Security & Testing Agent Skills

Semgrep Rule Creator

Generates and validates production-quality Semgrep rules to detect security vulnerabilities and complex code patterns using a test-driven approach.

Cairo/StarkNet Security Scanner

Scans Cairo smart contracts for critical vulnerabilities including arithmetic overflows, L1-L2 messaging flaws, and signature replay attacks.

OWASP Security & Best Practices

Audits code for vulnerabilities and implements industry-standard protection patterns based on OWASP 2025 and Agentic AI security guidelines.

Cosmos Blockchain Security Scanner

Audits Cosmos SDK modules and CosmWasm smart contracts for consensus-critical vulnerabilities and security risks.

Agent Evaluation & Benchmarking

Evaluates and benchmarks LLM agents using behavioral testing, reliability metrics, and production monitoring to ensure consistent performance in real-world scenarios.

Kosmos E2E Testing Suite

Automates comprehensive end-to-end testing for the Kosmos autonomous AI scientist project across local and cloud LLM providers.

Repository Quality Scoring

Quantifies repository health and production-readiness through weighted scoring across documentation, security, CI/CD, and community standards.

Compliance Standards

Automates compliance audits against industry-standard security and quality frameworks like OpenSSF, OWASP, and SOC2.

Verification Before Completion

Enforces rigorous verification protocols and evidence-based reporting before any task or code change is claimed as complete.

Differential Security Review

Performs security-focused differential reviews of code changes to detect vulnerabilities and prevent regressions in PRs and commits.

Fuzzing Obstacle Bypass

Patches codebases to bypass checksums, non-deterministic states, and validation barriers to improve fuzzer coverage.

CyberSorted Lite Security Advisory

Provides expert cybersecurity advisory, threat modeling, and compliance mapping tailored to CISO, CTO, and Security Architect roles.

Property-Based Testing Guide

Implements advanced property-based testing strategies to ensure robust code reliability across multiple programming languages and smart contracts.

Git Hook Manager

Configures and troubleshoots git hooks using Husky, Lefthook, and other industry-standard frameworks to automate code quality checks.

Pytest Python Testing

Automates the creation and management of robust Python test suites using the industry-standard pytest framework.

Computer Use Automation & QA Testing

Automates web application testing by generating Playwright-based test harnesses and natural-language goal files for Gemini 2.5 Computer Use.

OSS-Fuzz Security Testing

Implements continuous fuzz testing infrastructure for open-source projects using Google's OSS-Fuzz framework.

Verification Before Completion

Enforces a rigorous evidence-based protocol that requires fresh command output before any task is claimed as finished or fixed.

YARA-X Malware Rule Authoring

Authors high-performance YARA-X detection rules for precise malware identification and threat hunting.

Systematic Debugging

Implements a rigorous four-phase protocol to identify root causes and eliminate bugs through evidence-based troubleshooting rather than trial and error.

Defense-in-Depth Validation

Implements multi-layer data validation strategies to prevent bugs and ensure system stability across all execution levels.

Workflow Debug

Systematically debugs complex software errors through hypothesis-driven analysis, solution comparisons, and multi-layer verification.

TDD Workflow for AWS Automation

Enforces a strict Red-Green-Refactor testing methodology for Python-based AWS infrastructure and CLI tools.

k6 Load Testing

Automates performance and load testing workflows using the k6 framework to ensure application scalability.

Ethical Hacking Methodology

Guides users through the complete penetration testing lifecycle from initial reconnaissance to professional security reporting.

Strict Verification Before Completion

Enforces a rigorous evidence-based workflow that requires successful verification commands before any task is claimed as complete.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all production code is verified by failing tests first.

Privilege Escalation Methods

Provides actionable techniques and command-line references for escalating user privileges on Linux and Windows systems.

Systematic Debugging

Implements a rigorous four-phase framework to identify root causes and eliminate trial-and-error debugging during development.

SARIF Security Results Parser

Parses, aggregates, and analyzes Static Analysis Results Interchange Format (SARIF) files to streamline security vulnerability management.