perform a credentialed cross-origin read of sensitive data and you have proven it in a browser. use when testing api endpoints, spas, or any app emitting access-control-* headers.

cove · Use for apply chain-of-verification (cove) prompting to improve response accuracy through self-verification. use when complex questions require fact-checking, technical accuracy, or multi-step reasoning.

hunt-csrf · Use for hunting skill for csrf vulnerabilities. built from 15 public bug bounty reports including modern variants — samesite=lax sibling-subdomain bypass (argo cd cve-2024-22424), graphql mutations-via-get (gitlab $3,370), framework-wide csrf middleware disabled (stripe dashboard $5,000), path-traversal csrf-token bypass (github enterprise cve-2022-23732 $10k), origin-omission bypass (tiktok $2,500), oauth-state null-byte (streamlabs), websocket csrf / cswsh (coda), default-samesite email-change → ato (yoyo games $400), social-account-link csrf (hackerone), json-csrf via text/plain on email-change (tiktok $500). use when hunting modern csrf — heavy emphasis on chain-to-ato patterns.

tunit · Use for run tunit tests with playwright. use when user asks to run tests, execute tests, or check if tests pass.

hunt-deserialization · Use for hunt insecure deserialization — java gadget chains (ysoserial), php object injection (phpggc), python pickle rce, .net binaryformatter, ruby marshal.load, jndi/log4shell. rce via deserialization is almost always critical. use when target runs java, php serialization, python pickle, .net, or ruby on rails.

baut-beweislast-benennt-bereits-excel · Use for prüft, ob die anlage eine konkrete darlegung trägt oder nur einen pauschalen anlagenverweis kaschiert; trennt tatsachenvortrag, beweisangebot und bloße hintergrundunterlage im anlagen zu schriftsätzen. liefert priorisierten output mit norm-pinpoints, risikoampel und nächstem arbeitsschritt.

cloudflare · Use for comprehensive cloudflare platform skill covering workers, pages, storage (kv, d1, r2), ai (workers ai, vectorize, agents sdk), networking (tunnel, spectrum), security (waf, ddos), and infrastructure-as-code (terraform, pulumi). use for any cloudflare development task.

hunt-dispatch · Use for skill-set loader for /hunt orchestrator. fingerprints the target, picks the right platform attack skills, and loads the red team or wapt skill set. use when /hunt has just received a mode answer (redteam or wapt + blackbox|greybox) and needs to load the appropriate skills and print the taxonomy. not for direct user invocation.

nexus-elements-nexus-provider · Use for install and configure the nexusprovider for nexus elements. use when setting up provider context, handleinit on wallet connect, or when any element needs usenexus.

hunt-dom · Use for hunt client-side dom vulnerabilities — dom clobbering (overwrite js globals via html injection), postmessage hijacking (missing origin check), service worker abuse (intercept requests from same-origin script), css injection/exfiltration (attribute selectors → token char-by-char via oob), client-side template injection, dangerouslysetinnerhtml. grounded in named public research: gareth heyes / portswigger dom-clobbering + dom-invader, michał bentkowski dompurify clobbering bypasses, jquery htmlprefilter xss (cve-2020-11022 / cve-2020-11023), d0nut css-exfil research. use when hunting dom-xss, client-side auth bypass, or token exfiltration without server-side interaction.

rechtsabteilung-pe-closing-continuation-fund · PE teams needing audit-ready closing documentation with live German legal norm verification instead of templated checklists.

people-audit · Teams tracking hundreds of contacts who need to know which relationships are stale before reaching out.

hunt-file-upload · Security auditors hunting RCE on PHP/JSP/ASPX stacks with publicly-exploitable file-processing chains.

meeting-prep · Executives preparing for 1:1s and meetings who need contextual briefings without manually grep-ing notes.

hunt-graphql · Bug bounty hunters on platform APIs (GitHub, Shopify, Stripe tier) where GraphQL mutations interact with REST APIs.

smart-device-agb-redlinen-beschwerde · German consumer advocates needing to verify statutory deadlines and evidence requirements in smart-device complaints.

hunt-grpc · Security teams hunting microservice architecture vulns where edge-proxy auth is bypassed by reaching backend directly.

hunt-host-header · Security researchers hunting account-takeover on apps behind CDN/reverse proxy where Host is unkeyed in cache.

bug-investigation · Teams enforcing TDD discipline to prevent regressions and verify actual bug fix.

hunt-http-smuggling · Bug bounty hunters on older deployments (HAProxy <2.4, legacy F5, Citrix ADC) or AWS ALB+origin chains with H2 downgrade.

expo-deployment · Use for expo-deployment tasks and operations.

hunt-idor · Use when hunting idor on any target.

jest-generator · Use for jest-generator tasks and operations.

html-ppt-product-launch · Use when announcing a product, launching a feature, or doing a keynote-style reveal.

hunt-k8s · Testing container orchestration for auth bypass and RCE.

hunt-laravel · Testing PHP Laravel apps for CVE-2021-3129 Ignition.

digital-humanities-guide · Analyzing historical texts and correspondence networks.

hunt-ldap · Penetrating directory-backed authentication systems.

design-index · Creating table of contents for design docs.

hunt-lfi · Extracting secrets via path traversal and filter chains.

api-doc-comments · Documenting smart contract ABIs where generated docs must be client-accessible and precise.

code-sanitizer · Ensuring consistent code style across a data pipeline before completion checklist.

git-workflow · Submitting feature patterns to upstream community repositories with clean history.

hunt-mfa-bypass · Hunting account takeover chains where MFA enforcement is incomplete or bypassable.

benutzungsschonfrist-und-rechtserhaltende-benutzung · Preparing evidence bundles to defend luxury/fashion trademarks against non-use revocation.

hunt-misc · Discovering account boundary violations in multi-tenant SaaS with role-based access.

clickhouse-query · Debugging event analytics on replica clusters without writing custom export code.

android-di-koin · Setting up DI scoping per feature layer without manual constructor plumbing.

hunt-nextjs · Bypassing Server Actions auth or exploiting Image Optimizer SSRF on Next.js hosts.

evaluating-llms · Validating agent responses against business rules without manual test review.

hunt-nodejs · Chaining prototype pollution to RCE on Express apps with unsafe merge operations.

omnichannel-fulfillment-allocator · Minimizing fulfillment cost per order in multi-warehouse, multi-channel retail.

hunt-nosqli · Extracting data from NoSQL services when parametrized queries are not used.

spark-architect · Building ETL jobs that process terabytes without driver memory issues.

hunt-ntlm-info · Lateral movement in Windows domains when Kerberos is unavailable.

hunt-oauth · Stealing user sessions or escalating privileges via OAuth flow manipulation.