Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage,

Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks

Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater

'Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into

Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF,

Test and validate ransomware recovery procedures including backup restore operations, RTO/RPO target verification,

'Tests WebSocket API implementations for security vulnerabilities including missing authentication on WebSocket

Triage and prioritize vulnerabilities using CISA's Stakeholder-Specific Vulnerability Categorization (SSVC) decision

Validate backup integrity through cryptographic hash verification, automated restore testing, corruption detection,

>

>

>

>

>

>

>

>

>

>

>

>

Diagnose and fix context failures before they cascade. Context degradation is not binary — it is a continuum that manifests through five distinct, predictable patterns: lost-in-middle, poisoning, dist

Draft a complete patent application based on: **$ARGUMENTS**

Search patents and literature for prior art relevant to: **$ARGUMENTS**

Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.

ClawSec suite manager with embedded advisory-feed monitoring, cryptographic signature verification, approval-gated malicious-skill response, and guided setup for additional security skills.

Community incident reporting for AI agents. Contribute to collective security by reporting threats.

This skill helps Claude write secure web applications. Use this when working on any web application or when a user requests a scan or audit to ensure security best practices are followed.

See, Understand, Act on video and audio. See- ingest from local files, URLs, RTSP/live feeds, or live record desktop; return realtime context and playable stream links. Understand- extract frames, build visual/semantic/temporal indexes, and search moments with timestamps and auto-clips. Act- transcode and normalize (codec, fps, resolution, aspect ratio), perform timeline edits (subtitles, text/image overlays, branding, audio overlays, dubbing, translation), generate media assets (image, audio, video), and create real time alerts for events from live streams or desktop capture.

Search Newark, Farnell, and element14 for electronic components — find parts by MPN or distributor part number, check pricing/stock, download datasheets, analyze specifications. One unified API covers all three storefronts (Newark for US, Farnell for UK/EU, element14 for APAC). Free API key, simple query-parameter auth, no OAuth. Datasheets download directly from farnell.com CDN with no bot protection. Sync and maintain a local datasheets directory for a KiCad project, or use batch MPN-list seeding (`--mpn-list`) for bulk workflows without a project. Use this skill when the user mentions Newark, Farnell, element14, needs parts from a non-US distributor, wants to compare pricing across regions, or needs datasheets from a source that doesn't require complex API auth. For package cross-reference tables and BOM workflow, see the `bom` skill.

Search LCSC Electronics for electronic components — find parts by LCSC number (Cxxxxx) or MPN, check stock/pricing, download datasheets, analyze specifications. Sister company to JLCPCB, same parts library. Sync and maintain a local datasheets directory for a KiCad project, or use batch MPN-list seeding (`--mpn-list`) for bulk workflows without a project. No API key needed — uses the free jlcsearch community API. Use this skill when the user mentions LCSC, JLCPCB parts library, JLCPCB assembly parts, production sourcing, Cxxxxx part numbers, needs to find LCSC equivalents for parts, is preparing a BOM for JLCPCB assembly, or wants to download datasheets and LCSC is available. For package cross-reference tables and BOM workflow, see the `bom` skill.

Write Python code in n8n Code nodes. Use when writing Python in n8n, using _input/_json/_node syntax, working with standard library, or need to understand Python limitations in n8n Code nodes. Use this skill when the user specifically requests Python for an n8n Code node. Note — JavaScript is recommended for 95% of use cases — only use Python when the user explicitly prefers it or the task requires Python-specific standard library capabilities (regex, hashlib, statistics).

Run Blacksmith Testbox for CI-parity checks, secrets, hosted services, migrations, or builds local cannot reproduce.

Run, watch, debug, extend, or explain OpenClaw qa-lab and qa-channel scenarios, artifacts, and live lanes.

Prepare or verify OpenClaw stable/beta releases, changelogs, release notes, publish commands, and artifacts.

Benchmark, diagnose, and optimize OpenClaw test runtime, import hotspots, CPU/RSS, and slow coverage paths.

Optimize OpenClaw slow tests, imports, misplaced coverage, and CI wall time without dropping coverage.

Capture and automate macOS UI with the Peekaboo CLI.

Run a full project health diagnostic — checks structure, agents, features,

Generate a new spec from unspecced code feature (backfill)

Detect and surface conflicts between specs or between specs and design

Propose resolutions for detected drift. AI generates spec updates or

Perform a non-destructive post-implementation verification gate validating

Create baseline documentation for the project, establishing context for

Create a bug fix workflow with regression test and minimal documentation.

Validate and reorganize spec-kit artifacts with proper numbering and

Initiate a feature deprecation workflow with phased sunset process (warnings

Create a minor enhancement workflow with condensed single-document planning.

Create an emergency hotfix workflow with expedited process and mandatory

Incorporate documents into an existing or new workflow and advance stages