Browse Skills — Page 99

hugging-face-paper-publisher

diegosouzapw/awesome-omni-skills

Overview workflow skill. Use this skill when the user needs Publish and manage research papers on Hugging Face Hub. Supports creating paper pages, linking papers to models/datasets, claiming authorship, and generating professional markdown-based research articles and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

hugging-face-paper-publisher-v2

diegosouzapw/awesome-omni-skills

Overview workflow skill. Use this skill when the user needs Publish and manage research papers on Hugging Face Hub. Supports creating paper pages, linking papers to models/datasets, claiming authorship, and generating professional markdown-based research articles and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

hugging-face-papers

diegosouzapw/awesome-omni-skills

Hugging Face Paper Pages workflow skill. Use this skill when the user needs Read and analyze Hugging Face paper pages or arXiv papers with markdown and papers API metadata and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

hugging-face-papers-v2

diegosouzapw/awesome-omni-skills

Hugging Face Paper Pages workflow skill. Use this skill when the user needs Read and analyze Hugging Face paper pages or arXiv papers with markdown and papers API metadata and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

hugging-face-tool-builder

diegosouzapw/awesome-omni-skills

Hugging Face API Tool Builder workflow skill. Use this skill when the user needs Your purpose is now is to create reusable command line scripts and utilities for using the Hugging Face API, allowing chaining, piping and intermediate processing where helpful. You can access the API directly, as well as use the hf command line tool and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

hugging-face-tool-builder-v2

diegosouzapw/awesome-omni-skills

Hugging Face API Tool Builder workflow skill. Use this skill when the user needs Your purpose is now is to create reusable command line scripts and utilities for using the Hugging Face API, allowing chaining, piping and intermediate processing where helpful. You can access the API directly, as well as use the hf command line tool and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

hugging-face-trackio

diegosouzapw/awesome-omni-skills

Trackio - Experiment Tracking for ML Training workflow skill. Use this skill when the user needs Track ML experiments with Trackio using Python logging, alerts, and CLI metric retrieval and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

hugging-face-trackio-v2

diegosouzapw/awesome-omni-skills

Trackio - Experiment Tracking for ML Training workflow skill. Use this skill when the user needs Track ML experiments with Trackio using Python logging, alerts, and CLI metric retrieval and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

hugging-face-vision-trainer

diegosouzapw/awesome-omni-skills

Vision Model Training on Hugging Face Jobs workflow skill. Use this skill when the user needs Train or fine-tune vision models on Hugging Face Jobs for detection, classification, and SAM or SAM2 segmentation and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

hugging-face-vision-trainer-v2

diegosouzapw/awesome-omni-skills

Vision Model Training on Hugging Face Jobs workflow skill. Use this skill when the user needs Train or fine-tune vision models on Hugging Face Jobs for detection, classification, and SAM or SAM2 segmentation and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

hugging-science

K-Dense-AI/scientific-agent-skills

Use when the user is doing AI/ML work in a scientific domain — biology, chemistry, physics, astronomy, climate, genomics, materials science, medicine, ecology, energy, conservation, engineering, mathematics, scientific reasoning, drug discovery, protein design, weather modeling, theorem proving, single-cell, PDE solving, or anything similar. Hugging Science (huggingscience.co) is a curated catalog of scientific datasets, models, blog posts, and interactive Spaces; the `hugging-science` org on Hugging Face hosts community datasets, models, and demo Spaces. This skill helps you discover the right resource AND actually use it — loading datasets via `datasets`, running models via `transformers` or the HF Inference API, calling Spaces like BoltzGen via `gradio_client`, and citing blog posts for methodology. Trigger this skill whenever a user mentions a scientific ML task, asks for "a dataset/model for X" where X is a scientific topic, wants to fine-tune on scientific data, asks about protein / molecule / genome / climate / materials / astronomy / pathology / weather ML, or needs AI tools for research — even if they never say "Hugging Science" explicitly. The catalog is purpose-built for LLM agents (it ships an `llms-full.txt`); prefer it over generic web search for these tasks.

huggingface

TerminalSkills/skills

|

huggingface-accelerate

NousResearch/hermes-agent

Simplest distributed training API. 4 lines to add distributed support to any PyTorch script. Unified API for DeepSpeed/FSDP/Megatron/DDP. Automatic device placement, mixed precision (FP16/BF16/FP8). Interactive config, single launch command. HuggingFace ecosystem standard.

huggingface-best

huggingface/skills

>

huggingface/huggingface-community-evals

huggingface/skills

Run evaluations for Hugging Face Hub models using inspect-ai and lighteval on local hardware. Use for backend selection, local GPU evals, and choosing between vLLM / Transformers / accelerate. Not for HF Jobs orchestration, model-card PRs, .eval_results publication, or community-evals automation.

