SKILL Leaderboard | Agent Skills Ranking

███████╗██╗  ██╗██╗██╗     ██╗         ██████╗  █████╗ ███╗   ██╗██╗  ██╗
██╔════╝██║ ██╔╝██║██║     ██║         ██╔══██╗██╔══██╗████╗  ██║██║ ██╔╝
███████╗█████╔╝ ██║██║     ██║         ██████╔╝███████║██╔██╗ ██║█████╔╝
╚════██║██╔═██╗ ██║██║     ██║         ██╔══██╗██╔══██║██║╚██╗██║██╔═██╗
███████║██║  ██╗██║███████╗███████╗    ██║  ██║██║  ██║██║ ╚████║██║  ██╗
╚══════╝╚═╝  ╚═╝╚═╝╚══════╝╚══════╝    ╚═╝  ╚═╝╚═╝  ╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝

Agent Skills 排行榜 · 关键词 + 语义搜索

按 / 聚焦搜索框

正在使用 AI 进行语义搜索...

21,610

总 Skills

37.7M

总安装量

2,455

贡献者

#	Skill	仓库	描述	安装量
9001	error-debugging-error-trace	sickn33/antigravity-awesome-skills	Error Tracking and Monitoring You are an error tracking and observability expert specializing in implementing comprehensive error monitoring solutions. Set up error tracking systems, configure alerts, implement structured logging, and ensure teams can quickly identify and resolve production issues. Use this skill when Implementing or improving error monitoring Configuring alerts, grouping, and triage workflows Setting up structured logging and tracing Do not use this skill when The system has no...	235
9002	error-diagnostics-error-analysis	sickn33/antigravity-awesome-skills	Error Analysis and Resolution You are an expert error analysis specialist with deep expertise in debugging distributed systems, analyzing production incidents, and implementing comprehensive observability solutions. Use this skill when Investigating production incidents or recurring errors Performing root-cause analysis across services Designing observability and error handling improvements Do not use this skill when The task is purely feature development You cannot access error reports, logs, o...	235
9003	pandoc	plinde/claude-plugins	Pandoc Document Conversion Skill Convert documents between formats using pandoc, the universal document converter. Prerequisites Check if pandoc is installed pandoc --version Install via Homebrew if needed brew install pandoc Common Conversions Markdown to Word (.docx) Basic conversion pandoc input.md -o output.docx With table of contents pandoc input.md --toc -o output.docx With custom reference doc (for styling) pandoc input.md --reference-doc = template.docx -o output.docx Standalone wi...	235
9004	moai-domain-uiux	modu-ai/moai-adk	Quick Reference Core UI/UX Foundation - Enterprise-grade UI/UX foundation integrating design systems (W3C DTCG 2025.10), component architecture (React 19, Vue 3.5), accessibility (WCAG 2.2), icon libraries (200K+ icons), and theming systems. Unified Capabilities: Design Systems: W3C DTCG 2025.10 tokens, Style Dictionary 4.0, Figma MCP workflows Component Architecture: Atomic Design, React 19, Vue 3.5, shadcn/ui, Radix UI primitives Accessibility: WCAG 2.2 AA/AAA compliance, keyboard navigatio...	235
9005	postgres-best-practices	sickn33/antigravity-awesome-skills	Supabase Postgres Best Practices Comprehensive performance optimization guide for Postgres, maintained by Supabase. Contains rules across 8 categories, prioritized by impact to guide automated query optimization and schema design. When to Apply Reference these guidelines when: Writing SQL queries or designing schemas Implementing indexes or query optimization Reviewing database performance issues Configuring connection pooling or scaling Optimizing for Postgres-specific features Working with Row...	235
9006	karpathy-guidelines	multica-ai/andrej-karpathy-skills	Karpathy Guidelines Behavioral guidelines to reduce common LLM coding mistakes, derived from Andrej Karpathy's observations on LLM coding pitfalls. Tradeoff: These guidelines bias toward caution over speed. For trivial tasks, use judgment. 1. Think Before Coding Don't assume. Don't hide confusion. Surface tradeoffs. Before implementing: State your assumptions explicitly. If uncertain, ask. If multiple interpretations exist, present them - don't pick silently. If a simpler approach exists, say so...	235
