Security
Security scanning and vulnerability detection
swift-accessibility
by madebyecho
Automatically applies accessibility best practices to Swift projects (SwiftUI and UIKit). Use when working on iOS/macOS projects that need VoiceOver support, Dynamic Type, WCAG compliance, or accessibility audits. Triggers on Swift accessibility tasks, a11y improvements, or when the user mentions accessibility, VoiceOver, or Dynamic Type.
defi-security
by 0xlayerghost
"[AUTO-INVOKE] MUST be invoked BEFORE deploying DeFi contracts (DEX, lending, staking, LP, token). Covers anti-whale, anti-MEV, flash loan protection, launch checklists, and emergency response. Trigger: any deployment or security review of DeFi-related contracts."
pdf-look-scanned
by vladmdgolam
Make PDF documents look like they were scanned on a physical scanner. Applies realistic effects: grayscale conversion, Gaussian noise, slight rotation, blur, edge shadows, and random offset. Optionally extract real handwritten signatures from a source PDF (or user-provided images) and replace digital signatures on specific pages. Use when the user asks to: make a PDF look scanned, give a PDF a scanned appearance, replace digital signatures with real/handwritten ones, fake a scan, add scan effects to a document, or make a document look printed and scanned.
compliance
by luisschmitzheadline
Navigate privacy regulations (GDPR, CCPA), review DPAs, and handle data subject requests. Use when reviewing data processing agreements, responding to data subject access or deletion requests, assessing cross-border data transfer requirements, or evaluating privacy compliance.
audit-support
by luisschmitzheadline
Support SOX 404 compliance with control testing methodology, sample selection, and documentation standards. Use when generating testing workpapers, selecting audit samples, classifying control deficiencies, or preparing for internal or external audits.
strategic-planning
by luisschmitzheadline
Analyzes the founder's business context to deliver the 3 highest-impact next moves for growth (marketing or sales). Asks up to 10 diagnostic questions when needed to uncover bottlenecks, struggles, and opportunities. Use when user needs strategic guidance, next steps, growth planning, or actionable business strategy.
Skills-Security-Check
by Toolsai
通過靜態和AI檢查技能 Skills 安全風險、潛在威脅。當使用者請求檢查技能,掃描技能的時候啟動技能評測評估功能。Detect Skill vulnerabilities using static and AI checks. Automatically activate evaluation upon scan requests.
task-decomposer
by ttmouse
Decompose Linear todos into actionable, testifiable chunks with rationale, as-is/to-be analysis, expected outputs, and risk assessment for effective project management
feature-radar-scan
by runkids
Discover new feature opportunities from creative brainstorming, user feedback, ecosystem trends, and cross-project research. Writes results to .feature-radar/opportunities/. MUST use this skill when the user wants to GENERATE new ideas — not evaluate existing ones. Trigger on any request to brainstorm, explore, discover, or find new feature ideas, even casual ones like "I wonder what else we could do" or "give me ideas". Use when the user: - Asks "what else could we build?", "give me feature ideas", "what are we missing?" - Wants to brainstorm, explore new directions, or refresh the opportunity backlog - Says "scan ecosystem", "scan opportunities", "find new features" - Asks to review GitHub issues, community feedback, or adjacent tools for inspiration - Mentions "explore", "discover", or "new directions" in a feature context Do NOT use for evaluating/prioritizing existing features — that's feature-radar's job.
compress-prompt
by jbrukh
Compress a prompt while preserving semantic content. Supports lossy (default, 30-50% reduction) and lossless (--lossless, 100% retention) modes.
database-security
by oakoss
'Database security auditor specialized in Row Level Security (RLS) enforcement, Zero-Trust database architecture, and forensic audit trails. Covers Supabase RLS policies, Postgres security, Convex auth guards, PGAudit configuration, JIT access controls, and database-specific compliance validation. Use when auditing database access policies, implementing RLS in Supabase or Postgres, configuring Convex auth guards, setting up audit logging, reviewing database security, or validating database-level compliance requirements.'
magento-security-analyst
by maxnorm
Conducts comprehensive Magento 2 security assessments and implements security measures. Use when auditing security, identifying vulnerabilities, implementing security controls, or ensuring compliance. Masters security auditing, vulnerability management, and compliance frameworks.
Technology Assessment
by zircote
This skill should be used when the user asks to "assess technology", "technology evaluation", "tech stack analysis", "technical feasibility", "technology trends", "build vs buy", "technology roadmap", "architecture assessment", or needs guidance on evaluating technologies, technical due diligence, or technology strategy decisions.
api-design
by srstomp
Use when designing new REST APIs, reviewing API designs, establishing API standards, designing request/response formats, pagination, versioning, authentication flows, or creating OpenAPI specifications.
secure-coding
by Logos-Liber
OWASP secure coding practices, language-specific security considerations, input validation and output encoding, authentication and authorization patterns, cryptography best practices, secure API design, and common security anti-patterns
pentest-commands
by ivanvza
This skill should be used when the user asks to "run pentest commands", "scan with nmap", "use metasploit exploits", "crack passwords with hydra or john", "scan web vulnerabilities with nikto", "enumerate networks", or needs essential penetration testing command references.
network-recon
by ivanvza
Perform network reconnaissance including host discovery, port scanning, and service enumeration. Use when asked to "scan a network", "find hosts", "discover devices", "enumerate services", "recon a subnet", or "what's on my network".
web-fingerprint
by ivanvza
Find and fingerprint web servers on a target. Use when asked to "find web servers", "fingerprint a website", "what's running on this web server", "identify web technologies", or "scan for web services".
sec-audit-remediate
by parhumm
Generate security fixes from detect-dev findings with regression tests. Use when remediating security vulnerabilities.
secrets-management
by acedergren
Use when storing credentials in OCI Vault, troubleshooting secret retrieval failures, implementing secret rotation, or setting up application authentication to Vault. Covers vault hierarchy confusion, IAM permission gotchas, cost optimization, temp file security, and audit logging.
mvx_dapp_audit
by multiversx
Auditing dApps and standard Frontend flows.
clarification_expert
by multiversx
Expert at identifying underspecified requirements and asking high-value clarifying questions.
multiversx-clarification-expert
by multiversx
Identify ambiguous requirements and ask targeted clarifying questions for MultiversX development. Use when user requests are vague, missing technical constraints, or have conflicting requirements.
multiversx-security-audit
by multiversx
Complete security audit methodology for MultiversX smart contracts. Covers context building, entry point analysis, static analysis patterns, and automated Semgrep scanning. Use when performing security audits, code reviews, or setting up automated vulnerability detection.