[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-skill-unicodeveloper-shannon-uk":3,"guides-for-unicodeveloper-shannon":222,"similar-k17antgkdftwdz7cf6tkh5kq65867wht":223},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":23,"identity":190,"isFallback":194,"parentExtension":195,"providers":196,"relations":200,"repo":202,"workflow":219},1778054070894.8628,"k17antgkdftwdz7cf6tkh5kq65867wht",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":12,"sourceUrl":13,"tags":14},"Autonomous AI pentester for web apps and APIs. Run white-box security assessments with Shannon — analyzes source code, identifies attack vectors, and executes real exploits to prove vulnerabilities. Triggered by 'shannon', 'pentest', 'security audit', 'vuln scan'.",{},"Shannon Skill","https://github.com/unicodeveloper/shannon",[15,16,17,18,19,20,21,22],"security","pentesting","automation","api","web","exploit","owasp","docker",{"_creationTime":24,"_id":25,"extensionId":5,"locale":26,"result":27,"trustSignals":178,"workflow":188},1778054087802.3123,"kn7fkvc3gp866hhp2x8kwsarq18665h0","en",{"checks":28,"evaluatedAt":168,"extensionSummary":169,"promptVersionExtension":170,"promptVersionScoring":171,"rationale":172,"score":173,"summary":174,"tags":175,"targetMarket":176,"tier":177},[29,34,37,40,44,47,51,55,58,61,65,70,73,77,80,83,86,89,92,95,98,102,106,110,114,117,120,123,127,130,133,136,139,142,146,149,152,155,158,161,165],{"category":30,"check":31,"severity":32,"summary":33},"Practical Utility","Problem relevance","pass","The description clearly states the problem of autonomous AI pentesting for web apps and APIs, identifying a specific user need.",{"category":30,"check":35,"severity":32,"summary":36},"Unique selling proposition","The extension implements a significant value proposition by wrapping the Shannon pentester, enabling autonomous white-box security assessments with real exploit execution, going beyond a simple prompt.",{"category":30,"check":38,"severity":32,"summary":39},"Production readiness","The extension is production-ready, detailing installation, prerequisites (Docker, Git, AI credentials), and covering the full lifecycle from setup to reporting.",{"category":41,"check":42,"severity":32,"summary":43},"Scope","Single responsibility principle","The extension focuses solely on orchestrating the Shannon pentesting framework, clearly within the security assessment domain.",{"category":41,"check":45,"severity":32,"summary":46},"Description quality","The displayed description accurately and concisely reflects the extension's capabilities and triggers.",{"category":48,"check":49,"severity":32,"summary":50},"Invocation","Scoped tools","The skill uses a single primary tool (`/shannon`) with specific arguments and commands, avoiding generalist execution primitives.",{"category":52,"check":53,"severity":32,"summary":54},"Documentation","Configuration & parameter reference","All necessary configuration options, environment variables, and their purposes are clearly documented in the README and SKILL.md.",{"category":41,"check":56,"severity":32,"summary":57},"Tool naming","The primary tool name '/shannon' is descriptive and aligned with the extension's function.",{"category":41,"check":59,"severity":32,"summary":60},"Minimal I/O surface","Input parameters for the /shannon command are well-defined, and output is structured into reports, avoiding unnecessary telemetry.",{"category":62,"check":63,"severity":32,"summary":64},"License","License usability","The extension explicitly declares the AGPL-3.0 license, consistent with its dependency (Shannon), making its usability clear.",{"category":66,"check":67,"severity":68,"summary":69},"Maintenance","Commit recency","not_applicable","The repository shows no commit history (pushedAt: n/a), making it impossible to evaluate recency. The presence of a valid SKILL.md suggests it might be deployed elsewhere, but the repo itself is effectively