resources/ai

A curated collection of AI agent configurations, reusable skill definitions, and system prompts designed to integrate with the Xscriptor ecosystem and OpenCode workflows.

Agents

A collection of 160 AI agent profiles organized across 34 specialization categories. Each agent is a standalone system prompt with configured permissions, ready to be loaded into OpenCode or any compatible AI interface.

Mega Agents

4 agents

AiPage.agents.groups.mega.desc

★ MEGA
Full Stack Architect

Masters frontend, backend, and system architecture — designs end-to-end solutions across the full stack

Mega Agents
★ MEGA
Security Generalist

Masters web security, pentesting, and red/blue team operations — coordinates comprehensive security programs

Mega Agents
★ MEGA
Cloud Native Expert

Masters cloud infrastructure, DevOps, and SRE — designs resilient cloud-native platforms

Mega Agents
★ MEGA
Data & ML Lead

Masters data engineering, ML, and MLOps — builds end-to-end data pipelines and ML systems

Mega Agents

General

12 agents
Code Reviewer

Reviews code quality, best practices, and potential issues

General
Security Auditor

Security vulnerability analysis with CVE lookup

General
Docs Writer

Creates and maintains project documentation

General
API Docs

Generates API documentation in OpenAPI/Swagger format

General
Refactor Agent

Code refactoring with behavior preservation

General
DB Migrator

Database migrations with reversible up/down patterns

General
Test Writer

Unit, integration, and E2E test creation

General
Dependency Auditor

Dependency health: CVEs, licenses, maintenance

General
Performance Analyzer

Performance bottleneck detection and optimization

General
PR Manager

Pull request creation and changelog generation

General
Release Manager

Release planning, versioning, and changelog management

General
Agent Creator

Creates new agent definitions from templates with configured permissions and instructions

General

Web / Security

7 agents
Web Security Auditor

Full OWASP Top 10 audit across web application stack

Web / Security
API Security Specialist

API-layer security: REST, GraphQL, gRPC endpoint protection

Web / Security
Auth Security Specialist

Authentication, authorization, OAuth2, JWT, session management

Web / Security
AppSec Engineer

Secure SDLC: threat modeling, SAST/DAST, cloud security

Web / Security
Secure Coding

OWASP ASVS, injection prevention, crypto misuse, XSS/SQLI prevention, CWE Top 25

Web / Security
WAF Specialist

Web application firewall configuration, rule tuning, bypass testing and custom rule writing

Web / Security
CDN Edge Security

CDN, edge computing, and platform security including Cloudflare Workers and edge WAF

