除錯

Find and fix broken markdown links in the repository. Use when links return "Cannot find file" or "Cannot find fragment" errors. Runs find-broken-links to detect problems, then repairs each broken link by locating the correct target or updating the fragment anchor.

AskarKasimov0

除錯

Observability

Use observability MCP tools to investigate errors, logs, and traces

AskarKasimov0

除錯

Lg Debugger

Diagnoses and fixes issues in LG Flutter apps — SSH connection failures, KML rendering problems, coordinate bugs, Provider errors, and rig communication issues.

AshishYesale70

除錯

Verification

Use after Breaker ACCEPT and before Reliability scoring — gates completion on evidence that smoke steps actually pass.

ashokdudhade0

除錯

Graphql

GraphQL attack surface exploitation - introspection, IDOR via queries/mutations, field-level auth bypass, batching rate-limit bypass, nested query DoS, subscription cross-user data access. ALWAYS invoke when: /graphql endpoint found, Apollo/Relay/Hasura detected, any API uses GraphQL. Trigger aggressively for: 'graphql', 'introspection', 'mutation', 'subscription', 'batching', 'alias', '__typename', '__schema'.

AshtonVaughan0

除錯

Speckit Clarify

Identify underspecified areas in the current feature spec and encode clarifications back into the spec.

Rickwen11260

除錯

Data Exfil Deep

Data exposure exploitation and impact amplification - IDOR, excessive data in API responses, mass PII exfiltration, and severity escalation. ALWAYS invoke when: API returns more fields than UI shows, found access to another user's data, need to prove impact from any auth bypass or injection, user says 'prove impact' or 'what can I access'. This skill turns Medium findings into Criticals.

AshtonVaughan0

除錯

Blind Injection - Behavioral Protocol

Blind injection exploitation - OOB callbacks, time-based, DNS exfil across SQLi/SSRF/XXE/CMDi/XSS. ALWAYS invoke when: payloads return no visible error, response is identical regardless of input, need OOB confirmation, parameter seems to be processed server-side but produces no output. Trigger aggressively for: 'blind', 'no output', 'no error', 'OOB', 'callback', 'interactsh', 'same response', 'no reflection', 'server-side processing'.

AshtonVaughan0

除錯

Anomaly Detection

Response anomaly detection during Phase 4. Profiles endpoint behavior, flags deviations, prioritizes convergent signals.

AshtonVaughan0

除錯

Feedback

Handle HackerOne analyst responses and triager feedback - classify response type and execute the matching action.

AshtonVaughan0

除錯

Triage

Triage a bug report. Reproduces the bug, diagnoses the root cause, verifies whether the behavior is intentional, and attempts a fix. Use when asked to "triage issue

Ashwin47530

除錯

Deep Deserialization Exploitation

Deep deserialization exploitation - Java ObjectInputStream, PHP unserialize/Phar, Python pickle/YAML, Ruby Marshal, .NET BinaryFormatter/ViewState, and Node.js serialize. Goes beyond scanner detection into custom gadget chain construction, blind exploitation via OOB callbacks, and chained attacks. Invoke this skill PROACTIVELY whenever: you find base64-encoded blobs in cookies, parameters, or headers; detect serialized object magic bytes in traffic (ac ed 00 05 for Java, O:N for PHP, 80 04 95 for Python pickle, 04 08 for Ruby Marshal); see ViewState or __VIEWSTATE parameters; find source code using pickle.loads(), yaml.load(), unserialize(), ObjectInputStream, Marshal.load(), BinaryFormatter, or node-serialize. Also invoke when SAST flags a deserialization sink - this skill provides the exploitation methodology. Use for ANY Java, PHP, Python, Ruby, .NET, or Node.js application where you suspect object deserialization.

AshtonVaughan0

除錯

Idor Harness

Systematic IDOR/BOLA testing with two test accounts. Trigger on: "test IDOR", "check authorization", "access control", "object reference", horizontal/vertical privilege escalation, any endpoint returning user-specific data with an object ID in the URL or body.

AshtonVaughan0

除錯

Omnihack

Windows binary and process exploitation - game security, anti-cheat, kernel debugging, DLL injection, memory scanning, network interception. Trigger AGGRESSIVELY when any target involves game clients, Windows apps, anti-cheat, or binary-level attack surface.

AshtonVaughan0

除錯

Authorization - Authorized Bug Bounty Engagement

$39

AshtonVaughan0

除錯

Negative Testing

Systematic testing of error handling paths, malformed inputs, and boundary conditions. Load during Phase 4 testing to discover information disclosure and unexpected behavior in error handlers.

AshtonVaughan0

除錯

Hardware & IoT Security Testing

IoT device security, firmware analysis, embedded web interface testing, protocol exploitation, and physical interface attacks. Invoke this skill PROACTIVELY whenever: a target includes IoT devices, routers, cameras, smart home products, industrial controllers, network appliances, or any embedded system. Also invoke when you find firmware download links, UART/JTAG mentions, or IoT protocols (MQTT, CoAP, Zigbee, BLE, UPnP, RTSP) during reconnaissance. If the bug bounty program lists hardware devices or embedded systems in scope, this skill applies immediately.