openai/huggingface-community-evals

openai/plugins

Run evaluations for Hugging Face Hub models using inspect-ai and lighteval on local hardware. Use for backend selection, local GPU evals, and choosing between vLLM / Transformers / accelerate. Not for HF Jobs orchestration, model-card PRs, .eval_results publication, or community-evals automation.

huggingface/huggingface-datasets

huggingface/skills

Use this skill for Hugging Face Dataset Viewer API workflows that fetch subset/split metadata, paginate rows, search text, apply filters, download parquet URLs, and read size or statistics.

openai/huggingface-datasets

openai/plugins

Use this skill for Hugging Face Dataset Viewer API workflows that fetch subset/split metadata, paginate rows, search text, apply filters, download parquet URLs, and read size or statistics.

huggingface/huggingface-gradio

huggingface/skills

Build Gradio web UIs and demos in Python. Use when creating or editing Gradio apps, components, event listeners, layouts, or chatbots.

openai/huggingface-gradio

openai/plugins

Build Gradio web UIs and demos in Python. Use when creating or editing Gradio apps, components, event listeners, layouts, or chatbots.

huggingface-hub

NousResearch/hermes-agent

HuggingFace hf CLI: search/download/upload models, datasets.

huggingface-jobs

openai/plugins

This skill should be used when users want to run any workload on Hugging Face Jobs infrastructure. Covers UV scripts, Docker-based jobs, hardware selection, cost estimation, authentication with tokens, secrets management, timeout configuration, and result persistence. Designed for general-purpose compute workloads including data processing, inference, experiments, batch jobs, and any Python-based tasks. Should be invoked for tasks involving cloud compute, GPU workloads, or when users mention running jobs on Hugging Face infrastructure without local setup.

huggingface/huggingface-llm-trainer

huggingface/skills

Train or fine-tune language and vision models using TRL (Transformer Reinforcement Learning) or Unsloth with Hugging Face Jobs infrastructure. Covers SFT, DPO, GRPO and reward modeling training methods, plus GGUF conversion for local deployment. Includes guidance on the TRL Jobs package, UV scripts with PEP 723 format, dataset preparation and validation, hardware selection, cost estimation, Trackio monitoring, Hub authentication, model selection/leaderboards and model persistence. Use for tasks involving cloud GPU training, GGUF conversion, or when users mention training on Hugging Face Jobs without local GPU setup.

openai/huggingface-llm-trainer

openai/plugins

This skill should be used when users want to train or fine-tune language models using TRL (Transformer Reinforcement Learning) on Hugging Face Jobs infrastructure. Covers SFT, DPO, GRPO and reward modeling training methods, plus GGUF conversion for local deployment. Includes guidance on the TRL Jobs package, UV scripts with PEP 723 format, dataset preparation and validation, hardware selection, cost estimation, Trackio monitoring, Hub authentication, and model persistence. Should be invoked for tasks involving cloud GPU training, GGUF conversion, or when users mention training on Hugging Face Jobs without local GPU setup.

huggingface-local-models

huggingface/skills

Use to select models to run locally with llama.cpp and GGUF on CPU, Mac Metal, CUDA, or ROCm. Covers finding GGUFs, quant selection, running servers, exact GGUF file lookup, conversion, and OpenAI-compatible local serving.

huggingface-lora-space-builder

huggingface/skills

Build and publish a Gradio demo on Hugging Face Spaces for a user-provided LoRA. Use when someone asks to create, generate, ship, or publish a Space, demo, Gradio app, or playground for a LoRA — including LoRAs for Qwen-Image, Qwen-Image-Edit, LTX-Video, Wan, FLUX, SDXL, or other diffusion base models. Also triggers when someone describes a LoRA they trained or hosts on the Hub and wants to share it. Covers picking the right base pipeline and `diffusers` inference recipe, designing a UI tailored to the LoRA's task and inputs (Union/multi-task control, edit, video, image, etc.), respecting model-card recommendations (trigger words, steps, guidance, LoRA scale, example inputs), and shipping to ZeroGPU hardware as a private Space by default.

huggingface/huggingface-paper-publisher

huggingface/skills

Publish and manage research papers on Hugging Face Hub. Supports creating paper pages, linking papers to models/datasets, claiming authorship, and generating professional markdown-based research articles.

openai/huggingface-paper-publisher

openai/plugins

Publish and manage research papers on Hugging Face Hub. Supports creating paper pages, linking papers to models/datasets, claiming authorship, and generating professional markdown-based research articles.

huggingface/huggingface-papers

huggingface/skills

Look up and read Hugging Face paper pages in markdown, and use the papers API for structured metadata such as authors, linked models/datasets/spaces, Github repo and project page. Use when the user shares a Hugging Face paper page URL, an arXiv URL or ID, or asks to summarize, explain, or analyze an AI research paper.

