yhy0

Use when building or updating vulnerability pattern Skills from multiple sources: GitHub Security Advisories (GHSA), HackerOne Hacktivity, or NVD. Triggers on keywords: GHSA, CVE, vulnerability skill, vuln pattern, update skills, security advisory, HackerOne, H1, hacktivity, pentest skill, bug bounty, check for updates.

Use when building or updating vulnerability pattern Skills from multiple sources: GitHub Security Advisories (GHSA), HackerOne Hacktivity, or NVD. Triggers on keywords: GHSA, CVE, vulnerability skill, vuln pattern, update skills, security advisory, HackerOne, H1, hacktivity, pentest skill, bug bounty, check for updates.

Use when auditing Go code involving authentication flows, RBAC policies, Kubernetes admission webhooks, JWT/OAuth token validation, or privilege escalation in cloud-native infrastructure. Covers CWE-287/863/269/284/285/862. Keywords: authentication bypass, authorization bypass, RBAC, admission webhook, JWT, OAuth, privilege escalation, Rancher, Kyverno, impersonation, namespace isolation, middleware auth

Use when auditing Go code involving TLS configuration, certificate validation, JWT token parsing, SAML assertion verification, webhook signature checking, or cryptographic operations. Covers CWE-295/347/345. Keywords: InsecureSkipVerify, TLS, mTLS, certificate validation, JWT algorithm, SAML signature, cosign, sigstore, hmac.Equal, X.509, webhook HMAC

Use when auditing Go code involving goroutine management, channel operations, HTTP request handling, resource allocation, or panic recovery. Covers CWE-400/770/476. Keywords: denial of service, goroutine leak, channel deadlock, panic recover, io.ReadAll, resource exhaustion, OOM, HTTP/2 abuse, protobuf, unbounded allocation, rate limiting

Use when auditing Go code involving logging, error handling, HTTP response data, Kubernetes Secret management, or credential storage. Covers CWE-200/532/522/312/552. Keywords: information disclosure, credential leak, log exposure, Kubernetes Secret, json tag, struct formatting, error message, stack trace, Rancher, Argo CD, sensitive data

Use when auditing Go code involving OS command execution, SQL queries, template rendering, or child command invocation. Covers CWE-78/89/77/94/88. Keywords: command injection, SQL injection, exec.Command, os/exec, database/sql, text/template, html/template, argument injection, shell injection, Gogs, Grafana, MCP stdio

Use when auditing Go code involving file path operations, archive extraction, symlink handling, container volume mounts, or HTTP file serving. Covers CWE-22/59. Keywords: path traversal, directory traversal, filepath.Join, symlink, archive extraction, zip slip, tar, volume mount, go-git, Helm chart, os.Open, filepath.Clean

Use when facing AI security challenges involving prompt injection, LLM jailbreaks, or AI agent exploitation

Use when facing binary exploitation (PWN) or reverse engineering challenges involving memory corruption, ROP chains, shellcode, binary analysis, decompilation, unpacking, or dynamic tracing

Use when facing cryptography challenges involving cipher analysis, key recovery, mathematical attacks, or protocol weaknesses

Use when transferring files between remote environments and local Docker containers via litterbox.catbox.moe relay or base64 chunked fallback

Use when facing digital forensics or misc challenges involving disk images, memory dumps, network captures, steganography, file format analysis, encoding puzzles, sandbox escapes, or archive manipulation

Use when conducting penetration testing, post-exploitation, lateral movement, domain attacks, cloud exploitation (AWS/GCP/Azure), container escape, or Kubernetes cluster attacks

Use when stuck, looping on same approach, making no progress after multiple tool calls, or receiving a stagnation warning from the system. Also trigger when you catch yourself retrying the same command with minor variations, getting repeated Permission denied or timeout errors, or unable to advance past a specific step for 10+ tool calls.

Use when facing web security challenges involving injection, authentication bypass, IDOR, access control, CSRF, HRS, server-side vulnerabilities, or web application exploitation

扫描当前项目的技术栈、目录结构和代码约定，自动生成 before-modify（修改前检查清单）和 project-structure（项目结构索引）两个 skills，帮助 Claude 在后续开发中保持代码风格一致、避免重复实现 (user)

当项目结构发生变化（如新增目录、引入新框架、重构代码）后，重新扫描项目并增量更新已有的 before-modify 和 project-structure skills，保留用户自定义的规则 (user)