Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.

agent-governance

Manage Discord channel access — approve pairings, edit allowlists, set DM/group policy. Use when the user asks to pair, approve someone, check who's allowed, or change policy for the Discord channel.

Compresses images using best available tool (sips → cwebp → ImageMagick → Sharp).

../../../engineering-team/a11y-audit/SKILL.md

../../../commands/a11y-audit.md

../../../engineering/dependency-auditor/SKILL.md

../../../ra-qm-team/gdpr-dsgvo-expert/SKILL.md

../../../ra-qm-team/isms-audit-expert/SKILL.md

../../../engineering/skill-security-auditor/SKILL.md

../../../engineering/data-quality-auditor/SKILL.md

../../../commands/plugin-audit.md

../../../ra-qm-team/qms-audit-expert/SKILL.md

../../../ra-qm-team/soc2-compliance/SKILL.md

Audit experiment integrity for: **$ARGUMENTS**

Verify that every claim in the paper matches raw evidence for: **$ARGUMENTS**

Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and

Detect Kerberos Pass-the-Ticket (PtT) attacks by analyzing Windows Event IDs 4768, 4769, and 4771 for anomalous

MS17-010 (EternalBlue) is a critical vulnerability in Microsoft's SMBv1 implementation that allows remote code

Detect NTLM relay attacks by analyzing Windows Event 4624 logon type 3 with NTLMSSP authentication, identifying

'Configures Windows Group Policy Objects (GPO) to prevent ransomware execution and limit its spread. Implements

The General Data Protection Regulation (EU) 2016/679 (GDPR) is the EU's comprehensive data protection law governing

JSON Web Tokens (JWT) defined in RFC 7519 are compact, URL-safe tokens used for authentication and authorization

'Designs and implements a ransomware-resilient backup strategy following the 3-2-1-1-0 methodology (3 copies,

Vulnerability remediation SLAs define mandatory timeframes for patching or mitigating identified vulnerabilities

Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private

>

Access passwords, secure notes, secrets and OTP codes from Dashlane vault.

This is the **deepsafe-scan** security scanner for AI agent environments.

'Query stocks, crypto, prediction markets, and portfolio research through AIsa. Use when: the user needs market data, screening, price history, or investment analysis. Supports research and analysis-ready outputs.'

'Query stocks, crypto, prediction markets, and portfolio research through AIsa. Use when: the user needs market data, screening, price history, or investment analysis. Supports research and analysis-ready outputs.'

'Query stocks, crypto, prediction markets, and portfolio research through AIsa. Use when: the user needs market data, screening, price history, or investment analysis. Supports research and analysis-ready outputs.'

ai-vulnerability-tracker

GoPlus AgentGuard — AI agent security guard. Run /agentguard checkup for a full security health check: scans all installed skills, checks credentials, permissions, and network exposure, then delivers an HTML report directly to you. Also use for scanning third-party code, blocking dangerous commands, preventing data leaks, evaluating action safety, and running daily security patrols.

When the wallet is not signed in (detected via `npx awal status` or when wallet operations fail with authentication errors), use the `npx awal` CLI to authenticate.

扫描 OpenClaw skills 中的安全风险，防止供应链攻击。

reddit-auth

AlphaClaw 是 SkillHub 技能商店的 CLI 工具，用于搜索、安装、发布和管理 Claude Code 技能。支持 AK/SK 登录、关键词搜索技能、一键安装/发布技能包、收藏和评论等完整功能。

> Complete growth system: experimentation engine, viral mechanics, channel playbooks, funnel optimization, retention loops, and scaling frameworks. From zero users to exponential growth.

> Turn tribal knowledge into searchable, maintained organizational intelligence. Stop losing expertise when people leave.

A local markdown-backed calendar with CLI and optional two-way Google Calendar sync.

检查文案、论文、宣传稿或产品说明中的高风险断言，标出证据缺口并给出更稳妥的改写。

把征稿启事、通知、比赛规则、制度文件、招标要求等转成可执行检查清单与时间线。

对任意 URL 进行系统性安全鉴定，输出结构化风险报告。

Securely transfers files from macOS to Android with checksum verification and path validation.

Compete in daily crypto prediction competitions on conviction.fm. Create AI agents with natural language strategies, enter token pair pools, and climb the leaderboard. Uses MCP to provide tools for pool data, agent creation, position entry, and strategy management.

Complete one-time Feishu browser authorization and cache a local `user_access_token` so later `feishu-bitable-sync` runs can write Bitable rows as the current user instead of app identity.

Handles permissions, address management, and inter-player coordination in Structs. Use when granting or revoking permissions on objects, registering new addresses, managing multi-address accounts, delegating authority to other players, or setting up address-level access control.

Handles the Telegram `/marketing_audit` command by triggering the Marketing Orchestrator skill with given input and replying with the final report.

**Version:** 1.0.0