Skip to main content
Run any Skill in Manus
with one click
GitHub repository

defending-code-reference-harness

defending-code-reference-harness contains 7 collected skills from anthropics, with repository-level occupation coverage and site-owned skill detail pages.

skills collected
7
Stars
6.4k
updated
2026-07-11
Forks
518
Occupation coverage
4 occupation categories ยท 100% classified
repository explorer

Skills in this repository

verify
software-quality-assurance-analysts-and-testers

Verify harness changes end-to-end without docker โ€” drive the real pinned CLI against a header-capturing stub server with the exact env resolve_auth_env() produces.

2026-07-11
customize
computer-occupations-all-other

Adapt this C/C++ ASAN vulnerability pipeline to a different vulnerability class, target shape, language, or detection mechanism. Use when the user wants to port, migrate, retarget, customize, or fork the pipeline for something other than C/C++ memory-safety bugs โ€” web apps, smart contracts, deserialization, ML systems, or any other domain.

2026-05-22
patch
software-developers

Generate candidate fixes for verified security findings. Consumes TRIAGE.json (preferred), VULN-FINDINGS.json, or a vuln-pipeline results directory. Pipeline input is delegated to the execution-verified `vuln-pipeline patch` ladder; static-analysis input gets a per-finding patch subagent + independent reviewer and is written as inert diffs for human review. Writes PATCHES/bug_NN/{patch.diff,patch_result.json}, PATCHES.md, and PATCHES.json. Use when asked to "fix the findings", "patch these vulns", "generate fixes", or "close the loop on triage".

2026-05-22
quickstart
software-developers

The front door for this repo. With no argument: a 30-second intro, then an offer to walk you through your first run on the canary target. With a question: answers it from this repo's own docs and source, cites where it looked, and hands you the next command. Use for "how do Iโ€ฆ", "why doesโ€ฆ", "where isโ€ฆ", "can thisโ€ฆ", or just "/quickstart" to get oriented.

2026-05-22
threat-model
information-security-analysts

Build a threat model for a target codebase. Three modes: "interview" walks an application owner through the four-question framework and produces a threat model from their answers; "bootstrap" derives a threat model from the code plus past vulnerabilities (CVEs, git history, pentest reports) when no owner is available; "bootstrap-then-interview" chains the two when both owner and codebase are present. All write THREAT_MODEL.md in a shared schema. Use when asked to "threat model", "build a threat model", "map the attack surface", or "what should we be worried about in this codebase".

2026-05-22
triage
information-security-analysts

Triage a batch of raw security findings. Verify each is real, collapse duplicates, re-rank by derived exploitability, and tag with an owner. Takes a directory or file of scanner output and writes TRIAGE.json + TRIAGE.md sorted by what actually needs engineering attention. Use when asked to "triage findings", "validate scanner output", "prioritize vulns", or "review the backlog". Runs interactively by default; pass --auto to skip the interview.

2026-05-22
vuln-scan
information-security-analysts

Static source-code vulnerability scan. Reads a target directory (and THREAT_MODEL.md if present), spawns parallel review subagents per focus area, and writes VULN-FINDINGS.json + .md for /triage to consume. Read-only โ€” no building, running, or network. For execution-verified crashes, use vuln-pipeline instead. Use when asked to "scan for vulns", "review this code for security issues", "find bugs in <dir>", or as the step between /threat-model and /triage.

2026-05-22
defending-code-reference-harness Agent Skills... | SkillsMP