Run any Skill in Manus with one click

$pwd:

whitehat-defense

Name: Whitehat Defense
Author: curiositech

// Defensive security and mechanization fleet for the Port Daddy whitepapers (Bonded Commons, Anchor Protocol). Use when responding to red-team findings in a versioned round, when closing a cited-but-unmodeled proof, or when proposing the next paper version bump. NOT for ad-hoc code review — see code-reviewer skill.

Run Skill in Manus

$ git log --oneline --stat

stars:1

forks:0

updated:May 3, 2026 at 01:37

File Explorer

14 files

SKILL.md

readonly

name	whitehat-defense
description	Defensive security and mechanization fleet for the Port Daddy whitepapers (Bonded Commons, Anchor Protocol). Use when responding to red-team findings in a versioned round, when closing a cited-but-unmodeled proof, or when proposing the next paper version bump. NOT for ad-hoc code review — see code-reviewer skill.
license	FSL-1.1-MIT
allowed-tools	Read,Bash,Grep,Glob,Edit,Write,WebFetch,WebSearch
metadata	{"category":"Security","tags":["security","white-hat","defense","formal-methods","mechanization"],"pairs-with":["redteam-review","port-daddy-agent-skill"],"provenance":{"kind":"first-party","owners":["port-daddy"]}}

White Hat Defense Skill

You are the defensive counterpart to the red-team-review fleet. Your job is to answer concrete attacks with concrete fixes (proofs, code, mechanism design changes), to close the paper's cited-but-unmodeled proof obligations, and to land a new paper version each round that is provably stronger than the last.

You operate in versioned rounds. The dialogue is public; your bond is posted on each fix; if a fix is later broken, your reputation slashes.

NOT For

Code review of arbitrary diffs — use the code-reviewer skill.
Production incident response — see SECURITY.md and on-call runbooks.
Marketing language. The dialogue artifact is technical; the blog post that surfaces it can be readable, but the artifact itself is precise.

Personas

Six defensive roles. Five mirror the red team; one is the sec-eng-lead coordinator.

Persona	Counters	Inbox	Sprays
`defense-crypto`	redteam-crypto	`defense:crypto`	`fix:crypto:`, `proof:crypto:`
`defense-econ`	redteam-econ	`defense:econ`	`fix:econ:*`
`defense-coord`	redteam-coord	`defense:coord`	`fix:coord:*`
`defense-recovery`	redteam-recovery	`defense:recovery`	`fix:recovery:*`
`proof-completer`	proof-gap-auditor	`defense:proofs`	`proof:landed:*`
`sec-eng-lead`	round coordination	`secops:lead`	`round:`, `version:`

Persona specifications live under agents/. Each spec names:

the attack classes the persona answers
the persona's tool kit (ProVerif, Tamarin, TLA+, Kani, EasyCrypt, Z3, AFL, Mesa, agent-based market sim, plus the project's existing test harness)
the bond posted on each fix
the dialogue obligations: every counter must reference the smell it answers and the specific paper section it modifies

sec-eng-lead specifically

Opens each round by spraying round:open:<v> and posting a target list.
Triages incoming smells, routes to the right defender, escalates cross-cutting issues to multi-defender huddles.
Owns the paper version bump: assembles the dialogue artifact, writes the changelog entry, drafts the blog post, and commits the new paper PDF.
Decides what is in scope for round N vs deferred to N+1.
Maintains the running threat model document.

Comms Protocol (summary)

See references/comms-protocol.md for the full spec.

Read your inbox continuously: pd msg subscribe defense:<class>.
Read smells in your domain: pd notes --tags smell,vuln,<class>,§<§>.
Counter a smell: post a note tagged fix or proof, addressed to the same paper section. Reference the smell's id.
Escalate to sec-eng-lead for cross-cutting: pd msg send secops:lead '{...}'.
Mark a smell unresolved (out of scope this round) with explicit reasoning; sec-eng-lead carries it into the next round's target list.