9007	nansen-exit-signals	nansen-ai/nansen-cli	Exit Signal Answers: "Is smart money exiting a token I hold? Should I be worried?" TOKEN = < address > CHAIN = ethereum nansen research token flow-intelligence --token $TOKEN --chain $CHAIN → net_flow_usd per label: smart_trader, whale, exchange, fresh_wallets (negative = selling) nansen research token who-bought-sold --token $TOKEN --chain $CHAIN --limit 20 → address, address_label, bought/sold_volume_usd, trade_volume_usd nansen research smart-money netflow --chain $CHAIN --limit 10 → token...	235
9008	authbypass-authentication-flaws	yaklang/hack-skills	SKILL: Authentication Bypass — Expert Attack Playbook AI LOAD INSTRUCTION : Expert authentication bypass techniques. Covers SQL injection-based login bypass, password reset flaws, token predictability, account enumeration, brute force bypass, and multi-factor auth bypass. Distinct from JWT/OAuth (covered in ../jwt-oauth-token-attacks/SKILL.md). Focus on the login mechanism itself. 0. AUTHORIZED CREDENTIAL TEST PLANNING 在减少入口后，默认凭证、用户名变体、端口聚焦和字典规模选择并入这里统一处理。 Service-first tiny sets Service Type F...	235
9009	jwt-oauth-token-attacks	yaklang/hack-skills	SKILL: JWT and OAuth 2.0 Token Attacks — Expert Attack Playbook AI LOAD INSTRUCTION : Expert authentication token attacks. Covers JWT cryptographic attacks (alg:none, RS256→HS256, secret crack, kid/jku injection), OAuth flow attacks (CSRF, open redirect, token theft, implicit flow abuse), PKCE bypass, and token leakage via Referer/logs. This is critical for modern web applications. 0. RELATED ROUTING Use this file for token-centric attacks and flow abuse. Also load: oauth oidc misconfiguration f...	235
9010	go-generics	cxuu/golang-skills	Go Generics and Type Parameters When to Use Generics Start with concrete types. Generalize only when a second type appears. Prefer Generics When Multiple types share identical logic (sorting, filtering, map/reduce) You would otherwise rely on any and excessive type switching You are building a reusable data structure (concurrent-safe set, ordered map) Avoid Generics When Only one type is being instantiated in practice Interfaces already model the shared behavior cleanly The generic code is harde...	235
9011	django-rest-api-development	mindrally/skills	Django REST API Development You are an expert in Python, Django, and scalable RESTful API development. Core Principles Use Django's built-in features and tools wherever possible Prioritize readability and maintainability; follow PEP 8 Use descriptive variable and function names Structure your project in a modular way using Django apps Always consider scalability and performance implications Project Structure Application Structure migrations/ - Database migration files admin.py - Django admin con...	235
9012	supabase	mindrally/skills	Supabase Core Principles 1. Supabase changes frequently — verify against current docs before implementing. Do not rely on training data for Supabase features. Function signatures, config.toml settings, and API conventions change between versions. Before implementing, look up the relevant topic using the documentation access methods below. 2. Verify your work. After implementing any fix, run a test query to confirm the change works. A fix without verification is incomplete. 3. Recover from errors...	235
9013	solana	mindrally/skills	Solana Development You are an expert in Solana blockchain development with Rust and the Anchor framework. Core Principles Prioritize writing secure, efficient, and maintainable code, following best practices for Solana program development. Rust & Anchor Development Write Rust with emphasis on safety and performance using low-level systems programming Leverage Anchor's features for streamlined development including account management and error handling Maintain modular, reusable code with cle...	235
