Security
Security scanning and vulnerability detection
code-quality-audit
by camoa
Use when checking code quality, running security audits, testing coverage, finding violations, or setting up quality tools - supports Drupal (PHPStan, PHPMD, PHPCPD, Psalm, Semgrep, Trivy, Gitleaks via DDEV) and Next.js (ESLint, Jest, jscpd, madge, Semgrep, Trivy, Gitleaks) projects with TDD, SOLID, DRY, and OWASP security checks
code-pattern-checker
by camoa
Use before committing code - validates Drupal coding standards, SOLID/DRY principles, security practices, and CSS standards
logophile
by tkersey
"Precision copy edits + naming: compress and clarify without changing meaning. Triggers: $logophile, rewrite/reword/rephrase, shorten, rename titles/labels/headings. Avoid operational scope/validation tasks unless rewriting is explicit."
mcp-patterns
by yonatangross
MCP server building, advanced patterns, and security hardening. Use when building MCP servers, implementing tool handlers, adding authentication, creating interactive UIs, hardening MCP security, or debugging MCP integrations.
sage
by telagod
邪修红尘仙·神通秘典总纲。智能路由到专业秘典。当魔尊需要任何开发、安全、架构、DevOps、AI 相关能力时,通过此入口路由到最匹配的专业秘典。
security
by telagod
攻防秘典索引。渗透测试、代码审计、红队攻击、蓝队防御、威胁情报、漏洞研究。当魔尊提到安全、渗透、攻防、红队、蓝队、漏洞时路由到此。
Android Legacy Security
by HoangNguyen0403
Standards for Intents, WebViews, and FileProvider
software-security
by cosai-oasis
A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.
hipaa-compliance
by BagelHole
Implement HIPAA security and privacy rules. Configure PHI protections and BAA requirements. Use when handling healthcare data.
oracle-family-scan
by Soul-Brews-Studio
Manage Oracle family - scan, track, welcome new Oracles. Use when user says "family scan", "oracle registry", "welcome new oracles", or needs to check Oracle population.
ln-621-security-auditor
by levnikolaevich
Security audit worker (L3). Scans codebase for hardcoded secrets, SQL injection, XSS, insecure dependencies, missing input validation. Returns findings with severity (Critical/High/Medium/Low), location, effort, and recommendations.
ln-512-tech-debt-cleaner
by levnikolaevich
"Automated tech debt cleanup worker (L3). Reads codebase audit findings, applies safe auto-fixes for low-risk issues (unused imports, dead code, commented-out code, deprecated aliases). Confidence >=90% only. Creates single commit with summary."
ln-620-codebase-auditor
by levnikolaevich
"Coordinates 9 specialized audit workers (security, build, architecture, code quality, dependencies, dead code, observability, concurrency, lifecycle). Researches best practices, delegates parallel audits, aggregates results into docs/project/codebase_audit.md."
ad-persistence
by blacklanternsecurity
Establishes persistent access in Active Directory environments after domain compromise. Covers DCShadow (rogue DC attribute modification), Skeleton Key (LSASS master password), custom SSP injection (credential logging via mimilib/memssp), security descriptor backdoors (WMI/WinRM/ DCOM/registry ACL modification), ADFS Golden SAML (DKM key extraction and forged SAML tokens), SID history persistence (DA SID in regular user), and certificate-based persistence (golden certificate, renewal, enrollment agent).
code-reviewer
by rmyndharis
Elite code review expert specializing in modern AI-powered code
paper-audit
by bahayonghang
Unified paper audit skill supporting Chinese & English academic papers. Supports LaTeX (.tex), Typst (.typ), and PDF (.pdf) input formats. Three modes: self-check (pre-submission), review (peer review simulation), gate (quality gate pass/fail). Use when user mentions: audit, review, check paper, paper quality, pre-submission check, score paper, or any paper auditing task.
threat-modeling
by bobmatnyc
"Threat modeling workflow for software systems: scope, data flow diagrams, STRIDE analysis, risk scoring, and turning mitigations into backlog and tests"
env-manager
by bobmatnyc
"Environment variable validation, security scanning, and management for Next.js, Vite, React, and Node.js applications"
security-assessment
by jmagly
Security templates: templates/security/
codebase-research
by alchemiststudiosDOTai
This skill should be used when mapping or researching a codebase to understand its structure, patterns, and architecture. Use when the user asks to "map the codebase", "research how X works", "find all Y patterns", or needs to understand code organization. Produces factual structural maps in memory-bank/research/—no suggestions, no recommendations, just what exists. Uses ast-grep for structural pattern matching.
code-review-ai-ai-review
by rmyndharis
"You are an expert AI-powered code review specialist combining automated static analysis, intelligent pattern recognition, and modern DevOps practices. Leverage AI tools (GitHub Copilot, Qodo, GPT-5, C"
cloud-architect
by rmyndharis
Expert cloud architect specializing in AWS/Azure/GCP multi-cloud
ship-safe
by asamassekou10
Run a full security audit on this project — 12 agents scan for secrets, injections, auth bypass, SSRF, supply chain attacks, misconfigs, and more. Use when the user wants a security audit, vulnerability scan, or asks if their code is safe to ship.
reference-data
by JoelLewis
"Financial reference data: security master, client master, account master, identifiers (CUSIP, ISIN, SEDOL, FIGI), pricing, and reference data governance."