openai/huggingface-papers

openai/plugins

Look up and read Hugging Face paper pages in markdown, and use the papers API for structured metadata such as authors, linked models/datasets/spaces, Github repo and project page. Use when the user shares a Hugging Face paper page URL, an arXiv URL or ID, or asks to summarize, explain, or analyze an AI research paper.

huggingface-spaces

huggingface/skills

Build, deploy, and maintain applications on Hugging Face Spaces — Gradio / Docker / Static SDKs, ZeroGPU and dedicated hardware, model loading, debugging, buckets, inference providers, community grants. Use whenever the user asks to create or host an app on Hugging Face, port code onto ZeroGPU, fix a Space that won't build or run, or otherwise work with `hf spaces …`, `@spaces.GPU`, Space README frontmatter, or the `spaces` Python package.

huggingface-tgi

mkurman/zorai

HuggingFace Text Generation Inference (TGI). High-performance LLM serving with continuous batching, tensor parallelism, watermarking, and OpenAI-compatible API. Native HF model hub integration.

huggingface-tokenizers

NousResearch/hermes-agent

Fast tokenizers optimized for research and production. Rust-based implementation tokenizes 1GB in <20 seconds. Supports BPE, WordPiece, and Unigram algorithms. Train custom vocabularies, track alignments, handle padding/truncation. Integrates seamlessly with transformers. Use when you need high-performance tokenization or custom tokenizer training.

huggingface-tool-builder

huggingface/skills

Use this skill when the user wants to build tool/scripts or achieve a task where using data from the Hugging Face API would help. This is especially useful when chaining or combining API calls or the task will be repeated/automated. This Skill creates a reusable script to fetch, enrich or process data.

huggingface/huggingface-trackio

huggingface/skills

Track and visualize ML training experiments with Trackio. Use when logging metrics during training (Python API), firing alerts for training diagnostics, or retrieving/analyzing logged metrics (CLI). Supports real-time dashboard visualization, alerts with webhooks, HF Space syncing, and JSON output for automation.

openai/huggingface-trackio

openai/plugins

Track and visualize ML training experiments with Trackio. Use when logging metrics during training (Python API), firing alerts for training diagnostics, or retrieving/analyzing logged metrics (CLI). Supports real-time dashboard visualization, alerts with webhooks, HF Space syncing, and JSON output for automation.

huggingface/huggingface-vision-trainer

huggingface/skills

Trains and fine-tunes vision models for object detection (D-FINE, RT-DETR v2, DETR, YOLOS), image classification (timm models — MobileNetV3, MobileViT, ResNet, ViT/DINOv3 — plus any Transformers classifier), and SAM/SAM2 segmentation using Hugging Face Transformers on Hugging Face Jobs cloud GPUs. Covers COCO-format dataset preparation, Albumentations augmentation, mAP/mAR evaluation, accuracy metrics, SAM segmentation with bbox/point prompts, DiceCE loss, hardware selection, cost estimation, Trackio monitoring, and Hub persistence. Use when users mention training object detection, image classification, SAM, SAM2, segmentation, image matting, DETR, D-FINE, RT-DETR, ViT, timm, MobileNet, ResNet, bounding box models, or fine-tuning vision models on Hugging Face Jobs.

openai/huggingface-vision-trainer

openai/plugins

Trains and fine-tunes vision models for object detection (D-FINE, RT-DETR v2, DETR, YOLOS), image classification (timm models — MobileNetV3, MobileViT, ResNet, ViT/DINOv3 — plus any Transformers classifier), and SAM/SAM2 segmentation using Hugging Face Transformers on Hugging Face Jobs cloud GPUs. Covers COCO-format dataset preparation, Albumentations augmentation, mAP/mAR evaluation, accuracy metrics, SAM segmentation with bbox/point prompts, DiceCE loss, hardware selection, cost estimation, Trackio monitoring, and Hub persistence. Use when users mention training object detection, image classification, SAM, SAM2, segmentation, image matting, DETR, D-FINE, RT-DETR, ViT, timm, MobileNet, ResNet, bounding box models, or fine-tuning vision models on Hugging Face Jobs.

huggingface-zerogpu

huggingface/skills

AI demos and GPU compute with Gradio Spaces and Hugging Face Spaces ZeroGPU. Use when writing or reviewing code that uses `@spaces.GPU`, configuring `python_version` or `requirements.txt` for a ZeroGPU Space, or handling ZeroGPU-specific code constraints — pickle-based process isolation, `gr.State` semantics across the worker boundary, no `torch.compile` (use AoTI instead), CUDA wheel-only builds (no `nvcc` at build or runtime), large vs xlarge sizing, and dynamic duration callables. Make sure to use this skill whenever the user mentions ZeroGPU, `@spaces.GPU`, or the `spaces` Python package, or hits ZeroGPU-specific code errors like `PicklingError` across the worker boundary, `illegal duration`, or `flash-attn` wheel-build failures — even when the user does not explicitly ask for ZeroGPU coding guidance. Trigger on `import spaces` or `@spaces.GPU` in code.

