MCP App StoreMCP App Store
from decepticon4,341
Techniques and reconnaissance steps for attacking or testing DAO governance: flash-loan voting, delegation hijack, quorum dilution, proposal spam, time-lock byp
Practical attack classes and reconnaissance steps for compromising DAO governance systems. Covers flash-loan-backed votes, delegation hijack, quorum dilution, proposal-spam denial-of-service, time-lock/emergency multisig bypass, and Snapshot vs on-chain voting desynchronisation. Includes code sketches, defender checks, and tooling guidance for simulating attacks on a fork.
Use this skill when assessing or simulating governance security for token-based DAOs, or when hunting for governance weaknesses during a red-team engagement. Trigger when investigating GovernorBravo-style setups, ERC20Votes delegation patterns, Snapshot-based governance flows, or when planning a governance audit.
Best used with agents that can run CLI tooling and interact with on-chain RPCs (Foundry/forge, cast, Tenderly integrations) and red-team automation frameworks.
This skill has not been reviewed by our automated audit pipeline yet.
Scanner Skill — Decepticon
High-volume codebase scanner that shards work, ranks suspicious locations, and promotes a concise set of candidates for deeper analysis.
AD Overview (Decepticon)
Playbook and workflows for Active Directory offensive operations: BloodHound ingestion, Kerberoasting, ADCS ESC scanning, DCSync and LAPS extraction.
APT29 (Cozy Bear) Adversary Emulation Profile
Adversary-emulation profile that maps APT29 (Cozy Bear) ATT&CK TTPs to Decepticon tooling for realistic, cloud- and identity-focused red-team exercises.
Web Recon — Web Application Reconnaissance Hub
Directory, vhost and API enumeration hub with CMS scanning, WAF detection, auth mapping and cookie auditing — a reconnaissance orchestration skillset.
T5 — Model & API Exploitation
Techniques to probe and exploit LLM APIs: rate-limit abuse, token-cost amplification, schema bypass, model-version manipulation, and related probes.
AWP (Agent Work Protocol)
Tooling and scripts for onboarding, staking, allocation, and managing agents on the AWP network (Base/Ethereum/Arbitrum/BSC). Includes safe, opt-in daemon and r
Monad Development
Practical developer skill for deploying and verifying smart contracts, configuring Foundry projects, and integrating frontends (viem/wagmi) on the Monad blockch
Reverse Engineer
Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for
Sandbox0 Integration
Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.
OpenTestAI
Automated, high-confidence AI testing: bug detection, persona feedback, and prioritized test-case generation using many specialized tester profiles.
CTF Write-up Generator
Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.
Reppo — AgentMind Publisher
Publish creative content to Moltbook and mint posts as on-chain pods on Reppo.ai (Base) to earn $REPPO through human voting.
Minimal Run & Audit (repro reporting)
Execute a README-first smoke test and produce standardized reproducibility outputs (`repro_outputs/`) and PATCHES.md — trusted reporting for repo reproduction r