9014	senior-computer-vision	alirezarezvani/claude-skills	Senior Computer Vision Engineer World-class senior computer vision engineer skill for production-grade AI/ML/Data systems. Quick Start Main Capabilities Core Tool 1 python scripts/vision_model_trainer.py --input data/ --output results/ Core Tool 2 python scripts/inference_optimizer.py --target project/ --analyze Core Tool 3 python scripts/dataset_pipeline_builder.py --config config.yaml --deploy Core Expertise This skill covers world-class capabilities in: Advanced production pattern...	234
9015	claude-capabilities	jezweb/claude-skills	Claude Capabilities Reference Claude's training data goes stale within weeks of major releases. This skill provides a current reference for Claude AI (web/app) and Claude Code (terminal/IDE) capabilities. Consult these references before making claims about features, limits, or availability. Quick Comparison Capability Claude AI Claude Code File system Container sandbox ( /mnt/user-data/outputs/ ) Full local filesystem Shell access None Bash tool Skills location Settings > Capabilities (zip uploa...	234
9016	bail	camacho/ai-skills	Bail-out protocol: always reflect FIRST, then clean up. Inputs Optional reason string (if not provided, ask for one) Steps Detect current step by examining what exists: What exists Estimated step Just an issue, no branch Step 0 (Capture) .branch-context.md, no worktree Step 1 (Orient) Worktree exists, no code changes Step 2 (Isolate) Plan file on branch Step 3-4 (Design/Review) Code changes committed Step 5-7 (Build/Verify/Archive) PR open on GitHub Step 8 (Ship) Prompt for reason if not provide...	234
9017	eve-plan-implementation	incept5/eve-skillpacks	Eve Plan Implementation (Jobs) Translate a plan document into Eve jobs, parallelize work, and drive review/verification through job phases and dependencies. Orchestration model : The root epic is the orchestrator — it plans, delegates, and coordinates but does not execute heavy work itself. Phase jobs are sub-orchestrators that break a phase into tasks. Task jobs are workers — each one receives a self-contained description and executes independently with no access to the parent's context. When t...	234
9018	youtube-watcher	hanzoskill/youtube-watcher	YouTube Watcher Fetch transcripts from YouTube videos to enable summarization, QA, and content extraction. Usage Get Transcript Retrieve the text transcript of a video. python3 { baseDir } /scripts/get_transcript.py "https://www.youtube.com/watch?v=VIDEO_ID" Examples Summarize a video: Get the transcript: python3 { baseDir } /scripts/get_transcript.py "https://www.youtube.com/watch?v=dQw4w9WgXcQ" Read the output and summarize it for the user. Find specific information: Get the transcript. Search...	234
9019	aeo-optimization	alinaqi/claude-bootstrap	AI Engine Optimization (AEO) Skill Load with: base.md + web-content.md + site-architecture.md Purpose: Optimize content for AI engines (ChatGPT, Claude, Perplexity, Google AI Overviews) so your brand gets cited in AI-generated answers. Source: Based on HubSpot's AEO Guide and industry best practices. Why AEO Matters Now ┌────────────────────────────────────────────────────────────────┐ │ THE GREAT DECOUPLING │ │ ─────────────────────────────────────...	234
9020	nodejs-backend	alinaqi/claude-bootstrap	Node.js Backend Skill Load with: base.md + typescript.md Project Structure project/ ├── src/ │ ├── core/ Pure business logic │ │ ├── types.ts Domain types │ │ ├── errors.ts Domain errors │ │ └── services/ Pure functions │ │ ├── user.ts │ │ └── order.ts │ ├── infra/ Side effects │ │ ├── http/ HTTP layer │ │ │ ├── server.ts Server setup │ │ │ ├── routes/ ...	234
9021	symfony:api-platform-tests	makfly/superpowers-symfony	$ npx skills add https://github.com/makfly/superpowers-symfony --skill symfony:api-platform-tests<div	234
