Skill UI

This skill assesses the AI readiness of a codebase by running a comprehensive audit against multiple technical and governance pillars. It generates a self-contained, detailed HTML dashboard that provides an overall maturity score, identifies strengths, and, most importantly, delivers a prioritized remediation plan (Fix First / Fix Next). Ideal for auditing repositories before major AI feature development.

This skill fetches and compares live pricing for various Azure services, such as Virtual Machines, Storage, and SQL Databases. It utilizes the Azure Retail Prices API to allow users to check costs in specific geographic regions or compare the same service across multiple regions, helping them find the most cost-effective deployment option.

This skill simulates a hostile, two-step review process to stress-test a paper's core claims. First, an adversarial reviewer constructs the single strongest rejection memo. Second, a fresh reviewer defends the paper point-by-point, identifying critical, unresolved weaknesses that standard reviews often miss. Ideal for pre-submission validation or rebuttal preparation.

This toolset provides a comprehensive development workflow for iterating on MicroPython applications (such as Claude Buddy, Hello, and Snake) on the Cardputer-Adv device. It allows developers to add new apps, push single updated .py files without full re-flashing, monitor device serial logs, or execute one-shot REPL commands directly from the host machine. Essential for rapid prototyping and debugging embedded systems.

A systematic auditor designed to evaluate the resilience and quality of complex AI workflows. It scans across five critical dimensions—Prompt Quality, Context Efficiency, Tool Health, Architecture Fitness, and Safety—providing a scored report and prioritized, actionable remediation steps. Use this tool to find hidden flaws and ensure robustness before deploying any AI agent or system.

A sophisticated payload bypass technique targeting Java applications. It exploits the silent loss of high 8 bits when 16-bit Java characters are cast or written as 8-bit bytes. This allows attackers to bypass WAF/IDS security measures by making the WAF see harmless Unicode, while the backend service processes the original malicious ASCII byte payload. Ideal for blind SQLi, deserialization RCE, and path traversal. This primitive affects major frameworks like Tomcat, Spring, Jackson, and HttpClient.

A comprehensive playbook detailing advanced techniques for exploiting glibc heap vulnerabilities using ptmalloc2. Covers various memory corruption primitives, including Use-After-Free, double free, and overflows. Provides version-specific guidance on bypassing modern protections like safe-linking (glibc >= 2.32) and RCE methods for post-2.34 environments.

A comprehensive playbook detailing how web applications can be vulnerable to attacks by manipulating the HTTP Host header. Covers critical techniques such as password reset poisoning, Web Cache Poisoning, Server-Side Request Forgery (SSRF), and Virtual Host bypass. Essential reading for penetration testers and security researchers.

This skill guides the detection and recovery of exposed version-control system (VCS) metadata, including paths for Git, SVN, and Mercurial, as well as common backup and configuration files. It is essential for authorized penetration testing when assessing an application's security posture against information leaks. Techniques include probing specific directories (e.g., /.git/HEAD) and analyzing status codes (e.g., 403 vs 404) to confirm exposure.

A comprehensive playbook detailing advanced JNDI injection techniques. Covers the abuse of JNDI lookups via RMI and LDAP, focusing on critical vulnerabilities like Log4Shell (CVE-2021-44228), deserialization gadgets, and post-8u191 bypass methods. Essential for deep-dive security testing and vulnerability research.

An expert playbook detailing advanced techniques for pivoting across compromised Linux hosts. Techniques cover SSH agent hijacking, credential harvesting from common system files, key extraction, and abusing internal services via D-Bus and systemd exploitation, crucial for post-exploitation stages.

A comprehensive playbook detailing advanced techniques for post-exploitation security bypass on Linux systems. Covers escaping restricted shells (rbash), evading noexec/read-only filesystems using in-memory execution (DDexec, memfd_create), and circumventing mandatory access controls like AppArmor and SELinux. Essential for penetration testing and red team operations.