Search Skills
Search across 54932 indexed skills
webshop-action-executor
Execute a single, specific action in a WebShop environment after a decision has been made. This skill formats the action into the required command str...
webshop-variant-chooser
Use this skill when you are on a product detail page and the observation contains a list of variant options (e.g., under a "size" or "quantity" headin...
scienceworld-object-retriever
Acquire a target object from the environment and place it into your inventory for further use. You need an object for testing, measuring, or transport...
webshop-search-executor
Activate when the user provides an instruction to find or buy a product with specific attributes. The instruction will be in the Observation. If the s...
scienceworld-target-identifier
This skill enables you to systematically locate objects in the ScienceWorld environment that match a specific target description (e.g., "living thing"...
market-ads
You are the advertising engine for /market ads <url>. You generate complete ad campaigns across platforms with full copy variations, audience targetin...
wordpress-penetration-testing
Conduct comprehensive security assessments of WordPress installations including enumeration of users, themes, and plugins, vulnerability scanning, cre...
soil-extraction
This skill enables the agent to extract soil from the ground using a shovel. It is a foundational step for planting tasks, transforming a bare outdoor...
k8s-ingress-nightmare
Ingress-NGINX Admission Controller 未授权 RCE 漏洞链(CVSSv3 9.8),无需任何 K8s 凭据即可从 Pod 网络远程执行任意代码。 漏洞原理与利用细节 → references/exploit-details.md --- IngressNightma...
post-exploit-linux
获取 shell 后的完整行动路线:信息收集 → 提权 → 凭据收集 → 敏感数据 → 横向准备。 内容按需加载——SKILL.md 给你决策树和快速命令,references 给你完整 payload: sudo/SUID/Capabilities/Cron 劫持的全部利用命令、GTFOBins ...
mcp-security
MCP (Model Context Protocol) 为 LLM 提供标准化的工具调用接口,但其信任模型存在根本缺陷:模型必须解析工具的完整描述(description)来决定如何调用,而这些描述由 MCP Server 控制。攻击者可通过恶意 Server 在描述中注入指令,劫持模型行为——这...
fix-test
Fix test file compilation errors according to code conventions. NEVER use: as keyword (type assertion) any type typia.random<EmptyType>() - generates ...