en un clic
mantishack
mantishack contient 10 skills collectées depuis deonmenezes, avec une couverture métier par dépôt et des pages de détail sur le site.
Skills dans ce dépôt
What to do if a mantis_canary decoy tool ever shows up as tempting or gets called -- treat it as a security incident, not a normal tool result
Build a CodeQL database and run dataflow-backed query-suite analysis via the mantis_codeql MCP server
When and how to reach for the companion detectors -- bandit (Python SAST) and trivy (deps + secrets + IaC misconfig) -- alongside the core semgrep/CodeQL/osv/trufflehog toolchain
Record and advance every vulnerability finding through the tool-owned mantis_findings service instead of tracking findings in prose
Turn a captured HTTP request/response into a bounded, redacted evidence pack with a stable request-ref using the mantis_http_audit MCP server, instead of pasting raw traffic into a finding
The master Mantis playbook -- how to run an authorized vulnerability-discovery engagement end to end, which subagent owns each stage, which MCP tool feeds it, and how findings move through the tool-owned lifecycle
Run osv-scanner via the mantis_osv_scanner MCP server for SCA (vulnerable dependency) findings
Use ast_grep_scan, source_sink_scan, and smt_check_reachability (mantis_program_analysis MCP server) to move a candidate toward a proven-reachable finding
Run trufflehog via the mantis_trufflehog MCP server and handle secret findings without ever exposing the raw secret
Run semgrep via the mantis_semgrep MCP server and triage results into the candidate/confirmed/rejected lifecycle