Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports.
Spawns an auditor sub-agent to verify every factual claim in an incident report against evidence in the repo. Use after drafting or substantially editing a report.
Build, deploy, and manage monday code apps with multi-region, cron, alerts, and security scanning. Use when user says "deploy my app", "push to monday-code", "deploy to monday", "check deployment status", "set environment variables", "push my app", "deploy backend", "deploy frontend", or wants to promote an app version.
- 📁 src/
- 📄 openclaw.plugin.json
- 📄 package.json
- 📄 SKILL.md
AgentLog Auto Logging Skill for OpenClaw agents. Automatically captures agent reasoning, tool calls, and responses, then logs them to the AgentLog MCP server for compliance and audit purposes.
- 📁 code-review/
- 📁 references/
- 📄 code-review.zip
- 📄 SKILL.md
- 📄 使用说明.md
Frontend-focused code review skill for React/TypeScript/Tailwind projects. Analyzes code quality, security vulnerabilities (XSS, CSRF), performance issues, accessibility (WCAG), React best practices, hooks usage, component architecture, responsive design, and SEO. Use when users request code review, want feedback on components, ask about frontend security, performance optimization, or accessibility compliance. Provides actionable feedback with severity levels and fix suggestions.
Build a production-quality Figma component from a frame, screenshot, URL, or description. Binds all values to design tokens, detects sub-components, audits token gaps, wires interaction states, and proposes variants. Ends by suggesting /fig-qa.
- 📁 .github/
- 📁 config/
- 📁 docs/
- 📄 .gitignore
- 📄 AUTHORS.md
- 📄 CHANGELOG.md
Enforces Universal Prompt Security Standard (UPSS) for every prompt interaction — detects and blocks prompt injection, jailbreaks, role confusion, privilege escalation, encoding exploits, and supply-chain tampering before any LLM execution.
- 📄 conflicts.md
- 📄 reference.md
- 📄 SKILL.md
Gebruik deze skill wanneer de gebruiker vraagt over 'API Design Rules', 'ADR', 'REST API standaard', 'API richtlijnen', 'NL GOV API', 'Spectral linter', 'API linter', 'OpenAPI validatie', 'API design', 'REST API naming', 'transport security', 'API signing', 'API encryption', 'geospatial API', 'api-linter', 'problem+json', 'error response format'.
漏洞赏金猎人专项技能包。当用户进行漏洞赏金测试、安全研究、挖洞时自动激活。包含:逻辑漏洞测试方法论、信息泄露检测技巧、WAF绕过策略、历史目标经验库、各技术栈漏洞特征。每次使用后自动学习成长。
Audit docs against repo reality before or after changes.
Baseline de conhecimento para AI/ML engineering moderno em Python. Foco em LLM engineering, RAG systems, agent frameworks (LangChain/LangGraph), multiple LLM providers (Anthropic, OpenAI, Bedrock, Gemini, Meta), vector databases (Qdrant), semantic caching (MongoDB, Redis), testing, observability, security, e production patterns. Complementa arch-py skill com patterns AI-specific.
- 📁 assets/
- 📁 references/
- 📁 src/
- 📄 .env.example
- 📄 .gitignore
- 📄 CHANGELOG.md
Deploy and manage compliant tokens on 10 blockchain networks via Bitbond TokenTool MCP (17 tools). Use when user asks to deploy a token, create an ERC-20, issue a security token, tokenize an asset, mint tokens, burn tokens, pause token transfers, create an SPL token on Solana, issue a Stellar asset, estimate deployment cost, check token info, list deployed tokens, set up whitelist or blacklist compliance, manage whitelist/blacklist addresses, check compliance status, or manage token lifecycle. Supports EVM chains, Solana, and Stellar with CertiK-audited contracts.
