Security
Security scanning and vulnerability detection
pdf-pro
by YuniorGlez
"Master of PDF engineering, specialized in AI-driven extraction, high-fidelity Generation (Puppeteer), and PDF 2.0 Security."
auditor-pro
by YuniorGlez
"Senior Security Engineer & Forensic Analyst. Expert in AI-driven vulnerability scanning, CTEM standards, and agentic security orchestration."
code-review-pro
by YuniorGlez
Senior Code Architect & Quality Assurance Engineer for 2026. Specialized in context-aware AI code reviews, automated PR auditing, and technical debt mitigation. Expert in neutralizing "AI-Smells," identifying performance bottlenecks, and enforcing architectural integrity through multi-job red-teaming and surgical remediation suggestions.
skill-auditor
by Montimage
Analyze agent skills for security risks, malicious patterns, and potential dangers before installation. Use when asked to "audit a skill", "check if a skill is safe", "analyze skill security", "review skill risk", "should I install this skill", "is this skill safe", or when evaluating any skill directory for trust and safety. Also triggers when the user pastes a skill install command like "npx skills add https://github.com/org/repo --skill name". Produces a comprehensive security report with a clear install/reject verdict.
Broken Authentication Testing
by zebbern
This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.
AWS Penetration Testing
by zebbern
This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.
Feature Development Complete
by DNYoussef
Context Cascade - Nested Plugin Architecture for Claude Code Official Claude Code Plugin Version 3.1.0 Last updated: 2026-01-09 (see docs/COMPONENT-COUNTS.json for source counts) Context-saving nested architecture: Playbooks -> Skills -> Agents -> Commands. Load only what you need, saving 90%+ context space.
supabase-audit-rls
by yoanbernabeu
Test Row Level Security (RLS) policies for common bypass vulnerabilities and misconfigurations.
supabase-help
by yoanbernabeu
Quick reference for all Supabase security audit skills with usage examples and command overview.
supabase-audit-rpc
by yoanbernabeu
List and test exposed PostgreSQL RPC functions for security issues and potential RLS bypass.
supabase-audit-functions
by yoanbernabeu
Discover and test Supabase Edge Functions for security vulnerabilities and misconfigurations.
supabase-evidence
by yoanbernabeu
Initialize and manage the evidence collection directory for professional security audits with documented proof of findings.
supabase-audit-realtime
by yoanbernabeu
Test Supabase Realtime WebSocket channels for unauthorized subscriptions and data exposure.
supabase-extract-anon-key
by yoanbernabeu
Extract the Supabase anon/public API key from client-side code. This key is expected in client apps but important for RLS testing.
ast-grep-rule-crafter
by hylarucoder
Write AST-based code search and rewrite rules using ast-grep YAML. Create linting rules, code modernizations, and API migrations with auto-fix. Use when the user mentions ast-grep, tree-sitter patterns, code search rules, lint rules with YAML, AST matching, or code refactoring patterns.
backend-dev
by julianromli
Comprehensive backend development workflow that orchestrates expert analysis, architecture design, implementation, and deployment using the integrated toolset. Handles everything from API design and database architecture to security implementation and DevOps automation.
regula
by kuzivaai
AI governance risk indication for Claude Code. Detects patterns that correlate with EU AI Act risk tiers, blocks prohibited practices, logs to hash-chained audit trail. Triggers on: AI/ML libraries, model files, LLM API calls, biometric processing, automated decisions. Also when the user mentions compliance, governance, AI Act, risk assessment, or audit.
understanding-tauri-lifecycle-security
by dchuk
Assists developers with understanding Tauri application lifecycle security threats spanning development, build, distribution, and runtime phases, including threat mitigation strategies and security best practices.
understanding-tauri-ecosystem-security
by dchuk
Guides developers through Tauri ecosystem security practices including security auditing, dependency management, vulnerability reporting, and organizational security measures for building secure desktop applications.
configuring-tauri-http-headers
by dchuk
Guides developers through configuring HTTP headers security in Tauri v2 applications, covering security headers, custom headers, and CORS configuration for secure cross-origin resource handling.
distributing-tauri-for-macos
by dchuk
Guides users through distributing Tauri applications on macOS, including creating DMG installers, configuring app bundles, setting up entitlements, and customizing Info.plist files for proper macOS distribution.
configuring-tauri-csp
by dchuk
Guides users through configuring Content Security Policy (CSP) in Tauri v2 applications to prevent XSS attacks and enhance security by restricting resource loading.
auto-paper
by u9401066
全自動論文撰寫 + 閉環自我改進系統。 LOAD THIS SKILL WHEN: 全自動寫論文、auto write、自動撰寫、幫我寫完整篇、autopilot、從頭到尾、一鍵寫論文 CAPABILITIES: 編排所有研究 Skills + 3 層 Audit Hooks + Meta-Learning 自我改進
managing-dependencies
by andrew
Evaluates packages, manages dependencies, and addresses supply chain security. Use when adding npm/pip/cargo/bundler/go dependencies, auditing packages, reviewing lockfile changes, checking for vulnerabilities, comparing package alternatives, or assessing package trustworthiness.