Security
Security scanning and vulnerability detection
auth-module-builder
by patricio0312rev
Implements secure authentication patterns including login/registration, session management, JWT tokens, password hashing, cookie settings, and CSRF protection. Provides auth routes, middleware, security configurations, and threat model documentation. Use when building "authentication", "login system", "JWT auth", or "session management".
artifact-sbom-publisher
by patricio0312rev
Produces build artifacts with Software Bill of Materials (SBOM) and supply chain metadata for security and compliance. Use for "artifact publishing", "SBOM generation", "supply chain security", or "build provenance".
Adversary Trainer - AI Agent Security Testing
by 0xAxiom
Stay secure, test early, test often. ð¡ï¸
critical-interval-security-checker
by ArabelaTso
Analyzes code to identify security-critical time intervals and timing vulnerabilities in authentication, authorization, and time-sensitive security operations. Use this skill when reviewing code for proper timeout enforcement, token expiration, session management, rate limiting, password reset validity, or any time-sensitive security mechanism. Detects missing expiration checks, excessive timeout values, lack of rate limiting, client-side only validation, hardcoded timeouts, and timing attack vulnerabilities. Triggers when users ask to check security timeouts, verify token expiration handling, audit session timeout implementation, review rate limiting, or analyze time-based security controls.
Social Intel Hub
by 0xAxiom
Edit config/skills-inventory.json when you ship new tools. The context matcher uses this to identify threads where your tools are directly relevant.
Code Generation Validator
by 0xAxiom
Web Interface: Browser-based validation tool
agent-security
by 0xAxiom
Security guardrails, self-audit tools, and secret scanning for AI agents
agent-evals
by BagelHole
Build automated evaluation suites for AI agents using golden datasets, rubrics, and regression gates.
pci-dss-compliance
by BagelHole
Implement PCI DSS requirements for payment card data. Configure cardholder data environment and security controls. Use when processing payment cards.
api-security-hardening
by aj-geddes
Secure REST APIs with authentication, rate limiting, CORS, input validation, and security middleware. Use when building or hardening API endpoints against common attacks.
convex-security-audit
by waynesutton
Deep security review patterns for authorization logic, data access boundaries, action isolation, rate limiting, and protecting sensitive operations
convex
by waynesutton
Umbrella skill for all Convex development patterns. Routes to specific skills like convex-functions, convex-realtime, convex-agents, etc.
convex-security-check
by waynesutton
Quick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling
Security Skill
by nth5693
```
nist-compliance
by williamzujkowski
NIST 800-53r5 control implementation, tagging, evidence collection, and compliance automation for security frameworks
fintech-compliance
by williamzujkowski
Payment card security, SOC2 compliance, and financial services regulatory requirements
security-practices
by williamzujkowski
Modern security standards including Zero Trust Architecture, supply chain security, DevSecOps integration, and cloud-native protection
testing
by williamzujkowski
Comprehensive testing standards including unit, integration, security, and property-based testing with TDD methodology
doc-maintenance
by NickCrew
"Systematic documentation audit and maintenance. This skill should be used when documentation may be stale, missing, or misorganized — after feature work, refactors, dependency upgrades, or as a periodic health check. It prescribes folder structure for docs/ and manual/, dispatches haiku subagents for codebase/doc scanning, and routes doc creation to specialized agents (reference-builder, technical-writer, learning-guide) with docs-architect as quality gate."
code-quality-workflow
by NickCrew
Use when assessing or improving code quality, maintainability, performance, or security hygiene - provides workflows for analysis, code review, and systematic improvements with validation steps.
Gemini CLI
by blacktop
Consult Google Gemini CLI for second opinions on architecture, debugging, and security audits. Use Gemini's 1M+ context window for comprehensive code analysis. Compare Flash (fast) vs Pro (thorough). Use when: need second opinion on architectural decisions, stuck debugging after 2+ attempts, writing security- sensitive code, planning refactors (5+ files), approaching 70%+ context capacity, unfamiliar with tech stack, need peer review, or want Flash vs Pro comparison. Keywords: gemini-cli, google gemini, gemini command line, second opinion, model comparison, gemini-3-flash-preview, gemini-3-pro-preview, architectural decisions, debugging assistant, code review gemini, security audit gemini, 1M context window, AI pair programming, gemini consultation, flash vs pro, AI-to-AI prompting, peer review, codebase analysis, gemini CLI tool, shell gemini, command line AI assistant, gemini architecture advice, gemini debug help, gemini security scan, gemini code compare
owasp-top-10
by NickCrew
OWASP Top 10 security vulnerabilities with detection and remediation patterns. Use when conducting security audits, implementing secure coding practices, or reviewing code for common security vulnerabilities.
accessibility-audit
by NickCrew
Fast, high-signal accessibility triage for pages, components, or PRs targeting WCAG 2.2 AA compliance.
constructive-dissent
by NickCrew
Structured disagreement protocols to strengthen proposals through systematic challenge and alternative generation.