Security
Security scanning and vulnerability detection
software-security
by project-codeguard
A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.
security-audit
by Terryc21
'Automated security vulnerability scan for iOS/macOS apps. Covers secrets, storage, network, input validation, privacy manifest, and file protection. Triggers: "security audit", "check for secrets", "security scan".'
commands
by Terryc21
Display list of all available custom commands for this project
workflow-audit
by Terryc21
Systematic UI workflow auditing for SwiftUI applications. Discovers entry points, traces user flows, detects dead ends and broken promises, evaluates from user perspective.
ai-code-review
by sundial-org
Top OpenClaw skills, with the most popular and useful ones.
a11y-checker
by sundial-org
Scan HTML and JSX for accessibility issues with AI-powered fix suggestions
utility-tools
by vikiboss
提供实用工具功能,包括IP地址查询、文本翻译、二维码生成、哈希计算、网页元数据提取、域名WHOIS查询和密码生成。Use when users need translation, IP lookup, QR codes, hashing, domain info, or password generation.
skillshare
by jasonraimondi
Syncs skills across AI CLI tools from a single source of truth. Global (~/.config/skillshare/) or project (.skillshare/) mode. Install from any Git host. Use when: "skillshare" CLI, skill management, or troubleshooting.
meta-skillshare
by jasonraimondi
Syncs skills across AI CLI tools (Claude, Cursor, Windsurf, etc.) from a single source of truth. Global mode (~/.config/skillshare/) and project mode (.skillshare/ per-repo). Commands: status, sync, install, uninstall, update, check, search, new, collect, push, pull, diff, list, doctor, audit, init-rules, trash, log, backup, restore, target, ui, upgrade. Features: target-level skill filtering (include/exclude), skill-level targets field, XDG Base Directory support, fuzzy subdirectory resolution for monorepo installs, .skillignore for repo-level skill filtering, --exclude flag, license display, multi-skill and group uninstall (--group/-G), declarative skill manifest (global + project), group field for organized placement, 49+ supported targets. Use when: managing skills across AI tools, "skillshare" CLI, skill sync/install/search, project skills setup, target filtering, security audit, web dashboard, or troubleshooting.
Android Security
by HoangNguyen0403
Standards for Data Encryption, Network Security, and Permissions
security-audit
by ils15
"Security audit and vulnerability detection - OWASP Top 10, input validation, injection attacks"
security-auditor
by zhaono1
Security vulnerability expert covering OWASP Top 10 and common security issues. Use when conducting security audits or reviewing code for vulnerabilities.
security
by booch
Security guidelines for secure coding and code review. This skill should be used when architecting/designing systems, writing code, or reviewing code. Use proactively when discussing vulnerabilities, OWASP, injection attacks, XSS, CSRF, SQL injection, authentication, authorization, access control, encryption, secrets management, input validation, or secure coding practices. (user)
sdlc
by booch
Software development lifecycle guidance. This skill should be used when planning development work, conducting code reviews, or establishing development workflows. Use proactively when reviewing code, preparing commits, creating pull requests, refactoring, or discussing development process and best practices. (user)
accelint-ts-performance
by gohypergiant
"Systematic JavaScript/TypeScript performance audit and optimization using V8 profiling and runtime patterns. Use when (1) Users say 'optimize performance', 'audit performance', 'this is slow', 'reduce allocations', 'improve speed', 'check performance', (2) Analyzing code for performance anti-patterns (O(n²) complexity, excessive allocations, I/O blocking, template literal waste), (3) Optimizing functions regardless of current usage context - utilities, formatters, parsers are often called in hot paths even when they appear simple, (4) Fixing V8 deoptimization (monomorphic/polymorphic issues, inline caching). Audits ALL code for anti-patterns and reports findings with expected gains. Covers loops, caching, batching, memory locality, algorithmic complexity fixes with ❌/✅ patterns."
accelint-security-best-practices
by gohypergiant
"Comprehensive security audit and vulnerability detection for JavaScript/TypeScript applications following OWASP Top 10. Use when (1) Users say 'audit security', 'check for vulnerabilities', 'security review', 'implement authentication', 'secure this code', (2) Adding authentication, API endpoints, file uploads, or handling user input, (3) Working with secrets, credentials, or sensitive data, (4) Implementing payment features or blockchain integrations, (5) Conducting pre-deployment security checks. Audits for: hardcoded secrets, injection vulnerabilities, XSS/CSRF, broken access control, insecure authentication, rate limiting, dependency vulnerabilities, sensitive data exposure."
accelint-ts-audit-all
by gohypergiant
Comprehensive TypeScript file audit system. Command-only skill (no natural triggers). Accepts file or directory path to systematically audit through accelint-ts-testing, accelint-ts-best-practices, accelint-ts-performance, and accelint-ts-documentation skills. Maintains progress tracking across sessions with interactive change approval. Uses isolated git worktrees to enable parallel audits without conflicts.
soc2-compliance
by BagelHole
Implement SOC 2 Trust Services Criteria. Configure security, availability, and processing integrity controls. Use when achieving SOC 2 certification.
vue-frontend
by williamzujkowski
Composition API vs Options API
security-audit
by charlesjones-dev
"Comprehensive security audit to identify vulnerabilities, OWASP Top 10 issues, and security anti-patterns."
redteam
by neurofoo
Red team adversarial analysis to find weaknesses, vulnerabilities, and failure modes. Use before launches, for security review, or when a plan feels too perfect.
tech-stack-evaluator
by alirezarezvani
Comprehensive technology stack evaluation and comparison tool with TCO analysis, security assessment, and intelligent recommendations for engineering teams
code-review
by Geeksfino
Reviews code for quality, best practices, and potential issues. Use when asked to review, audit, or check code for problems.
code-security
by KimYx0207
"Runs Semgrep security scans on the current project to detect vulnerabilities, secrets leakage, and OWASP Top 10 issues. Use when the user asks for security scanning, vulnerability detection, code auditing, secrets checking, or says things like 安全扫描, 代码扫描, 扫漏洞, 安全检查, 漏洞检测, 扫一下安全."