hardw00t
10 verified skills368 total stars
cloud-security
Multi-cloud security assessment skill for AWS, Azure, and GCP. Use when performing cloud security audits, scanning for misconfigurations, testing IAM policies, auditing storage permissions, and identifying privilege escalation paths. Triggers on requests to audit cloud security, scan AWS/Azure/GCP, check cloud misconfigurations, or perform cloud penetration testing. Covers CIS benchmarks, CSPM, and cross-cloud identity federation.
testing37
llm-security
LLM and AI application security testing skill for prompt injection (direct, indirect, multimodal), system-prompt extraction, RAG poisoning, memory poisoning, MCP server injection, skill-file injection, agentic tool misuse, computer-use UI injection, and excessive agency. Authorization required — this skill tests AI systems you are explicitly permitted to assess. Triggers on requests to test LLM / AI-agent / RAG / MCP / computer-use security, perform prompt injection, extract system prompts, poison RAG or memory, audit agent tool use, or evaluate AI guardrails.
tools37
sast-orchestration
Static Application Security Testing orchestration — run and compose Semgrep, CodeQL, Bandit, gosec, Brakeman, SpotBugs, ESLint; author custom rules; ingest SARIF; triage and rank findings by exploitability. Use this skill when asked to scan code for vulnerabilities, write Semgrep/CodeQL rules, triage SAST output, reduce false positives, or integrate SAST into CI/CD. Triggers on phrases like 'scan this code', 'write a Semgrep rule', 'triage these findings', 'SARIF', 'SAST in CI', or when a repo is handed over for a security review.
development37
api-security
Router skill for API penetration testing across REST, GraphQL, gRPC, and WebSocket. Covers OWASP API Top 10 (2023) including BOLA/BFLA/BOPLA, JWT attack chains, GraphQL introspection abuse, and mass assignment. Invoke when the user asks to pentest an API, analyze OpenAPI/Swagger, test auth/authorization, fuzz endpoints, or find API vulnerabilities.
development37
container-security
Container and Kubernetes security assessment — image vulnerability scanning, SBOM diff analysis, K8s cluster auditing, RBAC privilege mapping, NetworkPolicy review, container escape testing, and runtime monitoring (Falco/Tetragon). Use when scanning Docker/OCI images, auditing K8s clusters, reviewing Dockerfiles, diffing SBOMs across releases, analyzing RBAC, or assessing container runtime posture. Triggers on requests involving Trivy, Grype, Syft, Kubescape, kube-bench, Falco, container escapes, or CIS Docker/K8s benchmarks.
development37
dast-automation
Automated Dynamic Application Security Testing (DAST) using Playwright MCP plus standard OS pentest tooling. Performs blackbox or greybox scans on single or multiple domains with orchestrated crawling, vulnerability detection, and structured output. Trigger on requests like "scan this domain", "run DAST on these URLs", "automated pentest", or "security-test the staging app".
tools37
ios-pentest
iOS mobile application penetration testing with Frida and Objection on jailbroken or non-jailbroken devices. Use for static + dynamic analysis of IPAs, SSL pinning / jailbreak / biometric bypass, keychain & local-storage extraction, network interception, and OWASP MASTG iOS assessments. Triggers on requests to pentest iOS apps, analyze IPAs, bypass iOS security controls, or produce MASTG-aligned findings.
development37
network-pentest
Internal network and Active Directory penetration testing skill for corporate environments. Use when performing authorized internal network assessments, AD attack path analysis, lateral movement, privilege escalation, and post-exploitation across Windows/Linux estates. Covers BloodHound, Impacket, NetExec/CrackMapExec, Responder, Rubeus, mimikatz, certipy. Triggers on requests to pentest internal networks, attack AD, perform lateral movement, Kerberoast, DCSync, or escalate privileges.
testing37
sca-security
Software Composition Analysis: find vulnerable dependencies, correlate CVE/GHSA/OSV across ecosystems, generate CycloneDX/SPDX SBOMs, assess license compliance, and run reachability-aware triage to suppress unexploitable findings. Use when scanning package dependencies (npm, PyPI, Maven, Cargo, Go, RubyGems, Composer), reviewing PR lockfile diffs, generating SBOMs, auditing licenses, hunting malicious packages, or auditing the software supply chain. Triggers on requests to scan dependencies, check vulnerable packages, generate SBOM, license compliance, typosquat/dependency-confusion review, or reachability-based vuln triage.
development37
threat-modeling
Threat modeling skill for identifying security threats, attack surfaces, and designing mitigations. This skill should be used when performing threat assessments using STRIDE, PASTA, or Attack Trees, creating data flow diagrams, identifying trust boundaries, analyzing attack surfaces, or designing security controls for applications and systems. Triggers on requests to threat model, analyze attack surface, create DFD, apply STRIDE methodology, or assess security architecture.
development35