Web / Security

Web / Architecture

5 agents
Software Architect

Architecture styles, patterns, C4 documentation, ADRs

Web / Architecture
System Designer

Distributed system design, scalability, database selection

Web / Architecture
Scalability Specialist

Performance optimization, load testing, database scaling

Web / Architecture
Reliability Specialist

SLO/SLI, circuit breakers, disaster recovery, incident management

Web / Architecture
Zero Trust Architect

BeyondCorp, ZTNA, mTLS, OPA/Cedar policies, microsegmentation, JIT access

Web / Architecture

Web / Frontend

7 agents
React Specialist

React ecosystem: hooks, state, performance, Server Components

Web / Frontend
Vue Specialist

Vue 3 ecosystem: Composition API, Pinia, Nuxt, Vite

Web / Frontend
CSS/UI Specialist

Modern CSS, design systems, theming, layout, animations

Web / Frontend
Frontend Performance

Core Web Vitals, bundle optimization, runtime performance

Web / Frontend
Accessibility Specialist

WCAG 2.2, ARIA, semantic HTML, screen reader, keyboard navigation

Web / Frontend
Next.js Developer

Next.js App Router, Server Actions, streaming, auth, deployment

Web / Frontend
Angular Developer

Angular standalone components, signals, state management, testing

Web / Frontend

Web / Backend

7 agents
API Designer

REST, GraphQL, gRPC API design with OpenAPI 3.1

Web / Backend
Database Specialist

Schema design, query optimization, indexing, migrations

Web / Backend
Microservices Architect

Service boundaries, communication patterns, distributed data

Web / Backend
DevOps Specialist

CI/CD, Docker, Kubernetes, Terraform, cloud infrastructure

Web / Backend
Message Queue Specialist

Kafka, RabbitMQ, event-driven patterns, outbox, DLQ

Web / Backend
Caching Specialist

Redis, CDN, HTTP caching, multi-level cache strategies

Web / Backend
Database Security

PostgreSQL/MySQL/MongoDB hardening, TDE, audit, RBAC, RLS, injection prevention

Web / Backend

Languages

6 agents
Python Developer

Python: async, web frameworks, testing, packaging, data

Languages
TypeScript Developer

TypeScript/JS: type system, runtimes, tooling, async, web

Languages
Go Developer

Go: concurrency, net/http, CLI, profiling, deployment

Languages
Java Developer

Java 21+: Spring Boot, JPA, JVM tuning, virtual threads

Languages
Kotlin Developer

Kotlin: coroutines, Ktor, Exposed, multiplatform, Flow

Languages
Rust Developer

Rust: systems, async, Axum, unsafe, FFI, serde

Languages

Mobile

6 agents
iOS Developer

Swift, SwiftUI, Swift concurrency, Core Data, testing

Mobile
Android Developer

Jetpack Compose, ViewModel, Room, Hilt, testing

Mobile
React Native Developer

Expo, Expo Router, NativeWind, FlashList, EAS

Mobile
Flutter Developer

Riverpod, GoRouter, drift, BLoC, testing

Mobile
Mobile App Secure Coding

OWASP Mobile Top 10, secure storage, certificate pinning, code obfuscation

Mobile
Mobile Malware Analysis

Android/iOS malware analysis, dynamic instrumentation, traffic interception, reverse engineering

Mobile

Data & ML

4 agents
Data Engineer

Pipelines, ETL/ELT, Kafka, Spark, Airflow, dbt

Data & ML
ML Engineer

PyTorch, XGBoost, training, evaluation, deployment

Data & ML
MLOps Specialist

Model serving, feature stores, drift monitoring, CI/CD for ML

Data & ML
Data Scientist

Statistical analysis, EDA, feature engineering, visualization

Data & ML

Cloud

7 agents
Kubernetes Specialist

Cluster design, workloads, security, autoscaling, GitOps

Cloud
SRE Specialist

SLO/SLI, error budgets, incident response, capacity planning

Cloud
GitOps Specialist

ArgoCD, Flux, Kustomize, Helm, secrets management

Cloud
Service Mesh Specialist

Istio, Linkerd, Cilium, mTLS, traffic management

Cloud
Cloud Architect

AWS, GCP, Azure comparison, multi-cloud strategy

Cloud
Serverless Security

Lambda/Cloud Functions security, event injection, IAM least privilege, dependency scanning

Cloud
Multi-Cloud Networking

Cross-cloud networking, transit gateways, hybrid connectivity, cloud-agnostic service mesh

Cloud

Testing

5 agents
E2E Testing Specialist

Playwright, Cypress, page objects, CI integration

Testing
Visual Testing Specialist

Chromatic, Percy, snapshot diff, component states

Testing
Performance Testing Specialist

k6, Locust, Gatling, load/spike/soak tests

Testing
Chaos Engineering Specialist

Chaos Mesh, Litmus, Gremlin, blast radius control

Testing
Fuzz Testing

Coverage-guided fuzzing, AFL++, libFuzzer, crash triage, corpus optimization

Testing

GraphQL

1 agents
GraphQL Specialist

Schema design, resolvers, DataLoader, caching, Relay

GraphQL

Embedded

3 agents
C/C++ Developer

Systems programming, CMake, embedded, RTOS

Embedded
Embedded Rust Developer

no_std, Zephyr, probe-rs, PAC/HAL, Renode

Embedded
IoT / OT Security

ICS assessment, Modbus/DNP3/BACnet, Purdue model, firmware RE, MQTT security

Embedded

Game Dev

2 agents
Unity Developer

Unity, C#, URP/HDRP, Addressables, DOTS

Game Dev
Unreal Developer

UE5, C++, Blueprint, GAS, Nanite, Lumen

Game Dev

Security / Recon

3 agents
Attack Surface Recon

OSINT, subdomain enumeration, cloud asset discovery, passive/active recon

Security / Recon
Wireless Security

Wi-Fi (WPA2/3, WPS, PMKID, evil twin), Bluetooth, RFID, SDR

Security / Recon
OSINT & Threat Research

Social media OSINT, dark web, data leaks, domain/infrastructure intel, threat actor profiling

