jd-opensource
32 verified skills7,616 total stars
pentest-network-internal
Internal network penetration testing, Active Directory enumeration, and lateral movement simulation.
testing238
brainstorming
You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation.
development238
executing-plans
Use when you have a written implementation plan to execute in a separate session with review checkpoints
testing238
pentest-ai-llm-security
AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.
testing238
pentest-api-deep
Deep OWASP API Security Top 10 testing for REST, GraphQL, gRPC, and WebSocket APIs — BFLA, mass assignment, rate limiting, and unsafe consumption.
development238
pentest-osint-recon
Open Source Intelligence gathering and attack surface management for external reconnaissance.
testing238
pentest-race-conditions
Concurrency exploitation — race conditions, TOCTOU vulnerabilities, and parallel request abuse in web applications.
development238
pentest-recon-attack-surface
White-box attack surface mapping — correlate external scans, browser exploration, and source code into structured endpoint inventory, role architecture, and authorization vulnerability candidates.
development238
pentest-supply-chain
Software supply chain security — dependency confusion, CI/CD pipeline attacks, lockfile integrity, and build artifact verification.
development238
pentest-whitebox-code-review
Source code security audit using backward taint analysis, slot type classification, render context verification, and 3-phase parallel review producing an exploitation queue.
development238
planning-with-files
Implements Manus-style file-based planning for complex tasks. Creates task_plan.md, findings.md, and progress.md. Use when starting complex multi-step tasks, research projects, or any task requiring >5 tool calls. Now with automatic session recovery after /clear.
tools238
skill-security-auditor
OpenClaw Skills 全方位安全审计工具,检测供应链投毒、Prompt注入、恶意代码模式、权限越权和依赖风险
testing238
backend/app
# SKILL 后端功能说明文档 ## 概述 SKILL(技能)模块是平台的核心功能之一,用于管理和组织可复用的技能资源。每个技能可以包含描述、内容、标签、文件等丰富的信息,支持公开分享和私有管理。 ## 架构设计 ### 分层架构 SKILL 模块采用经典的分层架构设计: ``` API Layer (api/v1/skills.py) ↓ Service Layer (services/skill_service.py) ↓ Repository Layer (repositories/skill.py) ↓ Model Layer (models/skill.py) ``` ### 核心组件 1. **模型层 (Models)** - `Skill`: 技能主表模型 - `SkillFile`: 技能文件关联表模型 2. **仓库层 (Repositories)** - `SkillRepository`: 技能数据访问层 - `SkillFileRepository`: 技能文件数据访问层 3. **服务层 (
development238
pentest-http-smuggling
HTTP request smuggling, desync attacks, cache poisoning, and protocol-level vulnerability testing.
testing238
pentest-mobile-app
OWASP Mobile Top 10 security testing for Android and iOS — local storage, certificate pinning bypass, IPC abuse, and binary protections.
testing238
pentest-secrets-exposure
Discover hardcoded credentials, leaked API keys, exposed configuration files, sensitive data in artifacts, and information disclosure via error handling.
development238
pentest-ctf-binary
Binary exploitation (Pwn) and reverse engineering tools for CTF challenges and software analysis.
tools238
pentest-cloud-infrastructure
Cloud security posture management and container security assessment for AWS, Azure, GCP, and Kubernetes.
testing238
pptx
Presentation creation, editing, and analysis. When Claude needs to work with presentations (.pptx files) for: (1) Creating new presentations, (2) Modifying or editing content, (3) Working with layouts, (4) Adding comments or speaker notes, or any other presentation tasks
documentation238
pentest-vuln-verify-test
通过原始 HTTP 请求操作和严格验证自动验证 Web 漏洞(开放重定向、XSS)。
development238
openclaw-security-checker
OpenClaw 安全检测工具,基于安全实践指南验证配置安全、权限隔离、网络策略、日志审计和运行时完整性
testing238
pentest-business-logic
Business logic vulnerability testing — workflow bypass, payment manipulation, state machine abuse, and function limit circumvention per WSTG-BUSL.
testing238
pentest-client-advanced
Advanced client-side attacks — CORS misconfiguration, WebSocket security, clickjacking, postMessage abuse, CSS injection, and browser storage vulnerabilities.
tools238
pentest-config-hardening
Security header auditing, TLS configuration testing, HTTP method analysis, CSP bypass assessment, and deployment hardening verification.
testing238
pentest-ctf-crypto
Cryptography tools for solving CTF challenges involving ciphers, hashing, and weak encryption.
tools238
pentest-ctf-forensics
Digital forensics, steganography, and packet analysis for CTF challenges and investigation.
testing238
pentest-exploit-validation
Proof-driven exploitation with 4-level evidence system, bypass exhaustion protocol, mandatory evidence checklists, and strict EXPLOITED/POTENTIAL/FALSE_POSITIVE classification.
testing238
openclaw-threat-detect
OpenClaw 攻击模式检测工具,识别数据外传、反弹Shell、文件泄露、Prompt注入、供应链投毒等高危行为,支持 MITRE ATT&CK 映射
data-ai238
skill-creator
Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends an agent's capabilities with specialized knowledge, workflows, or tool integrations.
tools238
writing-plans
Use when you have a spec or requirements for a multi-step task, before touching code
development238
Comprehensive PDF manipulation toolkit for extracting text and tables, creating new PDFs, merging/splitting documents, and handling forms. When Claude needs to fill in a PDF form or programmatically process, generate, or analyze PDF documents at scale.
tools238
xlsx
Comprehensive spreadsheet creation, editing, and analysis with support for formulas, formatting, data analysis, and visualization. When Claude needs to work with spreadsheets (.xlsx, .xlsm, .csv, .tsv, etc) for: (1) Creating new spreadsheets with formulas and formatting, (2) Reading or analyzing data, (3) Modify existing spreadsheets while preserving formulas, (4) Data analysis and visualization in spreadsheets, or (5) Recalculating formulas
development238