403-bypass
Use when encountering HTTP 403 Forbidden responses during pentests or bug bounty hunting, testing access control bypasses, trying to reach restricted endpoints, admin panels, or protected API routes. Also trigger when the user says "403 bypass", "bypass forbidden", "access denied bypass", "forbidden page bypass", or "trying to access restricted endpoint". Use this whenever a 403 needs to be tested - not just blindly accepted.
attack-path-architect
Generates strategic attack trees and kill chains from reconnaissance data or domain input. Maps MITRE ATT&CK TTPs, identifies chaining opportunities, trust relationships, and prioritizes attack paths by feasibility and impact. Use when user asks for "attack path", "kill chain", "attack tree", "threat modeling from recon", "attack surface analysis", or "prioritize targets". Requires prior recon data or a domain to analyze. For authorized pentesting and red team engagements only.
hacker
Red team agent for vm2 sandbox escape testing. Systematically attempts to break out of the vm2 JavaScript sandbox by exploiting known and novel attack vectors. Use this skill whenever the user makes changes to vm2's sandbox code (bridge.js, setup-sandbox.js, setup-node-sandbox.js, vm.js, nodevm.js, transformer.js) and wants to verify the sandbox still holds. Also use when the user asks to "hack", "attack", "test security", "try to escape", "red team", or "pentest" the sandbox. Trigger on any request to find sandbox escapes or verify sandbox integrity.
HackTricks MCP Server
Search and query HackTricks pentesting documentation with quick lookup and section extraction