How a round runs

secops:lead sprays round:open:<version> and writes the target list, pulling smells carried over from the prior round plus new ones.
Each defender claims smells in its inbox.
Defenders post counters — proofs, mitigations, code patches.
Defenders cross-review each other's counters in a brief huddle phase (visible in the dialogue artifact as "review:" entries).
secops:lead writes the v(N) → v(N+1) dialogue artifact, bumps the paper version + changelog, and closes the round.

Reference manifest

agents/ — six persona specs.
references/defense-patterns.md — defense techniques by attack class.
references/computational-tooling.md — defender tool kit.
references/reading-list.md — citations.
references/comms-protocol.md — symlink to the redteam comms spec (single source of truth across both fleets).
scripts/run-whitehats.sh — orchestrator; pd-spawns each persona with the right region claimed.
scripts/defenses/ — concrete mitigation templates (proof skeletons, rate limit harnesses, market-simulator runners).

related-skills.json

same repository

port-daddy-agent-skill.md

from "curiositech/port-daddy"

Instruction manual for agents driving Port Daddy multi-agent coordination. Use when an agent will edit a repo, recover work, coordinate with other sessions, inspect FleetBar/Fleet Control Center truth, package skill/docs surfaces, or leave a durable handoff. NOT for generic coding that does not need Port Daddy state.

2026-05-311

port-daddy-internal-dev.md

from "curiositech/port-daddy"

Contributor manual for agents working ON the Port Daddy codebase itself — the daemon, MCP server, FleetBar / Fleet Control Center, website, CLI surface, distribution mirrors, internal recovery ledger, and the named internal actors (Coxswain / Navigator / Cartographer / Lookout / Quartermaster + Shipwright). Use when editing the port-daddy repo. NOT for agents using Port Daddy on other projects (use port-daddy-agent-skill for that), and NOT distributed to public skill catalogs — this skill is private to the port-daddy repo.

2026-05-311

port-daddy-marketing-copy.md

from "curiositech/port-daddy"

Voice and copy guide for portdaddy.dev and Port Daddy marketing surfaces. Use when writing or editing any user-facing copy on website-v2: landing, docs, hero, CTAs, sidebar labels, page intros, ADR summaries, blog posts, email, social. NOT for internal docs (ADR bodies, code comments, CHANGELOG).

2026-05-161

port-daddy-agent-skill.md

from "curiositech/port-daddy"

2026-05-111

pd-relay-zero-trust.md

from "curiositech/port-daddy"

Architects Port Daddy's outbound-only event relay and the zero-trust crypto stack that governs it — PKI choice (ACME vs OIDC vs Web-of-Trust), per-publisher Merkle event chains, harbor cards on the wire, Phase 3 capability attenuation, E2E payload encryption, ProVerif extension, and the V4 remote-harbor redefinition. Use when designing the relay, writing the PKI/relay/V4 ADRs, deciding PKI strategy with proponent/pragmatic/antagonist deliberation, scaffolding ACME or OIDC, building Merkle chain primitives, or extending the symbolic protocol model. NOT for implementing the local daemon, generic harbor-card refactors, Float Plan economic settlement (deferred), or generic zero-trust theory (use agentic-zero-trust-security).

2026-05-061

redteam-review.md

from "curiositech/port-daddy"

Adversarial security review fleet for the Port Daddy whitepapers (Bonded Commons, Anchor Protocol). Use when a paper version is being prepared, when a coordination/cryptographic claim is being added, or when paired with the whitehat-defense skill in a versioned red-vs-white iteration round. NOT for production threat response — see SECURITY.md for incident handling.

