Skip to main content
Exécutez n'importe quel Skill dans Manus
en un clic
rasata
Profil créateur GitHub

rasata

Vue par dépôt de 17 skills collectés dans 1 dépôts GitHub.

skills collectés
17
dépôts
1
mis à jour
2026-04-21
carte des dépôts

Où se trouvent les skills

Principaux dépôts par nombre de skills collectés, avec leur part dans ce catalogue créateur et leur couverture métier.

explorateur de dépôts

Dépôts et skills représentatifs

defensive-payload-analysis
Analystes en sécurité de l'information

Conduct a passive, read-only forensic analysis of a potentially malicious source-code tree. Use this skill when the user suspects a repository, archive, or directory contains hidden payloads, C2 code, obfuscated droppers, or compromised build configs (e.g. injected `tailwind.config.js`, trojaned `package.json` postinstall, suspicious base64 blobs). Produces a full report: attacker signature, payload location, statically decrypted IoCs (C2 IPs, ports, paths, XOR keys, drop paths, exfil endpoints).

2026-04-21
html-report-renderer
Développeurs web

Render reports/findings.json + reports/SUMMARY.md into a single-file, self-contained reports/SUMMARY.html whose visual quality matches the /reports/example-summary page on coldvault.dev. No external fonts, no JS framework, no network fetches — the user can double-click the file, email it, or host it anywhere.

2026-04-21
agentic-actions-auditor
Analystes en sécurité de l'information

Audit GitHub Actions / GitLab CI / CircleCI / Azure Pipelines workflows shipped in target/. Flags the high-risk patterns that have caused real-world supply-chain compromises (pwnrequest, pull_request_target, unpinned actions, secret exfiltration, script-injection via PR title/body).

2026-04-20
audit-context-building
Analystes en sécurité de l'information

Inventory the suspect repository (languages, frameworks, package managers, entry points, build system, CI) before any scan. Always run this first — subsequent skills depend on its output.

2026-04-20
constant-time-analysis
Analystes en sécurité de l'information

Inspect cryptographic code for timing leaks. Flags variable-time comparisons on secrets, early-exit loops, and library calls known to be variable-time. Limited static scope — the definitive check is micro-benchmarks on compiled binaries, but ~70% of timing bugs show up in source review.

2026-04-20
entry-point-analyzer
Analystes en sécurité de l'information

Map the attack surface of target/ — HTTP routes, CLI commands, exported library symbols, message-queue consumers, GitHub Actions triggers, IPC sockets. Produces reports/entry-points.md.

2026-04-20
insecure-defaults-hunter
Analystes en sécurité de l'information

Find default/weak/insecure configurations — weak crypto, TLS disabled, permissive CORS, debug mode in prod paths, unsafe deserialization switches, open S3 buckets, etc. These are the low-hanging fruit most noisy scanners miss.

2026-04-20
secrets-hunter
Analystes en sécurité de l'information

Find credentials, API keys, tokens, private keys, and high-entropy strings in target/. Combines gitleaks, trufflehog, detect-secrets, ggshield, and manual entropy grep. Triages each hit for live vs. test vs. revoked.

2026-04-20
Affichage des 8 principaux skills collectés sur 17 dans ce dépôt.
1 dépôts affichés sur 1
Tous les dépôts sont affichés