Skills your agents can run

This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems.

This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.

Discover exploitable, bounty-eligible security issues inside a repository. Focuses not on noisy, local-only findings but on remotely reachable vulnerabilities that are suitable for real reports.

Security scanner that catches malicious skills before they steal your data. Detects credential theft, prompt injection, and hidden backdoors. Works immediately with zero setup. Optional AST dataflow analysis traces how your data moves through code.

This skill should be used when the user asks to "escalate privileges", "get root access", "become administrator", "privesc techniques", "abuse sudo", "exploit SUID binaries", "Kerberoasting", "pass-the-ticket", "token impersonation", or needs guidance on post-exploitation privilege escalation for Linux or Windows systems.

Guide for implementing Better Auth - a framework-agnostic authentication and authorization framework for TypeScript. Use when adding authentication features like email/password, OAuth, 2FA, passkeys, or advanced auth functionality to applications.

Guidance for implementing differential cryptanalysis attacks on FEAL and similar Feistel ciphers. This skill should be used when asked to break FEAL encryption, recover cipher keys through differential attacks, or implement cryptanalysis techniques on block ciphers with weak round functions. Covers proper differential characteristic construction, not ad-hoc statistical methods.

Data privacy and regulatory compliance specialist for GDPR, CCPA, HIPAA, and international data protection laws. Use when implementing privacy controls, conducting data protection impact assessments, ensuring regulatory compliance, or managing data subject rights. Expert in consent management, data minimization, and privacy-by-design principles.

This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements.

A skill to integrate better-auth. And auth framework for TypeScript projects.

Use this skill when a user asks to perform SMTP penetration testing, enumerate email users, test for open mail relays, grab SMTP banners, brute force email credentials, or assess mail server security. It provides comprehensive techniques for testing SMTP server security.

Security best practices for Speak API keys, audio data privacy, student data protection, and COPPA/FERPA compliance. Use when implementing security basics features, or troubleshooting Speak language learning integration issues. Trigger with phrases like "speak security basics", "speak security basics".

Audit authentication flows for security vulnerabilities

Implements secure session management with JWT tokens, Redis storage, refresh flows, and proper cookie configuration. Use when building authentication systems, managing user sessions, or implementing secure logout functionality.

Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.

Store, retrieve, list, and manage secrets using gopass (the team password manager). Use when the user asks to save credentials, look up passwords, generate secrets, manage password entries, or interact with a gopass password store. Covers CRUD operations, secret generation, TOTP, recipients, mounting stores, and clipboard operations.

This skill should be used when the user asks to "pentest SSH services", "enumerate SSH configurations", "brute force SSH credentials", "exploit SSH vulnerabilities", "perform SSH tunneling", or "audit SSH security". It provides comprehensive SSH penetration testing methodologies and techniques.

Security scanner for AgentSkill packages. Scan skills for credential theft, code injection, prompt manipulation, data exfiltration, and evasion techniques before installing them. Use when evaluating skills from ClawHub or any untrusted source.

Complete Better Auth documentation in Markdown format. Use when implementing authentication in TypeScript projects — covers OAuth providers (Google, GitHub, etc.), email/password, passkeys, 2FA, session management, database adapters (Prisma, Drizzle), and framework integrations (Next.js, SvelteKit, etc.).

Ultimate Offensive Security Master Skill. Covers Ethical Hacking Methodology, Infrastructure Attacks (AD, AWS), Web Vulnerabilities (OWASP Top 10, Bug Bounty), and Advanced Toolsets (Metasploit, Burp Suite, SQLMap).