MCP App StoreMCP App Store
from security-skill19
Send concurrent request bursts to detect TOCTOU, coupon reuse, double-spend and other web endpoint race conditions.
This skill provides a practical workflow for testing web endpoints for race-condition vulnerabilities by launching controlled concurrent requests against stateful operations (coupon redemption, balance debit, order placement, OTP verification). It walks the agent through identifying likely targets, crafting request payloads, executing synchronized bursts (using curl + GNU parallel), and analysing response patterns and server-side state to determine if multiple requests were erroneously accepted.
Use this skill during security assessments, bug-bounty triage, or QA when you suspect non-atomic operations: promo code redemption, gift-credit spending, inventory decrement on purchase, OTP/token verification, or rate-limited sensitive actions. It helps confirm TOCTOU, double-spend, and limit-overrun weaknesses.
Best for agents that can run shell commands or provide guidance for pentesting workflows (agents with bash/CLI tooling, security-focused assistants).
A security testing skill for detecting race condition vulnerabilities (TOCTOU, coupon reuse, double-spend) via concurrent HTTP request bursts using curl and GNU parallel. Well-documented with clear steps, input table, failure modes, and impact classification. No bundled scripts — all instructions are inline bash in SKILL.md. Legitimate pentest/bug-bounty tool with shell injection risk in variable interpolation but no malicious intent.
Security-focused testing skill for legitimate use. The concurrent request technique is standard for race condition testing. Shell injection risk is moderate since the user controls the input variables. No exfiltration, no phone-home, no destructive commands. Well-written documentation with good coverage of failure modes and impact assessment.
Development Worktree
Create an isolated git worktree for feature work, auto-run project setup, and verify a clean test baseline before development.
Bounty Hunter — Atlas
Persona skill: 'Atlas' — a profit-focused developer persona for discovering, evaluating and executing paid bounties or freelance tasks with ROI-aware workflows.
TradeOS
Natural-language driven CEX trading and portfolio management for agents: API key vaulting, multi-exchange orders, DCA, arbitrage scanning, alerts and security r
Full Stack Builder
End-to-end builder that scaffolds, implements, tests, and optionally deploys web and API applications from a natural-language specification.
Claw Bench
Benchmarking skill that guides an agent through a structured suite of capability tests and reporting steps for leaderboard submission.
Java 25 & Spring Boot 4 Code Reviewer
Run focused, evidence-based code reviews for Java 25 and Spring Boot 4 projects — migration risks, architecture boundaries, null-safety (JSpecify), security, an
ArcKit — French Public Procurement (fr-marche-public)
Generates French public procurement (Dossier de Consultation des Entreprises) drafts aligned with the Code de la Commande Publique, UGAP frameworks, and DINUM d
Speak Security Basics
Security best practices for integrating Speak: API key management, audio data privacy, student data protection, and COPPA/FERPA compliance for production deploy