9022	symfony:symfony-cache	makfly/superpowers-symfony	$ npx skills add https://github.com/makfly/superpowers-symfony --skill symfony:symfony-cache<div	234
9023	distributed-tracing	aj-geddes/useful-ai-prompts	Distributed Tracing Implement distributed tracing with Jaeger and Tempo for request flow visibility across microservices. Purpose Track requests across distributed systems to understand latency, dependencies, and failure points. When to Use Debug latency issues Understand service dependencies Identify bottlenecks Trace error propagation Analyze request paths Distributed Tracing Concepts Trace Structure Trace (Request ID: abc123) ↓ Span (frontend) [100ms] ↓ Span (api-gateway) [80ms] ├→ ...	234
9024	glab	nikiforovall/claude-code-rules	GitLab CLI (glab) Skill Provides guidance for using glab, the official GitLab CLI, to perform GitLab operations from the terminal. When to Use This Skill Invoke when the user needs to: Create, review, or manage merge requests Work with GitLab issues Monitor or trigger CI/CD pipelines Clone or manage repositories Perform any GitLab operation from the command line Prerequisites Verify glab installation before executing commands: glab --version If not installed, inform the user and provide ...	234
9025	market-breadth-analyzer	tradermonty/claude-trading-skills	Market Breadth Analyzer Skill Purpose Quantify market breadth health using a data-driven 6-component scoring system (0-100). Uses TraderMonty's publicly available CSV data to measure how broadly the market is participating in a rally or decline. Score direction: 100 = Maximum health (broad participation), 0 = Critical weakness. No API key required - uses freely available CSV data from GitHub Pages. When to Use This Skill English: User asks "Is the market rally broad-based?" or "How healthy is ma...	234
9026	now-reading-page	readwiseio/readwise-skills	You are generating a beautiful standalone HTML page showing what the user is currently reading and has recently read. The output is a single HTML file they can open in a browser or host on their personal site. Readwise Access Check if Readwise MCP tools are available (e.g. mcp__readwise__reader_list_documents ). If they are, use them throughout (and pass this context to the subagent). If not, use the equivalent readwise CLI commands instead (e.g. readwise list , readwise read <id> ). The instruc...	234
9027	marketing-analyst	borghei/claude-skills	Marketing Analyst Expert-level marketing analytics for data-driven decisions. Core Competencies Campaign performance analysis Attribution modeling Marketing mix modeling ROI measurement Customer analytics Channel optimization Forecasting Reporting and visualization Marketing Metrics Framework Acquisition Metrics Metric Formula Benchmark CPL (Cost per Lead) Spend / Leads Varies by industry CAC (Customer Acquisition Cost) S&M Spend / New Customers LTV/CAC > 3:1 CPA (Cost per Acquisition) Spend /...	234
9028	feishu-perm	m1heng/clawdbot-feishu	Feishu Permission Tool Single tool feishu_perm for managing file/document permissions. Actions List Collaborators { "action" : "list" , "token" : "ABC123" , "type" : "docx" } Returns: members with member_type, member_id, perm, name. Add Collaborator { "action" : "add" , "token" : "ABC123" , "type" : "docx" , "member_type" : "email" , "member_id" : "user@example.com" , "perm" : "edit" } Remove Collaborator { "action" : "remove" , "token" : "ABC123" , "type" : "docx" , "member_type" : "email" , "m...	234
9029	reminder	lostabaddon/headlessknight	此技能可从自然语言输入中智能创建提醒和日历事件。何时使用在用户执行以下操作时激活此技能： - 明确要求设置提醒（"提醒我..."、"设置一个提醒..."） - 提到带有时间的未来任务（"我下午 3 点有个会"） - 表达需要记住某事（"别忘了..."、"我需要..."） - 讨论带有时间信息的即将到来的事件或约会当触发此技能时，你有责任实际调用 shell 脚本，而不是仅仅说明如何做。使用方法步骤 1：解析用户输入分析用户消息以提取（可能不止一组）： - 标题：需要记住的事情的简短描述 - 消息：详细信息（可选，可以与标题相同） - 时间：提醒应何时触发关键点：完成此解析后，立即进行第 2 步（调用工具）。不要仅停留在解析阶段。步骤 2：创建提醒对于识别出的每个提醒，必须使用 Bash 工具调用 `node` 并让它调用 `./create-reminder.js` 脚本来发送提醒与日历事件请求。重要：不仅仅是说明要创建提醒，而是要实际调用此脚本。脚本路径： - 相对于技能目录：`./create-reminder.j...	234