Security / Recon

Security / Web Pentest

13 agents
Web Vulnerability Hunter

SQLi, XSS, SSRF, IDOR, business logic, file upload exploitation

Security / Web Pentest
API Pentester

REST, GraphQL, gRPC security testing, JWT attacks, introspection abuse

Security / Web Pentest
Auth Bypass Specialist

Authentication/authorization bypass, OAuth abuse, session attacks

Security / Web Pentest
Server-Side Exploitation

SSTI, deserialization, command injection, XXE, race conditions

Security / Web Pentest
Cloud Security Assessment

AWS/GCP/Azure misconfiguration, container escape, IAM abuse

Security / Web Pentest
WAF Bypass Specialist

Filter evasion for SQLi, XSS, SSRF, LFI across major WAFs

Security / Web Pentest
Browser Security

Chromium/Firefox arch, SOP, CSP bypass, postMessage, DOM clobbering, XS-Leaks, extension security

Security / Web Pentest
Container Security

Docker/K8s security, admission controllers, image scanning, runtime security (Falco)

Security / Web Pentest
Cloud Posture

AWS/GCP/Azure CSPM, IAM analysis, IaC scanning (Checkov, tfsec), compliance

Security / Web Pentest
Bug Bounty Hunter

Recon methodology, subdomain enum, URL discovery, nuclei, Burp Suite, report writing

Security / Web Pentest
Supply Chain Security

SBOM (SPDX/CycloneDX), Sigstore/cosign, SLSA, dependency confusion, SCA scanning

Security / Web Pentest
DevSecOps Pipeline

SAST/DAST/SCA in CI/CD, security gates, secret scanning, container signing

Security / Web Pentest
Pentest Automation

Recon pipelines, web fuzzing, async python framework, report generation, wrappers

Security / Web Pentest

Security / Mobile Pentest

3 agents
Mobile App Pentester

iOS/Android static/dynamic analysis, API testing, data storage flaws

Security / Mobile Pentest
iOS Security Researcher

Entitlements, TCC bypasses, XPC exploitation, Mach port abuse

Security / Mobile Pentest
Android Security Researcher

Root detection bypass, keystore analysis, IPC abuse, modding

Security / Mobile Pentest

Security / Desktop Exploitation

9 agents
Windows Exploit Development

Stack/heap overflow, kernel exploitation, token stealing, SEH/ROP

Security / Desktop Exploitation
Linux Privilege Escalation

SUID, capabilities, kernel exploits, container escape, cron abuse

Security / Desktop Exploitation
macOS Security Research

SIP/TCC bypass, XPC services, code signing, Mach ports, entitlement abuse

Security / Desktop Exploitation
Binary Exploitation

Reverse engineering, fuzzing, UAF, type confusion (C/C++/Rust, all platforms)

Security / Desktop Exploitation
Python Application Security

Pickle RCE, sandbox escape, Electron/Node.js, desktop scripting vulns

Security / Desktop Exploitation
Desktop Threat Hunting

Cross-platform desktop bug hunting, IPC abuse, privilege escalation research

Security / Desktop Exploitation
Reverse Engineering

Binary RE (PE/ELF/Mach-O), Ghidra, IDA, Frida, angr, anti-analysis bypass, patching

Security / Desktop Exploitation
Active Directory Security

BloodHound, kerberos attacks, ACL abuse, DCSync, NTLM relay, AD hardening

Security / Desktop Exploitation
Exploit Development

Fuzzing (AFL++, libFuzzer), ROP/ret2libc, heap exploitation, kernel exploit, shellcode

Security / Desktop Exploitation

Security / Red Team

6 agents
Adversary Simulation

Full engagement ops: initial access, C2, lateral movement, evasion, persistence

Security / Red Team
Social Engineering

Phishing, vishing, physical tailgating, OSINT targeting, credential harvesting

Security / Red Team
Malware Analysis

Static/dynamic binary analysis, PE/ELF/Mach-O, anti-debug bypass, YARA

Security / Red Team
Physical Security Assessment

RFID cloning, lock bypassing, facility entry, badge system testing

Security / Red Team
Phishing Assessment

GoPhish campaigns, DMARC/SPF/DKIM, SMTP warmup, template design, evasion techniques

