covariant-modification
Unified skill modification with covariant transport, Darwin Gödel Machine evolution, and MCP Tasks self-rewriting. GF(3) conserved.
coverage-analysis
Code coverage analysis for testing quality assessment.
crdt-vterm
Collaborative terminal session sharing using CRDT-style s-expressions
crdt
crdt skill
critical-opalescence
Critical opalescence at phase transitions: diverging correlation length, light scattering, and the visual signature of criticality in fluids, proteins, and complex systems
criticality-detector
Criticality Detector Skill
crossmodal-gf3
GF(3) → {Tactile, Auditory, Haptic} universal bridge for accessible color perception
ctf-crypto
Solve CTF cryptography challenges by identifying, analyzing, and exploiting weak crypto implementations in binaries to extract keys or decrypt data. Use for custom ciphers, weak crypto, key extraction, or algorithm identification.
ctf-pwn
Solve CTF binary exploitation challenges by discovering and exploiting memory corruption vulnerabilities to read flags. Use for buffer overflows, format strings, heap exploits, ROP challenges, or any pwn/exploitation task.
ctf-rev
Solve CTF reverse engineering challenges using systematic analysis to find flags, keys, or passwords. Use for crackmes, binary bombs, key validators, obfuscated code, algorithm recovery, or any challenge requiring program comprehension to extract hidden information.
ctp-yoneda
CTP-Yoneda Skill
cybernetic-immune
Cybernetic immune system with Varela+Friston+Powers for Self/Non-Self discrimination via reafference, GF(3) trit encoding, and information geometry
cybernetic-open-game
Cybernetic Open Game Skill
cynara-policy-checker
Queries Cynara database and validates runtime privilege policies. Coordinates access control decisions across system services.
cynara-policy-validator
Validates Cynara privilege access control policies. Checks policy syntax, logical consistency, and permission accuracy.
database-design
Database schema design, optimization, and migration patterns for PostgreSQL,
datalog-fixpoint
Datalog bottom-up fixpoint iteration for recursive queries
deep-analysis
Performs focused, depth-first investigation of specific reverse engineering questions through iterative analysis and database improvement. Answers questions like "What does this function do?", "Does this use crypto?", "What's the C2 address?", "Fix types in this function". Makes incremental improvements (renaming, retyping, commenting) to aid understanding. Returns evidence-based answers with new investigation threads. Use after binary-triage for investigating specific suspicious areas or when user asks focused questions about binary behavior.
defillama-api
DefiLlama API integration for DeFi analytics - TVL, prices, yields, volumes, fees, bridges, and DAT data. Use for blockchain/DeFi research, protocol analysis, and market data queries.
delta-derivation
Extract information delta between Claude.ai conversation exports using ACSets morphisms and bisimulation verification
deobfuscating-javascript-malware
>
deobfuscating-powershell-obfuscated-malware
Systematically deobfuscate multi-layer PowerShell malware using AST analysis, dynamic tracing, and tools like PSDecode and PowerDecode to reveal hidden payloads and C2 infrastructure.
deploying-active-directory-honeytokens
>
deploying-cloudflare-access-for-zero-trust
>
deploying-decoy-files-for-ransomware-detection
>
deploying-edr-agent-with-crowdstrike
>
deploying-osquery-for-endpoint-monitoring
>
deploying-palo-alto-prisma-access-zero-trust
>
deploying-ransomware-canary-files
>
deploying-software-defined-perimeter
Deploy a Software-Defined Perimeter using the CSA v2.0 specification with Single Packet Authorization, mutual TLS, and SDP controller/gateway configuration to enforce zero trust network access.
deploying-tailscale-for-zero-trust-vpn
Deploy and configure Tailscale as a WireGuard-based zero trust mesh VPN with identity-aware access controls, ACLs, and exit nodes for secure peer-to-peer connectivity.
depth-search
Deep multi-source research combining academic MCPs (arxiv, semantic-scholar, paper-search, deepwiki), Exa semantic search, and local ~/.topos knowledge base. Use for comprehensive research requiring multiple sources. NEVER fall back to web_search - ask user for help instead.
derangement-crdt
Derangement-CRDT Skill
derangement-reflow
derangement-reflow skill
designing-workflow-skills
>-
detecting-ai-model-prompt-injection-attacks
>
detecting-anomalies-in-industrial-control-systems
>
detecting-anomalous-authentication-patterns
>
detecting-api-enumeration-attacks
Detect and prevent API enumeration attacks including BOLA and IDOR exploitation by monitoring sequential identifier access patterns and authorization failures.
detecting-arp-poisoning-in-network-traffic
Detect and prevent ARP spoofing attacks using ARPWatch, Dynamic ARP Inspection, Wireshark analysis, and custom monitoring scripts to protect against man-in-the-middle interception.
detecting-attacks-on-historian-servers
>
detecting-attacks-on-scada-systems
>
detecting-aws-cloudtrail-anomalies
Detect unusual API call patterns in AWS CloudTrail logs using boto3, statistical baselining, and behavioral analysis to identify credential compromise, privilege escalation, and unauthorized resource access.
detecting-aws-credential-exposure-with-trufflehog
>
detecting-aws-guardduty-findings-automation
Automate AWS GuardDuty threat detection findings processing using EventBridge and Lambda to enable real-time incident response, automatic quarantine of compromised resources, and security notification workflows.
detecting-aws-iam-privilege-escalation
Detect AWS IAM privilege escalation paths using boto3 and Cloudsplaining policy analysis to identify overly permissive policies, dangerous permission combinations, and least-privilege violations
detecting-azure-lateral-movement
Detect lateral movement in Azure AD/Entra ID environments using Microsoft Graph API audit logs, Azure Sentinel KQL hunting queries, and sign-in anomaly correlation to identify privilege escalation, token theft, and cross-tenant pivoting.
detecting-azure-service-principal-abuse
Detect and investigate Azure service principal abuse including privilege escalation, credential compromise, admin consent bypass, and unauthorized enumeration in Microsoft Entra ID environments.
detecting-azure-storage-account-misconfigurations
Audit Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing encryption at rest, disabled HTTPS-only traffic, and outdated TLS versions using the azure-mgmt-storage Python SDK.
detecting-beaconing-patterns-with-zeek
>
Page 9 of 41 · 2048 results