AshtonVaughan0

除錯

Playwright Live Verifier — Interactive Browser Verification Skill

Use this skill to interactively verify, test, and explore any web application using the Playwright MCP browser tools. TRIGGER when the user says things like: "test this feature", "verify the implementation", "check if it works", "manually test", "live test", "browser test", "validate in the browser", "check the app", "QA this", "confirm the fix works", "walk through the flows", "smoke test", or any request to verify/validate UI behavior against a running application (local or deployed). This is NOT about generating test files — it uses the MCP browser tools to interactively test and verify features right now, in a real browser session. Also trigger when the user asks to find bugs in a live app or wants each feature confirmed individually with real evidence.

Ashtrix-Robotics0

除錯

Validation

4-layer validation protocol for confirming bug bounty findings before surfacing them. Findings that clearly fail are discarded. Findings that appear real but couldn't be fully proven are surfaced to the user with status tags - never silently hidden.

AshtonVaughan0

除錯

Argument Settlement

Record who won an argument on the Base blockchain. Just say who won and why.

ashwinexe0

除錯

Stripe Sync Backfill

When the user wants to import historical Stripe data. Also use when the user mentions "backfill stripe data," "syncBackfill," "import stripe data," "sync existing data," or "historical sync."

ashutoshpw0

除錯

Stripe Cli

Use when an agent needs to inspect Stripe account data from the terminal using the local stripe-cli package and its xstripe executable. Covers authentication, profile selection, listing resources, fetching records by ID, searching supported resources, checking balances, inspecting cached data behavior, and using raw API requests only when the built-in commands are insufficient.

ashutoshpw0

除錯

Stripe Sync Troubleshooting

When the user is experiencing issues with stripe-sync-engine. Also use when the user mentions "not working," "webhook error," "signature failed," "connection error," "data not syncing," or "stripe sync broken."

ashutoshpw0

除錯

Sast

Source code security review - find exploitable vulnerabilities in source code. Trigger AGGRESSIVELY when source code is available (open source target, GitHub repo, leaked source, client-side JS, decompiled mobile app).

AshtonVaughan0

除錯

HTTP Request Smuggling and Desync Attacks

HTTP request smuggling and desync attacks - CL.TE, TE.CL, TE.TE, H2.CL, H2.TE, and browser-powered client-side desync. Invoke this skill PROACTIVELY whenever: a target sits behind a CDN, reverse proxy, or load balancer (Cloudflare, Akamai, Fastly, CloudFront, nginx, HAProxy, AWS ALB, Azure Front Door), uses HTTP/2 with HTTP/1.1 backend downgrade, shows signs of multi-layer request processing (multiple Server headers, Via header, different error pages for different paths), or you detect unusual Transfer-Encoding or Content-Length handling. Also invoke when you see response splitting, CRLF injection, or cache poisoning opportunities. Covers cache poisoning via desync, credential theft from other users' requests, WAF bypass, and request routing manipulation. Use PROACTIVELY during Phase 4 for ANY web target - most targets have proxy infrastructure even if it's not immediately visible.

AshtonVaughan0

除錯

Explain

Explains code in detail for junior developers. Use when someone asks "what does this do?", "how does this work?", "explain this code", or wants to understand code step-by-step.

AshurovDoston0

除錯

Cortex Debug

CORTEX debug pipeline skill. Use when: running /debug, /debug-inject, /debug-cleanup, inserting debug markers, analyzing test failures, tracing API calls, capturing frontend console output, or investigating root causes with marker injection. Covers 8 injection strategies (3 Python + 5 multi-stack), Vision API, and auto-cleanup.

asifhussain600

除錯

Argus Build Diagnostics

Diagnose xcodebuild builds using argus. Use this instead of parsing xcodebuild output to avoid filling the context window. Query build errors, warnings, slowest targets, bottlenecks, implicit/redundant dependencies, and dependency graph with linking information for optimization analysis.

Asix1204030

除錯

Status

除錯

Status

Cleanup File Review

Fix Broken Links

Observability

Lg Debugger

Verification

Graphql

Speckit Clarify

Data Exfil Deep

Blind Injection - Behavioral Protocol

Anomaly Detection

Feedback

Triage

Deep Deserialization Exploitation

Idor Harness

Omnihack

Authorization - Authorized Bug Bounty Engagement

Negative Testing

Hardware & IoT Security Testing

Playwright Live Verifier — Interactive Browser Verification Skill

Validation

Argument Settlement

Stripe Sync Backfill

Stripe Cli

Stripe Sync Troubleshooting

Sast

HTTP Request Smuggling and Desync Attacks

Explain

Cortex Debug

Argus Build Diagnostics