Skills Arsenal

Commit, push, and deploy — smart. Detects what changed (dashboard, src, store, config) and runs only the required deploy steps. Handles stash/rebase to avoid rejection on diverged branches.

Pull the latest commits for the current repo using --ff-only. Shows what changed if new commits were pulled. Stops if branches have diverged — never merges or force-ops.

Pull-then-push in a single command. Detects diverged branches and stops safely. Best when another chat may have pushed since your last pull and you also have local changes to ship.

Sync completed work to the ops dashboard and GitHub issues. Creates or updates GitHub issue for the work, PATCHes ops project status, and outputs a confirmation summary. Reads DASHBOARD_SECRET from .env.

Update internal docs after a feature batch: CHANGELOG, PROGRESS.md, and .claude/context/ files. Runs before /ops-sync. Captures what was built in session memory, not external tracking.

10-block pre-validation gate that must pass before any finding is marked SUBMIT-READY. Checks: program status, placeholders, OOS placement, duplicate, audit grep, PoC validation (EVM gas / web2 response body / RPC), TVL, source reachability, defense baseline, governance precondition, and public gist verify.

Atomically update all bounty tracking files when a finding is submitted or status-changes. Updates store/bounty-log.json, SUBMIT-NEXT.md, SUBMISSIONS.md, and the report file status line in one response. Commits and pushes on completion.

Classify risk before acting. Assigns Low / Medium / High tier with safeguards, rollback path, and assumptions. High = stop and ask user. Covers production data, destructive commands, and broad-scope refactors.

Structured verification of a code change. Selects tier (Quick Smoke / Targeted Regression / Deep Verification), runs explicit checks with verbatim command output, and reports coverage gaps. Every PASS must be backed by executed output — not code inspection.

Sub-agent prompt for adversarial verification. Spawns an independent worker that tries to break the implementation (not rubber-stamp it). Probes concurrency, boundary values, idempotency, and orphan operations. Returns PASS / FAIL / PARTIAL with verbatim evidence.

Session close hook. Rewrites Continuity.md (dated block: what changed, what's open, gotchas), updates CONVERGEHERE.md (last session state + next action), and appends to session-journal.md via script. Run before ending any session.

Spawn a single sub-agent for a one-off task. Always use this instead of the bare Agent tool. Keeps lead context clean for coordination. For any task that takes >2 minutes or >5 tool calls, delegate via create-sub.

Spawn parallel sub-agents for independent tasks. Specify model per teammate to control cost. Haiku for lookup/search, Sonnet for implementation, never Opus for teammates. Cap: 3-5 typical, 15 max. Each worker prompt must be fully self-contained.

Orchestration protocol for multi-agent work with 3+ workers or multi-phase pipelines (Research → Synthesis → Implementation → Verification). Lead directs, synthesizes, and verifies. Never delegates comprehension. Worker prompts must be self-contained with file paths and success criteria.

Rules for spawning and managing Claude Code teams efficiently. Defines model tiers (Haiku=1x cost, Sonnet=10x, Opus=60x), spawn caps (15 max), team patterns (research/implementation/mixed), and cost controls. Never use Opus for teammates.

Autonomous anytime development loop for the bounty team. Runs the full pipeline continuously: pick target → clone → recon → hypothesis → PoC → preval gate → report. Self-paces using ScheduleWakeup. Can run unattended for hours.

Overnight bounty hunting run. Extended autonomous loop optimized for unattended execution — longer sleep intervals, conservative gas estimates, skips anything requiring human confirmation. Runs full pipeline while you sleep.

Run a prompt or slash command on a recurring interval using ScheduleWakeup. Omit the interval to let the model self-pace. Cache-aware: stays under 300s to keep context warm. Use for polling, repeated checks, or any task needing periodic execution.

Create, update, list, or run scheduled remote agents (triggers) that execute on a cron schedule. Manages persistent schedules that survive session restarts. Use for recurring tasks that need to run even when Claude Code is not active.

Bootstrap a self-improving agent kit for a new project. Sets up the .claude/ directory structure, CLAUDE.md, learnings/, and companion context files. Creates the foundation for autonomous development loops on a new codebase.

Decompose a topic into 2-3 search queries, cross-validate across 2+ sources, and output a structured knowledge entry with confidence level (High/Medium/Low) and expiry date. Optionally appends to 06-RAGFILE.md or a specified knowledge base section.

Process handoff files from Pi + Ollama scout/reason passes. Reads hypothesis JSON (confidence > 0.7, rejection_risk < 8), writes Foundry fork tests, runs them, and converts passing tests into Cantina-format reports. Logs failures with root-cause analysis.

Scan all package.json and requirements.txt files against the OSV.dev vulnerability database (no API key required). Filters to CRITICAL/HIGH severity. 50ms rate limiting. With --alert, appends findings to .learnings/ERRORS.md.

Run a single described task with full GSD guarantees: execute completely, verify all files updated, commit via /push, report back in one sentence. Applies all CLAUDE.md rules including ACL gate and 3-file atomic updates for bounty reports.

Auto-detect and begin the highest-priority incomplete task. Reads tasks.md and HANDOFF.json. Priority: active task from HANDOFF → carry_forward → unchecked tasks.md → SUBMIT-NEXT rows → hunt a new target. No asking, no planning — just execute.

Save session state before stopping. Writes HANDOFF.json with active task, last completed step, next steps, and carry_forward items. Appends a row to LEDGER.md. Runs /push to commit everything including HANDOFF.json for pickup by another session.