hugo-template-dev

influxdata/docs-v2

Hugo template development skill for InfluxData docs-v2. Enforces proper build and runtime testing to catch template errors that build-only validation misses.

human-protein-atlas-skill

openai/plugins

Submit compact Human Protein Atlas requests for gene JSON, search downloads, and page-level tissue or cell-line lookups. Use when a user wants concise Human Protein Atlas summaries; save raw JSON or HTML only on request.

human-writing

pr-pm/prpm

Write content that sounds natural, conversational, and authentically human - avoiding AI-generated patterns, corporate speak, and generic phrasing

humanitix-automation

ComposioHQ/awesome-claude-skills

"Automate Humanitix tasks via Rube MCP (Composio). Always search tools first for current schemas."

humanize

PolyArch/humanize

Iterative development with AI review. Provides RLCR (Ralph-Loop with Codex Review) for implementation planning and code review loops.

humanize-chinese

diegosouzapw/awesome-omni-skills

Humanize Chinese workflow skill. Use this skill when the user needs Detect and rewrite AI-like Chinese text with a practical workflow for scoring, humanization, academic AIGC reduction, and style conversion. Use when the user asks to \u53bbAI\u5473, \u964dAIGC, \u53bb\u9664AI\u75d5\u8ff9, \u8bba\u6587\u964d\u91cd, \u77e5\u7f51\u68c0\u6d4b, \u7ef4\u666e\u68c0\u6d4b, humanize chinese, detect AI text, or make Chinese text sound more natural and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

humanize-chinese-v2

diegosouzapw/awesome-omni-skills

Humanize Chinese workflow skill. Use this skill when the user needs Detect and rewrite AI-like Chinese text with a practical workflow for scoring, humanization, academic AIGC reduction, and style conversion. Use when the user asks to \u53bbAI\u5473, \u964dAIGC, \u53bb\u9664AI\u75d5\u8ff9, \u8bba\u6587\u964d\u91cd, \u77e5\u7f51\u68c0\u6d4b, \u7ef4\u666e\u68c0\u6d4b, humanize chinese, detect AI text, or make Chinese text sound more natural and the operator should preserve the upstream workflow, copied support files, and provenance before merging or handing off.

humanize-gen-plan

PolyArch/humanize

Generate a structured implementation plan from a draft document. Validates input, checks relevance, analyzes for issues, and generates a complete plan.md with acceptance criteria.

humanize-refine-plan

PolyArch/humanize

Refine an annotated implementation plan into a comment-free plan and a QA ledger while preserving the gen-plan schema.

humanize-rlcr

PolyArch/humanize

Start RLCR (Ralph-Loop with Codex Review) on Codex using the native Stop hook.

humanizer

trailofbits/skills-curated

|

humanizer

NousResearch/hermes-agent

Humanize text: strip AI-isms and add real voice.

humanloop-automation

ComposioHQ/awesome-claude-skills

"Automate Humanloop tasks via Rube MCP (Composio). Always search tools first for current schemas."

humanrail-escalation

automateyournetwork/netclaw

Human-in-the-loop escalation via HumanRail — route low-confidence agent decisions, pre-destructive operation approvals, and ambiguous incident tickets to real human engineers. Human answers are verified and returned as structured output. Workers are paid via Lightning Network. Use when the agent is uncertain, when a destructive change needs explicit human sign-off beyond a ServiceNow CR, or when an ambiguous ticket requires human triage before automated handling.

hume

vm0-ai/vm0-skills

Hume AI API for emotion analysis. Use when user mentions "Hume", "emotion

hunt

H-mmer/pentest-agents

Active vulnerability hunting on a target. Loads scope, reads brain, detects tech stack, runs targeted tests with concrete payloads. Usage: /hunt target.com [--vuln-class idor|xss|ssrf|sqli|ssti|oauth|rce|race|graphql|upload|business-logic|llm-ai]

hunt-apt

dandye/ai-runbooks

"Hunt for a specific APT/threat actor in your environment. Use when you have a threat actor name or GTI collection ID and want to search for their TTPs and IOCs. Gathers intelligence from GTI, searches SIEM for IOCs and TTP-based indicators, and documents findings."

