ReddRadar
Topic: security
1,299 skills in this topic.
-
smb-share-webshell
Deploy webshells to IIS, Apache, or Tomcat web roots via SMB share write access. Use when a domain user has write access to a file share that maps to a web server's document root — write a webshell via smbclient/net use, then trigger it via HTTP for RCE. Covers PHP, ASPX, and JSP webshells, .NET impersonation for same-host lateral movement, and internal site discovery.
blacklanternsecurity/red-run 126
-
source-code-review
Security-focused source code review. Identifies hardcoded credentials, injection sinks, authentication weaknesses, and framework-specific vulnerabilities. Use when application source code is available for review.
blacklanternsecurity/red-run 126
-
sql-injection-error
Guide error-based SQL injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
sql-injection-stacked
Guide stacked query SQL injection and second-order injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
ssrf
Guide server-side request forgery (SSRF) exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
ssti-freemarker
Guide Freemarker/Java server-side template injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
ssti-jinja2
Guide Jinja2/Python server-side template injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
ssti-twig
Guide Twig/PHP server-side template injection exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
tomcat-manager-deploy
Deploy WAR files via Apache Tomcat Manager for remote code execution. Use when Tomcat Manager is accessible with valid credentials (manager-script or manager-gui role). Covers WAR generation, deployment via text API and HTML interface, reverse shell delivery, and cleanup. Common initial access vector after credential discovery via LFI, default creds, or config file exposure.
blacklanternsecurity/red-run 126
-
web-discovery
Discover web application injection points and route to the correct exploitation skill during authorized penetration testing.
blacklanternsecurity/red-run 126
-
xss-reflected
Guide reflected XSS exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
xss-stored
Guide stored (persistent) and blind XSS exploitation during authorized penetration testing.
blacklanternsecurity/red-run 126
-
owasp-security
Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web application security. Covers OWASP Top 10:2025, ASVS 5.0, and Agentic AI security (2026).
agamm/claude-code-owasp 112
-
openclaw-management
This skill should be used when the user wants to interact with OpenClaw, delegate tasks to their AI assistant, or check gateway status. Activates for AI assistant delegation and orchestration.
freema/openclaw-mcp 136
-
deep-links
Deep links in ToolHive Studio. Use when implementing, debugging, or asking about deep link features (toolhive-gui:// protocol), adding new deep link intents, understanding the deep link architecture, IPC model, or platform/packaging support.
stacklok/toolhive-studio 121
-
security-vuln-remediation
Remediate security vulnerabilities found by Grype or pnpm audit. Use when a security scan fails, a CVE needs fixing, or you need to analyze, upgrade, override, or ignore a vulnerable dependency.
stacklok/toolhive-studio 121
-
skill-creator
Create new AI agent skills for Claude Code, Codex, and Cursor. Use when asked to create a skill, add a new agent capability, or set up a slash command.
stacklok/toolhive-studio 121
-
skill-editor
REQUIRED for editing any skill file. Ensures changes sync to Claude, Codex, and Cursor. Never edit .claude/skills/ files directly - always use this skill.
stacklok/toolhive-studio 121
-
security-vuln-remediation
Remediate security vulnerabilities found by Grype or pnpm audit. Use when a security scan fails, a CVE needs fixing, or you need to analyze, upgrade, override, or ignore a vulnerable dependency.
stacklok/toolhive-studio 121
-
skill-creator
Create new AI agent skills for Claude Code, Codex, and Cursor. Use when asked to create a skill, add a new agent capability, or set up a slash command.
stacklok/toolhive-studio 121
-
skill-editor
REQUIRED for editing any skill file. Ensures changes sync to Claude, Codex, and Cursor. Never edit .claude/skills/ files directly - always use this skill.
stacklok/toolhive-studio 121
-
testing-api-assertions
Verify API requests in tests. Use when testing that correct API calls are made for create, update, or delete operations. Use when testing mutations, form submissions, or actions with backend side effects.
stacklok/toolhive-studio 121
-
skill-creator
Create new AI agent skills for Claude Code, Codex, and Cursor. Use when asked to create a skill, add a new agent capability, or set up a slash command.
stacklok/toolhive-studio 121
-
skill-editor
REQUIRED for editing any skill file. Ensures changes sync to Claude, Codex, and Cursor. Never edit .claude/skills/ files directly - always use this skill.
stacklok/toolhive-studio 121