9030	hook development	davila7/claude-code-templates	Hook Development for Claude Code Plugins Overview Hooks are event-driven automation scripts that execute in response to Claude Code events. Use hooks to validate operations, enforce policies, add context, and integrate external tools into workflows. Key capabilities: Validate tool calls before execution (PreToolUse) React to tool results (PostToolUse) Enforce completion standards (Stop, SubagentStop) Load project context (SessionStart) Automate workflows across the development lifecycle Hook Typ...	234
9031	railway-status	davila7/claude-code-templates	Railway Status Check the current Railway project status for this directory. When to Use User asks about Railway status, project, services, or deployments User mentions deploying or pushing to Railway Before any Railway operation (deploy, update service, add variables) User asks about environments or domains When NOT to Use Use the railway-environment skill instead when user wants: Detailed service configuration (builder type, dockerfile path, build command, root directory) Deploy config (sta...	234
9032	ml-engineer	sickn33/antigravity-awesome-skills	Use this skill when Working on ml engineer tasks or workflows Needing guidance, best practices, or checklists for ml engineer Do not use this skill when The task is unrelated to ml engineer You need a different domain or tool outside this scope Instructions Clarify goals, constraints, and required inputs. Apply relevant best practices and validate outcomes. Provide actionable steps and verification. If detailed examples are required, open resources/implementation-playbook.md . You are an ML engi...	234
9033	dotnet-architect	sickn33/antigravity-awesome-skills	Use this skill when Working on dotnet architect tasks or workflows Needing guidance, best practices, or checklists for dotnet architect Do not use this skill when The task is unrelated to dotnet architect You need a different domain or tool outside this scope Instructions Clarify goals, constraints, and required inputs. Apply relevant best practices and validate outcomes. Provide actionable steps and verification. If detailed examples are required, open resources/implementation-playbook.md. You...	234
9034	context-degradation	sickn33/antigravity-awesome-skills	Context Degradation Patterns Language models exhibit predictable degradation patterns as context length increases. Understanding these patterns is essential for diagnosing failures and designing resilient systems. Context degradation is not a binary state but a continuum of performance degradation that manifests in several distinct ways. When to Activate Activate this skill when: Agent performance degrades unexpectedly during long conversations Debugging cases where agents produce incorrect or i...	234
9035	sveltekit-data-flow	spences10/svelte-skills-kit	SvelteKit Data Flow Quick Start Which file? Server-only (DB/secrets): +page.server.ts \| Universal (runs both): +page.ts \| API: +server.ts Load decision: Need server resources? → server load \| Need client APIs? → universal load Form actions: Always +page.server.ts. Return fail() for errors, throw redirect() to navigate, throw error() for failures. Example // +page.server.ts import { fail, redirect } from '@sveltejs/kit'; export const load = async ({ locals }) => { const user = await db.user...	234
9036	arize-dataset	arize-ai/arize-skills	Arize Dataset Skill Concepts Dataset = a versioned collection of examples used for evaluation and experimentation Dataset Version = a snapshot of a dataset at a point in time; updates can be in-place or create a new version Example = a single record in a dataset with arbitrary user-defined fields (e.g., question , answer , context ) Space = an organizational container; datasets belong to a space System-managed fields on examples ( id , created_at , updated_at ) are auto-generated by the server -...	234
