'Executes Atomic Red Team tests for MITRE ATT&CK technique validation using the atomic-operator Python framework.

'Simulates VLAN hopping attacks using switch spoofing and double tagging techniques in authorized environments

'Performs authenticated and unauthenticated vulnerability scanning using Tenable Nessus to identify known vulnerabilities,

'Performs systematic security testing of web applications following the OWASP Web Security Testing Guide (WSTG)

Execute web cache deception attacks by exploiting path normalization discrepancies between CDN caching layers

Exploiting web cache mechanisms to serve malicious content to other users by poisoning cached responses through

'Captures WPA/WPA2 handshakes and performs offline password cracking using aircrack-ng, hashcat, and dictionary

Scan container images for known vulnerabilities using Anchore Grype with SBOM-based matching and configurable

Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS

Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations,

'This skill covers hardening managed Kubernetes clusters on EKS, AKS, and GKE by implementing Pod Security Standards,

'Tests API authentication mechanisms for weaknesses including broken token validation, missing authentication

'Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated

'Tests APIs for mass assignment (auto-binding) vulnerabilities where clients can modify object properties they

Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain

Systematically testing web applications for broken access control vulnerabilities including privilege escalation,

Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege

Test web application email functionality for SMTP header injection vulnerabilities that allow attackers to inject

Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters,

Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage,

Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks

Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater

'Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into

Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF,

Test and validate ransomware recovery procedures including backup restore operations, RTO/RPO target verification,

'Tests WebSocket API implementations for security vulnerabilities including missing authentication on WebSocket

Triage and prioritize vulnerabilities using CISA's Stakeholder-Specific Vulnerability Categorization (SSVC) decision

Validate backup integrity through cryptographic hash verification, automated restore testing, corruption detection,

>

>

>

>

>

Draft a complete patent application based on: **$ARGUMENTS**

Search patents and literature for prior art relevant to: **$ARGUMENTS**

Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.

ClawSec suite manager with embedded advisory-feed monitoring, cryptographic signature verification, approval-gated malicious-skill response, and guided setup for additional security skills.

Community incident reporting for AI agents. Contribute to collective security by reporting threats.

This skill helps Claude write secure web applications. Use this when working on any web application or when a user requests a scan or audit to ensure security best practices are followed.

See, Understand, Act on video and audio. See- ingest from local files, URLs, RTSP/live feeds, or live record desktop; return realtime context and playable stream links. Understand- extract frames, build visual/semantic/temporal indexes, and search moments with timestamps and auto-clips. Act- transcode and normalize (codec, fps, resolution, aspect ratio), perform timeline edits (subtitles, text/image overlays, branding, audio overlays, dubbing, translation), generate media assets (image, audio, video), and create real time alerts for events from live streams or desktop capture.

Search Newark, Farnell, and element14 for electronic components — find parts by MPN or distributor part number, check pricing/stock, download datasheets, analyze specifications. One unified API covers all three storefronts (Newark for US, Farnell for UK/EU, element14 for APAC). Free API key, simple query-parameter auth, no OAuth. Datasheets download directly from farnell.com CDN with no bot protection. Sync and maintain a local datasheets directory for a KiCad project, or use batch MPN-list seeding (`--mpn-list`) for bulk workflows without a project. Use this skill when the user mentions Newark, Farnell, element14, needs parts from a non-US distributor, wants to compare pricing across regions, or needs datasheets from a source that doesn't require complex API auth. For package cross-reference tables and BOM workflow, see the `bom` skill.

Search LCSC Electronics for electronic components — find parts by LCSC number (Cxxxxx) or MPN, check stock/pricing, download datasheets, analyze specifications. Sister company to JLCPCB, same parts library. Sync and maintain a local datasheets directory for a KiCad project, or use batch MPN-list seeding (`--mpn-list`) for bulk workflows without a project. No API key needed — uses the free jlcsearch community API. Use this skill when the user mentions LCSC, JLCPCB parts library, JLCPCB assembly parts, production sourcing, Cxxxxx part numbers, needs to find LCSC equivalents for parts, is preparing a BOM for JLCPCB assembly, or wants to download datasheets and LCSC is available. For package cross-reference tables and BOM workflow, see the `bom` skill.

Write Python code in n8n Code nodes. Use when writing Python in n8n, using _input/_json/_node syntax, working with standard library, or need to understand Python limitations in n8n Code nodes. Use this skill when the user specifically requests Python for an n8n Code node. Note — JavaScript is recommended for 95% of use cases — only use Python when the user explicitly prefers it or the task requires Python-specific standard library capabilities (regex, hashlib, statistics).

Run Blacksmith Testbox for CI-parity checks, secrets, hosted services, migrations, or builds local cannot reproduce.

Run, watch, debug, extend, or explain OpenClaw qa-lab and qa-channel scenarios, artifacts, and live lanes.

Prepare or verify OpenClaw stable/beta releases, changelogs, release notes, publish commands, and artifacts.

Benchmark, diagnose, and optimize OpenClaw test runtime, import hotspots, CPU/RSS, and slow coverage paths.

Capture and automate macOS UI with the Peekaboo CLI.

Detect and surface conflicts between specs or between specs and design

Perform a non-destructive post-implementation verification gate validating