mswell
10 verified skills680 total stars
security-audit
Comprehensive security code audit using multi-phase analysis (Setup → Architecture → STRIDE → Code Review → Dependencies/Config → Report). Parallelized subagent orchestration with integrated scripts. Use when asked to perform security review, vulnerability assessment, code audit, pentest code review, find security bugs, or analyze code for vulnerabilities. Optimized for bug bounty hunting and AppSec with concrete evidence and exploitability validation.
development68
web3-audit
Smart contract security audit for Immunefi bug bounty. Analyzes Solidity contracts on EVM chains using Slither + Foundry. Covers access control, reentrancy, DeFi economic exploits (flash loans, oracle manipulation, MEV), protocol-specific logic (lending, DEX, bridges, vaults), and generates Foundry fork PoCs. Every finding MUST have concrete evidence, invariant violation proof, and USD impact estimate.
development68
frontend-design
Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
development68
apk-bugbounty
Android APK static analysis for bug bounty hunting. Decompiles APKs with BOTH Jadx AND Apktool for maximum coverage. Analyzes secrets, exported components, WebViews (Taint Analysis), deep links, Firebase, Native Libs, IPC abuse, and business logic flaws. Every finding MUST have concrete evidence and real exploit impact.
tools68
js-code-analysis
Specialized JavaScript/TypeScript static analysis for bug bounty hunting. Covers Node.js, Express.js, Next.js, NestJS, Fastify, and modern frameworks. Uses AST-grep and Grep tool to find high-impact vulnerabilities (RCE, SSRF, SQLi, SSTI, Prototype Pollution, JWT, DOM XSS, GraphQL, ReDoS, CORS, CSRF) via strict Source-to-Sink Taint Analysis. Every finding MUST have concrete evidence.
tools68
grill-me
Interview the user relentlessly about a plan or design until reaching shared understanding, resolving each branch of the decision tree. Use when user wants to stress-test a plan, get grilled on their design, or mentions "grill me".
testing68
to-issues
Break a plan, spec, or PRD into independently-grabbable issues on the project issue tracker using tracer-bullet vertical slices. Use when user wants to convert a plan into issues, create implementation tickets, or break down work into issues.
tools68
improve-codebase-architecture
Find deepening opportunities in a codebase, informed by the domain language in CONTEXT.md and the decisions in docs/adr/. Use when the user wants to improve architecture, find refactoring opportunities, consolidate tightly-coupled modules, or make a codebase more testable and AI-navigable.
development68
to-prd
Turn the current conversation context into a PRD and publish it to the project issue tracker. Use when user wants to create a PRD from the current context.
tools68
tdd
Test-driven development with red-green-refactor loop. Use when user wants to build features or fix bugs using TDD, mentions "red-green-refactor", wants integration tests, or asks for test-first development.
development68