9037	skill-creator	muranustb/skills-create_skills	Skill Creator A skill for creating new skills and iteratively improving them. At a high level, the process of creating a skill goes like this: Decide what you want the skill to do and roughly how it should do it Write a draft of the skill Create a few test prompts and run claude-with-access-to-the-skill on them Help the user evaluate the results both qualitatively and quantitatively While the runs happen in the background, draft some quantitative evals if there aren't any (if there are some, you...	234
9038	beautiful-prose	sickn33/antigravity-awesome-skills	Beautiful Prose Overview Hard-edged writing style contract for timeless, forceful English prose without AI tics When to Use This Skill Use this skill when you need to work with hard-edged writing style contract for timeless, forceful english prose without ai tics. Instructions This skill provides guidance and patterns for hard-edged writing style contract for timeless, forceful english prose without ai tics. For more information, see the source repository .	234
9039	ln-645-open-source-replacer	levnikolaevich/claude-code-skills	Paths: File paths ( shared/ , references/ , ../ln-* ) are relative to skills repo root. If not found at CWD, locate this SKILL.md directory and go up one level for repo root. Open Source Replacer L3 Worker that discovers custom modules, analyzes their purpose, and finds battle-tested open-source replacements via MCP Research. Purpose & Scope Discover significant custom modules (>=100 LOC, utility/integration type) Analyze PURPOSE of each module by reading code (goal-based, not pattern-based) Sea...	234
9040	openai-knowledge	openai/openai-agents-python	OpenAI Knowledge Overview Use the OpenAI Developer Documentation MCP server to search and fetch exact docs (markdown), then base your answer on that text instead of guessing. Workflow 1) Check whether the Docs MCP server is available If the mcp__openaiDeveloperDocs__* tools are available, use them. If you are unsure, run codex mcp list and check for openaiDeveloperDocs. 2) Use MCP tools to pull exact docs Search first, then fetch the specific page or pages. mcp__openaiDeveloperDocs__search_...	234
9041	interior-design-expert	erichowens/some_claude_skills	Interior Design Expert Expert interior designer combining classical training with computational design tools and AI-assisted visualization. When to Use This Skill ✅ Use for: Room layout optimization and furniture placement Lighting design calculations (IES standards) Color palette selection using Munsell/NCS systems Space planning with anthropometric considerations Style consultation (Mid-Century, Scandinavian, Japandi, etc.) AI-assisted room visualization with Stability AI/Ideogram Furnitur...	234
9042	typescript	gentleman-programming/gentleman-skills	TypeScript Code Style Guide Types and Type Safety Avoid explicit type annotations when TypeScript can infer Avoid implicitly any ; explicitly type when necessary Use accurate types: prefer Record<PropertyKey, unknown> over object or any Prefer interface for object shapes (e.g., React props); use type for unions/intersections Prefer as const satisfies XyzInterface over plain as const Prefer @ts-expect-error over @ts-ignore over as any Avoid meaningless null/undefined parameters; design strict fun...	234
9043	github-contributor	daymade/claude-code-skills	GitHub Contributor Strategic guide for becoming an effective GitHub contributor and building your open-source reputation. The Strategy Core insight: Many open-source projects have room for improvement. By contributing high-quality PRs, you: Build contributor reputation Learn from top codebases Expand professional network Create public proof of skills Contribution Types 1. Documentation Improvements Lowest barrier, high impact. Fix typos, grammar, unclear explanations Add missing examples I...	234