hunt-business-logic

H-mmer/pentest-agents

Hunting skill for business-logic vulnerabilities (CWE-840 Business Logic Errors, CWE-841 Improper Enforcement of Behavioral Workflow, CWE-639 Authorization Bypass via User-Controlled Key in business contexts, CWE-362 race conditions on financial flows). Built from 44 corpus reports plus 8.8K shared-platform reports across HackerOne, Bugcrowd, Huntr, GitHub Security Advisories, plus 2024-2026 meta verified against NVD — Lilishop coupon overpurchasing (CVE-2024-50654 CVSS 7.5), WWBN AVideo wallet double-spend TOCTOU (CVE-2026-34368, GHSA-h54m-c522-h6qr), Keycloak 2FA bypass (CVE-2025-3910, GHSA-5jfq-x6xp-7rw2), AlegroCart 1.2.9 negative-quantity price manipulation (Andrey Stoykov SecLists Apr 2025), Bagisto cart price manipulation (Rudransh Singh Rajpurohit Sep 2025), Doppler free-trial reset (Aditya Sunny Dec 2024), Stripe hasEverTrialed bypass (better-auth #6863 Dec 2025), email-alias trial-abuse (Mahmoud Magdy Dec 2025), Samsung Account 2FA bypass via IMEI leak (Gregory Greekas Dec 2024), 2FA bypass via password reset (KhaledAhmed107 Jan 2026), pre-ATO via SSO migration (Giongnef Jan 2024), Tesla 2020 free vehicle software upgrade race condition, Uber 2016 infinite promo credits, Aditya Bhatt 2025 InfoSec writeup on race-condition coupon stacking. Use when hunting price/quantity manipulation, coupon/discount abuse, race-condition on payment-and-checkout, MFA/2FA bypass, password reset bypass, free-trial abuse, referral abuse, currency-conversion abuse, workflow-step skipping, role/scope escalation, pre-account takeover, OTP enumeration, or any "the app trusted client-side state" finding.

hunt-credential-access

dandye/ai-runbooks

"Hunt for credential access techniques like LSASS dumping or browser credential theft. Use when searching for evidence of credential harvesting. Takes MITRE technique IDs and searches for behavioral indicators in SIEM."

hunt-idor

H-mmer/pentest-agents

Hunting skill for Insecure Direct Object Reference / Broken Object Level Authorization (BOLA — OWASP API1:2023). Built from 1,117 public IDOR bug bounty reports across HackerOne, Bugcrowd, Intigriti, GitHub Security Advisories, Huntr, plus 2024-2026 meta verified against NVD — Sam Curry's automotive chain (Kia/Hyundai/Ferrari), CVE-2026-30956 (OneUptime tenant header bypass CVSS 9.9), CVE-2025-64431 (Zitadel V2Beta Org API), CVE-2026-32131 (Zitadel Management API), CVE-2025-61876 (Inforcer tenant enumeration), CVE-2024-45719 (Apache Answer UUIDv1 token prediction), CVE-2024-50633 (Indico BOLA), plus the GraphQL field-level / nested-object pivot wave and agentic AI cross-tenant family (FastGPT, WeKnora, Paperclip). Use when hunting IDOR / BOLA / cross-tenant data access on web apps, APIs, GraphQL endpoints, multi-tenant SaaS, mobile apps, automotive/IoT platforms, and AI/ML inference servers.

hunt-info-disclosure

H-mmer/pentest-agents

Hunting skill for Information Disclosure / Sensitive Data Exposure (CWE-200 / CWE-209 / CWE-215 / CWE-538 / CWE-668 / CWE-798). Built from 106 corpus reports plus 8K shared-platform reports across HackerOne, Bugcrowd, Huntr, GitHub Security Advisories, plus 2024-2026 meta verified against NVD — Spring Boot Actuator family (CVE-2025-41253 SpEL info-disclosure CVSS 7.5, CVE-2025-41243 Spring Cloud Gateway property modification CVSS 10.0, CVE-2025-22235 EndpointRequest.to wrong matcher CVSS 7.3, CVE-2025-8525 Exrick xboot, CVE-2025-8738 microservices-platform), .git/.env mass exposure (Sysdig EmeraldWhale 15K cloud creds Oct 2024, Unit42 110K domain .env scan Aug 2024), Spring Boot Actuator heapdump → 9TB GPS data Volkswagen disclosure (Wiz Threat Research Dec 2024), debug endpoint family (Dgraph /debug/pprof GHSA-95mq-xwj4-r47p, MinIO LDAP brute-force GHSA-jv87-32hw-hh99, Glances /api/4/serverslist GHSA-r297-p3v4-wp8m, FUXA plaintext DB creds GHSA-c5gq-4h56-4mmx, Harbor default password GHSA-hj7x-hmf2-hc2p, NetBird VPN default admin GHSA-g3j4-58mp-3x25, PraisonAI WebSocket no-auth GHSA-cfh6-vr3j-qc3g, Gradio ACL bypass GHSA-j2jg-fq62-7c3h, Rancher cluster template credentials, ArgoCD Redis cache crypto), and the secrets-in-repo wave (GitGuardian 2026 State of Secrets: 28.65M new hardcoded secrets in 2025, GitHub 2024 secret-scanning report: 39M leaks). Use when hunting exposed credentials, leaked API keys, .git/.env files, debug endpoints, Spring actuator endpoints, S3 bucket misconfig, source-code disclosure, stack trace leakage, user/email enumeration, PII via API, server-side debug surfaces (phpinfo, /server-status), or any Confidentiality-impact-only finding.

