Security

security-patterns

by akaszubski

Security best practices, API key management, input validation. Use when handling secrets, user input, or security-sensitive code.

meta-audit

by laurigates

Audit Claude subagent configurations for completeness, security, and best practices

ast-grep-search

by laurigates

Find and replace code patterns structurally using ast-grep. Use when you need to match code by its AST structure (not just text), such as finding all functions with specific signatures, replacing API patterns across files, or detecting code anti-patterns that regex cannot reliably match.

java25-springboot4-reviewer

by a-pavithraa

Comprehensive code review for Java 25 and Spring Boot 4 apps. Use when reviewing, checking, auditing, or analyzing Java/Spring Boot code (files, modules, PRs, or full codebases) for migration risks, Spring Boot 4 best practices, JSpecify null-safety, security vulnerabilities, performance bottlenecks, data access pitfalls, architecture boundaries (DDD/Hexagonal/Spring Modulith), or modern Java 25 usage.

network-netcat

by AgentSecOps

Network utility for reading and writing data across TCP/UDP connections, port scanning, file transfers, and backdoor communication channels. Use when: (1) Testing network connectivity and port availability, (2) Creating reverse shells and bind shells for authorized penetration testing, (3) Transferring files between systems in restricted environments, (4) Banner grabbing and service enumeration, (5) Establishing covert communication channels, (6) Testing firewall rules and network segmentation.

container-hadolint

by AgentSecOps

Dockerfile security linting and best practice validation using Hadolint with 100+ built-in rules aligned to CIS Docker Benchmark. Use when: (1) Analyzing Dockerfiles for security misconfigurations and anti-patterns, (2) Enforcing container image security best practices in CI/CD pipelines, (3) Detecting hardcoded secrets and credentials in container builds, (4) Validating compliance with CIS Docker Benchmark requirements, (5) Integrating shift-left container security into developer workflows, (6) Providing remediation guidance for insecure Dockerfile instructions.

Agent Security Audit

by DmitrL-dev

Проверка безопасности AI-агентов по OWASP Agentic Top 10 2026

audit-logging

by BagelHole

Implement centralized audit logging and SIEM integration. Configure log retention and security monitoring. Use when implementing audit trail requirements.

nestjs

by claude-dev-suite

NestJS enterprise Node.js framework. Covers modules, controllers, services, guards, and dependency injection. Use when building scalable Node.js applications. USE WHEN: user mentions "NestJS", "nest", "@nestjs", "@Module", "@Controller", "@Injectable", asks about "dependency injection in Node.js", "enterprise Node.js framework", "TypeScript backend framework", "decorators in backend", "guards and pipes", "modular Node.js architecture" DO NOT USE FOR: Express (minimalist framework) - use express instead, Fastify (performance-focused) - use fastify instead, Hono (edge runtimes) - use hono instead, Deno frameworks - use oak or fresh instead

red-teaming

by rfxlamia

Comprehensive red teaming methodology for both cybersecurity and AI/LLM systems. Use when conducting adversary emulation, vulnerability assessment, attack simulation, or security validation. Trigger on requests for penetration testing, threat modeling, security audits, MITRE ATT&CK operations, LLM safety testing, prompt injection attacks, or compliance validation (OWASP, NIST, TIBER, DORA, EU AI Act). Apply when users ask to "test like an attacker", "red team our system", "validate security posture", "assess LLM vulnerabilities", or "simulate cyber attacks". Includes planning frameworks, execution strategies, reporting templates, and progressive references to specialized attack techniques and tools.

Anti Marketing

by omer-metin

preview-testing

by Svenja-dev

Comprehensive E2E + Security Tests for Vercel Preview Deployments. Combines Playwright automation with Claude-in-Chrome MCP for interactive debugging. Activate on PR creation, before merge, or manual /preview-test.

skill-security-analyzer

by Svenja-dev

Comprehensive security risk analysis for Claude skills. Use when asked to analyze security risks, review security stance, audit skills for vulnerabilities, check security before deployment, or evaluate safety of skill files. Triggers include "analyze security," "security risks," "security audit," "security review," "is this skill safe," or "check for vulnerabilities."

workflow-preflight

by charlesjones-dev

"Run code quality checks (typecheck, lint, tests) - auto-detects configured tools and offers to fix issues."

threat-model-generation

by Factory-AI

Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture changes, or for security audits.

vulnerability-validation

by Factory-AI

Validate security findings from commit-security-scan by assessing exploitability, filtering false positives, and generating proof-of-concept exploits. Use after running commit-security-scan to confirm vulnerabilities.

security-review-openai

by lawvable

"Perform language and framework specific security best-practice reviews and suggest improvements. Trigger only when the user explicitly requests security best practices guidance, a security review/report, or secure-by-default coding help. Trigger only for supported languages (python, javascript/typescript, go). Do not trigger for general code review, debugging, or non-security tasks."

consensus-voting

by rysweet

Multi-agent consensus voting with domain-weighted expertise for critical decisions requiring structured validation

n-version-workflow

by rysweet

N-version programming for critical implementations - generates N independent solutions and selects the best through comparison

dev-dependency-management

by vasilyu1983

Package and dependency management patterns across ecosystems (npm, pip, cargo, maven). Covers lockfiles, semantic versioning, dependency security scanning, update strategies, monorepo workspaces, transitive dependencies, and avoiding dependency hell.

marketing-seo-complete

by vasilyu1983

Complete SEO skill for technical audits (Core Web Vitals, site speed, crawlability/indexation, robots/sitemaps/canonicals, structured data, mobile, security, internal linking), SEO marketing strategy (keyword research, content planning, competitive analysis, E-E-A-T), operational workflows (cross-team collaboration, OKRs), link building, local SEO, international SEO (hreflang), and multi-platform SEO (Google, YouTube, Reddit, social). Updated for January 2026.

security-audit

by dirnbauer

Security audit patterns for PHP/OWASP. Use when conducting security assessments, identifying vulnerabilities (XXE, SQL injection, XSS), or CVSS scoring.

security-incident-reporting

by dirnbauer

Security Incident Report templates drawing from NIST/SANS. DDoS post-mortem, CVE correlation, timeline documentation, and blameless root cause analysis. Use when working with incident report, post-mortem, sir, ddos analysis, security reporting, root cause analysis, cve correlation, nist 800-61.

enterprise-readiness

by dirnbauer

Assess and enhance software projects for enterprise-grade security, quality, and automation. Aligned with OpenSSF Scorecard, SLSA, and S2C2F. Use when working with enterprise, openssf, slsa, security, scorecard, supply chain, badge.