Security / Red Team
C2 Framework

Sliver/Mythic/Cobalt Strike setup, redirectors, domain fronting, Malleable C2 profiles, DNS C2

Security / Red Team

Security / Blue Team

8 agents
Threat Hunting

Hypothesis-driven hunts across endpoints, network, cloud (Windows/Linux/macOS)

Security / Blue Team
Incident Response

NIST 800-61 methodology, containment, eradication, IR report generation

Security / Blue Team
Forensic Analysis

Memory/disk/mobile/cloud forensics, timeline analysis, anti-forensics detection

Security / Blue Team
Detection Engineering

Sigma, KQL, YARA, Splunk rules, behavioral detection, Atomic Red Team

Security / Blue Team
Threat Intelligence

MITRE ATT&CK mapping, IoC management, YARA, MISP/OpenCTI, TTP tracking, threat reports

Security / Blue Team
Vulnerability Management

Nessus/OpenVAS, CVSS/EPSS prioritization, patching SLAs, metrics, verification

Security / Blue Team
Digital Forensics

Memory (Volatility), disk (Sleuth Kit), file carving, timeline analysis, cloud forensics

Security / Blue Team
SOC Automation

SOAR playbooks, SIEM tuning (ELK/Splunk), alert triage, case management, Python engine

Security / Blue Team

Security / Purple Team

2 agents
Purple Team

Atomic Red Team, adversary emulation, detection gap analysis, Sigma rule writing, Caldera/Infection Monkey

Security / Purple Team
Purple Team Automation

Automated purple team exercises, detection validation, attack simulation scheduling, metrics tracking

Security / Purple Team

Security / AI & ML Security

1 agents
AI / ML Security

OWASP Top 10 for LLMs, prompt injection defense, adversarial ML, model extraction, secure RAG

Security / AI & ML Security

Content

7 agents
Technical Writer

Technical writing, style enforcement, code examples, tutorials

Content
Content Editor

6-pass editorial review: structure, clarity, grammar, consistency, inclusivity, accuracy

Content
Content Reviser

3-level revision: light (grammar), medium (structure), heavy (restructure)

Content
Translator

Technical translation: format preservation, locale-specific style, terminology management

Content
Markdown Architect

Document architecture, cross-reference management, metadata schemas, automated generation pipelines

Content
Markdown HTML

Markdown-to-HTML rendering, custom remark/rehype plugins, static site generation

Content
Markdown Editor

Markdown editing workflows, linting, formatting, table of contents, link validation

Content

Observability

3 agents
Observability Specialist

OpenTelemetry, PromQL, dashboards, alerting, tracing

Observability
OpenTelemetry Specialist

OpenTelemetry instrumentation, traces/metrics/logs correlation, collector configuration, sampling

Observability
Log Management Architect

Log aggregation, parsing pipelines, retention policies, ELK/Loki stack design, compliance logging

Observability

Compliance

7 agents
SOC 2 Specialist

SOC 2 trust criteria, evidence collection, audit readiness

Compliance
GDPR Specialist

Data subject rights, consent management, breach notification

Compliance
GRC Automation

Risk assessment, policy management, vendor risk, evidence collection, compliance calendar

Compliance
PCI DSS Specialist

PCI DSS 4.0 compliance, cardholder data environment scoping, SAQ completion, QSA readiness

Compliance
HIPAA Specialist

HIPAA Privacy/Security/Breach Rules, BAAs, risk analysis, ePHI safeguards

Compliance
FedRAMP Specialist

FedRAMP authorization, SSP development, control implementation, continuous monitoring

Compliance
SOX ITGC Specialist

SOX ITGC auditing, access controls, change management, computer operations, evidence collection

Compliance

Systems

11 agents
Bash/Zsh Specialist

Shell scripting: bash, zsh, POSIX sh, strict mode, portability, debugging, patterns

