Community研究與資料分析github.com

ghostsecurity/ghost-proxy

Starts and controls the reaper MITM proxy to capture, inspect, search, and replay HTTP/HTTPS traffic between clients and servers. Capabilities include starting/stopping the proxy scoped to specific domains, viewing captured request/response logs, searching traffic by method/path/status/host, and inspecting full raw HTTP entries for security analysis. Use when the user asks to "start the proxy", "capture traffic", "intercept requests", "inspect HTTP traffic", "search captured requests", or "view request/response".

相容平台~Claude Code~Codex CLI~Cursor
npx skills add https://github.com/ghostsecurity/skills/tree/main/skills/ghost-proxy
查看原文瀏覽所有技能

Ask in your favorite AI

Open a new chat with this agent skill pre-loaded.

OpenAIChatGPTClaudeClaudeGeminiGeminiGrokGrokPerplexityPerplexityDeepSeekDeepSeek

說明文件

ghostsecurity/ghost-proxy

Starts and controls the reaper MITM proxy to capture, inspect, search, and replay HTTP/HTTPS traffic between clients and servers. Capabilities include starting/stopping the proxy scoped to specific domains, viewing captured request/response logs, searching traffic by method/path/status/host, and inspecting full raw HTTP entries for security analysis. Use when the user asks to "start the proxy", "capture traffic", "intercept requests", "inspect HTTP traffic", "search captured requests", or "view request/response".

Individual skills in this repo

This repo contains 6 individual skills — each has its own dedicated page.

ghostsecurity/ghost-repo-context

Scans directory structure, detects projects, maps dependencies, and documents code organization into a repo.md file. Use when the user needs a codebase overview, project structure map, or repository context before security analysis.

ghostsecurity/ghost-report

Ghost Security — combined security report. Aggregates findings from all scan skills (scan-deps, scan-secrets, scan-code) into a single prioritized report focused on the highest risk, highest confidence issues. Use when the user requests a security overview, vulnerability summary, full security audit, or combined scan results.

ghostsecurity/ghost-scan-code

Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF, and other OWASP categories. Supports applications (backend, frontend, mobile) and libraries (prototype pollution, unsafe deserialization, ReDoS, path traversal, zip slip). Use when the user asks for a code security audit, SAST scan, vulnerability scan of source code, or wants to find security flaws in a codebase or library.

ghostsecurity/ghost-scan-deps

Ghost Security - Software Composition Analysis (SCA) scanner. Scans dependency lockfiles for known vulnerabilities, identifies CVEs, and generates findings with severity levels and remediation guidance. Use when the user asks about dependency vulnerabilities, vulnerable packages, CVE checks, security audits of dependencies, or wants to scan lockfiles like package-lock.json, yarn.lock, go.sum, or Gemfile.lock.

ghostsecurity/ghost-scan-secrets

Ghost Security - Secrets and credentials scanner. Scans codebase for leaked API keys, tokens, passwords, and sensitive data. Detects hardcoded secrets and generates findings with severity and remediation guidance. Use when the user asks to check for leaked secrets, scan for credentials, find hardcoded API keys or passwords, detect exposed .env values, or audit code for sensitive data exposure.

ghostsecurity/ghost-validate

This skill should be used when the user asks to "validate a finding", "check if a vulnerability is real", "triage a security finding", "confirm a vulnerability", "determine if a finding is a true positive or false positive", or provides a security finding for review. It validates security vulnerability findings by tracing data flows, verifying exploit conditions, analyzing security controls, and optionally testing attack vectors against a live application.

相關技能

addyosmani/agent-skills

Agent skill repository discovered by 10x-chat research.

community

lumiorchid-alt/weibo-scrape

本地微博(Weibo)抓取 CLI + agent skill:访客态免登录、图片本地 OCR、结构化 JSON 输出,为 AI agent 而生。

community

merit-systems/web-research

Neural web search and content extraction using x402-protected APIs. Better than WebSearch for deep research and WebFetch for blocked sites. USE FOR: - Deep web research and investigation - Finding similar pages to a reference URL - Extracting clean text from web pages - Scraping sites that block standard fetchers - Getting direct answers to factual questions - Research requiring multiple sources - Crawling multiple pages from a website TRIGGERS: - "research", "investigate", "deep dive", "find sources" - "similar to", "pages like", "more like this" - "scrape", "extract content from", "get the text from" - "blocked site", "can't access", "paywall" - "what is", "explain", "answer this" - "crawl", "crawl site", "scrape entire site" Use `npx agentcash@latest fetch` for stableenrich.dev endpoints. Prefer Exa for semantic/neural search, Firecrawl for direct scraping.

community

bermudas/quality-engineering-skills

Curated Claude Code plugin marketplace for quality engineering, test automation, and SDLC tooling — ELITEA Next MCP, QA agents, test framework skill bundles (qavajs, Vividus, Tosca, ServiceNow ATF), agent-evaluator, and sdlc-skills.

community

deanpeters/pestel-analysis

Analyze political, economic, social, technological, environmental, and legal forces. Use when external market shifts could materially affect a product, roadmap, or strategy.

community

hqhq1025/skill-optimizer

Agent skill repository discovered by 10x-chat research.

community
← More 研究與資料分析 skills