Explore skills

Identifies and exploits API security misconfigurations such as mass assignment, JWT attacks, prototype pollution, CORS, and HTTP verb tampering.

A skill for hunting race condition vulnerabilities, developed from 12 public bug bounty reports. It covers modern HTTP/2 single-packet attack cases and common scenarios like coupon double-redemption, gift-card double-spend, MFA-OTP-validate race, account-create race, and crypto token double-spend.

This skill performs security audits for meme coins and tokens, detecting rug pulls, analyzing Solana SPL tokens, and identifying Token-2022 extension risks. It also covers DEX liquidity pool attacks and integration risks with platforms like pump.fun, Raydium, and Jupiter.

Methodology for detecting client SOC patches, attacker activity, and security-state changes during a red-team engagement, converting these observations into deliverable findings. This approach is based on real red-team work where clients patched vulnerabilities quickly and external attackers were active.

Smart contract security audit covering 10 DeFi bug classes (accounting desync, access control, etc.), pre-audit kill signals, Foundry PoC template, grep patterns, and Immunefi examples. Useful for Solidity/Rust audits or evaluating DeFi targets.

Audit token waste across agent systems (Claude Code, Codex, OpenClaw, Hermes, OpenCode). Detect idle burns, model misrouting, and config bloat with dollar savings.

Find the ghost tokens. Audit Claude Code or Codex setup, see where context goes, fix it. Use when context feels tight.

Audit your OpenClaw setup for token waste, context bloat, and cost optimization opportunities

OWASP Top 10, security headers, CSP, XSS prevention, and vulnerability prevention.

Expert skill for protocol fuzzing, vulnerability discovery, and security testing.

Developer security training and assessment for secure coding practices and vulnerability prevention

Dynamic Application Security Testing execution and management. Configure and execute OWASP ZAP and Nuclei scans, run authenticated scanning, manage scan policies and scope, correlate findings with SAST results, and generate comprehensive vulnerability reports.