static.",{"category":66,"check":71,"severity":68,"summary":72},"Dependency Management","The extension relies on Docker for its dependencies and the underlying Shannon tool. There are no direct package dependencies managed by the skill wrapper itself.",{"category":74,"check":75,"severity":32,"summary":76},"Security","Secret Management","The skill clearly documents required API credentials (Anthropic, OAuth, Bedrock, Vertex) and emphasizes their secure handling via environment variables, with no hardcoded secrets.",{"category":74,"check":78,"severity":32,"summary":79},"Injection","The skill does not load untrusted third-party data or execute arbitrary code from external sources; all logic is within bundled scripts and the Shannon tool itself is containerized.",{"category":74,"check":81,"severity":32,"summary":82},"Transitive Supply-Chain Grenades","The skill only clones the Shannon repository from a trusted GitHub source and executes it via Docker, with no runtime downloads or execution of arbitrary remote content.",{"category":74,"check":84,"severity":32,"summary":85},"Sandbox Isolation","The skill operates within the defined Claude Code environment, orchestrating Docker containers and managing files within its designated directories (e.g., `~/shannon`), with no evidence of attempting to modify external file systems.",{"category":74,"check":87,"severity":32,"summary":88},"Sandbox escape primitives","The bundled scripts do not contain any primitives for escaping the sandbox, such as detached processes or retry loops around denied tool calls.",{"category":74,"check":90,"severity":32,"summary":91},"Data Exfiltration","The skill's primary function is security assessment, and it explicitly warns against targeting production systems. It relies on user-provided API keys for AI providers and does not exfiltrate sensitive data.",{"category":74,"check":93,"severity":32,"summary":94},"Hidden Text Tricks","The bundled markdown files are clean and do not contain any hidden text tricks, invisible Unicode characters, or other obfuscation methods.",{"category":74,"check":96,"severity":32,"summary":97},"Opaque code execution","The bundled scripts are plain Bash and clearly readable, with no obfuscation techniques like base64 decoding or eval.",{"category":99,"check":100,"severity":32,"summary":101},"Portability","Structural Assumption","The skill manages its own installation path (`~/shannon`) and uses relative paths for its scripts and configurations, avoiding assumptions about user project structure.",{"category":103,"check":104,"severity":68,"summary":105},"Trust","Issues Attention","The repository has no open or closed issues in the last 90 days, making it impossible to evaluate maintainer engagement through this metric.",{"category":107,"check":108,"severity":32,"summary":109},"Versioning","Release Management","The SKILL.md frontmatter explicitly declares `version: \"1.0.0\"`, providing a clear version signal.",{"category":111,"check":112,"severity":32,"summary":113},"Code Execution","Validation","While not using a schema library explicitly, the bash scripts appear to have checks for Docker and Git, and the `shannon` CLI itself is expected to handle input validation for pentest parameters.",{"category":74,"check":115,"severity":32,"summary":116},"Unguarded Destructive Operations","The skill includes strong safety checks and confirmations before running any pentests, which involve potentially destructive operations, and emphasizes user authorization and avoiding production targets.",{"category":111,"check":118,"severity":32,"summary":119},"Error Handling","The bash scripts use `set -euo pipefail` for robust error handling and provide informative messages for missing dependencies (Docker, Git) or issues during setup.",{"category":111,"check":121,"severity":32,"summary":122},"Logging","The skill logs setup progress and Docker commands. The underlying Shannon tool generates