Container and Kubernetes security assessment — image vulnerability scanning, SBOM diff analysis, K8s cluster auditing, RBAC privilege mapping, NetworkPolicy review, container escape testing, and runtime monitoring (Falco/Tetragon). Use when scanning Docker/OCI images, auditing K8s clusters, reviewing Dockerfiles, diffing SBOMs across releases, analyzing RBAC, or assessing container runtime posture. Triggers on requests involving Trivy, Grype, Syft, Kubescape, kube-bench, Falco, container escapes, or CIS Docker/K8s benchmarks.
Software Composition Analysis: find vulnerable dependencies, correlate CVE/GHSA/OSV across ecosystems, generate CycloneDX/SPDX SBOMs, assess license compliance, and run reachability-aware triage to suppress unexploitable findings. Use when scanning package dependencies (npm, PyPI, Maven, Cargo, Go, RubyGems, Composer), reviewing PR lockfile diffs, generating SBOMs, auditing licenses, hunting malicious packages, or auditing the software supply chain. Triggers on requests to scan dependencies, check vulnerable packages, generate SBOM, license compliance, typosquat/dependency-confusion review, or reachability-based vuln triage.
Comprehensive Android mobile application penetration testing with rooted-device ADB and Frida-based MCP tooling. Covers OWASP MASTG full methodology: recon, static + dynamic analysis, SSL/root bypass, IPC fuzzing, data exfiltration, crypto audit, and reporting. Triggers on requests to pentest Android apps, analyze APKs, bypass mobile security controls, or run MASVS/MASTG assessments.
Router skill for API penetration testing across REST, GraphQL, gRPC, and WebSocket. Covers OWASP API Top 10 (2023) including BOLA/BFLA/BOPLA, JWT attack chains, GraphQL introspection abuse, and mass assignment. Invoke when the user asks to pentest an API, analyze OpenAPI/Swagger, test auth/authorization, fuzz endpoints, or find API vulnerabilities.
Multi-cloud security assessment skill for AWS, Azure, and GCP. Use when performing cloud security audits, scanning for misconfigurations, testing IAM policies, auditing storage permissions, and identifying privilege escalation paths. Triggers on requests to audit cloud security, scan AWS/Azure/GCP, check cloud misconfigurations, or perform cloud penetration testing. Covers CIS benchmarks, CSPM, and cross-cloud identity federation.
Automated Dynamic Application Security Testing (DAST) using Playwright MCP plus standard OS pentest tooling. Performs blackbox or greybox scans on single or multiple domains with orchestrated crawling, vulnerability detection, and structured output. Trigger on requests like "scan this domain", "run DAST on these URLs", "automated pentest", or "security-test the staging app".
Infrastructure-as-Code security scanning router for Terraform, CloudFormation, Kubernetes manifests, Helm, ARM/Bicep. Orchestrates Checkov, tfsec, Terrascan, KICS, kubesec, kube-linter, Polaris, cfn-lint/cfn-nag, and OPA/Conftest. Use when auditing IaC for misconfigurations, scanning Terraform plans, validating K8s security policies, checking cloud infrastructure compliance, or authoring custom policy-as-code (Rego).
iOS mobile application penetration testing with Frida and Objection on jailbroken or non-jailbroken devices. Use for static + dynamic analysis of IPAs, SSL pinning / jailbreak / biometric bypass, keychain & local-storage extraction, network interception, and OWASP MASTG iOS assessments. Triggers on requests to pentest iOS apps, analyze IPAs, bypass iOS security controls, or produce MASTG-aligned findings.