Systems
Linux Specialist

Linux administration: systemd, filesystems, LVM, networking, performance, security

Systems
macOS Specialist

macOS administration: launchd, plists, Homebrew, defaults, automation, AppleScript

Systems
Linux Hardening

CIS benchmarks, SSH/kernel hardening, auditd, nftables, PAM, file integrity

Systems
macOS Hardening

SIP, FileVault, Gatekeeper, profiles, TCC, firewall, compliance scripting

Systems
IR Scripting

IR automation: acquisition scripts, timeline analysis, IOC scanning, orchestration

Systems
Offensive Shell Scripting

Red team scripting: reverse shells, persistence, data exfiltration, C2 bootstrap, anti-forensics

Systems
Network Security Engineering

Firewalls (nft/iptables), VPN (WireGuard/OpenVPN), IDS/IPS (Suricata/Snort), segmentation

Systems
Windows Specialist

Windows Server, PowerShell, AD, Group Policy, security configuration, performance tuning

Systems
Container Orchestration

Kubernetes/Nomad cluster management, scheduling, autoscaling, service discovery

Systems
Storage Engineering

Distributed storage, Ceph/GlusterFS, NFS/SMB, backup strategies, data protection

Systems

Privacy Engineering

3 agents
Data Mapping

Data mapping, consent management, anonymization and privacy-by-design implementation

Privacy Engineering
Consent & Anonymization

User consent management, data anonymization, pseudonymization, differential privacy

Privacy Engineering
Privacy DSAR/CCPA

DSAR processing, CCPA compliance, data subject requests, deletion workflows, records management

Privacy Engineering

Blockchain / Web3 Security

2 agents
Smart Contract Auditor

Smart contract auditing, DeFi security analysis, cross-chain bridge assessment

Blockchain / Web3 Security
DeFi Wallet Bridge

Cross-chain bridge security, wallet integration, DeFi protocol assessment, MEV analysis

Blockchain / Web3 Security

Telecom Security

1 agents
Telecom Security

Telecommunications infrastructure security: SS7, 5G, VoIP, IMSI catcher detection

Telecom Security

Automotive Security

1 agents
Automotive Security

Automotive security: CAN bus analysis, ECU fuzzing, telematics and V2X security

Automotive Security

Hardware Security

1 agents
Hardware Security

Hardware security: side-channel attacks, JTAG/SWD, fault injection, secure element analysis

Hardware Security

Medical Device Security

1 agents
Medical Device Security

Medical device security: FDA premarket guidance, HIPAA security rule, connected device assessment

Medical Device Security

Aviation / Maritime / Energy

1 agents
Aviation Security

Aviation, maritime and energy sector security: critical infrastructure, industrial control systems

Aviation / Maritime / Energy

Physical / Mainframe Security

1 agents
Physical Security

Physical security assessment and mainframe security: RACF, ACF2, Top Secret, z/OS auditing

Physical / Mainframe Security
# Install all 160 agents npx @xscriptor/ai-agents # Specific groups npx @xscriptor/ai-agents --groups general,web-security,languages # To Claude Code npx @xscriptor/ai-agents --anthropic # To project npx @xscriptor/ai-agents --project
160 agents across 34 categoriesView full collection on GitHub

Skills

Installable npm packages that inject project-specific context — architecture patterns, naming conventions, and component rules — into OpenCode or Claude Code for tailored AI assistance.

D
DevX@xscriptor/skill-devx

Development workflows skill for OpenCode and Claude Code. Code structure, platform mapping, and project conventions.

v1.0.0MIT
Explore full documentation
X
Xscriptor@xscriptor/skill-xscriptor

Design system skill for OpenCode and Claude Code. Component architecture, styling conventions, and UI development guidelines.

v1.0.0MIT
Explore full documentation
S
Samurai@xscriptor/skill-samurai

Security platform skill for OpenCode and Claude Code. Security architecture, patterns, and conventions.

v1.0.0MIT
Explore full documentation
# Install to OpenCode (~/.config/opencode/skills/devx/) npx @xscriptor/skill-devx # Install to Claude Code (~/.claude/skills/devx/) npx @xscriptor/skill-devx --anthropic # Preview what will be installed npx @xscriptor/skill-devx --dry-run