Security
Security scanning and vulnerability detection
insecure-design
by florianbuetow
This skill should be used when the user asks to "check for design flaws", "analyze security design", "find insecure design patterns", "review threat model", "check business logic security", "find missing security controls", or mentions "insecure design" in a security context. Maps to OWASP Top 10 2021 A04:2021 - Insecure Design.
auth
by florianbuetow
This skill should be used when the user asks to "check for authentication issues", "analyze auth", "find credential vulnerabilities", "review login security", "check session management", or mentions "authentication", "passwords", "MFA", "sessions", or "brute force" in a security context. Maps to OWASP Top 10 2021 A07: Identification and Authentication Failures.
report
by florianbuetow
This skill should be used when the user asks to "generate security report", "create appsec report", "export findings", "security summary", "findings report", "executive security summary", or "export to SARIF". Also triggers when the user wants a formatted overview of all security findings, remediation progress, scanner coverage, or needs to share security status with stakeholders.
full-audit
by florianbuetow
This skill should be used when the user asks for a "full security audit", "exhaustive audit", "comprehensive security review", or invokes /appsec:full-audit. Launches every framework, every tool, and every red team agent, producing a dated report file.
code-assistant
by kriscard
"Development: Use when writing, debugging, or refactoring code. Orchestrates specialist agents (TypeScript, React, etc). NOT for architecture decisions."
access-control
by florianbuetow
This skill should be used when the user asks to "check for access control issues", "analyze authorization", "find IDOR vulnerabilities", "audit CORS configuration", "check for privilege escalation", or mentions "access control", "authorization", "IDOR", "CORS", "JWT tampering", or "directory traversal" in a security context. Maps to OWASP Top 10 2021 A01: Broken Access Control.
misconfig
by florianbuetow
This skill should be used when the user asks to "check for misconfigurations", "analyze security headers", "find misconfigured settings", "check CORS policy", "find debug mode", "audit server configuration", or mentions "misconfiguration" in a security context. Maps to OWASP Top 10 2021 A05: Security Misconfiguration.
review-plan
by florianbuetow
This skill should be used when the user asks to "review plan for security", "check plan for security issues", "security review of implementation plan", "audit the plan for vulnerabilities", or "check my plan before coding". Also triggers when the user mentions security in the context of an implementation plan, architecture proposal, or design document before code has been written. This is the FLAGSHIP pre-code security skill -- no other tool reviews plans at design time.
security-awareness
by 1Password
Teaches AI agents to recognize and avoid security threats during normal activity. Covers phishing detection, credential protection, domain verification, and social engineering defense. Use when building agents that access email, credential vaults, web browsers, or sensitive data.
tech-stack-evaluator
by alirezarezvani
Comprehensive technology stack evaluation and comparison tool with TCO analysis, security assessment, and intelligent recommendations for engineering teams
ms365-tenant-manager
by alirezarezvani
Comprehensive Microsoft 365 tenant administration skill for setup, configuration, user management, security policies, and organizational structure optimization for Global Administrators
discover-cryptography
by rand
Automatically discover cryptography skills when working with encryption, TLS, certificates, PKI, and security
discover-containers
by rand
Automatically discover container skills when working with Docker, Dockerfile optimization, docker-compose, container networking, container security, container registries, or Kubernetes. Activates for containerization and orchestration tasks.
discover-collaboration
by rand
Automatically discover collaboration and teamwork skills when working with code review, pair programming, GitHub, pull requests, team workflows, or documentation. Activates for collaboration development tasks.
discover-cloud
by rand
Automatically discover cloud computing and serverless skills when working with cloud. Activates for cloud development tasks.
vulnerability-scanner
by xenitV1
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
code-review-checklist
by xenitV1
Code review guidelines covering code quality, security, and best practices.
parallel-agents
by xenitV1
Native multi-agent orchestration using Claude Code's Agent Tool. Use when multiple independent tasks can run with different domain expertise or when comprehensive analysis requires multiple perspectives.
multiplayer
by xenitV1
Multiplayer game development principles. Architecture, networking, synchronization.
pseo-orchestrate
by lisbeth718
Orchestrate the full programmatic SEO implementation by coordinating all pseo-* skills in the correct order. Use when implementing pSEO from scratch, running the full pSEO pipeline, or when the user asks to "set up programmatic SEO" or "build pSEO pages" without specifying a single skill.
api-audit
by acedergren
"Audit API routes against shared types — scan routes, plugins, and types for mismatches. Read-only, no changes. Use before PRs, after adding routes, or for periodic API contract validation."
prod-readiness
by acedergren
Autonomous production readiness review pipeline — spawns 5 parallel specialist agents (security, testing, performance, observability, code quality) and synthesizes findings into a prioritized remediation plan. Use before major releases or milestone completions.
doc-sync
by acedergren
"Audit project documentation against the codebase and fix drift. Run before PRs or after major changes. Compares documented architecture, test counts, and file paths against actual state."
prd
by acedergren
"Create, validate, and evolve Product Requirements Documents with interactive discovery, technical architecture, phasing, TDD protocol, and dependency analysis. Use when: writing a PRD, planning a feature, defining requirements, or updating an existing PRD. Supports /prd (create), /prd --update (incremental update), /prd --validate (run checklist), /prd --audit-deps (dependency analysis only), /prd --to-plan (generate orchestrate-ready task plan)."