[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81240":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":15,"stars7d":15,"stars30d":16,"stars90d":14,"forks30d":14,"starsTrendScore":17,"compositeScore":18,"rankGlobal":9,"rankLanguage":9,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":9,"pushedAt":9,"updatedAt":24,"readmeContent":25,"aiSummary":26,"trendingCount":14,"starSnapshotCount":14,"syncStatus":27,"lastSyncTime":28,"discoverSource":29},81240,"SSKills","0xPira\u002FSSKills","0xPira","SSkills (Slop Skills) is a public collection of specialist skills for security agents and human reviewers. Each skill packages structured domain knowledge, sources, examples, safety gates, and validation scripts to help turn noisy security signals into clear triage decisions, rejected false positives, and bounded manual proof contracts.",null,"JavaScript",29,6,1,0,4,7,12,53.24,"MIT License",false,"main",true,[],"2026-06-12 04:01:32","# SSkills\n\nSlop Skills: public, safety-first specialist knowledge for security agents and human reviewers.\n\nThis repository is a collection, not a single-vulnerability project. Each folder under\n`skills\u002F` is a lightweight specialist entrypoint with a router, safety gates, structured\noutput schema, compact technique cards, sources, and validation.\n\nThe goal is low assimilation: a broad specialist can be triggered first, then the router\nloads only the technique cards that match the incoming evidence.\n\n## Current Specialists\n\n- [HTTP Request Smuggling \u002F Desync Specialist](skills\u002Frequest-smuggling\u002FREADME.md)\n  - Path: `skills\u002Frequest-smuggling`\n  - Focus: request smuggling, HTTP desync, parser discrepancies, protocol downgrade boundaries, queue poisoning, and manual proof contracts.\n  - Safety posture: no automatic malformed framing, no victim traffic, no shared cache or queue poisoning without isolation.\n\n## Repository Layout\n\n```text\npublic-specialist-skills\u002F\n  README.md\n  LICENSE\n  SECURITY.md\n  NOTICE.md\n  skills.json\n  package.json\n  scripts\u002F\n    validate-all.js\n  skills\u002F\n    request-smuggling\u002F\n      skill.json\n      README.md\n      router.md\n      safety.md\n      output-schema.json\n      techniques\u002F\n      sources.json\n      scripts\u002Fvalidate.js\n```\n\n## Specialist Contract\n\nEach public specialist should include:\n\n- `skill.json`: machine-readable metadata, signal classes, safety posture, retrieval guidance, and technique-card map.\n- `README.md`: human-readable entrypoint.\n- `router.md`: short first-pass triage and card selection rules.\n- `safety.md`: hard gates and manual-only boundaries.\n- `output-schema.json`: structured output contract.\n- `techniques\u002F`: compact Markdown cards for specific techniques.\n- `sources.json`: attribution and review sources.\n- `scripts\u002Fvalidate.js`: deterministic local validation.\n\nSpecialists should be safe by default. They should help classify, triage, reject weak findings,\nand produce bounded proof contracts. They should not automate exploit payload generation or\nperform active validation without explicit manual approval.\n\n## Validation\n\nRun all skill validators:\n\n```bash\nnpm run validate\n```\n\nRun only the request smuggling skill validator:\n\n```bash\nnpm run validate:request-smuggling\n```\n\n## Adding A Skill\n\n1. Create `skills\u002F\u003Cslug>\u002F`.\n2. Add `skill.json`, `README.md`, `router.md`, `safety.md`, `output-schema.json`, `techniques\u002F`, `sources.json`, and `scripts\u002Fvalidate.js`.\n3. Add the skill to [skills.json](skills.json).\n4. Add a package script if the skill has a dedicated validator.\n5. Run `npm run validate`.\n\n## License\n\nMIT. See [LICENSE](LICENSE).\n","SSKills 是一个面向安全代理和人工审核者的专业技能公开集合，旨在将杂乱的安全信号转化为清晰的分类决策、拒绝误报以及有限的手动验证合约。项目核心功能包括结构化的领域知识包、源信息、示例、安全门控及验证脚本，采用JavaScript编写。每个技能条目都设计了轻量级的入口点、路由机制、输出模式等，确保在处理特定类型的安全问题时能够快速准确地加载相关技术卡片。适用于需要对网络安全事件进行初步筛选与分类的场景，特别是在HTTP请求走私\u002F不同步检测等领域。",2,"2026-06-11 04:04:01","CREATED_QUERY"]