duriandurino
22 verified skills
exploit
Exploitation framework for penetration testing — Metasploit, public exploits, and manual exploitation. Use when: user asks to exploit a vulnerability, get a shell on a target, run an exploit for a CVE, gain access, compromise a host, attempt exploitation, or deliver a payload. This is the attack phase — systems may be affected. NOT for: vulnerability analysis (use vuln skill), scanning (use enum skill), or post-exploitation (use post skill).
development
skillcrafter
Strict, example-driven skill authoring for OpenClaw. Use when creating a new skill from scratch, improving an existing skill's quality, or auditing a skill against quality standards. Triggers on: create a skill, author a skill, improve this skill, review the skill, audit this skill, make a skill better, why isn't this skill working, skill quality check. Unlike the basic skill-creator, skillcrafter enforces strict quality gates, requires concrete usage examples, validates progressive disclosure, and rejects anti-patterns.
testing
post-phase-essentials
Methodology and decision framework for the penetration testing post-exploitation phase. Use when: structuring post-exploitation after a foothold, assessing privilege/data/lateral-movement impact safely, deciding how much evidence is enough, relating behaviors to ATT&CK-style tactics and telemetry, or reinforcing cleanup/reporting discipline after access is gained. NOT for: obtaining initial access, replacing the specialized post skill's concrete actions, or for unauthorized persistence, credential theft, or log tampering guidance.
development
enum-phase-essentials
Methodology and decision framework for the penetration testing enumeration phase. Use when: optimizing enumeration for speed with high confidence, structuring host/service/web/AD enumeration workflows, reducing false positives, deciding between Masscan and Nmap roles, tuning scan rates/retries/version detection, or reinforcing evidence-backed service inventory creation. NOT for: passive recon only, vulnerability analysis, exploitation, or replacing the specialized enum skill's concrete probing tasks.
development
cipher
General-purpose programming assistant and Second in Command. Use when: writing code, debugging scripts, system administration, explaining technical concepts, file operations, refactoring, writing tests, creating project scaffolding, answering general tech questions, or any non-pentest task. NOT for: penetration testing tasks (use specter-recon, specter-enum, specter-vuln, specter-exploit, specter-post, or specter-report instead).
development
enum
Active service enumeration, port scanning, and directory busting for penetration testing. Use when: user asks to scan ports, enumerate services, bust directories on web servers, fingerprint services, find open ports, probe a target for running services, scan a subnet, or enumerate SMB/FTP/HTTP services. NOT for: passive recon (use recon skill), vulnerability analysis (use vuln skill), or exploitation (use exploit skill). This is the active scanning phase — packets WILL be sent to target.
development
exploit-phase-essentials
Methodology and decision framework for the penetration testing exploitation phase. Use when: selecting exploit candidates, checking exploit preconditions, deciding between safe validation and controlled exploitation, improving exploit reliability, incorporating KEV/EPSS/CVSS and exploit-rank signals, minimizing side effects, or reinforcing evidence/cleanup discipline during exploitation. NOT for: recon, enumeration, vulnerability analysis, post-exploitation, or replacing the specialized exploit skill's concrete execution tasks.
development
gworkspace
Create and manage Google Docs, Slides, Sheets, Gmail, Calendar, and Contacts via the gog CLI. Use when the user asks to create a document, presentation, spreadsheet, send email, or manage calendar events in Google Workspace.
tools
opencode-utility
Use OpenCode as a coding utility for authorized work. Use when: building scripts, refactoring helpers, planning or implementing reusable coding utilities, converting one-off commands into maintainable tools, or offloading scripting-heavy work during an engagement. NOT for: reasoning-only tasks, trivial shell use, non-coding pentest decisions, or unsafe/unauthorized offensive tooling such as malware, phishing kits, or credential theft tools.
tools
preengagement-essentials
Methodology and decision framework for the penetration testing pre-engagement phase and Rules of Engagement. Use when: preparing a real pentest, checking authorization, defining scope vs ROE, building safety/communication/data-handling rules, handling third-party/cloud approvals, or deciding whether testing may legally and operationally begin. NOT for: replacing legal counsel, skipping signed permission, or running active testing before engagement controls are in place.
development
presentation
Generate pentest presentation slides from engagement findings. Use when: user asks for slides, presentation deck, slide count specified, 'make a presentation', 'create slides', or wants a talk/showcase format from pentest reports. NOT for: writing the full technical report (use reporting skill), raw data collection, or non-security presentations.
