Skip to content

Non-Scoped Skills

Crypto

TLS/SSL analysis and cryptographic failure detection. Runs as Sonnet (4K thinking budget).

  • TLS version and cipher suite analysis
  • Certificate validation checks
  • Weak cryptographic algorithm detection

Exceptions

Stack trace and debug mode detection. Runs as Sonnet (3K thinking budget).

  • Error page information disclosure
  • Debug mode detection
  • Stack trace analysis for technology fingerprinting

Supply Chain

OWASP A03:2025 — dependency and supply chain security. Runs as Opus medium (5K thinking budget).

  • Dependency confusion attacks
  • Subresource Integrity (SRI) checks
  • Docker layer secret scanning
  • Package manifest analysis

Deserialization

Java, PHP, .NET, Python, Ruby deserialization testing. Runs as Opus medium (5K thinking budget). Always runs regardless of tech stack.

  • Gadget chain detection
  • Serialized object injection
  • Language-specific deserialization vectors

LLM

Prompt injection and MCP attacks. Requires --llm flag. Runs as Sonnet (5K thinking budget).

  • Direct and indirect prompt injection
  • MCP tool abuse vectors
  • AI agent manipulation

Mobile

Android and iOS application testing. Requires --mobile ios|android flag. Runs as Sonnet (5K thinking budget).

  • APK/IPA static analysis
  • Frida/Objection dynamic analysis
  • Certificate pinning bypass
  • Local storage inspection

Web3

Smart contract and blockchain security testing. Requires --web3 flag. Runs as Opus medium (8K thinking budget).

  • Reentrancy and state management flaws
  • Flash loan attacks and oracle manipulation
  • Access control and governance vulnerabilities
  • MEV/frontrunning and sandwich attacks
  • Token standard compliance (ERC-20, ERC-721)
  • Signature replay and cryptographic flaws