Security
Security scanning and vulnerability detection
CI/CD Pipeline Security Expert
by martinholovsky
Expert in CI/CD pipeline design with focus on secret management, code signing, artifact security, and supply chain protection for desktop application builds
Model Context Protocol (MCP) Skill
by martinholovsky
Commit only when all pass
applescript
by martinholovsky
"Expert in AppleScript and JavaScript for Automation (JXA) for macOS system scripting. Specializes in secure script execution, application automation, and system integration. HIGH-RISK skill due to shell command execution and system-wide control capabilities."
founder-productivity
by mfwarren
Production-ready entrepreneurship skills for Claude Code — marketing, sales, operations, finance, and leadership. 24 skills built by a founder, for founders.
delegation-framework
by mfwarren
Production-ready entrepreneurship skills for Claude Code — marketing, sales, operations, finance, and leadership. 24 skills built by a founder, for founders.
code-review
by DanielKerridge
Deep code audit that finds dead wiring, silent failures, unfinished features, placeholder stubs, bloated files, and unnecessary complexity. Produces an actionable report with file:line references grouped by severity. Think of it as a senior dev doing a thorough PR review of the entire codebase. Triggers on: "code review", "audit the code", "review the code", "find dead code", "find placeholders", "check for stubs", "prune the code", "code cleanup", "implementation review", "completeness check", "find unused code".
Codomyrmex
by docxology
Full-spectrum coding workspace skill providing 171 MCP tools across 33 modules. USE WHEN user says 'verify codomyrmex', 'codomyrmexVerify', 'audit codomyrmex', 'trust codomyrmex', 'codomyrmexTrust', 'trust tools', 'enable destructive tools', 'check pai status', 'codomyrmex tools', 'codomyrmex analyze', 'codomyrmex search', 'codomyrmex memory', 'codomyrmex docs', 'codomyrmex status', 'codomyrmex git', 'codomyrmex security', 'codomyrmex ai', 'codomyrmex code', 'codomyrmex data', 'codomyrmex deploy', 'codomyrmex test', or uses any 'codomyrmex' automation tools.
workleap-chromatic-best-practices
by workleap
Workleap's Chromatic best practices for snapshot cost control and CI optimization. Use this skill when: (1) Auditing or implementing Chromatic cost optimizations in a repository (2) Fixing Chromatic TurboSnap-disabling patterns (barrel imports, large preview dependencies, local scripts) (3) Setting up or updating chromatic.config.json and GitHub Actions CI workflows for Chromatic (4) Reviewing PRs for Chromatic snapshot cost impact (5) Configuring Chromatic in Turborepo/monorepo projects
config-auditing
by BitYoungjae
"Neovim configuration audit knowledge base. Use when: reviewing config files for issues, checking deprecated APIs, optimizing settings, or performing health checks. Provides checklists, best practices, and version-specific deprecated API detection patterns."
salvo-cors
by salvo-rs
Configure Cross-Origin Resource Sharing (CORS) and security headers. Use for APIs accessed from browsers on different domains.
clawdbot-self-security-audit
by TheSethRose
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities and generate reports. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities do I have". This skill only READS configuration and generates reports—it never modifies settings or executes fixes automatically. Designed to be extensible—new checks can be added by updating this skill's knowledge.
Healthsafety
by robdtaylor
UK health and safety management for manufacturing operations. Covers risk assessments, COSHH, PPE, incident reporting, LOTO, manual handling, and emergency procedures. Aligned with UK HSE regulations and IATF 16949 clause 7.1.4. USE WHEN user says 'health and safety', 'risk assessment', 'COSHH', 'PPE', 'accident', 'incident', 'LOTO', 'lockout tagout', 'manual handling', 'emergency procedure', or needs safety compliance guidance.
review-security
by ssiumha
Reviews code for security vulnerabilities. Use when implementing auth, handling user input, adding APIs, or before deployment. Checks OWASP Top 10, credentials, injection.
laravel-dependencies-trim-packages
by noartem
Remove unneeded Composer packages and assets to improve boot time, memory, and security surface
nestjs-best-practices
by koolamusic
NestJS best practices and architecture patterns for building production-ready applications. This skill should be used when writing, reviewing, or refactoring NestJS code to ensure proper patterns for modules, dependency injection, security, and performance.
vcp-config
by Z-M-Huang
View and modify VCP configuration. Add or remove ignore entries, toggle scopes, manage compliance frameworks, change severity threshold, and manage exclude patterns. Supports both project config (.vcp/config.json) and global config (~/.vcp/config.json).
efsr
by ssiumha
전자금융감독규정(EFSR) compliance preparation. Use when preparing for electronic financial regulation audit, 조항 조회, 체크리스트 생성, or 이행 계획 수립.
vcp-audit
by Z-M-Huang
Run a comprehensive audit against all applicable VCP standards. Supports full audit, compliance-specific audit, and quick release readiness check.
understanding-tauri-architecture
by dchuk
Teaches Claude about Tauri's core architecture, including the Rust backend, webview integration, Core-Shell design pattern, IPC mechanisms, and security model fundamentals.
backend-development
by duongductrong
Build robust backend systems with modern technologies (Node.js, Python, Go, Rust), frameworks (NestJS, FastAPI, Django), databases (PostgreSQL, MongoDB, Redis), APIs (REST, GraphQL, gRPC), authentication (OAuth 2.1, JWT), testing strategies, security best practices (OWASP Top 10), performance optimization, scalability patterns (microservices, caching, sharding), DevOps practices (Docker, Kubernetes, CI/CD), and monitoring. Use when designing APIs, implementing authentication, optimizing database queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or developing production-ready backend systems.
expert-instruction
by YuniorGlez
"Primary Instruction Protocol for Senior Engineering Agents. Expert in Cognitive Architectures, Memory Systems, and 2026 Context Engineering (Updated for v0.27.0)."
mcp-expert
by YuniorGlez
"Senior MCP Architect & Orchestrator. Master of MCP Apps, Server Development (2025-11-25 Spec), and Multi-Agent Tooling."
manus-expert
by YuniorGlez
"Senior Orchestrator for Autonomous Missions. Expert in Manus API v2, Multi-Step Task Logic, and Secure Connectors (RSA-SHA256)."
db-enforcer
by YuniorGlez
"Guardian of Database Integrity. Architect of High-Performance PostgreSQL & Prisma 7 Systems. Expert in PostgreSQL 18, TypedSQL, and Zero-Trust RLS."