Security
Security scanning and vulnerability detection
sca-trivy
by AgentSecOps
Software Composition Analysis (SCA) and container vulnerability scanning using Aqua Trivy for identifying CVE vulnerabilities in dependencies, container images, IaC misconfigurations, and license compliance risks. Use when: (1) Scanning container images and filesystems for vulnerabilities and misconfigurations, (2) Analyzing dependencies for known CVEs across multiple languages (Go, Python, Node.js, Java, etc.), (3) Detecting IaC security issues in Terraform, Kubernetes, Dockerfile, (4) Integrating vulnerability scanning into CI/CD pipelines with SARIF output, (5) Generating Software Bill of Materials (SBOM) in CycloneDX or SPDX format, (6) Prioritizing remediation by CVSS score and exploitability.
container-grype
by AgentSecOps
Container vulnerability scanning and dependency risk assessment using Grype with CVSS severity ratings, EPSS exploit probability, and CISA KEV indicators. Use when: (1) Scanning container images and filesystems for known vulnerabilities, (2) Integrating vulnerability scanning into CI/CD pipelines with severity thresholds, (3) Analyzing SBOMs (Syft, SPDX, CycloneDX) for security risks, (4) Prioritizing remediation based on threat metrics (CVSS, EPSS, KEV), (5) Generating vulnerability reports in multiple formats (JSON, SARIF, CycloneDX) for security toolchain integration.
dast-zap
by AgentSecOps
Dynamic application security testing (DAST) using OWASP ZAP (Zed Attack Proxy) with passive and active scanning, API testing, and OWASP Top 10 vulnerability detection. Use when: (1) Performing runtime security testing of web applications and APIs, (2) Detecting vulnerabilities like XSS, SQL injection, and authentication flaws in deployed applications, (3) Automating security scans in CI/CD pipelines with Docker containers, (4) Conducting authenticated testing with session management, (5) Generating security reports with OWASP and CWE mappings for compliance.
ctct-security-patrol
by CTCT-CT2
OpenClaw 安全巡检工具,一键执行系统安全扫描并生成通俗易懂的报告。 使用场景:用户说"安全巡检"、"安全检查"、"安全审计"、"巡检"、"security audit"、"检查安全"、"系统安全"等。 触发条件:任何与 OpenClaw 安全检测、审计、巡检相关的请求。
react-doctor
by brianlovin
Diagnose and fix React codebase health issues. Use when reviewing React code, fixing performance problems, auditing security, or improving code quality.
code-audit
by 3stoneBrother
Professional code security audit skill covering 55+ vulnerability types. Enhanced with WooYun 88,636 real-world vulnerability cases (2010-2016). This skill should be used when performing security audits, vulnerability scanning, penetration testing preparation, or code review for security issues. Supports 9 languages: Java, Python, Go, PHP, JavaScript/Node.js, C/C++, .NET/C#, Ruby, Rust. Includes 143 mandatory detection items across all languages with language-specific checklists. Covers SQL injection, XSS, RCE, deserialization, SSRF, JNDI injection, JDBC protocol injection, authentication bypass, business logic flaws, race conditions, and modern security domains (LLM, Serverless, Android). WooYun integration adds: statistical-driven parameter priority, bypass techniques library, logic vulnerability patterns, and real-case references. v1.0: Initial public release with Docker deployment verification framework.
docs-writing
by mblode
Writes and audits technical documentation using Diataxis, Stripe-style clarity, and the Eight Rules. 52 rules across 9 categories covering voice, structure, clarity, code examples, formatting, navigation, scanability, content hygiene, and review. Use when writing docs, creating READMEs, documenting APIs, writing tutorials, building a docs site, or auditing documentation quality.
secureclaw
by adversa-ai
Security skill for OpenClaw agents (7-framework aligned). 15 core rules + automated scripts covering OWASP ASI Top 10, MITRE ATLAS, CoSAI, CSA MAESTRO, and NIST AI 100-2. Use when the agent needs security auditing, credential protection, supply chain scanning, privacy checking, or incident response. By Adversa AI (https://adversa.ai). v2.2.0.
brand-analyzer
by ailabs-393
This skill should be used when the user requests brand analysis, brand guidelines creation, brand audits, or establishing brand identity and consistency standards. It provides comprehensive frameworks for analyzing brand elements and creating actionable brand guidelines based on requirements.
competitor-scan
by WellApp-ai
Research best-in-class products using Browser MCP and WebSearch
enterprise-sales
by liqiongyu
"Create an Enterprise Deal Execution Pack (buying committee map + champion enablement, “no decision” prevention plan + mutual action plan, procurement/security packet, and POC-as-business-case plan + ROI model). Use for enterprise sales, procurement, security reviews, and enterprise pilots/POCs. Category: Sales & GTM."
