Security
Security scanning and vulnerability detection
mem-file-scan
by zephyrwang6
AI个人记忆系统的文件扫描回顾功能。扫描Obsidian仓库中本周修改的文件(排除AI_MEMORY目录),识别潜在的重要事件和决策。使用场景:(1) 用户说"文件扫描"、"查看本周文件"、"扫描文件变化"时;(2) 周复盘时补充L1记录前;(3) 用户想回顾本周在Obsidian中的活动时。该skill会列出修改的文件,询问用户哪些需要记录到L1,并辅助记录。
audit-hooks
by melodic-software
Audit Claude Code hooks for quality, compliance, and maintainability. Use after creating hooks, before releases, or for periodic quality checks.
audit-mcp
by melodic-software
Audit MCP server configurations for quality, compliance, and security. Use to validate .mcp.json files and server setups.
changelog
by AsiaOstrich
"[UDS] Generate and maintain CHANGELOG.md entries"
exhaustive-systems-analysis
by petekp
Perform comprehensive, deep analysis of a system and its subsystems to identify bugs, race conditions, stale documentation, dead code, and correctness issues. Use when asked to "audit this system", "exhaustive analysis of X", "analyze for correctness", "root out issues in...", "deep dive into...", "verify this code is correct", "find bugs in...", or when reviewing agent-written code for production readiness. Automatically decomposes systems into subsystems, applies appropriate analysis checklists, and produces structured findings with severity classification.
reviewdog
by AgentSecOps
Automated code review and security linting integration for CI/CD pipelines using reviewdog. Aggregates findings from multiple security and quality tools (SAST, linters, formatters) into unified code review comments on pull requests. Use when: (1) Integrating security scanning into code review workflows, (2) Automating security feedback on pull requests, (3) Consolidating multiple tool outputs into actionable review comments, (4) Enforcing secure coding standards in CI/CD pipelines, (5) Providing inline security annotations during development.
reflect
by iliaal
Session retrospective and skill audit. Use when "/reflect", "session review", "retrospective", "what went wrong", "lessons learned", "what should we remember", or "what can we improve".
meta-prompting
by iliaal
Enhanced reasoning patterns via slash commands (/think, /verify, /adversarial, /edge, /compare, /confidence, /budget, /constrain, /json, /flip, /assumptions, /tensions, /analyze, /trade) or natural language ("argue against", "what could break", "show reasoning", "deep review", "meta-prompts", "thinking modes", "second-best approach", "list assumptions", "opposing perspectives").
audit-rules
by melodic-software
Audit Claude Code rule files for quality and compliance. Use when creating or validating .claude/rules/*.md files, or troubleshooting rule loading issues.
aws-cost-operations
by zxkane
This skill provides AWS cost optimization, monitoring, and operational best practices with integrated MCP servers for billing analysis, cost estimation, observability, and security assessment.
code-review-patterns
by romiluz13
"Internal skill. Use cc10x-router for all development tasks."
defender-for-devops
by JosiahSiegel
Microsoft Defender for DevOps integration with Azure Pipelines (2025)
docker-security-guide
by JosiahSiegel
Comprehensive Docker security guidelines and threat mitigation strategies
graphql-inspector-audit
by TheBushidoCollective
Use when auditing GraphQL operations for complexity metrics, depth analysis, directive usage, or query performance concerns.
computer-scientist-analyst
by rysweet
Analyzes events through computer science lens using computational complexity, algorithms, data structures, systems architecture, information theory, and software engineering principles to evaluate feasibility, scalability, security. Provides insights on algorithmic efficiency, system design, computational limits, data management, and technical trade-offs. Use when: Technology evaluation, system architecture, algorithm design, scalability analysis, security assessment. Evaluates: Computational complexity, algorithmic efficiency, system architecture, scalability, data integrity, security.
Horizon
by simota
非推奨ライブラリの検出、ネイティブAPI置換提案、新技術のPoC作成。技術スタック刷新、モダナイゼーション、レガシーコード更新が必要な時に使用。
api-spectral
by AgentSecOps
API specification linting and security validation using Stoplight's Spectral with support for OpenAPI, AsyncAPI, and Arazzo specifications. Validates API definitions against security best practices, OWASP API Security Top 10, and custom organizational standards. Use when: (1) Validating OpenAPI/AsyncAPI specifications for security issues and design flaws, (2) Enforcing API design standards and governance policies across API portfolios, (3) Creating custom security rules for API specifications in CI/CD pipelines, (4) Detecting authentication, authorization, and data exposure issues in API definitions, (5) Ensuring API specifications comply with organizational security standards and regulatory requirements.
api-mitmproxy
by AgentSecOps
Interactive HTTPS proxy for API security testing with traffic interception, modification, and replay capabilities. Supports HTTP/1, HTTP/2, HTTP/3, WebSockets, and TLS-protected protocols. Includes Python scripting API for automation and multiple interfaces (console, web, CLI). Use when: (1) Intercepting and analyzing API traffic for security testing, (2) Modifying HTTP/HTTPS requests and responses to test API behavior, (3) Recording and replaying API traffic for testing, (4) Debugging mobile app or thick client API communications, (5) Automating API security tests with Python scripts, (6) Exporting traffic in HAR format for analysis.
library-design-patterns
by akaszubski
Standardized library design patterns for autonomous-dev including two-tier design, progressive enhancement, non-blocking enhancements, and security-first architecture. Use when creating or refactoring Python libraries.
find-bugs
by steveclarke
Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.
secure-coding
by baz-scm
Incorporating security at every step of software development – writing code that defends against vulnerabilities and protects user data.
mapbox-token-security
by mapbox
Security best practices for Mapbox access tokens, including scope management, URL restrictions, rotation strategies, and protecting sensitive data. Use when creating, managing, or advising on Mapbox token security.
dast-nuclei
by AgentSecOps
Fast, template-based vulnerability scanning using ProjectDiscovery's Nuclei with extensive community templates covering CVEs, OWASP Top 10, misconfigurations, and security issues across web applications, APIs, and infrastructure. Use when: (1) Performing rapid vulnerability scanning with automated CVE detection, (2) Testing for known vulnerabilities and security misconfigurations in web apps and APIs, (3) Running template-based security checks in CI/CD pipelines with customizable severity thresholds, (4) Creating custom security templates for organization-specific vulnerability patterns, (5) Scanning multiple targets efficiently with concurrent execution and rate limiting controls.
pytm
by AgentSecOps
Python-based threat modeling using pytm library for programmatic STRIDE analysis, data flow diagram generation, and automated security threat identification. Use when: (1) Creating threat models programmatically using Python code, (2) Generating data flow diagrams (DFDs) with automatic STRIDE threat identification, (3) Integrating threat modeling into CI/CD pipelines and shift-left security practices, (4) Analyzing system architecture for security threats across trust boundaries, (5) Producing threat reports with STRIDE categories and mitigation recommendations, (6) Maintaining threat models as code for version control and automation.