hunt-ioc

dandye/ai-runbooks

"Hunt for specific IOCs across your environment. Use when you have a list of IPs, domains, hashes, or URLs from threat intel and want to check if they appear in your SIEM. Systematic searching with enrichment and documentation."

hunt-lateral-movement

dandye/ai-runbooks

"Hunt for lateral movement using PsExec, WMI, or similar techniques. Use when proactively searching for attackers moving through your network using admin tools. Searches for service installations, remote process execution, and suspicious network correlations."

hunt-llm-ai

H-mmer/pentest-agents

Hunting skill for LLM and Agentic AI vulnerabilities — direct + indirect prompt injection, ASCII smuggling data exfil, agentic tool-use abuse, system prompt leakage, vector DB cross-tenant, model server RCE, insecure output handling. Built from public bug bounty reports across HackerOne, Huntr, Project Zero, GitHub Security Advisories, plus 2024-2026 meta verified against NVD — Microsoft 365 Copilot ASCII Smuggling (Johann Rehberger Aug 2024 disclosure), CVE-2025-46059 LangChain GmailToolkit indirect prompt injection (CVSS 9.8), CVE-2025-68613 LangChain PythonREPLTool semantic RCE (CVSS 9.8), CVE-2024-46946 LangChain LLMSymbolicMathChain sympy.sympify, CVE-2025-27520 + CVE-2025-32375 + CVE-2024-2912 BentoML pickle, Ollama RCE family (CVE-2024-37032, CVE-2024-39722, CVE-2024-45436, CVE-2025-44779), CVE-2025-64496 Open WebUI Direct Connections SSE code injection (GHSA-cm35-v4vp-5xvx), CVE-2024-1483/1560/1594 MLflow path traversal. Covers OWASP LLM Top 10 v2025 (LLM01-LLM10) and OWASP Agentic AI Top 10 (AA-01 through AA-10). Use when hunting prompt injection, jailbreaks, agentic tool abuse, RAG poisoning, vector DB IDOR, MCP server compromise, model registry RCE, or any "AI feature" surface in a target.

hunt-oauth

H-mmer/pentest-agents

Hunting skill for OAuth 2.0 / 2.1, OpenID Connect (OIDC), SAML SSO, and JWT authentication. Built from 365 public OAuth/SSO bug bounty reports across HackerOne, GitHub Security Advisories, PortSwigger Research, GitHub Security Lab, Detectify, Doyensec, Salt Labs, Semperis, Obsidian Security, Trace37 plus 2024-2026 meta verified against NVD — ruby-saml parser differentials (CVE-2025-25291/25292, GHSL-2024-329/330), Authentik regex redirect_uri (CVE-2024-52289), workers-oauth-provider PKCE downgrade and redirect_uri (CVE-2025-4143/4144), Entra ID actor token cross-tenant impersonation (CVE-2025-55241), Hono JWT alg confusion (CVE-2026-22817), nOAuth omniauth-microsoft_graph (CVE-2024-21632), Tekton git resolver token exfil (CVE-2026-40161), Flux Operator OIDC empty claims (CVE-2026-23990), Argo CD project token (CVE-2025-55190), tinyauth OIDC client binding (CVE-2026-32245). Use when hunting OAuth / OIDC / SAML / JWT / SSO bugs on web apps, mobile apps, single-page apps, MCP servers, agentic LLM tool-use plugins, GitOps controllers, K8s admission, identity providers, federated login, or any place a `redirect_uri`, `state`, `code`, `access_token`, `id_token`, `assertion`, `client_id`, `client_secret`, `code_verifier`, `code_challenge`, `nonce`, `aud`, `iss`, `sub`, `kid`, or `jku` parameter is processed.

hunt-rce

H-mmer/pentest-agents

Hunting skill for remote code execution. Built from 1,218 public RCE bug bounty reports across HackerOne, Project Zero, Intigriti, GitHub Security Advisories, and curated awesome-* lists, plus 2024-2026 meta verified against NVD — React Server Components (CVE-2025-55182), runc Leaky Vessels (CVE-2024-21626), BentoML pickle (CVE-2025-27520/32375), LangChain REPL (CVE-2025-68613), Tekton git resolver (CVE-2026-40938), OpenProject git argument injection (CVE-2026-24685), ingress-nginx (CVE-2025-1974). Use when hunting RCE on web apps, OSS libraries, admin panels, file processors, CI/CD runners, GitOps controllers, K8s admission webhooks, container runtimes, ML inference servers, agentic LLM tools, or anywhere user input reaches a shell, deserializer, template engine, dynamic loader, or git/curl/tar CLI.