frontend-design-fix
by matteocervelli
Fix generic frontend designs by applying aesthetic upgrades across the 5 design dimensions
cto-advisor
by shipshitdev
Technical leadership guidance for engineering teams, architecture decisions, and technology strategy. Includes tech debt analyzer, team scaling calculator, engineering metrics frameworks, technology evaluation tools, and ADR templates. Use when assessing technical debt, scaling engineering teams, evaluating technologies, making architecture decisions, establishing engineering metrics, or when user mentions CTO, tech debt, technical debt, team scaling, architecture decisions, technology evaluation, engineering metrics, DORA metrics, or technology strategy.
application-security
by travisjneuman
OWASP Top 10 with code examples, SAST/DAST tools, dependency scanning, CSP headers, and input validation patterns. Use when hardening applications, reviewing security posture, or implementing defensive coding practices.
ci-cd
by ahmedasmar
CI/CD pipeline design, optimization, DevSecOps security scanning, and troubleshooting. Use for creating workflows, debugging pipeline failures, implementing SAST/DAST/SCA, optimizing build performance, implementing caching strategies, setting up deployments, securing pipelines with OIDC/secrets management, and troubleshooting common issues across GitHub Actions, GitLab CI, and other platforms.
backend-dev
by julianromli
Comprehensive backend development workflow that orchestrates expert analysis, architecture design, implementation, and deployment using the integrated toolset. Handles everything from API design and database architecture to security implementation and DevOps automation.
access-control-knowledge
by dykyi-roman
Access Control knowledge base. Provides ACL, RBAC, ABAC, ReBAC models, multi-tenancy patterns, and PHP implementations (Symfony Voters, Laravel Gates) for security audits and generation.
red-team
by geekatron
"Offensive security team skill providing methodology guidance for penetration testing and red team engagements. Invoked when users request penetration testing, reconnaissance, vulnerability analysis, exploitation methodology, social engineering, C2 infrastructure, or engagement reporting. Routes to 11 specialized agents covering the full MITRE ATT&CK kill chain. All engagements require red-lead scope authorization before any other agent. Follows PTES, OSSTMM, and ATT&CK methodology frameworks."
eng-team
by geekatron
"Secure engineering team skill providing methodology guidance for building security-hardened software. Invoked when users request system design, implementation, code review, testing, CI/CD security, or incident response with security considerations. Routes to 10 specialized agents covering architecture through post-deployment. Integrates NIST SSDF governance, Microsoft SDL phases, OWASP ASVS verification, SLSA supply chain integrity, and DevSecOps automation patterns."
design-reviewer
by nahisaho
Copilot agent that assists with systematic design review using ATAM (Architecture Tradeoff Analysis Method), SOLID principles, design patterns, coupling/cohesion analysis, error handling, and security requirements Trigger terms: design review, architecture review, ATAM, SOLID principles, design patterns, coupling, cohesion, ADR review, C4 review, architecture analysis, design quality Use when: User requests involve design document review, architecture evaluation, or design quality assessment tasks.
tech-contract-negotiation-patrick-munro
by lawvable
"Guide to negotiating technology services agreements, professional services contracts, and commercial B2B transactions. Provides three-position frameworks (provider-favorable, balanced, client-favorable), deal-size tactics, objection handling templates, and concession roadmaps. Use when: (1) Developing negotiation strategies for SaaS, cloud, or managed services agreements, (2) Preparing position papers and fallback positions, (3) Responding to counterparty objections and demands, (4) Creating concession roadmaps that protect critical interests, (5) Assessing tactics based on deal value and leverage, or (6) Structuring balanced outcomes for liability, IP, payment, SLA, or warranty provisions."
compliance-anthropic
by lawvable
Navigate privacy regulations (GDPR, CCPA), review DPAs, and handle data subject requests. Use when reviewing data processing agreements, responding to data subject access or deletion requests, assessing cross-border data transfer requirements, or evaluating privacy compliance.
ai-readability-audit
by refly-ai
AI可读性审计工具,模拟AI爬虫视角评估网站对大语言模型的友好程度,分析结构化数据、语义HTML和Meta信息
vendor-due-diligence-patrick-munro
by lawvable
"Framework for assessing IT service providers, technology vendors, and third-party partners. Creates structured risk assessments across financial, operational, compliance, security, and reputational dimensions with regulatory checklists (GDPR, DORA, NIS2, SOX). Use when: (1) Evaluating new vendors or technology providers, (2) Conducting third-party risk assessments for procurement, (3) Performing critical vendor due diligence for regulatory compliance, (4) Creating vendor onboarding documentation, (5) Establishing ongoing vendor monitoring processes, (6) Assessing vendor concentration risk, or (7) Generating executive-level vendor risk reports."