Security
Security scanning and vulnerability detection
discover
by AsiaOstrich
"[UDS] Assess project health, architecture, and risks before adding features"
code-security
by semgrep
Security guidelines for writing secure code. Use when writing code, reviewing code for vulnerabilities, or asking about secure coding practices like "check for SQL injection" or "review security".
iso27001-compliance
by BagelHole
Implement ISO 27001 Information Security Management System. Configure ISMS controls and risk management. Use when implementing enterprise security frameworks.
gcp-audit-logs
by BagelHole
Configure GCP Cloud Audit Logs for compliance. Set up log routing and BigQuery analysis. Use when auditing GCP activity.
settlement-clearing
by JoelLewis
"Settlement and clearing: T+1 settlement cycle, DTC/NSCC clearing, fails management, corporate actions on settlement, DVP/RVP, continuous net settlement, and settlement risk."
ghost-validate
by ghostsecurity
This skill should be used when the user asks to "validate a finding", "check if a vulnerability is real", "triage a security finding", "confirm a vulnerability", "determine if a finding is a true positive or false positive", or provides a security finding for review. It validates security vulnerability findings by tracing data flows, verifying exploit conditions, analyzing security controls, and optionally testing attack vectors against a live application.
ghost-report
by ghostsecurity
"Ghost Security — combined security report. Aggregates findings from all scan skills (scan-deps, scan-secrets, scan-code) into a single prioritized report focused on the highest risk, highest confidence issues. Use when the user requests a security overview, vulnerability summary, full security audit, or combined scan results."
ghost-scan-deps
by ghostsecurity
Ghost Security - Software Composition Analysis (SCA) scanner. Scans dependency lockfiles for known vulnerabilities, identifies CVEs, and generates findings with severity levels and remediation guidance. Use when the user asks about dependency vulnerabilities, vulnerable packages, CVE checks, security audits of dependencies, or wants to scan lockfiles like package-lock.json, yarn.lock, go.sum, or Gemfile.lock.
ghost-scan-code
by ghostsecurity
"Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF, and other OWASP categories. Use when the user asks for a code security audit, SAST scan, vulnerability scan of source code, or wants to find security flaws in a codebase."
subordinate-management
by xuiltul
部下のAnimaのプロセス管理・休止・復帰・モデル変更・バックグラウンドモデル変更・再起動・タスク委譲・状態確認・監査。 「休ませて」「停止して」「復帰させて」「起こして」「disable」「enable」 「モデルを変えて」「バックグラウンドモデル」「再起動して」「タスクを委譲して」「部下の状態を確認して」 「休止」「復帰」「プロセス管理」「部下を止めて」「ダッシュボード」「監査」「audit」
owasp-security
by hoodini
Implement secure coding practices following OWASP Top 10. Use when preventing security vulnerabilities, implementing authentication, securing APIs, or conducting security reviews. Triggers on OWASP, security, XSS, SQL injection, CSRF, authentication security, secure coding, vulnerability.
brand-analyzer
by ailabs-393
This skill should be used when the user requests brand analysis, brand guidelines creation, brand audits, or establishing brand identity and consistency standards. It provides comprehensive frameworks for analyzing brand elements and creating actionable brand guidelines based on requirements.
audit-output-styles
by melodic-software
Audit Claude Code output styles for quality, compliance, and usability. Use when creating custom styles or validating existing ones.
audit-docs-delegation
by melodic-software
Audit skills and memory files for docs-management delegation compliance. Detects hardcoded Claude Code data and verifies proper delegation patterns.
springboot-migration
by a-pavithraa
Migrate Spring Boot projects to version 4.0 with Java 25, including Spring Modulith 2.0 and Testcontainers 2.x upgrades. Use when user requests upgrading Spring Boot, migrating to Java 25, updating dependencies to Spring Boot 4, mentions Jackson 3 migration, asks about starter renames (web→webmvc, aop→aspectj), fixing test annotations (@MockBean→@MockitoBean), or needs help with Spring Modulith 2.0 or Testcontainers 2.x compatibility. Analyzes codebase for migration issues and guides through changes with specific file references.
semgrep
by semgrep
Run Semgrep static analysis scans and create custom detection rules. Use when asked to scan code with Semgrep, find security vulnerabilities, write custom YAML rules, or detect specific bug patterns.
llm-security
by semgrep
Security guidelines for LLM applications based on OWASP Top 10 for LLM 2025. Use when building LLM apps, reviewing AI security, implementing RAG systems, or asking about LLM vulnerabilities like "prompt injection" or "check LLM security".
superpowers-workflow
by anthonylee991
Enforces a disciplined workflow for coding, debugging, refactoring, and automation: brainstorm -> plan -> implement with verification (prefer TDD) -> review -> finish. Use for almost any non-trivial change.
critical-analysis
by poemswe
You must use this when analyzing claims, evaluating evidence, or Identifying logical fallacies in research.
k8s-security-policies
by HermeticOrmus
Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.
backend-dev-suite
by Leavesfly
后端开发综合技能包(Java 编码 + 数据库设计 + 安全加固)
managing-agents
by mbruhler
Manages temporary and defined agents including creation, promotion, cleanup, and namespacing. Use when user creates custom agents, asks about agent lifecycle, temp agents, or agent management.
designing-syntax
by mbruhler
Design custom syntax elements with reuse-first approach for workflow orchestration. Use when user needs custom operators, checkpoints, or syntax patterns not available in core syntax.
azure-pipelines-validator
by akin-ozer
Comprehensive toolkit for validating, linting, and securing Azure DevOps Pipeline configurations.