web▌

使用 MiniMax MCP 服务器进行网络搜索。

A comprehensive guide for creating animations that feel right, based on Emil Kowalski's "Animations on the Web" course.

Parse Apache and Nginx access logs to detect SQL injection attempts, local file inclusion, directory traversal, web scanner fingerprints, and brute-force patterns. Uses regex-based pattern matching against OWASP attack signatures, GeoIP enrichment for source attribution, and statistical anomaly detection for request frequency and response size outliers.

Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check responsive design, validate UX, test login flows, check links, automate any browser task. Use when user wants to test websites, automate browser interactions, validate web functionality, or perform any browser-based testing. Do NOT use for quick page debugging or network inspection (use chrome-devtools instead).

Use this skill to search the web without a full browser session, returning structured results with URLs, titles, and metadata.

Minimal CDP tools for collaborative site exploration.

Audit UI code against Web Interface Guidelines for compliance and best practices. \n \n Fetches the latest guidelines from Vercel Labs before each review to ensure current rule compliance \n Accepts file paths or patterns as arguments; prompts for files if none specified \n Outputs findings in concise file:line format for quick identification of violations \n Covers accessibility, design patterns, and UX best practices as defined in the guidelines repository \n

Web exploitation techniques for CTF challenges covering injection, authentication, access control, and client-side attacks. \n \n Covers 20+ attack categories: SQLi, XSS, SSTI, SSRF, XXE, command injection, path traversal, JWT/OAuth/SAML, prototype pollution, deserialization, file upload RCE, and race conditions \n Includes quick-reference payloads, filter bypasses, and multi-stage exploitation chains with real CTF examples (HTB, Pragyan, Nullcon) \n Supporting markdown files detail server-side

Deploy static sites and serverless APIs to Azure with local development emulation and CLI automation. \n \n Provides local emulator ( swa start ) with API proxy, authentication simulation, and framework auto-detection for React, Vue, Angular, Next.js, and others \n Supports Azure Functions backends with Node.js, Python, and .NET runtimes; configure via staticwebapp.config.json for routes, auth rules, and headers \n Includes deployment workflow: swa init (auto-detects framework), swa build , swa

Web search and content extraction via Tavily and Exa APIs through inference.sh CLI. \n \n Five search and extraction apps: Tavily Search Assistant (AI-powered answers with sources), Tavily Extract (multi-URL content extraction), Exa Search (smart web search), Exa Answer (direct factual responses), and Exa Extract (web page analysis) \n Designed for research workflows, RAG pipelines, fact-checking, and content aggregation with LLM integration examples \n Requires inference.sh CLI ( infsh ) instal