9044	belief-systems	jwynia/agent-skills	Belief Systems: Religion Design Skill You help writers create authentic religious and belief systems for fictional worlds by applying the ten core principles that govern how real belief systems form, function, and evolve. This produces religions that feel lived-in rather than designed. Core Principles Experiential Foundation: Belief systems originate in attempts to explain and influence significant experiences Ecological Integration: Religious practices reflect adaptation to local environments...	234
9045	capacitor-splash-screen	cap-go/capgo-skills	Splash Screen in Capacitor Configure and customize splash screens for iOS and Android. When to Use This Skill User wants to customize splash screen User needs splash screen assets User wants animated splash User has splash screen issues Quick Start Install Plugin bun add @capacitor/splash-screen bunx cap sync Basic Configuration // capacitor.config.ts import type { CapacitorConfig } from '@capacitor/cli' ; const config : CapacitorConfig = { plugins : { SplashScreen : { launchShowDuration : 2000 ...	234
9046	angular-migration	sickn33/antigravity-awesome-skills	Angular Migration Master AngularJS to Angular migration, including hybrid apps, component conversion, dependency injection changes, and routing migration. When to Use This Skill Migrating AngularJS (1.x) applications to Angular (2+) Running hybrid AngularJS/Angular applications Converting directives to components Modernizing dependency injection Migrating routing systems Updating to latest Angular versions Implementing Angular best practices Migration Strategies 1. Big Bang (Complete Rewrite) ...	234
9047	nansen-smart-alerts	nansen-ai/nansen-cli	Smart Alerts CRUD management for smart alerts. Alerts are internal-only (requires Nansen internal API key). Quick Reference nansen alerts list --table nansen alerts create --name < name > --type < type > --chains < chains > --telegram < chatId > nansen alerts update < id > [ --name < name > ] [ --chains < chains > ] nansen alerts toggle < id > --enabled \| --disabled nansen alerts delete < id > Options Reference Flag Create Update Toggle Delete <id> (positional) required required required --name ...	234
9048	file-access-vuln	yaklang/hack-skills	File Access Router 这是文件系统、下载接口、上传链路与文件预览处理的分类入口。 When to Use 参数、文件名、下载接口或导入流程会影响文件路径目标支持上传、预览、转码、解压、分享、下载或代理文件访问你需要判断当前更偏向路径穿越、LFI，还是上传验证与处理链问题 Skill Map Path Traversal LFI : 路径穿越、文件读取、wrapper、包含链 Upload Insecure Files : 上传校验、存储路径、处理链、覆盖、预览与分享边界 Recommended Flow 先看入口是路径参数、下载接口还是上传流程再看问题出现在 accept、store、process、serve 哪一段小样本路径链和上传绕过样本已经并入主专题 skill，不再单独走 payload 入口 Related Categories injection-checking business-logic-vuln	234
9049	injection-checking	yaklang/hack-skills	Injection Testing Router 这是输入进入危险解释器或执行环境时的分类入口。它适合在确认“这是注入类问题”之后，继续判断更偏向浏览器上下文、数据库、模板引擎、服务端请求、XML 解析器还是系统命令。 When to Use 输入会进入 HTML、JS、SQL、模板、URL 提取器、XML 解析器或 shell 你还没决定应该先走 XSS、SQLi、SSRF、XXE、SSTI、CMDi 还是 NoSQL 你需要按输入流向选择正确的深度专题 skill Skill Map XSS Cross Site Scripting SQLi SQL Injection SSRF Server Side Request Forgery XXE XML External Entity SSTI Server Side Template Injection CMDi Command Injection NoSQL Injection Deserialization Insecure JNDI Injection Expression Language Injection CRLF I...	234
9050	websocket-security	yaklang/hack-skills	SKILL: WebSocket Security AI LOAD INSTRUCTION : This skill covers WebSocket protocol basics, cross-site WebSocket hijacking (CSWSH), practical tooling bridges, and common vulnerability classes. Apply only in authorized tests; treat tokens and message content as sensitive. For REST/GraphQL companion testing, cross-load api-sec when present in the workspace. 0. QUICK START During proxy or raw traffic review, watch for: Upgrade : websocket Connection : Upgrade Sec-WebSocket-Key : dGhlIHNhbXBsZSBub2...	234

← 1 ... 179 180 181 182 183 ... 433 → 21610 skills