'Implements Sigstore-based software signing and verification using Cosign keyless signing, Rekor transparency

Implement software supply chain integrity verification for container builds using the in-toto framework to create

Implement a structured threat intelligence lifecycle encompassing planning, collection, processing, analysis,

'Investigates insider threat indicators including data exfiltration attempts, unauthorized access patterns, policy

Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised

'Performs automated static analysis of Android applications using Mobile Security Framework (MobSF) to identify

Deploy and operate CAPEv2 sandbox for automated malware analysis with behavioral monitoring, payload extraction,

Perform comprehensive cloud asset inventory and relationship mapping using Cartography to build a Neo4j security

Hunt for threats in AWS environments using Detective behavior graphs, entity investigation timelines, GuardDuty

Extract stored credentials from compromised endpoints using the LaZagne post-exploitation tool to recover passwords

Perform systematic SIEM false positive reduction through rule tuning, threshold adjustment, correlation refinement,

'Performs firmware image extraction and analysis using binwalk to identify embedded filesystems, compressed archives,

Integrate Hardware Security Modules (HSMs) using PKCS#11 interface for cryptographic key management, signing

Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration,

Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise

Acquire and analyze mobile device data using Cellebrite UFED and open-source tools to extract communications,

Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts,

Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection,

'Automates the Privacy Impact Assessment (PIA) workflow including data flow mapping, privacy risk scoring matrices,

Automate credential rotation for service accounts across Active Directory, cloud platforms, and application databases

'Performs User and Entity Behavior Analytics (UEBA) to detect anomalous user activities including impossible

'Reverse engineers iOS applications using Frida dynamic instrumentation to understand internal logic, extract

Reverse engineer ransomware encryption routines to identify cryptographic algorithms, key generation flaws, and

'This skill covers integrating Aqua Security''s Trivy scanner into CI/CD pipelines for comprehensive container

'This skill guides practitioners through hardening AWS Identity and Access Management configurations to enforce

'This skill instructs security practitioners on deploying Microsoft Defender for Cloud as a cloud-native application

'Securing container registry images by implementing vulnerability scanning with Trivy and Grype, enforcing image

'This skill covers security hardening for serverless compute platforms including AWS Lambda, Azure Functions,

>

>

IMMEDIATELY USE THIS SKILL when creating or develop anything and before writing code or implementation plans - refines rough ideas into fully-formed designs through structured Socratic questioning, alternative exploration, and incremental validation

Searches and explores Burp Suite project files (.burp) from the command line. Use when searching response headers or bodies with regex patterns, extracting security audit findings, dumping proxy history or site map data, or analyzing HTTP traffic captured in a Burp project.

>

Runs a trailmark summary analysis on a codebase. Returns language detection, entry point count, and dependency graph shape. Use when vivisect or galvanize needs a quick structural overview. Triggers: trailmark summary, code summary, structural overview.

Builds and queries multi-language source code graphs for security analysis. Includes pre-analysis passes for blast radius, taint propagation, privilege boundaries, and entry point enumeration. Use when analyzing call paths, mapping attack surface, finding complexity hotspots, enumerating entry points, tracing taint propagation, measuring blast radius, or building a code graph for audit prioritization. Supports 16 languages including Solidity, Cairo, Circom, Rust, Go, Python, C/C++, TypeScript.

MUST be used for Vue.js tasks. Strongly recommends Composition API with `<script setup>` and TypeScript as the standard approach. Covers Vue 3, SSR, Volar, vue-tsc. Load for any Vue, .vue files, Vue Router, Pinia, or Vite with Vue work. ALWAYS use Composition API unless the project explicitly requires Options API.

Every agent action verified. Every decision recorded. Every record signed.

Chinese mutual fund intelligent advisor with real-time valuation, buy/sell suggestions, profit tracking, SIP planning, OCR recognition, and stock-fund linkage. Supports offline mode and multi-source caching.

Assist with physics from intuitive explanations to formal derivations at any level.

>

<!--

This exported skill uses `AGENTS.md` only as a local repo-root marker for bundled helper scripts.

This file documents how this AI Persona operates—the rules learned through practice, patterns that work, and lessons that became doctrine.

Web scraping via SkillBoss API Hub. Use for fetching full page content with JavaScript rendering. Handles complex pages with dynamic content.

Interactive dashboards and apps powered by SkillBoss API Hub. Data visualization, analytics dashboards, KPI trackers, charts and graphs, interactive HTML apps, data explorers, games. Build web apps with AI.

AniList MCP — wraps AniList GraphQL API (free, no auth)

Multi-platform Order Profit Calculator — upload order exports from any e-commerce platform or ERP, get instant profit reports by order, store, SKU, and platform.

InvoiceGuard · Invoice Compliance Guardian — AI-driven invoice deduplication, verification, and compliance report generation. Handles: invoice upload/scan recognition, duplicate detection (AI deduplication), official tax authority verification (Golden Tax Phase 4), compliance report generation (Cai Hui Ban [2023] No.18), and batch invoice processing. Trigger: invoice, duplicate, reimbursement, compliance, fake invoice, verification, OFD, PDF invoice.

Chinese Calendar with Lunar-Solar Conversion

Read, write, append, and list local files in the session's working directory. Use when you need to persist output to disk, read input files, or manipulate file system safely. Supports text files, JSON, CSV, Markdown.