detailed audit logs for pentest activities.",{"category":124,"check":125,"severity":68,"summary":126},"Compliance","GDPR","The skill itself does not process personal data; it orchestrates a pentesting tool. The pentest tool operates on target applications, and any data handling therein is the responsibility of the user running the pentest.",{"category":124,"check":128,"severity":32,"summary":129},"Target market","The extension is globally applicable, as it orchestrates a pentesting tool that can target any web application or API. The target market is explicitly set to 'global'.",{"category":99,"check":131,"severity":32,"summary":132},"Runtime stability","The skill uses standard Bash scripting and relies on Docker, which are broadly available. It provides clear error messages if prerequisites like Docker are missing.",{"category":48,"check":134,"severity":32,"summary":135},"Precise Purpose","The SKILL.md clearly defines the extension's purpose: an autonomous AI pentester using Shannon, and explicitly states non-goals and safety warnings (never production, requires authorization).",{"category":48,"check":137,"severity":32,"summary":138},"Concise Frontmatter","The SKILL.md frontmatter is dense and provides a concise summary of the core capability and trigger phrases.",{"category":52,"check":140,"severity":32,"summary":141},"Concise Body","The SKILL.md body is concise, outlining the workflow steps and delegating detailed information and configuration to external sections and the README.",{"category":143,"check":144,"severity":32,"summary":145},"Context","Progressive Disclosure","Detailed information, configuration options, and tool references are progressively disclosed through the README and SKILL.md frontmatter, keeping the core instructions concise.",{"category":143,"check":147,"severity":68,"summary":148},"Forked exploration","The skill orchestrates an external tool and does not involve deep code review or multi-file inspection within the Claude environment itself, thus `context: fork` is not applicable.",{"category":30,"check":150,"severity":32,"summary":151},"Usage examples","The README provides clear, end-to-end examples for various use cases, including full pentests, targeted scopes, status checks, and stopping the process.",{"category":30,"check":153,"severity":32,"summary":154},"Edge cases","The skill addresses edge cases by explicitly handling missing prerequisites (Docker, Git, API keys), providing instructions for running against localhost, and emphasizing safety checks before each pentest.",{"category":111,"check":156,"severity":68,"summary":157},"Tool Fallback","The skill does not rely on optional external tools like a specific MCP version; it bundles its own execution logic via bash scripts and Docker.",{"category":99,"check":159,"severity":32,"summary":160},"Stack assumptions","The skill explicitly states its requirements for Docker and Git, and its scripts are written in Bash, which is standard.",{"category":162,"check":163,"severity":32,"summary":164},"Safety","Halt on unexpected state","The setup script uses `set -euo pipefail` to halt on errors, and the skill mandates explicit user confirmation and checks for authorization before running destructive pentests.",{"category":99,"check":166,"severity":32,"summary":167},"Cross-skill coupling","The skill is self-contained and does not implicitly rely on other skills. It orchestrates the Shannon tool and does not cross-link to other skills.",1778054087177,"This extension orchestrates the Docker-based Shannon pentester to perform autonomous white-box security assessments. It handles installation, setup, and execution of real exploits against web applications and APIs, reporting findings with reproducible proof-of-concept exploits.","2.0.0","3.4.0","This extension is exceptionally well-documented and robust, providing a critical security tool with strong safety guarantees. The only minor points