Security & Testing Agent Skills

IDAPython Reverse Engineering

Automates IDA Pro binary analysis and reverse engineering tasks using modern IDAPython scripting patterns.

Prompt Guard Safety Alignment

Protects LLM applications by detecting and filtering prompt injections and jailbreak attempts with high precision.

LlamaGuard AI Content Moderation

Moderates LLM inputs and outputs using Meta's specialized LlamaGuard models to ensure safety and policy compliance across six critical categories.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow by requiring failing tests before any production code implementation.

Security Audit & Code Review

Conducts comprehensive security audits of codebases to identify OWASP vulnerabilities, hardcoded secrets, and unsafe implementation patterns.

Security-First PR Reviewer

Performs deep security audits and compatibility checks on Pull Requests to prevent malicious code injection and breaking changes.

Vitest Testing Framework

Streamlines unit and integration testing using the Vitest framework with Vite-native performance and Jest-compatible APIs.

Test with Spanner

Executes Go unit tests requiring the Spanner emulator by automating environment configuration and lifecycle management.

Secure Smart Contract Workflow

Automates the Trail of Bits 5-step secure development process for smart contracts, including vulnerability scanning, architectural visualization, and property-based testing setup.

Solana Vulnerability Scanner

Scans Solana and Anchor programs for critical security vulnerabilities including arbitrary CPI, improper PDA validation, and missing signer checks.

Cairo Vulnerability Scanner

Scans Cairo and StarkNet smart contracts for critical security vulnerabilities including arithmetic overflows, L1-L2 messaging flaws, and signature replay attacks.

Cosmos Vulnerability Scanner

Scans Cosmos SDK and CosmWasm codebases for consensus-critical security vulnerabilities, non-determinism, and logic errors.

Code Maturity Assessor

Evaluates codebase security and maturity using the Trail of Bits 9-category framework to provide actionable risk reports.

TON Smart Contract Security Scanner

Analyzes TON blockchain smart contracts written in FunC to identify critical vulnerabilities in boolean logic, Jetton handling, and gas management.

Second Opinion Code Review

Conducts independent, multi-model code reviews using OpenAI Codex and Google Gemini CLI to identify bugs, security flaws, and performance issues.

Algorand Vulnerability Scanner

Audits Algorand smart contracts written in TEAL or PyTeal to detect and remediate 11 critical security vulnerabilities.

Substrate Vulnerability Scanner

Scans Substrate and Polkadot pallets for critical security vulnerabilities like arithmetic overflows, panic-driven DoS, and improper origin checks.

Trail of Bits Smart Contract Guidelines Advisor

Analyzes smart contract codebases to provide security-focused architectural reviews and development guidance based on Trail of Bits' best practices.

Debug Buttercup CRS

Diagnoses and troubleshoots the Buttercup Cyber Reasoning System running on Kubernetes clusters.

Token Integration Analyzer

Analyzes smart contract token implementations and integrations to identify security vulnerabilities and non-standard ERC20/ERC721 behaviors.

Audit Prep Assistant

Prepares codebases for professional security reviews by automating static analysis, optimizing test coverage, and generating architectural documentation.

Insecure Defaults Detection

Identifies critical fail-open vulnerabilities where applications run with insecure default configurations instead of crashing safely.

YARA-X Rule Authoring

Guides the creation of high-performance, precision YARA-X rules for malware detection and security auditing.

Burp Suite Web Application Testing

Performs comprehensive web application security audits by intercepting, analyzing, and modifying HTTP traffic using Burp Suite's professional toolset.

XSS & HTML Injection Testing

Conducts comprehensive security audits to identify, exploit, and remediate client-side injection vulnerabilities in web applications.

IDOR Vulnerability Testing

Conducts systematic security audits to identify and mitigate Insecure Direct Object Reference (IDOR) vulnerabilities in web applications and APIs.

File Path Traversal Testing

Identifies and tests for directory traversal vulnerabilities to ensure secure filesystem access in web applications.

Red Team Tools & Security Research

Automates reconnaissance, vulnerability discovery, and security auditing using industry-standard red team methodologies.

Wireshark Network Traffic Analysis

Analyzes network traffic, captures packets, and troubleshoots connectivity using advanced Wireshark filtering and protocol analysis techniques.

SSH Penetration Testing Toolset

Conducts comprehensive SSH security assessments including enumeration, credential testing, and vulnerability exploitation.