hunt-report

aAAaqwq/AGI-Super-Team

Crypto hunt report — aggregate 4-hour hunting logs into actionable intelligence

hunt-threat

dandye/ai-runbooks

"Conduct proactive, hypothesis-driven threat hunting. Use when performing advanced hunting based on threat intelligence, TTPs, or anomalies. For Tier 3 analysts or dedicated threat hunters. Supports iterative search, pivoting, and comprehensive documentation."

hunt-xss

H-mmer/pentest-agents

Hunting skill for Cross-Site Scripting (XSS) — DOM-based, stored, reflected, mutation-based (mXSS), and modern variants. Built from public bug bounty reports across HackerOne, Intigriti, Bugcrowd, Huntr, and GitHub Security Advisories, plus 2024-2026 meta verified against NVD — DOMPurify nesting mXSS (CVE-2024-47875, GHSA-gx9m-whjm-85jf), DOMPurify depth-bypass family (CVE-2024-45801, GHSA-mmhx-hmjr-r674), DOMPurify mXSS via Re-Contextualization (GHSA-h8r8-wccr-v5f2), Auth0 nextjs-auth0 returnTo (CVE-2025-67716, GHSA-mr6f-h57v-rpj5), React Server Components DoS family (CVE-2025-67779/55184, GHSA-5j59-xgg2-r9c4), markdown-to-jsx iframe XSS (CVE-2024-21535), listmonk stored XSS → Admin ATO (GHSA-jmr4-p576-v565, CVSS 8.0). Use when hunting DOM XSS, stored XSS, reflected XSS, postMessage XSS, mXSS, sanitizer bypass (DOMPurify / sanitize-html / bleach), OAuth redirect_uri XSS, prototype pollution → XSS gadgets, markdown renderer XSS, Server Components content injection, agentic LLM output injection.

Hunter Automation

ComposioHQ/awesome-claude-skills

"Automate Hunter.io email intelligence -- search domains for email addresses, find specific contacts, verify email deliverability, manage leads, and monitor account usage -- using natural language through the Composio MCP integration."

hunter-io

TerminalSkills/skills

>-

hunting-advanced-persistent-threats

mukul975/Anthropic-Cybersecurity-Skills

>

hunting-credential-stuffing-attacks

mukul975/Anthropic-Cybersecurity-Skills

>

hunting-for-anomalous-powershell-execution

mukul975/Anthropic-Cybersecurity-Skills

>

hunting-for-beaconing-with-frequency-analysis

mukul975/Anthropic-Cybersecurity-Skills

Identify command-and-control beaconing patterns in network traffic by applying statistical frequency analysis, jitter calculation, and coefficient of variation scoring to detect periodic callbacks from compromised endpoints.

hunting-for-cobalt-strike-beacons

mukul975/Anthropic-Cybersecurity-Skills

Detect Cobalt Strike beacon network activity using default TLS certificate signatures (serial 8BB00EE), JA3/JA3S/JARM fingerprints, HTTP C2 profile pattern matching, beacon jitter analysis, and named pipe detection via Zeek, Suricata, and Python PCAP analysis.

hunting-for-command-and-control-beaconing

mukul975/Anthropic-Cybersecurity-Skills

Detect C2 beaconing patterns in network traffic using frequency analysis, jitter detection, and domain reputation to identify compromised endpoints communicating with adversary infrastructure.

hunting-for-data-exfiltration-indicators

mukul975/Anthropic-Cybersecurity-Skills

Hunt for data exfiltration through network traffic analysis, detecting unusual data flows, DNS tunneling, cloud storage uploads, and encrypted channel abuse.

hunting-for-data-staging-before-exfiltration

mukul975/Anthropic-Cybersecurity-Skills

Detect data staging activity before exfiltration by monitoring for archive creation with 7-Zip/RAR, unusual temp folder access, large file consolidation, and staging directory patterns via EDR and process telemetry

hunting-for-dcom-lateral-movement

mukul975/Anthropic-Cybersecurity-Skills

>

hunting-for-dcsync-attacks

mukul975/Anthropic-Cybersecurity-Skills

Detect DCSync attacks by analyzing Windows Event ID 4662 for unauthorized DS-Replication-Get-Changes requests from non-domain-controller accounts.

hunting-for-defense-evasion-via-timestomping

mukul975/Anthropic-Cybersecurity-Skills

>

hunting-for-dns-based-persistence

mukul975/Anthropic-Cybersecurity-Skills

Hunt for DNS-based persistence mechanisms including DNS hijacking, dangling CNAME records, wildcard DNS abuse, and unauthorized zone modifications using passive DNS databases, SecurityTrails API, and DNS audit log analysis.

