Security
Security scanning and vulnerability detection
claude-code-command-patterns
by vinnie357
Activate when creating or modifying Claude Code slash commands with proper frontmatter, Task invocation patterns, and TodoWrite integration
supabase-detect
by yoanbernabeu
Detect if a web application uses Supabase by analyzing client-side code, network patterns, and API endpoints.
supabase-audit-buckets-list
by yoanbernabeu
List all storage buckets and their configuration to identify the storage attack surface.
supabase-audit-tables-read
by yoanbernabeu
Attempt to read data from exposed tables to verify actual data exposure and RLS effectiveness.
security
by kcns008
Security Agent (Shield) — handles Pod Security Standards, RBAC audits, NetworkPolicy enforcement, secrets management (Vault), image scanning (Trivy), policy enforcement (Kyverno/OPA), CIS benchmarks, and compliance for Kubernetes and OpenShift clusters.
cross-evolution
by llblab
Horizontal Gene Transfer protocol for skills. Synchronizes best practices and architectural patterns across the skill library.
access-control-knowledge
by dykyi-roman
Access Control knowledge base. Provides ACL, RBAC, ABAC, ReBAC models, multi-tenancy patterns, and PHP implementations (Symfony Voters, Laravel Gates) for security audits and generation.
owasp-security-check
by sergiodxa
Security audit guidelines for web applications and REST APIs based on OWASP Top 10 and web security best practices. Use when checking code for vulnerabilities, reviewing auth/authz, auditing APIs, or before production deployment.
review-security
by nesnilnehc
"Review code for security: injection, sensitive data, authentication and authorization, dependencies and CVEs, configuration and secrets, and crypto. Cognitive-only atomic skill; output is a findings list."
code-sync
by niracler
Use when syncing all git repos under ~/code across machines, typically at end-of-day (push) or start-of-day (pull). Triggers on「同步代码」「code-sync」「下班同步」「上班更新」.
c3-audit
by lagz0ne
Audits C3 architecture documentation for consistency, drift, and completeness. This skill should be used when the user asks to: - "audit C3", "validate docs", "check architecture", "verify C3 docs" - "run C3 audit", "check documentation", "are docs up to date", "docs out of sync" - "validate architecture", "check for drift", "verify docs match code" DO NOT use for: "update docs", "change docs" (route to c3-change for changes). Requires .c3/ to exist. Routes navigation to c3-query, changes to c3-change, patterns to c3-ref.
code-review
by truongnat
Perform deep semantic code reviews that go beyond syntax checking. Evaluates architecture adherence, security vulnerabilities, performance bottlenecks, and maintainability. Use when reviewing PRs, auditing code quality, or when the user asks for a code review of any file or module.
00-andruia-consultant
by ranbot-ai
Arquitecto de Soluciones Principal y Consultor Tecnológico de Andru.ia. Diagnostica y traza la hoja de ruta óptima para proyectos de IA en español.
20-andruia-niche-intelligence
by ranbot-ai
Estratega de Inteligencia de Dominio de Andru.ia. Analiza el nicho específico de un proyecto para inyectar conocimientos, regulaciones y estándares únicos del sector. Actívalo tras definir el nich
exhaustive-systems-analysis
by petekp
Perform comprehensive, deep analysis of a system and its subsystems to identify bugs, race conditions, stale documentation, dead code, and correctness issues. Use when asked to "audit this system", "exhaustive analysis of X", "analyze for correctness", "root out issues in...", "deep dive into...", "verify this code is correct", "find bugs in...", or when reviewing agent-written code for production readiness. Automatically decomposes systems into subsystems, applies appropriate analysis checklists, and produces structured findings with severity classification.
skill-issue
by build000r
Create, update, and package skills for AI coding agents. Use when asked to "create a skill", "make a skill", "new skill", "skill template", "design a skill", "build a skill", or when working with SKILL.md files, frontmatter, bundled resources (scripts/, references/, assets/), or .skill packaging. Also triggers on "how do I make a skill", "skill best practices", "skill structure", or requests to extend an agent's capabilities with reusable workflows.
near-contract-audit
by near
Comprehensive security audit skill for NEAR Protocol smart contracts written in Rust. Use when auditing NEAR contracts, reviewing security vulnerabilities, or analyzing contract code for issues like reentrancy, unhandled promises, unsafe math, access control flaws, and callback security.
security-scanner
by AIDotNet
全面的安全分析,识别OWASP Top 10漏洞、检测硬编码密钥和审查安全配置。
port-scanner
by AIDotNet
扫描网络端口以检查可用性和检测运行的服务。
Security Engineer Skill
by wasintoh
Next.js Security: https://nextjs.org/docs/app/building-your-application/configuring/security
audit-skill
by jgtolentino
Comprehensive audit capabilities for security, code quality, module structure, compliance, and performance analysis. Use this skill when performing security audits, code reviews, vulnerability assessments, module structure validation, or generating audit reports.
Security Specialist
by udapy
Auditing for unsafe code and secrets.
Agent Router
by udapy
Analyzing user intent and delegating tasks.
bug-reaper
by shaniidev
"Web2 bug bounty hunting agent — evidence-based vulnerability finder and report writer. Use when: auditing web apps/APIs for HackerOne, Bugcrowd, Intigriti, YesWeHack; hunting XSS, SQLi, NoSQLi, SSRF, IDOR, auth bypass, RCE, SSTI, LFI, XXE, CORS, CSRF, prototype pollution, subdomain takeover, HTTP smuggling, open redirect, API/GraphQL bugs; auditing locally downloaded GitHub repos or source code (white-box/source code review); writing platform-specific reports. Trigger on: 'pentest', 'find bugs', 'security audit', 'bug bounty', 'find vulnerabilities', 'source code review', 'audit this repo', 'review repo', 'white-box', 'local repo', vulnerability class names, or program/target names. Reports only real, confirmed medium+ severity bugs that pass real triage."