are the lack of commit history (but the code is stable and deployed) and the `not_applicable` for issue engagement, which is common for focused utility extensions.",98,"A highly polished and well-documented extension that provides autonomous AI pentesting capabilities via the Shannon framework, with strong safety guardrails.",[15,16,17,18,19,20,21,22],"global","verified",{"codeQuality":179,"collectedAt":180,"documentation":181,"maintenance":183,"security":184,"testCoverage":187},{},1778054073315,{"descriptionLength":182,"readmeSize":8},264,{},{"hasNpmPackage":185,"license":186,"smitheryVerified":185},false,"AGPL-3.0",{"hasCi":185,"hasTests":185},{"updatedAt":189},1778054087802,{"githubOwner":191,"githubRepo":192,"locale":26,"slug":192,"type":193},"unicodeveloper","shannon","skill",true,null,{"extract":197,"llm":199},{"commitSha":198,"license":186},"6a97124bee816c7cc76c6e17bb2b0fe8c0eae032",{"promptVersionExtension":170,"promptVersionScoring":171,"score":173,"targetMarket":176,"tier":177},{"repoId":201},"kd7dk33pc652m4w5wrxaga9qn5865x26",{"_creationTime":203,"_id":201,"identity":204,"providers":205,"workflow":216},1777995558409.8977,{"githubOwner":191,"githubRepo":192,"sourceUrl":13},{"discover":206,"github":209},{"sources":207},[208],"skills-sh",{"closedIssues90d":8,"forks":210,"openIssues90d":211,"pushedAt":212,"readmeSize":213,"stars":214,"topics":215},4,1,1773056434000,7249,29,[],{"discoverAt":217,"extractAt":218,"githubAt":218,"updatedAt":218},1777995558409,1778054072393,{"anyEnrichmentAt":220,"extractAt":221,"githubAt":220,"llmAt":189,"updatedAt":189},1778054071281,1778054070894,[],[224,254,284,313,342],{"_creationTime":225,"_id":226,"community":227,"display":228,"identity":239,"providers":243,"relations":248,"workflow":250},1778053148350.4817,"k1799ke3mvvmb9chq1vt0k97k5867cfv",{"reviewCount":8},{"description":229,"installMethods":230,"name":231,"sourceUrl":232,"tags":233},"Build and manage webhook-based integrations for real-time event processing and API connections",{},"Webhook Automation","https://github.com/claude-office-skills/skills/tree/HEAD/webhook-automation",[234,18,235,17,236,237,238],"webhook","integration","events","engineering","mcp",{"githubOwner":240,"githubRepo":241,"locale":26,"slug":242,"type":193},"claude-office-skills","skills","webhook-automation",{"extract":244,"llm":247},{"commitSha":245,"license":246},"9c4c7d5cd2813a8936bf2c9fdb174ea883b85a11","MIT",{"promptVersionExtension":170,"promptVersionScoring":171,"score":173,"targetMarket":176,"tier":177},{"repoId":249},"kd7fw7xbj58qc2z8whrrjptbed8659db",{"anyEnrichmentAt":251,"extractAt":252,"githubAt":251,"llmAt":253,"updatedAt":253},1778053151766,1778053148350,1778053561145,{"_creationTime":255,"_id":256,"community":257,"display":258,"identity":270,"providers":272,"relations":277,"workflow":280},1778054268187.7783,"k1799kwx7k8g1vx165qr4np3298670sw",{"reviewCount":8},{"description":259,"installMethods":260,"name":261,"sourceUrl":262,"tags":263},"Guide for using the Bright Data CLI (`brightdata` / `bdata`) to scrape websites, search the web, extract structured data from 40+ platforms, manage proxy zones, and check account budget. Use this skill whenever the user wants to scrape a URL, search Google/Bing/Yandex, extract data from Amazon/LinkedIn/Instagram/TikTok/YouTube/Reddit or any other platform, check their Bright Data balance or zones, or do anything involving web data collection from the terminal. Also trigger when the user mentions brightdata, bdata, web scraping CLI, SERP API, or wants to install Bright Data skills into their coding agent.",{},"Bright Data