This skill integrates Nmap scanning functionality to perform local network vulnerability assessments.
MUKI asset fingerprinting tool for red team reconnaissance. Use when performing authorized penetration testing, asset discovery, service fingerprinting, vulnerability scanning, and attack surface mapping. Supports active/passive fingerprinting with 30,000+ signatures, sensitive path detection, and sensitive information extraction. Requires explicit authorization for target systems.
Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check responsive design, validate UX, test login flows, check links, automate any browser task. Use when user wants to test websites, automate browser interactions, validate web functionality, or perform any browser-based testing.
Shadow AI Monitor - Enterprise-grade dashboard for tracking employee AI tool usage, data exposure risks, and PIPEDA compliance. Generates professional HTML dashboards with interactive drill-downs, compliance analysis, and PDF export. Perfect for CTOs and security teams monitoring ChatGPT, Claude, Gemini, Copilot, and other AI tools. Includes demo data generator for presentations.
AI-orchestrated usability testing using Amazon Nova Act. The agent generates personas, runs tests to collect raw data, interprets responses to determine goal achievement, and generates HTML reports. Tests real user workflows (booking, checkout, posting) with safety guardrails. Use when asked to "test website usability", "run usability test", "generate usability report", "evaluate user experience", "test checkout flow", "test booking process", or "analyze website UX".
Test web applications and games using Playwright on MiniPC. Use when verifying frontend functionality, debugging UI behavior, capturing screenshots, or QA testing games. Supports headless browser automation via nodes.run or browser.proxy.
Teach your AI agent to think about security. A reasoning methodology for vetting skills before installation — red/green flag heuristics, 4-phase audit protocol, post-install verification. No scripts, no dependencies. Just judgment. Built on fallibilism (being wrong about a skill's safety is recoverable; being overconfident is not) and relational security (you and your human decide together on edge cases — trust is built through transparency, not just detection).
Audits HTML/CSS for WCAG 2.1 compliance. Color contrast, ARIA labels, keyboard navigation, screen reader support.
Analyzes codebases and generates comprehensive test suites. Unit tests, integration tests, edge cases, mocking strategies. Supports JavaScript/TypeScript (Jest, Vitest), Python (pytest), Go, and Rust.