Security
Security scanning and vulnerability detection
code-review
by akaszubski
Enforcement skill for consistent, thorough code reviews
typo3-security
by dirnbauer
Security hardening checklist and best practices for TYPO3 v13/v14 installations, covering configuration, file permissions, and common vulnerabilities. Use when working with security, hardening, permissions, authentication, vulnerabilities.
code-reviewer
by nguyenthienthanh
"Comprehensive code review with multi-agent analysis. Checks security, performance, maintainability, tests."
mapbox-token-security
by mapbox
Security best practices for Mapbox access tokens, including scope management, URL restrictions, rotation strategies, and protecting sensitive data. Use when creating, managing, or advising on Mapbox token security.
legacy-bridge
by williamzujkowski
Backward compatibility bridge that translates legacy @load patterns to new Skills format. Enables seamless migration with zero breaking changes during 6-month transition period.
kubernetes
by williamzujkowski
Kubernetes standards for container orchestration, deployments, services, ingress, ConfigMaps, Secrets, and security policies. Covers production-ready configurations, monitoring, and best practices for cloud-native applications.
service-mesh
by williamzujkowski
A service mesh is an infrastructure layer that provides transparent service-to-service
healthtech-hipaa
by williamzujkowski
HIPAA establishes national standards for protecting patient health information
brewcode:secrets-scan
by kochetkov-ma
Scans all git-tracked files for leaked secrets and credentials. Use when - scanning for secrets, security audit, finding leaked credentials. Trigger keywords - secrets scan, find credentials, security scan, leaked keys, security audit.
web-performance-seo
by ZhanlinCui
Fix PageSpeed Insights/Lighthouse accessibility "!" errors caused by contrast audit failures (CSS filters, OKLCH/OKLAB, low opacity, gradient text, image backgrounds). Use for accessibility-driven SEO/performance debugging and remediation.
owasp-llm-top10
by mastepanoski
Security audit for LLM and GenAI applications using OWASP Top 10 for LLM Apps 2025. Assess prompt injection, data leakage, supply chain, and 7 more critical vulnerabilities.
repo-compliance-audit
by okwinds
对任意代码仓库进行合规审计并生成可取证报告(Markdown + JSON findings),覆盖“是否遵循 AGENTS.md/仓库规则/用户指令”“文档索引/规格/工作记录/任务总结”“TDD 与离线回归证据”“可复现性(.env.example 等)”“潜在密钥泄露与仓库卫生”等;并支持在人类勾选 finding.id 后执行选择性低风险整改(默认不改业务逻辑)。触发场景:仓库交付前自检、接手陌生仓库、需要合规审计报告、需要把整改条目做成可选择的执行清单。
codex-code-review
by tyrchen
Perform comprehensive code reviews using OpenAI Codex CLI. This skill should be used when users request code reviews, want to analyze diffs/PRs, need security audits, performance analysis, or want automated code quality feedback. Supports reviewing staged changes, specific files, entire directories, or git diffs.
config-consistency-checker
by ArabelaTso
Automatically analyzes configuration files to detect inconsistencies, conflicts, missing keys, and divergent values across environments, versions, or modules. Use when managing multi-environment configurations, detecting config drift, validating configuration changes, or ensuring consistency across microservices. Supports JSON, YAML, TOML, INI, XML, .env, and properties files. Identifies security issues like hardcoded secrets and provides actionable resolution guidance.
cve-watchlist-action-recommendation-generator
by ArabelaTso
Generate prioritized CVE watchlists and actionable security recommendations for repositories. Use when analyzing CVE scan results, creating security reports, prioritizing vulnerability remediation, or generating security gate reports for CI/CD. Takes CVE scan results (JSON/SARIF from npm audit, pip-audit, Snyk), reachability analysis, and cutoff date as input. Combines severity, reachability, exploitability, and dependency criticality to rank CVEs by practical risk. Outputs markdown reports with concrete next-step guidance (immediate upgrade, monitor, ignore with justification, apply mitigation) suitable for issue trackers, security reviews, and CI security gates.
event-driven-detector
by Geeksfino
Identify and analyze corporate events that create mispricing opportunities, including M&A, spinoffs, buybacks, restructurings, and index changes. Use when the user asks about merger arbitrage, spinoff opportunities, share buyback analysis, corporate restructuring plays, index rebalancing trades, special situations investing, or event-driven strategies.
ac-security-sandbox
by adaptationio
Security sandbox for autonomous coding. Use when validating commands, configuring permissions, managing allowlists, or ensuring safe execution.
ac-code-validator
by adaptationio
Validate code quality and standards. Use when running linting, checking types, validating code style, or performing static analysis.
ac-qa-reviewer
by adaptationio
Quality assurance review for implementations. Use when reviewing code quality, checking implementation standards, performing QA cycles, or validating feature quality.
springboot-init
by alffei
Define development specifications for Spring Boot monolithic projects, supporting multiple technology stack configurations.
hash-calculator
by dkyazzentwatwa
Calculate cryptographic hashes (MD5, SHA1, SHA256, SHA512) for text and files. Compare hashes, verify integrity, and batch process directories.
chrome-extension-development
by Mindrally
Expert guidelines for Chrome extension development with Manifest V3, covering security, performance, and best practices
aws-vpc
by BagelHole
Design and implement VPCs and networking. Configure subnets, route tables, and security groups. Use when setting up AWS network infrastructure.
aws-cloudtrail
by BagelHole
Configure AWS CloudTrail for audit logging. Set up organization trails and event analysis. Use when auditing AWS activity.