CLI","https://github.com/brightdata/skills/tree/HEAD/skills/brightdata-cli",[264,265,266,267,268,17,269],"brightdata","cli","web-scraping","data-extraction","serp-api","terminal",{"githubOwner":264,"githubRepo":241,"locale":26,"slug":271,"type":193},"brightdata-cli",{"extract":273,"llm":275},{"commitSha":274,"license":246},"d0eeb1fbab809ffffe7c270186bd3eb78cf0c8ba",{"promptVersionExtension":170,"promptVersionScoring":171,"score":276,"targetMarket":176,"tier":177},99,{"parentExtensionId":278,"repoId":279},"k177secs2fy2665c3z8prspg0s867xd1","kd7e4q3ah25vmt87x67vanphhn864r9h",{"anyEnrichmentAt":281,"extractAt":282,"githubAt":281,"llmAt":283,"updatedAt":283},1778054269540,1778054268187,1778054318963,{"_creationTime":285,"_id":286,"community":287,"display":288,"identity":299,"providers":303,"relations":307,"workflow":309},1778053622473.6482,"k177qzhg585h8jr95mrhazbca9867398",{"reviewCount":8},{"description":289,"installMethods":290,"name":291,"sourceUrl":292,"tags":293},"Create and manipulate PowerPoint PPTX files programmatically. Use when the user needs to generate presentations, modify PPTX templates, extract slide content, create thumbnail previews, or automate PowerPoint workflows. Supports both template-based generation (for branding compliance) and from-scratch creation. Keywords: PowerPoint, PPTX, presentation, slides, template, deck, slideshow, corporate, branding.",{},"PPTX Generator","https://github.com/jwynia/agent-skills/tree/HEAD/skills/general/document-processing/presentation/pptx-generator",[294,295,296,297,17,298],"powerpoint","pptx","presentation","generator","document-processing",{"githubOwner":300,"githubRepo":301,"locale":26,"slug":302,"type":193},"jwynia","agent-skills","pptx-generator",{"extract":304,"llm":306},{"commitSha":305,"license":246},"e02ec7e226a6e4f8419fd3b88a1d8e472d421b32",{"promptVersionExtension":170,"promptVersionScoring":171,"score":276,"targetMarket":176,"tier":177},{"repoId":308},"kd7efn3mprpa8rd8vm5hw5ebzx864fph",{"anyEnrichmentAt":310,"extractAt":311,"githubAt":310,"llmAt":312,"updatedAt":312},1778053625386,1778053622473,1778054012696,{"_creationTime":314,"_id":315,"community":316,"display":317,"identity":330,"providers":332,"relations":336,"workflow":338},1778053689272.9238,"k17a5hw81fhwybk1wxavs6mvjs8676ca",{"reviewCount":8},{"description":318,"installMethods":319,"name":320,"sourceUrl":321,"tags":322},"Set up a new Prisma Postgres database and connect it to a local project using the Management API. Use when asked to \"set up a database\", \"create a Prisma Postgres project\", \"get a connection string\", \"connect my app to Prisma Postgres\", or \"provision a database\".",{},"Prisma Postgres Setup","https://github.com/prisma/skills/tree/HEAD/prisma-postgres-setup",[323,324,325,326,327,18,328,329],"prisma","postgres","database","setup","connection","typescript","node-js",{"githubOwner":323,"githubRepo":241,"locale":26,"slug":331,"type":193},"prisma-postgres-setup",{"extract":333,"llm":335},{"commitSha":334,"license":246},"741a74fdafc1bf61fa208c2f73878be688cba263",{"promptVersionExtension":170,"promptVersionScoring":171,"score":276,"targetMarket":176,"tier":177},{"repoId":337},"kd76h7swxyhk8405svecsqq7gh864y5s",{"anyEnrichmentAt":339,"extractAt":340,"githubAt":339,"llmAt":341,"updatedAt":341},1778053689723,1778053689272,1778053716548,{"_creationTime":343,"_id":344,"community":345,"display":346,"identity":355,"providers":357,"relations":360,"workflow":361},1778053622473.674,"k17dd4qv51q8jrhw8tccjdhr3s867v72",{"reviewCount":8},{"description":347,"installMethods":348,"name":349,"sourceUrl":350,"tags":351},"Detect API keys, passwords, tokens, and other secrets in code. Use when you need to find hardcoded credentials and sensitive data in source code.",{},"Secrets Scan","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/security/secrets-scan",[15,352,353,354],"secrets","code-analysis","developer-tools",{"githubOwner":300,"githubRepo":301,"locale":26,"slug":356,"type":193},"secrets-scan",{"extract":358,"llm":359},{"commitSha":305,"license":246},{"promptVersionExtension":170,"promptVersionScoring":171,"score":173,"targetMarket":176,"tier":177},{"repoId":308},{"anyEnrichmentAt":310,"extractAt":311,"githubAt":310,"llmAt":312,"updatedAt":312}]