Security
Security scanning and vulnerability detection
security-scan
by redpanda-data
Resolve npm dependency vulnerabilities detected by security scans.
backend-security-coder
by rmyndharis
Expert in secure backend coding practices specializing in input
agent-teams
by alinaqi
Claude Code Agent Teams - default team-based development with strict TDD pipeline enforcement
security-operations
by groeimetai
This skill should be used when the user asks to "security incident", "SecOps", "vulnerability", "security response", "threat", "SIEM", "security case", or any ServiceNow Security Operations development.
acl-security
by groeimetai
This skill should be used when the user asks to "create ACL", "access control", "security rule", "restrict access", "role based access", "row level security", "field level security", or any ServiceNow ACL and security configuration.
blueagent-x402
by BankrBot
Security OS for autonomous agents and builders on Base. 31 pay-per-use tools across Quantum Security, Agent Safety, Research, Data, and Earn. Built for AI agents, Zero-Human Companies (ZHC), and Base ecosystem builders. Pay USDC per call via x402 protocol — no subscription, no API key needed.
email-and-password-best-practices
by lukevella
This skill provides guidance and enforcement rules for implementing secure email and password authentication using Better Auth.
Python Security Scan
by sugarforever
"Comprehensive security vulnerability scanner for Python projects including Flask, Django, and FastAPI applications. Detects OWASP Top 10 vulnerabilities, injection flaws, insecure deserialization, authentication issues, hardcoded secrets, and framework-specific security problems. Audits dependencies for known CVEs and generates actionable security reports."
Next.js Security Scan
by sugarforever
"Comprehensive security vulnerability scanner for Next.js and TypeScript/JavaScript projects. Detects OWASP Top 10 vulnerabilities, XSS, injection flaws, authentication issues, hardcoded secrets, and Next.js-specific security problems. Audits dependencies for known CVEs and generates actionable security reports."
code-review-pro
by OneWave-AI
Comprehensive code review covering security vulnerabilities, performance bottlenecks, best practices, and refactoring opportunities. Use when user requests code review, security audit, or performance analysis.
multi-source-investigation
by poemswe
You must use this when investigating complex claims across diverse sources or fact-checking contradictory information.
security-ownership-map
by tech-leads-club
'Analyze git repositories to build a security ownership topology (people-to-file), compute bus factor and sensitive-code ownership, and export CSV/JSON for graph databases and visualization. Trigger only when the user explicitly wants a security-oriented ownership or bus-factor analysis grounded in git history (for example: orphaned sensitive code, security maintainers, CODEOWNERS reality checks for risk, sensitive hotspots, or ownership clusters). Do not trigger for general maintainer lists or non-security ownership questions.'
find-bugs
by getsentry
Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.
architecture-paradigm-cqrs-es
by athola
'CQRS and Event Sourcing for auditability, read/write separation, and
epic-security
by epicweb-dev
Guide on security practices including CSP, rate limiting, and session security
pre-trade-compliance
by JoelLewis
"Automated pre-trade compliance: rule engines, concentration limits, restricted lists, hard and soft blocks, regulatory limits, client-specific restrictions, and compliance rule configuration."
trade-execution
by JoelLewis
"Trade execution and best execution: venue selection, smart order routing, execution algorithms, transaction cost analysis (TCA), market microstructure, and best execution obligations."
superpowers-brainstorm
by anthonylee991
Produces a structured brainstorm: goals, constraints, risks, options, recommendation, and acceptance criteria. Use before non-trivial implementation or design changes.
dependency-updater
by softaworks
Smart dependency management for any language. Auto-detects project type, applies safe updates automatically, prompts for major versions, diagnoses and fixes dependency issues.
code-review
by phodal
Perform comprehensive code review with best practices
spring-boot-security-jwt
by giuseppe-trisciuoglio
Provides JWT authentication and authorization patterns for Spring Boot 3.5.x covering token generation with JJWT, Bearer/cookie authentication, database/OAuth2 integration, and RBAC/permission-based access control using Spring Security 6.x. Use when implementing authentication or authorization in Spring Boot applications.
anti-reversing-techniques
by rmyndharis
Understand anti-reversing, obfuscation, and protection techniques encountered during software analysis. Use when analyzing protected binaries, bypassing anti-debugging for authorized analysis, or understanding software protection mechanisms.
reverse-engineer-rpi
by boshu2
'Reverse-engineer a product into a feature catalog, code map, and specs. Uses RPI-style loop with verification gates. Triggers: “reverse engineer”, “catalog features”, “feature inventory”, “code map”, “docs to code mapping”, “binary analysis”.'
octocode-roast
by bgauryy
This skill should be used when the user asks to "roast my code", "review code brutally", "find code sins", "what's wrong with my code", "shame my code", "critique this code", "find antipatterns", "code quality roast", or wants entertaining but actionable code criticism with severity-ranked fixes. Delivers brutally honest roasts with file:line citations and redemption paths.