'Analyzes firmware images for embedded malware, backdoors, and unauthorized modifications targeting routers,

'Perform comprehensive ICS/OT asset discovery using Claroty xDome platform, leveraging passive monitoring, Claroty

Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment,

Perform authorized initial access using EvilGinx3 adversary-in-the-middle phishing framework to capture session

Perform structured log source onboarding into SIEM platforms by configuring collectors, parsers, normalization,

Enrich malware file hashes using the VirusTotal API to retrieve detection rates, behavioral analysis, YARA matches,

Perform forensic analysis of network packet captures (PCAP/PCAPNG) using Wireshark, tshark, and tcpdump to reconstruct

>-

'Perform vulnerability scanning in OT/ICS environments safely using passive monitoring, native protocol queries,

'This skill covers conducting cybersecurity assessments of electric power grid infrastructure including generation

Discover and inventory all privileged accounts across enterprise infrastructure including domain admins, local

'Executes a structured ransomware incident response from initial detection through containment, forensic analysis,

'This skill covers implementing Software Composition Analysis (SCA) using Snyk to detect vulnerable open-source

Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant

'Automates SOC 2 Type II audit preparation including gap assessment against AICPA Trust Services Criteria (CC1-CC9),

'Performs static analysis of Windows PE (Portable Executable) malware samples using PEStudio to examine file

'Performs proactive threat hunting in Elastic Security SIEM using KQL/EQL queries, detection rules, and Timeline

Build comprehensive forensic super-timelines using Plaso (log2timeline) to correlate events across file systems,

Perform comprehensive Windows forensic artifact analysis using Eric Zimmerman's open-source EZ Tools suite including

Conduct wireless network security assessments using Kismet to detect rogue access points, hidden SSIDs, weak

Develop precise YARA rules for malware detection by identifying unique byte patterns, strings, and behavioral

'Executes structured recovery from a ransomware incident following NIST and CISA frameworks, including environment

'Reverse engineers malware binaries using NSA''s Ghidra disassembler and decompiler to understand internal logic,

'Securing AWS Lambda execution roles by implementing least-privilege IAM policies, applying permission boundaries,

Threat actor infrastructure tracking involves monitoring and mapping adversary-controlled assets including command-and-control

Classify and prioritize security incidents using structured IR playbooks to determine severity, assign response

'Performs initial triage of security incidents to determine severity, scope, and required response actions using

>

>

>

>

>

This skill covers production-grade techniques for evaluating LLM outputs using LLMs as judges. It synthesizes research from academic papers, industry practices, and practical implementation experience

Context optimization extends the effective capacity of limited context windows through strategic compression, masking, caching, and partitioning. Effective optimization can double or triple effective

Verify every `\cite{...}` in a paper against three independent layers:

Write detailed embodiments for: **$ARGUMENTS**

A kubectl/docker-style CLI for managing GPU compute jobs on the Qizhi (启智) platform.

Deploy and run ML experiment: $ARGUMENTS

Task: $ARGUMENTS

Security advisory feed package for OpenClaw-related threats and vulnerabilities. The upstream feed is updated daily; local automation is handled by clawsec-suite or the operator.

>

>

>

>

>

>

Build Solana trading applications combining DFlow trading APIs with Helius infrastructure. Covers spot swaps (imperative and declarative), prediction markets, real-time market streaming, Proof KYC, the DFlow Agent CLI for autonomous trading, transaction submission via Sender, fee optimization, shred-level streaming via LaserStream, and wallet intelligence.

Build frontend Solana applications with Phantom Connect SDK and Helius infrastructure. Covers React, React Native, and browser SDK integration, transaction signing via Helius Sender, API key proxying, token gating, NFT minting, crypto payments, real-time updates, and secure frontend architecture.

Build Solana trading applications combining DFlow trading APIs with Helius infrastructure. Covers spot swaps (imperative and declarative), prediction markets, real-time market streaming, Proof KYC, the DFlow Agent CLI for autonomous trading, transaction submission via Sender, fee optimization, shred-level streaming via LaserStream, and wallet intelligence.

Build Solana DeFi applications combining Jupiter APIs with Helius infrastructure. Covers token swaps (Swap API V2), lending/borrowing (Lend protocol), limit orders (Trigger), DCA (Recurring), token/price data, transaction submission via Sender, fee optimization, real-time streaming, and wallet intelligence.