superhackers

Use this to plan and execute a full security assessment. Orchestrates all security skills - from scoping through testing to reporting.

Use this to write a professional security report documenting findings, impact, evidence, and remediation guidance.

Use this to start reconnaissance and enumeration on a target. Discovers attack surface, services, endpoints, and technologies before testing.

Senior security reviewer agent. Reviews pentest findings, exploit code, and security assessment deliverables. Example prompts: - "Review my pentest findings for this webapp" - "Check if this exploit PoC is safe and complete" - "Review the security report before delivery" - "Validate these vulnerability classifications"

Use when testing Android applications for security vulnerabilities. Triggers: APK analysis, mobile app assessment, Android static analysis, dynamic analysis, runtime manipulation with Frida, traffic interception with mitmproxy, SSL pinning bypass, root detection bypass, insecure data storage testing, exported component abuse, deeplink fuzzing, content provider exploitation, reverse engineering Android apps, OWASP Mobile Top 10 assessment, certificate pinning testing, biometric bypass, intent injection.

Use when testing APIs for security vulnerabilities, assessing REST/GraphQL/gRPC/WebSocket/SOAP endpoints, testing API authentication and authorization (OAuth2, JWT, API keys), discovering undocumented API endpoints, testing for BOLA/IDOR in API resources, performing API fuzzing, analyzing API traffic, testing rate limiting, or when the target exposes programmatic interfaces requiring security assessment per OWASP API Security Top 10.

Use when orchestrating security assessments across multiple related components. Automatically detects related targets (APIs, subdomains, backend services) and triggers appropriate assessments. Use when a primary assessment request implies related sub-targets (e.g., web app → API, mobile app → backend). Expands assessment scope intelligently based on component relationships while maintaining audit trail and user control.

Use when facing 2+ independent security tasks that can be worked on without shared state or sequential dependencies — parallel scans across targets, simultaneous testing of unrelated attack surfaces, or concurrent investigation of independent findings

Use when needing to exploit a confirmed vulnerability, generate payloads, craft reverse shells, use Metasploit modules, write custom exploit scripts, perform post-exploitation, escalate privileges, pivot through networks, bypass security controls, or when the user asks to exploit, pwn, pop a shell, gain access, or weaponize a finding.

Use when assessing security for Python FastAPI applications. Focuses on Pydantic exploitation, dependency injection gaps, OpenAPI exposure, ASGI middleware security, and Python-specific vulnerabilities like template injection and SSRF.

Use when active testing is complete, all findings are verified, and you need to finalize the engagement — guides completion by presenting structured options for report delivery, evidence archival, artifact cleanup, and client handoff

Security assessment methodology for Google Firebase applications, covering Firestore, Realtime Database, Cloud Storage, and Cloud Functions.

Use when testing GraphQL APIs for common vulnerabilities including introspection exploitation, authorization bypasses, batching abuse, and denial of service. Covers endpoint discovery, schema analysis, and exploitation of GraphQL-specific features like federation and directives.

Use when testing network infrastructure, servers, or internal/external networks. Triggers: host discovery, port scanning, service enumeration, vulnerability assessment, exploitation of network services, Active Directory attacks, password cracking, lateral movement, pivoting, privilege escalation, cloud infrastructure testing, network-level attacks like MITM or ARP spoofing. Covers TCP/UDP services including SSH, FTP, SMB, RDP, SNMP, DNS, LDAP, Kerberos, WinRM. Applies to both Linux and Windows targets in on-prem and cloud environments.

Comprehensive security testing for Next.js applications, covering App Router, RSC, Server Actions, and common deployment misconfigurations.

Use when starting a new engagement, scoping a target, gathering intelligence before exploitation, discovering attack surface, enumerating services and technologies, performing subdomain discovery, identifying entry points, or when the user asks to scan, enumerate, fingerprint, or map a target network or application.

Use when reviewing source code for security vulnerabilities, performing static analysis of a codebase, auditing code for injection flaws, authentication issues, cryptographic weaknesses, insecure deserialization, SSRF, path traversal, memory safety bugs, hardcoded secrets, or misconfigurations. Use when the user asks to find security bugs in code, assess code quality from a security perspective, or review pull requests for security implications. Use when performing dependency audits, secrets scanning, or configuration review of application source.

Use when planning, scoping, or executing a comprehensive security assessment, penetration test, red team engagement, or security audit. Use when the user needs to coordinate multiple security testing activities, define assessment scope and rules of engagement, perform threat modeling, rate risk using CVSS, map findings to compliance frameworks (OWASP Top 10, PCI DSS, SOC 2, ISO 27001), manage assessment lifecycle from planning through reporting, or orchestrate multiple security skills together. Use as the master coordinator when no single specialized skill covers the full task.

Use when security tools are being blocked by WAF, rate limiting, or intrusion detection systems. Provides comprehensive evasion techniques including User-Agent spoofing, header randomization, timing evasion, session mimicking, and WAF bypass patterns for stealthy security assessments.

Security assessment and exploitation methodology for Supabase-backed applications, focusing on PostgREST, RLS policies, and Edge Functions.

Use when starting security work that needs isolation from current workspace, before executing engagement plans, or when testing exploits that could affect the working tree — creates isolated git worktrees with smart directory selection and safety verification

Use when starting any security task, pentest, vulnerability assessment, code review, recon, exploit development, or security assessment. Use FIRST before loading any other superhackers skill. Use when unsure which security skill to load. Use when planning a multi-phase security engagement.

Use when a scanner or manual testing has identified a potential vulnerability that needs confirmation, when eliminating false positives from automated scan results, when determining real-world exploitability and impact of a finding, when collecting evidence for a security report, when chaining multiple low-severity issues into a higher-impact attack, or when verifying that a patch or remediation actually fixes a vulnerability.

Use when documenting security findings, writing pentest reports, creating vulnerability advisories, drafting executive summaries for security assessments, formatting evidence for security deliverables, scoring vulnerabilities with CVSS, writing remediation guidance, or producing any security assessment documentation deliverable.

Use when creating new superhackers security skills, editing existing security skills, reviewing skill quality before deployment, or when a gap is discovered during a security engagement and needs to be captured as a reusable skill.

1 hook across 1 event