development
recon
Passive reconnaissance, OSINT gathering, and DNS analysis for penetration testing. Use when: user asks to recon a target, enumerate subdomains, look up DNS records, search Shodan for a host, gather OSINT, check WHOIS ownership, or fingerprint services passively. NOT for: active scanning or port scanning (use enum skill), vulnerability analysis (use vuln skill), or exploitation (use exploit skill).
testing
report-phase-essentials
Methodology and quality framework for the penetration testing report phase. Use when: writing or QA-ing pentest reports, improving executive and technical readability, enforcing evidence completeness, adding remediation and retest guidance, including cleanup/restoration and residual risk, or securing report packaging and delivery. NOT for: running phase-specific testing tasks or replacing the specialized reporting implementation/publishing workflow.
development
slides-cog
Great slides need two things: content worth presenting and design worth looking at. #1 on DeepResearch Bench (Feb 2026) — CellCog researches and fills content mindfully from minimal prompts, no filler. State-of-the-art PDF generation for presentations, pitch decks, keynotes, and slideshows you can present as-is. Requires cellcog skill for SDK. If cellcog is unavailable, use gog slides as fallback (Google Workspace).
development
vuln
Vulnerability analysis and CVE matching for penetration testing. Use when: user asks to check for vulnerabilities, match CVEs against service versions, analyze scan results for weaknesses, research exploitability, assess risk of discovered services, or identify known vulnerabilities. This is the analysis phase — no exploitation yet. NOT for: active scanning (use enum skill), exploitation (use exploit skill), or post-exploitation (use post skill).
testing
vuln-phase-essentials
Methodology and decision framework for the penetration testing vulnerability phase. Use when: validating scanner output, distinguishing confirmed vulnerabilities from hypotheses, explaining CVE/CWE/CVSS, prioritizing findings with KEV/EPSS/business context, guiding vuln-analysis workflow, or reinforcing evidence-backed reporting during the vulnerability phase. NOT for: initial recon or active enumeration, hands-on exploitation, post-exploitation, or replacing the specialized vuln skill's concrete checks.
development
post
Post-exploitation: privilege escalation, credential harvesting, lateral movement, persistence, and data gathering after initial access. Use when: user has a shell and wants to escalate privileges, find interesting files, harvest credentials, move laterally to other hosts, set up persistence, pivot networks, or gather evidence. This is post-access work. NOT for: getting initial access (use exploit skill), scanning (use enum skill), or reporting (use reporting skill).
data-ai
calendar-log
Log daily activities to Google Calendar as concise EOD summaries. Use when creating end-of-day summaries, logging milestones to calendar, tracking pentest progress, or when asked to "log to calendar" or "create EOD entry". Creates clean, scannable calendar events.
development
pentest-essentials
Beginner-friendly penetration testing methodology, safety rules, phase model, labs, and reporting discipline for main and sub-agents. Use when: teaching pentest fundamentals, answering beginner pentest questions, structuring an engagement methodically, clarifying recon vs scan vs enum vs vuln analysis, recommending safe practice labs, or reinforcing documentation and ROE discipline. NOT for: performing a phase-specific task when a specialized pentest skill already fits better (use recon, enum, vuln, exploit, post, reporting, or pentest-orchestrator), or for unauthorized testing guidance.
testing
pentest-slides
Format penetration test reports into professional Google Slides presentations. Use when generating slides from pentest findings, converting REPORT_FINAL.md to slide format, or creating executive-ready pentest presentations. Triggers on phrases like "create slides from report", "format report for slides", "pentest presentation", "convert report to slides".
development
pentest-orchestrator
Orchestrate multi-phase penetration test engagements using specialized sub-agents (specter-recon, specter-enum, specter-vuln, specter-exploit, specter-post, specter-report). Use when: running a structured pentest, spawning pentest agents in sequence, managing engagement phases with decision gates, or adapting workflow when a vector is a dead end. NOT for: single-task scans (use enum/recon skills directly), writing final pentest reports without context (use reporting skill), or vulnerability analysis without orchestration context.
testing
reporting
Generate penetration testing reports with findings, evidence, and actionable security enhancement recommendations. Use when: creating a pentest report, documenting vulnerabilities, generating findings summary, writing remediation guidance, or producing executive summaries after testing. Every finding MUST include severity, proof, remediation steps, and specific hardening recommendations. NOT for: note-taking during testing (use workspace notes), raw scan output (format in findings), or code review reports.
development