Security
Security scanning and vulnerability detection
audit-settings
by melodic-software
Audit Claude Code settings.json files for quality, compliance, and security. Use to validate configuration before deployment or check for exposed secrets.
reins
by pegasi-ai
Use this skill whenever security, policies, governance, guardrails, compliance, or safety are relevant — including blocked commands, audit trails, dangerous operations, deletions, file modifications, shell commands, MCP access, API calls, network requests, credentials, or any action that could be irreversible or destructive. Reins installs deterministic PreToolUse/PostToolUse hooks and connects to Watchtower (app.pegasi.ai) for centralized governance.
Canon
by simota
ä¸çæ¨æºã»æ¥çæ¨æºã§ç©äºã解決ãã調æ»ã»åæã¨ã¼ã¸ã§ã³ããOWASP/WCAG/OpenAPI/ISO 25010çã®æ¨æºã¸ã®æºæ 度è©ä¾¡ãæ¨æºéåæ¤åºãæ¹åææ¡ãæ å½ãæ¨æºæºæ è©ä¾¡ãè¦æ ¼é©ç¨ãå¿ è¦ãªæã«ä½¿ç¨ã
Desktop Application Development (Electron & Tauri)
by anton-abyzov
"Desktop application development with Electron and Tauri. Covers cross-platform native apps, IPC communication, security hardening, packaging, auto-updates, native APIs, and performance optimization. Activates for: Electron, Tauri, desktop app, native app, cross-platform desktop, BrowserWindow, IPC, system tray, menubar app, auto-updater, code signing, notarization."
DevSecOps Expert - Shift-Left Security
by anton-abyzov
DevSecOps expert for shift-left security including container scanning, SAST/DAST, dependency scanning, secret detection, SBOM generation, supply chain security (SLSA/Sigstore), Kubernetes security policies, compliance-as-code, and secure CI/CD pipeline design.
Code Grill Expert
by anton-abyzov
Critical code review and quality interrogation before increment completion. Use when finishing a feature, before /sw:done, or when saying "grill the code", "review my work", "critique implementation".
scv-scan
by kadenzipfel
Systematically audit Solidity smart contract codebases for security vulnerabilities using a 4-phase approach - load a vulnerability cheatsheet, sweep code with grep and semantic analysis, deep-validate candidates against reference files, and output a severity-ranked findings
healthcare-ui-design
by peterbamuhigire
Clinical-grade UI/UX patterns for healthcare applications across web (Bootstrap 5/Tabler + PHP) and Android (Jetpack Compose + Material 3). Covers patient records, vital signs, medication safety, care plans, scheduling, telemedicine, dashboards, patient portals, and clinical communication. Enforces HIPAA compliance, WCAG 2.2 AA accessibility, medical safety workflows, and role-based interfaces for clinicians, nurses, patients, and administrators. Use when building or reviewing EMR/EHR systems, hospital management, clinic apps, telemedicine platforms, patient portals, health dashboards, or any healthcare-related interface.
nansen-pm-insider-scan
by nansen-ai
"Scan a resolved Polymarket market for wallets exhibiting suspicious trading patterns: fresh funding, single-market focus, extreme ROI, late entry at high prices."
SEO Audit
by quran
Frontend build on next.js
springboot-migration
by a-pavithraa
Migrate Spring Boot projects to version 4.0 with Java 25, including Spring Modulith 2.0 and Testcontainers 2.x upgrades. Use when user requests upgrading Spring Boot, migrating to Java 25, updating dependencies to Spring Boot 4, mentions Jackson 3 migration, asks about starter renames (web→webmvc, aop→aspectj), fixing test annotations (@MockBean→@MockitoBean), or needs help with Spring Modulith 2.0 or Testcontainers 2.x compatibility. Analyzes codebase for migration issues and guides through changes with specific file references.
SEO Audit
by quran
Frontend build on next.js
SEO Audit
by quran
Frontend build on next.js
network-scan
by proficientlyjobs
Scan your LinkedIn contacts' companies for matching job openings
privacy-data-security
by JoelLewis
"Privacy and data security compliance: Reg S-P, Reg S-ID Red Flags Rule, SEC cybersecurity rules, state privacy laws, vendor management, incident response, data governance."
olore-openclaw-latest
by olorehq
Local OpenClaw documentation reference (latest). OpenClaw documentation. Use for installation, configuration, channels, plugins, providers, hooks, CLI, security, and platform integrations.
api-security-hardening
by secondsky
REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues.
access-control-rbac
by secondsky
Role-based access control (RBAC) with permissions and policies. Use for admin dashboards, enterprise access, multi-tenant apps, fine-grained authorization, or encountering permission hierarchies, role inheritance, policy conflicts.
tool-ast-grep-rules
by Heyvhuang
'Write AST-based code search and rewrite rules using ast-grep YAML. Create linting rules, code modernizations, and API migrations with auto-fix. Use when the user mentions ast-grep, tree-sitter patterns, code search rules, lint rules with YAML, AST matching, or code refactoring patterns.'
mcp-cloudflare
by Heyvhuang
"Manage Workers/KV/R2/D1/Hyperdrive via Cloudflare MCP, perform observability/build troubleshooting/audit/container sandbox operations. Triggers: worker/KV/R2/D1/logs/build/deploy/screenshot/audit/sandbox. Three permission tiers: Diagnose (read-only), Change (write requires confirmation), Super Admin (isolated environment). Write operations must follow read-first, user confirmation, post-execution verification."
cloudflare
by Heyvhuang
"Infrastructure operations for Cloudflare: Workers, KV, R2, D1, Hyperdrive, observability, builds, audit logs. Triggers: worker/KV/R2/D1/logs/build/deploy/audit. Three permission tiers: Diagnose (read-only), Change (write requires confirmation), Super Admin (isolated environment). Write operations follow read-first, confirm, execute, verify pattern. MCP is optional — works with Wrangler CLI/Dashboard too."
nansen-perp-scan
by nansen-ai
"What is the state of the Hyperliquid perp market? Top contracts by volume/OI, trader leaderboard, and SM perp activity."
multi-tenant-saas-architecture
by peterbamuhigire
"Production-grade multi-tenant SaaS platform architecture with three-panel separation, zero-trust security, strict tenant isolation, and comprehensive audit trails. Use for designing multi-tenant systems, implementing tenant-scoped permissions, ensuring data isolation, and building scalable SaaS platforms."
sdlc-testing
by peterbamuhigire
"Generate Testing & Quality documentation for SDLC projects. Covers Software Test Plan (STP), Test Case Specifications, Software Validation & Verification Plan (SVVP), Validation Test Report (SVTR), and Peer Review/Inspection Reports. Use when establishing testing strategy, creating test documentation, or conducting quality validation."