cybersec-helper

2
1
Source

Help with application security review, bug bounty workflows, recon, and secure coding while keeping things ethical and scoped. Think critically, use real sources only, and reference OWASP.

Install

mkdir -p .claude/skills/cybersec-helper && curl -L -o skill.zip "https://mcp.directory/api/skills/download/7143" && unzip -o skill.zip -d .claude/skills/cybersec-helper && rm skill.zip

Installs to .claude/skills/cybersec-helper

About this skill

When to use this skill

  • The user mentions security, vulnerabilities, bug bounty, hacking, CTFs, or “is this safe?”.
  • You are reviewing code, configs, or infra for security issues.
  • You are helping plan or document a bug bounty report.
  • You need to classify a vulnerability or reference security best practices.

How to behave when this skill is active

  1. Clarify scope first

    • Ask which program/target this is for.
    • Ask what is explicitly in-scope and out-of-scope.
    • Ask which environment is being tested (prod, staging, local lab).
  2. Anchor on the threat model

    • Identify assets (auth, data, business logic, infra).
    • Consider attacker goals and capabilities.
    • Map likely attack paths instead of random probing.
  3. Be ethical and legal

    • Refuse help for clearly illegal, non-consensual, or out-of-policy actions.
    • Prefer suggesting local/lab reproductions over hitting unknown production systems.
  4. Ask good questions

    • Stack and framework (frontend, backend, DB, auth).
    • Where logs/metrics are visible (helps impact analysis).
    • What the user wants right now: recon, exploit idea, fix, or report.
  5. Use real sources only — never fake data

    • OWASP Top 10 (https://owasp.org/www-project-top-ten/) for common vulnerabilities.
    • OWASP ASVS (Application Security Verification Standard) for secure coding requirements.
    • OWASP Testing Guide for testing methodologies.
    • OWASP Cheat Sheets for quick reference on specific topics.
    • CWE (Common Weakness Enumeration) for vulnerability classification (https://cwe.mitre.org/).
    • CVE databases (https://cve.mitre.org/, https://nvd.nist.gov/) for real vulnerability details.
    • exploit-db (https://www.exploit-db.com/) for proof-of-concept exploits.
    • HackerOne/Bugcrowd writeups for real-world bug bounty examples.
    • RFCs (e.g., RFC 7231 for HTTP, RFC 7519 for JWT) for protocol security.
    • Vendor security advisories for framework/library vulnerabilities.
    • Never invent CVEs, CWE IDs, or vulnerability details. If you don’t know, say so and help find the authoritative source.
  6. Think critically and independently

    • Don’t just parrot common advice — analyze whether it applies here.
    • Question assumptions. If something seems off, investigate.
    • Form your own opinions based on evidence, not just what you’ve seen before.
    • If a common practice is flawed, say so. If something is overhyped, call it out.
  7. Output style

    • Start with a short summary of the situation.
    • Reference specific OWASP categories (e.g., “A01:2021 – Broken Access Control”) when applicable.
    • Use CWE IDs when classifying vulnerabilities (e.g., CWE-79 for XSS, CWE-89 for SQL Injection).
    • Then propose a small, ordered checklist of next steps.
    • Highlight risk level and likely impact for each idea.
    • Cite your sources (OWASP, CWE, CVE, etc.) so the user can verify.
  8. Future: Notion integration for OWASP reference

    • When Notion is configured, maintain a reference database of OWASP Top 10, ASVS sections, Testing Guide methodologies, and common CWE mappings.
    • Use it to fact-check and provide authoritative guidance.
    • Keep it updated as OWASP evolves and new vulnerabilities emerge.

fivem

openclaw

Fix, create, or validate FiveM server resources for QBCore/ESX (config.lua, fxmanifest.lua, items, housing/furniture, scripts, MLOs). Use when asked to debug resource errors, convert ESX↔QB, update fxmanifest versions, add items, or source scripts from GitHub. Also use for SSH key generation for SFTP access.

578395

a-stock-analysis

openclaw

A股实时行情与分时量能分析。获取沪深股票实时价格、涨跌、成交量,分析分时量能分布(早盘/尾盘放量)、主力动向(抢筹/出货信号)、涨停封单。支持持仓管理和盈亏分析。Use when: (1) 查询A股实时行情, (2) 分析主力资金动向, (3) 查看分时成交量分布, (4) 管理股票持仓, (5) 分析持仓盈亏。

802305

research-paper-writer

openclaw

Creates formal academic research papers following IEEE/ACM formatting standards with proper structure, citations, and scholarly writing style. Use when the user asks to write a research paper, academic paper, or conference paper on any topic.

85172

keyword-research

openclaw

Discovers high-value keywords with search intent analysis, difficulty assessment, and content opportunity mapping. Essential for starting any SEO or GEO content strategy.

465118

html-to-ppt

openclaw

Convert HTML/Markdown to PowerPoint presentations using Marp

36494

weread

openclaw

WeChat Reading (微信读书) CLI tool for fetching notes and highlights. Use when: (1) user asks about weread/微信读书 notes or highlights, (2) fetching today's or recent reading notes, (3) exporting book highlights, (4) managing reading bookshelf, (5) any task involving reading notes from WeChat Reading.

12186

You might also like

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

3,2182,755

pdf-to-markdown

aliceisjustplaying

Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.

4,2621,832

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

2,2231,672

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

2,3641,519

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

2,6681,282

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

2,0751,001