Use when debugging interactive CLI, REPL, TUI, ssh, telnet, nc, watch-mode, dev server, long-running command, terminal prompt flow, or any command that may not exit. Provides a PTY-backed MCP workflow for spawning terminal sessions, sending text and keys, reading output, managing multiple sessions, and exporting full transcripts.
This skill should be used when a user asks to debug an interactive CLI, REPL, TUI, prompt loop, shell wizard, watch mode, long-running terminal process, or any command that hangs, waits for input, redraws incorrectly, needs multiple inputs, behaves differently in a real terminal, or requires comparing tmux panes. Trigger on phrases like “it hangs after Continue?”, “the prompt never appears,” “my curses UI breaks in a small terminal,” “the watcher only fails after I answer the prompt,” or “inspect pane 2.”
macOS offensive security assistant — helps engineers audit applications for security vulnerabilities, identify bypass vectors in macOS security controls, and learn macOS internals through real-world case studies (CVEs). Covers: app vulnerability assessment (entitlement/injection/sandbox/TCC analysis), system internals, binary analysis, shellcode crafting (x64/ARM64), dylib injection, Mach IPC exploitation, function hooking, XPC attacks, sandbox escapes, TCC bypasses, symlink/hardlink attacks, kernel code execution, persistence mechanisms, Gatekeeper/XProtect bypass, AMFI/MACF internals, launch constraints, application-runtime injection (Electron/Chromium/NIB/.NET/Java/Python), IOKit/DriverKit driver attacks, MDM/DEP exploitation, keychain attacks, dangerous entitlements, and full penetration testing workflows. Use this skill whenever the user asks about: checking macOS apps for security issues, auditing entitlements or sandbox profiles, learning macOS security internals, macOS security research, macOS privile
微步在线威胁情报查询工具。支持IP、域名、文件哈希威胁情报查询,漏洞情报查询,资产测绘等功能。支持微信登录自动化和X语言高级搜索。当用户需要查询威胁情报、进行资产测绘或使用微步在线平台时,应使用此技能。
This skill should be used when the user asks to "close the case", "conclude the investigation", "wrap up", "present findings", or when the convergence check indicates the case has been solved. Produces the final resolution with complete evidence chain.
This skill should be used when the user asks to "discuss the case", "brainstorm about the investigation", "I'm stuck", "what do you think", or when the investigation loop detects a deadlock, hypothesis ambiguity, or needs user input to break a tie. Facilitates structured case discussion.
This skill should be used when the user asks to "investigate", "continue the investigation", "run the detective loop", "next investigation step", or wants to execute the Scan-Evolve-Focus-Act-File cycle on an active case. Runs the core investigation loop with periodic checkpoints.
This skill should be used when the user asks to "open a case", "start an investigation", "investigate this problem", "begin detective mode", or wants to apply structured investigation methodology to solve an unknown-target problem. Initializes a CaseBoard and begins the case-opening phase.