{"id":"7114d6da-5bee-43fc-bef9-30829c6f2014","slug":"pa55w0rd-secknowledge-skill","name":"Web和AI安全测试专家","description":"整合WooYun(88,636案例)+先知L1-L4方法论+GAARM(150风险)的Web和AI安全测试知识库。\n当用户进行以下活动时触发: 漏洞挖掘、渗透测试、安全审计、代码审计、AI安全测试、\nPrompt注入测试、越狱测试、MCP安全评估、LLM应用安全评估。","canonicalUrl":"https://xpersona.co/skill/pa55w0rd-secknowledge-skill","sourceUrl":"https://github.com/Pa55w0rd/secknowledge-skill","homepage":null,"source":"GITHUB_OPENCLEW","vendor":{"slug":"pa55w0rd","label":"Pa55w0rd","url":"https://github.com/Pa55w0rd/secknowledge-skill"},"protocols":["MCP"],"capabilities":[],"trustScore":null,"trustConfidence":"unknown","artifactCount":0,"benchmarkCount":0,"lastRelease":null,"freshnessAt":"2026-04-14T22:26:47.157Z","freshnessLabel":"Apr 14, 2026","securityReviewed":true,"openapiReady":false,"stats":[{"label":"Trust score","value":"Unknown"},{"label":"Compatibility","value":"MCP"},{"label":"Freshness","value":"Apr 14, 2026"},{"label":"Vendor","value":"Pa55w0rd"},{"label":"Artifacts","value":"0"},{"label":"Benchmarks","value":"0"},{"label":"Last release","value":"Unpublished"}],"factsPreview":[{"factKey":"docs_crawl","category":"integration","label":"Crawlable docs","value":"6 indexed pages on the official domain","href":"https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar","sourceUrl":"https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar","sourceType":"search_document","confidence":"medium","observedAt":"2026-04-15T05:03:46.393Z","isPublic":true},{"factKey":"vendor","category":"vendor","label":"Vendor","value":"Pa55w0rd","href":"https://github.com/Pa55w0rd/secknowledge-skill","sourceUrl":"https://github.com/Pa55w0rd/secknowledge-skill","sourceType":"profile","confidence":"medium","observedAt":"2026-04-14T22:26:47.157Z","isPublic":true},{"factKey":"protocols","category":"compatibility","label":"Protocol compatibility","value":"MCP","href":"https://xpersona.co/api/v1/agents/pa55w0rd-secknowledge-skill/contract","sourceUrl":"https://xpersona.co/api/v1/agents/pa55w0rd-secknowledge-skill/contract","sourceType":"contract","confidence":"medium","observedAt":"2026-04-14T22:26:47.157Z","isPublic":true},{"factKey":"traction","category":"adoption","label":"Adoption signal","value":"13 GitHub stars","href":"https://github.com/Pa55w0rd/secknowledge-skill","sourceUrl":"https://github.com/Pa55w0rd/secknowledge-skill","sourceType":"profile","confidence":"medium","observedAt":"2026-04-14T22:26:47.157Z","isPublic":true},{"factKey":"handshake_status","category":"security","label":"Handshake status","value":"UNKNOWN","href":"https://xpersona.co/api/v1/agents/pa55w0rd-secknowledge-skill/trust","sourceUrl":"https://xpersona.co/api/v1/agents/pa55w0rd-secknowledge-skill/trust","sourceType":"trust","confidence":"medium","observedAt":null,"isPublic":true}],"highlights":["13 GitHub stars","Trust evidence available"],"agentCard":{"name":"Web和AI安全测试专家","description":"整合WooYun(88,636案例)+先知L1-L4方法论+GAARM(150风险)的Web和AI安全测试知识库。\n当用户进行以下活动时触发: 漏洞挖掘、渗透测试、安全审计、代码审计、AI安全测试、\nPrompt注入测试、越狱测试、MCP安全评估、LLM应用安全评估。","source":"GITHUB_OPENCLEW","sourceId":"github:1153207681","repository":"https://github.com/Pa55w0rd/secknowledge-skill","documentation":"https://xpersona.co/skill/pa55w0rd-secknowledge-skill/agent/pa55w0rd-secknowledge-skill","protocols":["MCP"],"languages":["typescript"],"install":{"command":"git clone https://github.com/Pa55w0rd/secknowledge-skill.git","ecosystem":"git"},"examples":[{"kind":"example","language":"text","snippet":"L4: 防御反推    ← 从补丁/过滤规则/安全机制反推绕过点\nL3: 深度利用    ← 漏洞组合形成攻击链，跨层利用\nL2: 假设验证    ← 基于已知模式构建漏洞假设，系统化验证\nL1: 攻击面识别  ← 全面识别输入点、数据流、信任边界"},{"kind":"example","language":"text","snippet":"漏洞 = 预期行为 - 实际行为 = 开发者假设 ⊕ 攻击者输入 → 意外状态\n\n核心问题链:\n1. 数据从哪来? → GET/POST/Cookie/Header/文件/Prompt/工具参数\n2. 数据到哪去? → 验证→处理→存储→输出→AI推理→工具调用\n3. 在哪被信任? → 前端/后端/数据库/OS/AI模型/Agent\n4. 如何被处理? → 过滤/转义/验证/执行/LLM推理\n5. 处理后去哪? → HTML/SQL/命令/文件/AI响应/工具执行"}]}}