hunting-for-dns-tunneling-with-zeek

mukul975/Anthropic-Cybersecurity-Skills

Detect DNS tunneling and data exfiltration by analyzing Zeek dns.log for high-entropy subdomain queries, excessive query volume, long query lengths, and unusual DNS record types indicating covert channel communication.

hunting-for-domain-fronting-c2-traffic

mukul975/Anthropic-Cybersecurity-Skills

Detect domain fronting C2 traffic by analyzing SNI vs HTTP Host header mismatches in proxy logs and TLS certificate discrepancies using pyOpenSSL for certificate inspection

hunting-for-lateral-movement-via-wmi

mukul975/Anthropic-Cybersecurity-Skills

Detect WMI-based lateral movement by analyzing Windows Event ID 4688 process creation and Sysmon Event ID 1 for WmiPrvSE.exe child process patterns, remote process execution, and WMI event subscription persistence.

hunting-for-living-off-the-cloud-techniques

mukul975/Anthropic-Cybersecurity-Skills

Hunt for adversary abuse of legitimate cloud services for C2, data staging, and exfiltration including abuse of Azure, AWS, GCP services, and SaaS platforms.

hunting-for-living-off-the-land-binaries

mukul975/Anthropic-Cybersecurity-Skills

Proactively hunt for adversary abuse of legitimate system binaries (LOLBins) to execute malicious payloads while evading detection.

hunting-for-lolbins-execution-in-endpoint-logs

mukul975/Anthropic-Cybersecurity-Skills

Hunt for adversary abuse of Living Off the Land Binaries (LOLBins) by analyzing endpoint process creation logs for suspicious execution patterns of legitimate Windows system binaries used for malicious purposes.

hunting-for-ntlm-relay-attacks

mukul975/Anthropic-Cybersecurity-Skills

Detect NTLM relay attacks by analyzing Windows Event 4624 logon type 3 with NTLMSSP authentication, identifying IP-to-hostname mismatches, Responder traffic signatures, SMB signing status, and suspicious authentication patterns across the domain.

hunting-for-persistence-mechanisms-in-windows

mukul975/Anthropic-Cybersecurity-Skills

Systematically hunt for adversary persistence mechanisms across Windows endpoints including registry, services, startup folders, and WMI subscriptions.

hunting-for-persistence-via-wmi-subscriptions

mukul975/Anthropic-Cybersecurity-Skills

Hunt for adversary persistence through Windows Management Instrumentation event subscriptions by monitoring WMI consumer, filter, and binding creation events that execute malicious code triggered by system events.

hunting-for-process-injection-techniques

mukul975/Anthropic-Cybersecurity-Skills

Detect process injection techniques (T1055) including CreateRemoteThread, process hollowing, and DLL injection via Sysmon Event IDs 8 and 10 and EDR process telemetry

hunting-for-registry-persistence-mechanisms

mukul975/Anthropic-Cybersecurity-Skills

Hunt for registry-based persistence mechanisms including Run keys, Winlogon modifications, IFEO injection, and COM hijacking in Windows environments.

hunting-for-registry-run-key-persistence

mukul975/Anthropic-Cybersecurity-Skills

Detect MITRE ATT&CK T1547.001 registry Run key persistence by analyzing Sysmon Event ID 13 logs and registry queries to identify malicious auto-start entries.

hunting-for-scheduled-task-persistence

mukul975/Anthropic-Cybersecurity-Skills

Hunt for adversary persistence via Windows Scheduled Tasks by analyzing task creation events, suspicious task actions, and unusual scheduling patterns.

hunting-for-shadow-copy-deletion

mukul975/Anthropic-Cybersecurity-Skills

Hunt for Volume Shadow Copy deletion activity that indicates ransomware preparation or anti-forensics by monitoring vssadmin, wmic, and PowerShell shadow copy commands.

hunting-for-spearphishing-indicators

mukul975/Anthropic-Cybersecurity-Skills

Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect targeted email attacks.

hunting-for-startup-folder-persistence

mukul975/Anthropic-Cybersecurity-Skills

Detect T1547.001 startup folder persistence by monitoring Windows startup directories for suspicious file creation, analyzing autoruns entries, and using Python watchdog for real-time filesystem monitoring.

hunting-for-supply-chain-compromise

mukul975/Anthropic-Cybersecurity-Skills

Hunt for supply chain compromise indicators including trojanized software updates, compromised dependencies, unauthorized code modifications, and tampered build artifacts.

hunting-for-suspicious-scheduled-tasks

mukul975/Anthropic-Cybersecurity-Skills

Hunt for adversary persistence and execution via Windows scheduled tasks by analyzing task creation events, suspicious task properties, and unusual execution patterns that indicate T1053.005 abuse.