Restore from last session by reading HANDOFF.json and resuming at next_steps[0]. If loop_state is complete, falls through to /gsd:next. Appends resumed row to LEDGER.md. Falls back to cold-start /gsd:next if no HANDOFF.json exists.

Log learnings, errors, and corrections to .learnings/ for continuous improvement. Recurring patterns (3+ occurrences) get promoted to CLAUDE.md as permanent rules. Covers LRN (learning), ERR (error), and FEAT (feature request) entry types.

Review changed code for reuse, quality, and efficiency, then fix any issues found. A post-implementation quality pass that catches over-engineering, missed reuse opportunities, and unnecessary complexity introduced during fast implementation.

Bootstrap a self-improving agent kit for a new project. Sets up the .claude/ directory, CLAUDE.md, learnings/ structure, and companion context files needed for autonomous development loops.

Reads text aloud using edge-tts (Microsoft Aria Neural, high quality) or macOS `say` as fallback. Speak specific text or speak Claude's last response. No API key required for either method. edge-tts sends text to Microsoft TTS servers.

Toggle automatic text-to-speech on or off. When enabled, Claude speaks every response aloud after replying. State persisted in ~/.claude/.voice-speak. Runs a test speak when enabling to confirm audio works.

Record microphone audio on macOS and transcribe it into your next prompt using Whisper (offline) or OpenRouter fallback. Records for 10 seconds by default. Audio saved to /tmp only, deleted immediately after transcription.

Set up the Telegram channel — save the bot token and configure review access policy. Use when pasting a Telegram bot token, asking to configure Telegram, setting up @Drake (@drakemayebot), or checking channel status.

Manage Telegram channel access — approve pairings, edit allowlists, set DM/group policy. Use when approving someone, checking who's allowed, or changing the access policy for the @Drake Telegram channel.

Master orchestration skill. Given a target, runs the full discovery pipeline: repo verification → recon → static analysis → protocol classification → grep patterns → hypothesis generation → PoC stubs. Outputs structured JSON hypothesis files ready for analyze-logic and write-poc.

Generate scored, prioritized vulnerability hypothesis JSON records from source code. Input: contract file path + protocol type (DEX/lending/vault/oracle/bridge/staking/governance). First extracts full function signatures with modifiers before reading function bodies.

Automated vulnerability detection patterns covering all 27 bug classes + Class 28 ACL gate. Exact ripgrep commands for positive indicators (vulnerability present), negative indicators (guard absent = vulnerable), false positive filters, and confidence scoring. Run ACL gate FIRST.

Automates downloading and cataloguing all publicly available audit reports for a target. Creates audit-index.md as a master record (cached, gated, blocked). Run at target-setup time — BEFORE hypothesis generation to avoid proposing already-documented issues.

Independent second-model review of PoC + report before SUBMIT-READY status. Catches false positives and submission errors missed by the writing agent. Run AFTER forge test is green AND Superpowers code review is clean. Final gate before preval.

Structured reconnaissance pipeline for web2 bug bounty targets (HackerOne, SaaS, fintech, marketplace) with no source code. Maps external attack surface before testing. Output feeds directly into skill-idor-access-control and skill-auth-bypass.

Systematic methodology for auth bypass: OAuth misconfigurations (redirect_uri, state parameter), JWT attacks (alg:none, key confusion), session management failures, MFA bypasses. Second-highest yield web2 bug class. Requires skill-web-recon Phase 6-7 as input.

Systematic IDOR and access control testing methodology. Highest-yield web2 bug class. Tests horizontal privilege escalation (access other users' resources) and vertical escalation (access admin functionality). Requires recon output as input.

27-class vulnerability taxonomy covering: component mismatch, array index invariant, async withdrawal race, callback state pollution, cross-chain race, deposit ordering, fee-on-transfer, flash governance, proxy storage collision, read-only reentrancy, reward dilution, MEV protocol damage, multi-hop precision loss, EIP-2612 permit replay, keeper griefing, self-scaling DoS, permit frontrun DoS, and more.

Track bounty session state: hypotheses opened, tested, closed, and deferred. Maintains pipeline visibility across multi-session investigations. Pairs with HANDOFF.json for session-to-session continuity.

Bootstrap a target repo for bounty hunting: clone, install dependencies, configure Foundry, set up fork test environment with RPC URLs, verify forge test runs cleanly. Creates the working directory structure under groups/bounty-team/targets/.

Specialized skills: skill-mev-protocol-damage, skill-twap-window-manipulation, skill-keeper-griefing, skill-flash-governance, skill-zk-circuit-under-constrained, skill-zk-evm-l2-state-transition, skill-trusted-input-branching, skill-upstream-spec-diff, skill-error-type-propagation, skill-fuel-gas-asymmetry, skill-governance-timelock-packing, skill-eip2612-permit-replay, skill-partial-signature-replay, skill-proxy-storage-collision, skill-read-only-reentrancy.

Report format and submission template for HackerOne (web2) bug bounty submissions. Covers title format, severity/CVSS/CWE fields, description structure, steps to reproduce, impact statement, and supporting materials. Used for H1 Critical/High findings only (program-level constraint).

Supporting reference skills: pre-submission-gate.md (preval runner), kiln-web-redteam.md (Kiln web app testing), building-secure-contracts.md (secure coding patterns), protocol-type-mapping.md (map protocol to bug class priority), red-team-tools.md (tooling reference), submission-psychology.md (framing + triage psychology).