loading
loading
built-in catalog
65 built-in skills ship with the agent. Each is a markdown instruction file the agent loads on demand to build and run workflows. Browse them here, or open any skill in Trickest.
Skills are part of the Trickest agent.
Test and validate APIs using Hurl (declarative HTTP tests), Newman (Postman collections), and grpcurl (gRPC testing).
Build production-grade Next.js apps in the sandbox over live workflow data.
Process audio files — convert formats, normalize loudness, trim, merge, apply effects, and encode using SoX, LAME, FLAC, Opus, and FFmpeg.
Enumerate and audit cloud infrastructure assets across AWS, GCP, and Azure.
Cross-solution data bridges, reporting, and utility tools in Trickest workflows.
URL/path discovery and JavaScript analysis modules in Trickest workflows.
Build the hostname/subdomain discovery side of a Trickest workflow.
Network-side vulnerability scanners in Trickest workflows.
Port discovery and network service fingerprinting in Trickest workflows.
Web-server probing and technology fingerprinting in Trickest workflows.
HTTP-side vulnerability scanners in Trickest workflows.
Compress and decompress files using the optimal algorithm.
Process, filter, transform, and analyze CSV/TSV files using xsv, Miller, and csvkit.
Profile datasets and run validation checks using DuckDB SQL.
TQL syntax + the database lifecycle (run → detect → live → query) and row CRUD.
Run database schema migrations using dbmate (lightweight, single-file) and golang-migrate (flexible, 15+ databases).
Query and interact with databases using usql (40+ databases), redis-cli, mongosh, and kcat (Kafka).
Perform DNS reconnaissance, subdomain bruteforcing, record enumeration, resolver validation, domain permutation, and subdomain takeover…
Write and optimize Dockerfiles — multi-stage builds, minimal base images, security hardening, caching, and best practices.
Convert between document formats using Pandoc, LibreOffice, and csvkit — Markdown to PDF/DOCX/HTML, HTML to Markdown, DOCX to Markdown,…
Handle errors, retries, and failures in workflow pipelines — retry with backoff, fallback chains, input validation, graceful degradation,…
Autonomously optimize a workflow by iterating run → evaluate → keep/discard until converged.
Transform raw data into ML-ready features using Polars (fast DataFrames), pandas, and SQL.
Discover and install agent skills from the open skills ecosystem (skills.sh, GitHub).
Git workflow patterns for automation pipelines — cloning, diffing, log analysis, tag management, hook-based automation, and GitOps…
Extract data from HTML using CSS selectors with pup and htmlq, or render HTML to plain text with Lynx.
Probe bulk lists of hosts/URLs using httpx — detect live services, fingerprint technologies, filter by status code, extract data, and…
Use Hugging Face models and tools — download models, run inference, fine-tune with LoRA/PEFT, and deploy.
Optimize image file sizes using format-specific tools — JPEG (jpegoptim), PNG (pngquant + optipng/oxipng), SVG (svgo), and WebP (cwebp).
Resize, crop, convert, annotate, and transform images using ImageMagick.
Test web applications for injection vulnerabilities using gf (pattern-based URL filtering), qsreplace (query string manipulation), sqlmap…
Process, filter, reshape, and aggregate JSON data using jq.
Manage Kubernetes clusters, deploy applications, audit security, handle secrets, and work with container images.
Serve and run large language models using Ollama (prototyping), vLLM (production), and llama.cpp (edge/CPU).
Load test and benchmark HTTP services using k6 (scripted scenarios), hey (quick benchmarks), vegeta (constant-rate), and wrk (maximum…
Analyze log files using DuckDB and jq — query JSONL logs, compressed log archives, access logs, and security tool output with SQL.
Download videos, audio, playlists, and subtitles from websites using yt-dlp.
Read, write, and strip metadata from files using ExifTool — images (EXIF, IPTC, XMP), documents (PDF, DOCX), audio/video (ID3, QuickTime),…
Build machine learning pipelines — data preparation, model training, evaluation, and deployment using PyTorch, TensorFlow, scikit-learn,…
Evaluate and compare ML models using metrics, experiment tracking (MLflow, W&B), hyperparameter tuning (Optuna, Ray Tune), and model…
Send notifications from workflows using ntfy (push notifications), Slack webhooks, and email (swaks/msmtp).
Build monitoring, logging, tracing, and alerting pipelines using Prometheus, Grafana, Loki, Jaeger, OpenTelemetry, Datadog Agent,…
Extract text from images and scanned documents using Tesseract OCR with ImageMagick preprocessing.
Open-source intelligence gathering — username enumeration, email/domain recon, breach hunting, infrastructure discovery, brand protection,…
Manipulate PDF files — merge, split, extract text, add OCR, encrypt/decrypt, watermark, optimize, and convert.
Write Python scripts for workflow script nodes — file I/O, JSON processing, API calls, CSV handling, text parsing, and automation patterns.
Build workflows for web reconnaissance, content discovery, port scanning, parameter fuzzing, API endpoint enumeration, WordPress scanning,…
The one law for working in your sandbox and driving the trickest CLI.
Write robust Bash scripts for workflow script nodes — error handling, argument parsing, data pipelines, and best practices from the Google…
Install a long-tail skill on demand into the session sandbox by fetching its SKILL.md from GitHub, a raw URL, or npm.
Blueprint for building a Trickest Attack Surface Management workflow from a seed list of root domains.
Blueprint for building a Trickest single-target DAST workflow.
Blueprint for building a Trickest Vulnerability Scanning workflow that runs downstream of an Attack Surface Management solution.
Transcribe audio and video to text using OpenAI Whisper.
Run SQL queries directly on CSV, JSON, Parquet, and JSONL files using DuckDB — no database server needed.
Analyze SSL/TLS configurations, enumerate cipher suites, detect vulnerabilities (Heartbleed, ROBOT, CCS injection), verify certificates,…
Provision and manage cloud infrastructure using Terraform and OpenTofu.
End-to-end guide to driving the Trickest platform from your sandbox — auth, the CLI grammar, building and running workflows, reading…
The full trickest CLI verb catalog, flags, exit codes, and the gotchas that look like your bug but aren't.
Use when writing code with @trickest/sdk, TrickestClient, the trickest() helper, or accessing platform resources (spaces, workflows, runs,…
Store, index, and query vector embeddings using ChromaDB, Qdrant, Weaviate, Milvus, and pgvector.
Process video and audio files using FFmpeg — transcode, trim, extract audio, generate thumbnails, create GIFs, burn subtitles, batch…
Scrape websites, crawl for URLs, extract and parse URL components, and build data extraction pipelines using curl, katana, gospider,…
Design, build, connect, and run Trickest workflows (DAGs).
Process YAML, JSON, and XML files using yq — the universal format bridge.