Security
Security scanning and vulnerability detection
designing-syntax
by mbruhler
Design custom syntax elements with reuse-first approach for workflow orchestration. Use when user needs custom operators, checkpoints, or syntax patterns not available in core syntax.
azure-pipelines-validator
by akin-ozer
Comprehensive toolkit for validating, linting, and securing Azure DevOps Pipeline configurations.
v4-security-foundations
by Uniswap
Security-first Uniswap v4 hook development. Use when user mentions "v4 hooks", "hook security", "PoolManager", "beforeSwap", "afterSwap", or asks about V4 hook best practices, vulnerabilities, or audit requirements.
code-checker
by openharmonyinsight
Scan C/C++ codebases for code quality issues including extra large files/functions and circular dependencies. Use when the user asks to check file sizes, find oversized functions, detect circular dependencies, analyze code complexity, find code smells, or identify maintainability issues in C/C++ code. Supports scanning individual files or entire directories with configurable thresholds.
risk-cycle
by jmagly
Escalation procedures: docs/risk-escalation.md
gate-evaluation
by jmagly
Validator agents: agents/
security-assessment
by jmagly
Security templates: templates/security/
terraform-validator
by akin-ozer
Comprehensive toolkit for validating, linting, testing, and automating Terraform configurations and HCL files. Use this skill when working with Terraform files (.tf, .tfvars), validating infrastructure-as-code, debugging Terraform configurations, performing dry-run testing with terraform plan, or working with custom providers and modules.
security-review
by mcouthon
"Security-focused code review with attack surface mapping and risk classification. Use when reviewing PRs for security, auditing code changes, or analyzing potential vulnerabilities. Triggers on: 'security review', 'use security mode', 'audit this', 'check for vulnerabilities', 'is this secure', 'attack surface', 'threat model', 'security check'. Read-only mode - identifies issues but doesn't fix them."
security-review
by mcouthon
"Security-focused code review with attack surface mapping and risk classification. Use when reviewing PRs for security, auditing code changes, or analyzing potential vulnerabilities. Triggers on: 'security review', 'use security mode', 'audit this', 'check for vulnerabilities', 'is this secure', 'attack surface', 'threat model', 'security check'. Read-only mode - identifies issues but doesn't fix them."
release-checklist
by yonatangross
Walks through the OrchestKit release checklist — build, test, validate counts, changelog, version bump, commit, tag, push. Use when preparing a release, cutting a version tag, or verifying release readiness before pushing to main.
analyzing-code-security
by bitwarden
This skill should be used when the user asks to "analyze code for security issues", "check for OWASP vulnerabilities", "review code against CWE Top 25", "find injection vulnerabilities", "do a security code review", or needs manual security analysis against OWASP Top 10, API Top 10, Mobile Top 10, or CWE/SANS frameworks.
implementing-dapper-queries
by bitwarden
Implementing Dapper repository methods and stored procedures for MSSQL at Bitwarden. Use when creating or modifying Dapper repositories, writing stored procedures, or working with MSSQL-specific data access in the server repo.
classifying-review-findings
by bitwarden
Use this skill when categorizing code review findings into severity levels. Apply when determining which emoji and label to use for PR comments, deciding if an issue should be flagged at all, or classifying findings as CRITICAL, IMPORTANT, DEBT, SUGGESTED, or QUESTION.
audit-agents
by melodic-software
Audit Claude Code subagents for quality, compliance, and maintainability. Use after creating or modifying agents, before releases, or for periodic quality checks.
audit-log
by melodic-software
View audit log entries for all component types (skills, commands, agents, hooks, etc.) to monitor audit health and track coverage
security-react
by TheBeardedBearSAS
React Security. Use when reviewing security, implementing auth, or hardening code.
audit-statuslines
by melodic-software
Audit Claude Code status lines for quality and cross-platform compatibility. Use when creating or validating custom status line scripts, or troubleshooting terminal output issues.
audit-plugins
by melodic-software
Audit Claude Code plugins for quality, compliance, and distribution readiness. Use before releases or for periodic quality checks.
mcp-security-review
by bobmatnyc
Security review gate for MCP server installations. Checks provenance, classifies risk, enforces version pinning, and documents credentials exposure before any MCP is added to your environment.
debt-audit
by wcygan
Re-audit regularly - debt grows; quarterly audits prevent accumulation
launch-ready
by wcygan
Vague recommendations: "Monitor closely" is not a mitigation plan
postmortem-team
by wcygan
Blameless language guide
security-review
by wcygan
Run a targeted security audit on specified files or modules. Uses OWASP-informed checks, dependency vulnerability scanning, and auth/input validation review. Use for security audits, vulnerability checks, or before deploying sensitive code. Keywords: security, audit, vulnerability, OWASP, CVE, secrets, injection, XSS, auth, authentication, authorization