Security

disk-cleaner

by gccszs

"High-performance cross-platform disk space monitoring, analysis, and cleaning toolkit with v2.0 optimization enhancements. Use when Claude needs to: (1) Analyze disk space usage and identify large files/directories consuming space, (2) Clean temporary files, caches, logs, and other junk files safely, (3) Monitor disk usage with configurable warning/critical thresholds, (4) Generate detailed reports on disk health and cleanup recommendations. Features advanced optimization: 3-5x faster scanning with os.scandir(), concurrent multi-threaded I/O, intelligent sampling for large directories, memory-adaptive processing, and cross-platform compatibility (Windows/macOS/Linux). Specializes in Windows C drive cleanup while maintaining full compatibility with Unix systems. Provides interactive CLI, automated scripts, detailed reporting modes, and comprehensive test coverage (244 tests). All operations prioritize safety with built-in protection for system files."

check-dependency-vulnerabilities

by dykyi-roman

Analyzes PHP dependencies for security vulnerabilities. Detects outdated packages, known CVEs, unsupported versions, vulnerable transitive dependencies.

check-cors-security

by dykyi-roman

Audits CORS configuration security. Detects wildcard origins, credentials with wildcards, dynamic origin reflection, missing preflight handling, and overly permissive policies.

security-patterns

by groupzer0

Security vulnerability detection patterns including OWASP Top 10, language-specific vulnerabilities, and remediation guidance. Load when reviewing code for security issues, conducting audits, or implementing authentication/authorization.

code-review-checklist

by groupzer0

Structured code review criteria for pre-implementation plan review (Critic) and post-implementation security/quality review. Covers security, performance, maintainability, and correctness with severity ratings.

skill-creator-thepexcel

by ThepExcel

Guide for creating and enhancing skills. Use when users want to create a new skill, update/improve an existing skill, or audit skill quality. Supports both creation from scratch and enhancement of existing skills with audit rubric scoring.

iosdev-cn

by kuangre123

通用 iOS App 开发、构建、签名、测试与 App Store 上架流程（中国区）指南。用于当用户询问 iOS 开发/上架/审核/签名/TestFlight/App Store Connect/隐私合规/订阅配置，或输入触发词 iosdev 时。

workflow-audit

by Terryc21

'Systematic UI workflow auditing for SwiftUI applications. Discovers entry points, traces user flows, detects dead ends and broken promises, audits data wiring, evaluates from user perspective. Triggers: "workflow audit", "audit flows", "find dead ends", "check navigation".'

Ai Code Security

by omer-metin

springboot-security

by x-cmd

Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.

owasp-mobile-security-checker

by Harishwarrior

Use when performing security audits, vulnerability assessments, or compliance checks on Flutter or mobile applications. Covers OWASP Mobile Top 10 (2024) — hardcoded secrets (M1), insecure storage (M9), weak cryptography (M10), network issues (M5), and 6 more categories with automated scanners and remediation guidance.

backend-development

by samhvw8

"Production backend systems development. Stack: Node.js/TypeScript, Python, Go, Rust NestJS, FastAPI, Django, Express PostgreSQL, MongoDB, Redis. Capabilities: REST/GraphQL/gRPC APIs, OAuth 2.1/JWT auth, OWASP security, microservices, caching, load balancing, Docker/K8s deployment. Actions: design, build, implement, secure, optimize, deploy, test APIs and services. Keywords: API design, REST, GraphQL, gRPC, authentication, OAuth, JWT, RBAC, database, PostgreSQL, MongoDB, Redis, caching, microservices, Docker, Kubernetes, CI/CD, OWASP, security, performance, scalability, NestJS, FastAPI, Express, middleware, rate limiting. Use when: designing APIs, implementing auth/authz, optimizing queries, building microservices, securing endpoints, deploying containers, setting up CI/CD."

supabase-report-compare

by yoanbernabeu

Compare two security audit reports to track remediation progress and identify new vulnerabilities.

supabase-report

by yoanbernabeu

Generate a comprehensive Markdown security audit report with executive summary, findings, and remediation guidance.

supabase-audit-authenticated

by yoanbernabeu

Create a test user (with explicit permission) to audit what authenticated users can access vs anonymous users. Detects IDOR, cross-user access, and privilege escalation.

sast-semgrep

by rohunj

Static application security testing (SAST) using Semgrep for vulnerability detection, security code review, and secure coding guidance with OWASP and CWE framework mapping. Use when: (1) Scanning code for security vulnerabilities across multiple languages, (2) Performing security code reviews with pattern-based detection, (3) Integrating SAST checks into CI/CD pipelines, (4) Providing remediation guidance with OWASP Top 10 and CWE mappings, (5) Creating custom security rules for organization-specific patterns, (6) Analyzing dependencies for known vulnerabilities.

sca-trivy

by rohunj

Software Composition Analysis (SCA) and container vulnerability scanning using Aqua Trivy for identifying CVE vulnerabilities in dependencies, container images, IaC misconfigurations, and license compliance risks. Use when: (1) Scanning container images and filesystems for vulnerabilities and misconfigurations, (2) Analyzing dependencies for known CVEs across multiple languages (Go, Python, Node.js, Java, etc.), (3) Detecting IaC security issues in Terraform, Kubernetes, Dockerfile, (4) Integrating vulnerability scanning into CI/CD pipelines with SARIF output, (5) Generating Software Bill of Materials (SBOM) in CycloneDX or SPDX format, (6) Prioritizing remediation by CVSS score and exploitability.

search-aptos-examples

by iskysun96

"Searches aptos-core and daily-move for reference implementations before writing contracts. Triggers on:

security-audit

by iskysun96

"Audits Move contracts for security vulnerabilities before deployment using 7-category checklist. Triggers on: 'audit

supabase-pentest

by yoanbernabeu

Orchestrate a complete Supabase security audit with guided step-by-step execution and ownership confirmation.

vuln-research

by tanweai

安全研究元思考方法论 - 从先知社区5600+篇安全文档中提炼的漏洞挖掘方法论框架。 Use this skill when: - 进行漏洞挖掘和安全研究时，需要系统化的思考框架 - 分析特定类型漏洞（Web注入、反序列化、二进制、域渗透等）的攻击路径 - 需要了解绕过防护措施（WAF、EDR、沙箱）的思维模式 - 进行代码审计需要Source-Sink分析方法论 - 红队攻防需要完整攻击链规划 - CTF竞赛需要快速解题思路 - 逆向分析恶意软件需要方法论指导 Triggers: 漏洞挖掘、安全研究、渗透测试、代码审计、红队攻防、CTF、逆向分析、 WAF绕过、免杀、提权、横向移动、域渗透、反序列化、二进制安全、Fuzzing

skill-vetter

by app-incubator-xyz

"Multi-scanner security gate. TRIGGER when: user mentions installing, adding, or reviewing a skill to Claude Code, OpenClaw, or any other AI agent. Detects malicious code, vulnerabilities, and suspicious patterns."

agent-native-audit

by ratacat

Run comprehensive agent-native architecture review with scored principles

address-sanitizer

by plurigrid

Use AddressSanitizer to detect memory safety bugs in C/C++ programs. Identifies use-after-free, buffer overflow, memory leaks, and other memory errors.