Security
Security scanning and vulnerability detection
learn
by agentskill-sh
Discover, install, and manage AI agent skills from agentskill.sh. Search for capabilities, install mid-session, scan for security issues, and provide feedback. Use when asked to find skills, install extensions, or check skill safety.
Incident Report Generator — 資安事件通報報告產生器
by OEN-Tech
Taiwan PDPA (個人資料保護法) — Personal Data Protection Act
qa-expert
by zhaono1
Quality assurance expert for testing strategies and quality gates. Use when planning test coverage, setting up QA processes, or improving quality standards.
code-reviewer
by zhaono1
Reviews pull requests and code changes for quality, security, and best practices. Use when user asks for code review, PR review, or mentions reviewing changes.
blogwatcher
by EthanAlgoX
Monitor blogs and RSS/Atom feeds for updates using the blogwatcher CLI.
docker
by Mindrally
Docker containerization best practices for building, securing, and deploying containers.
health-check
by acedergren
"Run all quality gates across the entire codebase and report results. Headless — no analysis, just execute and print. Use for pre-PR validation, phase completion, or routine health monitoring."
git
by tao3k
Use when committing code, managing branches, pushing to remote, creating pull requests, or performing version control operations. Conforms to docs/reference/skill-routing-value-standard.md.
review-all
by acedergren
"Pre-PR review pipeline — runs security, API audit, and scope check agents in parallel. Read-only, no changes. Use before creating PRs or after completing a phase of work."
audit-website
by squirrelscan
Audit websites for SEO, performance, security, technical, content, and 15 other issue cateories with 230+ rules using the squirrelscan CLI. Returns LLM-optimized reports with health scores, broken links, meta tag analysis, and actionable recommendations. Use to discover and asses website or webapp issues and health.
Python Backend Architecture Review
by rknall
"Comprehensive design architecture review for Python backend applications. Use this skill when users ask you to review, analyze, or provide feedback on backend architecture designs, system design documents, or Python application architecture. Covers scalability, security, performance, database design, API design, microservices patterns, deployment architecture, and best practices."
backend-dev
by julianromli
Comprehensive backend development workflow that orchestrates expert analysis, architecture design, implementation, and deployment using the integrated toolset. Handles everything from API design and database architecture to security implementation and DevOps automation.
plugin-dev
by rube-de
"Validate plugin SKILL.md frontmatter and audit hook scripts for silent failures. Run validation to check all plugins pass schema, source path, and frontmatter checks. Run hook audit to detect unhandled errors in shell and Python scripts."
security
by rube-de
Security scan: dependency audits, SAST analysis, and secret detection. Detects project type, runs available security tools, classifies findings by severity, and creates a structured GitHub issue.
dlc
by rube-de
Dev Life Cycle quality gates: run security scans, code quality checks, performance analysis, test coverage, and PR review compliance. Routes to domain-specific sub-skills or runs all checks in sequence.
update
by rube-de
Audit open GitHub issues for staleness, orphaned blockers, missing labels, codebase drift, and already-implemented features. Categorizes issues into close-candidates, update-needed, needs-triage, stale, and healthy. Supports bulk and individual remediation via interactive approval. Triggers: audit issues, clean up issues, update stale issues, issue hygiene, backlog cleanup, prune issues.
spring-boot-testing
by joaquimscosta
Spring Boot 4 testing strategies and patterns. Use when writing unit tests, slice tests (@WebMvcTest, @DataJpaTest), integration tests, Testcontainers with @ServiceConnection, security testing (@WithMockUser, JWT), or Modulith event testing with Scenario API. Covers the critical @MockitoBean migration from @MockBean.
spring-boot-scanner
by joaquimscosta
Smart code scanner that detects Spring Boot patterns and routes to appropriate skills. Use when editing Java or Kotlin files in Spring Boot projects, working with pom.xml/build.gradle containing spring-boot-starter, or when context suggests Spring Boot development. Detects annotations (@RestController, @Entity, @EnableWebSecurity, @SpringBootTest) to determine relevant skills and provides contextual guidance. Uses progressive automation - auto-invokes for low-risk patterns (web-api, data, DDD), confirms before loading high-risk skills (security, testing, verify).
spring-boot-security
by joaquimscosta
Spring Security 7 implementation for Spring Boot 4. Use when configuring authentication, authorization, OAuth2/JWT resource servers, method security, or CORS/CSRF. Covers the mandatory Lambda DSL migration, SecurityFilterChain patterns, @PreAuthorize, and password encoding. For testing secured endpoints, see spring-boot-testing skill.
servicenow-server-security
by DanielMadsenDK
Secure data and credentials using cryptographic operations, encryption, and authentication primitives. Covers GlideDigest (hashing), GlideCertificateEncryption, KMFCryptoOperation, OAuth credential lifecycle, and request signing. Use when encrypting sensitive data, managing cryptographic keys, signing requests, verifying certificates, performing hash operations, or managing stored credentials. For setting up outbound HTTP API connections to external systems, use the servicenow-http-integrations skill.
aws-infrastructure
by shipshitdev
Expert in AWS infrastructure setup including EC2, VPC, security groups, Application Load Balancers, Route53 DNS, and SSL/TLS certificates. Use this skill for AWS infrastructure configuration and deployment.
gtm-pricing
by ScientiaCapital
"B2B go-to-market strategy, pricing models, ICP development, positioning, and competitive intelligence. Use when planning GTM strategy, setting pricing, defining ICP, or evaluating opportunities."
security
by ScientiaCapital
"Application security patterns - authentication, secrets management, input validation, OWASP Top 10. Use when: auth, JWT, secrets, API keys, SQL injection, XSS, CSRF, RLS, security audit, pen testing basics."
cloud-infrastructure
by maroffo
"AWS/GCP cloud infrastructure: Well-Architected, security, cost, observability. Use when working with Terraform outputs, IAM policies, VPC design, load balancers, or cloud architecture decisions."