Skill UI

Runs post-compromise privilege escalation assessments on Linux and Windows hosts by enumerating misconfigurations, services, SUID binaries, kernel exploits, cron jobs, and credential stores to prove how initial low-privilege access turns into root/SYSTEM, useful for red teams validating controls.

Defines best practices for securing Helm chart deployments: verifying chart provenance, scanning rendered templates for misconfigurations, enforcing security and RBAC contexts, and managing secrets during Helm releases in Kubernetes.

Guides security testers through identifying and exploiting CORS misconfigurations on API endpoints and SPAs so unauthorized cross-domain data access and credential theft can be detected and proven during penetration testing.

Provides CLI-driven access control for a Discord channel by reading/writing the shared JSON state. Use it to approve pairings, edit allowlists, set DM/group policies, and keep the channel server informed without touching Discord directly.

Implements Sigstore-based signing and verification for containers, binaries, and artifacts via Cosign keyless signing, Rekor transparency checks, and Fulcio certificates so CI/CD pipelines can prove provenance and enforce signed-image policies.

Continuously modernizes Go projects by diagnosing outdated patterns, suggesting upgrades to the latest language features, standard library improvements, and tooling, and guiding developers on safe, scoped refactors when working with Go 1.21–1.26 codebases.

Provides Go performance optimization patterns, guiding engineers from profiling to targeted improvements across allocations, CPU, GC, caching, and hot paths when benchmarks reveal a bottleneck.

A CLI wrapper for Feishu approval APIs that guides you to inspect approval instances, cancel or CC them, and handle tasks such as approve, reject, transfer, or query after reviewing the schema to understand the required fields.