Security
Security scanning and vulnerability detection
component-common-domain-detection
by tech-leads-club
Identifies duplicate domain functionality across components and suggests consolidation opportunities. Use when finding common domain logic, detecting duplicate functionality, analyzing shared classes, planning component consolidation, or when the user asks about common components, duplicate code, or domain consolidation.
prompt-refiner-gpt
by Factory-AI
Refine prompts for GPT models (GPT-5, GPT-5.1, Codex) using OpenAI's best practices. Use when preparing complex tasks for GPT.
security
by alinaqi
OWASP security patterns, secrets management, security testing
security-review
by getsentry
Security code review for vulnerabilities. Use when asked to "security review", "find vulnerabilities", "check for security issues", "audit security", "OWASP review", or review code for injection, XSS, authentication, authorization, cryptography issues. Provides systematic review with confidence-based reporting.
solidity-security
by scaffold-eth
Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.
skill-scanner
by getsentry
Scan agent skills for security issues. Use when asked to "scan a skill",
risk-assess
by sd0xdev
"Uncommitted code risk assessment with breaking change detection, blast radius analysis, and scope metrics. Use when: evaluating PR risk, pre-commit risk check, large refactoring review. Not for: security vulnerabilities (use /codex-security), code correctness (use /codex-review-fast). Output: 3-dimension weighted score + risk level + gate."
security-best-practices
by tech-leads-club
Perform language and framework specific security best-practice reviews and suggest improvements. Trigger only when the user explicitly requests security best practices guidance, a security review/report, or secure-by-default coding help. Trigger only for supported languages (python, javascript/typescript, go). Do not trigger for general code review, debugging, or non-security tasks.
find-bugs
by getsentry
Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.
clawsec-clawhub-checker
by prompt-security
ClawHub reputation checker for ClawSec suite. Enhances guarded skill installer with VirusTotal Code Insight reputation scores and additional safety checks.
vibe-security
by aiskillstore
"Security intelligence for code analysis. Detects SQL injection, XSS, CSRF, authentication issues, crypto failures, and more. Actions: scan, analyze, fix, audit, check, review, secure, validate, sanitize, protect. Languages: JavaScript, TypeScript, Python, PHP, Java, Go, Ruby. Frameworks: Express, Django, Flask, Laravel, Spring, Rails. Vulnerabilities: SQL injection, XSS, CSRF, authentication bypass, authorization issues, command injection, path traversal, insecure deserialization, weak crypto, sensitive data exposure. Topics: input validation, output encoding, parameterized queries, password hashing, session management, CORS, CSP, security headers, rate limiting, dependency scanning."
brand-consistency-checker
by OneWave-AI
Scan documents and slides for off-brand colors, fonts, and logos. Validate against brand guidelines and suggest corrections.
supabase-usage
by fcakyon
This skill should be used when user asks to "query Supabase", "list Supabase tables", "get Supabase schema", "search Supabase records", "check Supabase database", "Supabase auth", "Supabase authentication", "RLS policy", "row level security", "Supabase foreign key", "table relationships", "Supabase join", "Supabase filter", "Supabase pagination", or needs guidance on Supabase database patterns, auth flows, RLS policies, or query best practices.
Recon
by danielmiessler
Security reconnaissance. USE WHEN recon, reconnaissance, bug bounty, attack surface. SkillSearch('recon') for docs.
AnnualReports
by danielmiessler
Annual security report aggregation and analysis. USE WHEN annual reports, security reports, threat reports, industry reports, update reports, analyze reports, vendor reports, threat landscape.
WebAssessment
by danielmiessler
Web security assessment. USE WHEN web assessment, pentest, security testing, vulnerability scan. SkillSearch('webassessment') for docs.
SECUpdates
by danielmiessler
Security news aggregation from tldrsec, no.security, and other sources. USE WHEN security news, security updates, what's new in security, breaches, security research, sec updates. SkillSearch('secupdates') for docs.
code-review-medium
by breaking-brake
Standard code review for medium PRs (100-500 lines). Includes code quality, security basics, and test coverage analysis.
code-review-large
by breaking-brake
In-depth code review for large PRs (>500 lines). Full analysis including architecture, performance, security, and maintainability.
secret-scanner
by alirezarezvani
Detect exposed secrets, API keys, credentials, and tokens in code. Use before commits, on file saves, or when security is mentioned. Prevents accidental secret exposure. Triggers on file changes, git commits, security checks, .env file modifications.
code-review
by breaking-brake
Analyze PR diffs and generate review comments from code quality, security, and performance perspectives. Use for code reviews, quality checks, and security analysis.
solidity-security
by HermeticOrmus
Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.
openclaw-audit-watchdog
by prompt-security
Automated daily security audits for OpenClaw agents with email reporting. Runs deep audits and sends formatted reports.
security-scan
by redpanda-data
Resolve npm dependency vulnerabilities detected by security scans.