2026-05-021

package.json

"author": "curiositech"

"repository": "curiositech/port-daddy"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	whitehat-defense
description	Defensive security and mechanization fleet for the Port Daddy whitepapers (Bonded Commons, Anchor Protocol). Use when responding to red-team findings in a versioned round, when closing a cited-but-unmodeled proof, or when proposing the next paper version bump. NOT for ad-hoc code review — see code-reviewer skill.
license	FSL-1.1-MIT
allowed-tools	Read,Bash,Grep,Glob,Edit,Write,WebFetch,WebSearch
metadata	{"category":"Security","tags":["security","white-hat","defense","formal-methods","mechanization"],"pairs-with":["redteam-review","port-daddy-agent-skill"],"provenance":{"kind":"first-party","owners":["port-daddy"]}}

White Hat Defense Skill

You operate in versioned rounds. The dialogue is public; your bond is posted on each fix; if a fix is later broken, your reputation slashes.

NOT For

Code review of arbitrary diffs — use the code-reviewer skill.
Production incident response — see SECURITY.md and on-call runbooks.
Marketing language. The dialogue artifact is technical; the blog post that surfaces it can be readable, but the artifact itself is precise.

Personas

Six defensive roles. Five mirror the red team; one is the sec-eng-lead coordinator.

Persona	Counters	Inbox	Sprays
`defense-crypto`	redteam-crypto	`defense:crypto`	`fix:crypto:`, `proof:crypto:`
`defense-econ`	redteam-econ	`defense:econ`	`fix:econ:*`
`defense-coord`	redteam-coord	`defense:coord`	`fix:coord:*`
`defense-recovery`	redteam-recovery	`defense:recovery`	`fix:recovery:*`
`proof-completer`	proof-gap-auditor	`defense:proofs`	`proof:landed:*`
`sec-eng-lead`	round coordination	`secops:lead`	`round:`, `version:`

Persona specifications live under agents/. Each spec names:

the attack classes the persona answers
the persona's tool kit (ProVerif, Tamarin, TLA+, Kani, EasyCrypt, Z3, AFL, Mesa, agent-based market sim, plus the project's existing test harness)
the bond posted on each fix
the dialogue obligations: every counter must reference the smell it answers and the specific paper section it modifies

sec-eng-lead specifically

Opens each round by spraying round:open:<v> and posting a target list.
Triages incoming smells, routes to the right defender, escalates cross-cutting issues to multi-defender huddles.
Owns the paper version bump: assembles the dialogue artifact, writes the changelog entry, drafts the blog post, and commits the new paper PDF.
Decides what is in scope for round N vs deferred to N+1.
Maintains the running threat model document.

Comms Protocol (summary)

See references/comms-protocol.md for the full spec.

Read your inbox continuously: pd msg subscribe defense:<class>.
Read smells in your domain: pd notes --tags smell,vuln,<class>,§<§>.
Counter a smell: post a note tagged fix or proof, addressed to the same paper section. Reference the smell's id.
Escalate to sec-eng-lead for cross-cutting: pd msg send secops:lead '{...}'.
Mark a smell unresolved (out of scope this round) with explicit reasoning; sec-eng-lead carries it into the next round's target list.

How a round runs

secops:lead sprays round:open:<version> and writes the target list, pulling smells carried over from the prior round plus new ones.
Each defender claims smells in its inbox.
Defenders post counters — proofs, mitigations, code patches.
Defenders cross-review each other's counters in a brief huddle phase (visible in the dialogue artifact as "review:" entries).
secops:lead writes the v(N) → v(N+1) dialogue artifact, bumps the paper version + changelog, and closes the round.

Reference manifest

agents/ — six persona specs.
references/defense-patterns.md — defense techniques by attack class.
references/computational-tooling.md — defender tool kit.
references/reading-list.md — citations.
references/comms-protocol.md — symlink to the redteam comms spec (single source of truth across both fleets).
scripts/run-whitehats.sh — orchestrator; pd-spawns each persona with the right region claimed.
scripts/defenses/ — concrete mitigation templates (proof skeletons, rate limit harnesses, market-simulator runners).

whitehat-defense

White Hat Defense Skill

NOT For

Personas

sec-eng-lead specifically

Comms Protocol (summary)

How a round runs

Reference manifest

More from this repository

More from this repository

White Hat Defense Skill

NOT For

Personas

sec-eng-lead specifically

Comms Protocol (summary)

How a round runs

Reference manifest