Security
Security scanning and vulnerability detection
Security Audit and Vulnerability Scanning
by ShunsukeHayashi
Comprehensive security audit workflow including dependency scanning, unsafe code detection, and secret management. Use when scanning for vulnerabilities or before production deployment.
anti-reversing-techniques
by ngxtm
"Understand anti-reversing, obfuscation, and protection techniques encountered during software analysis. Use when analyzing protected binaries, bypassing anti-debugging for authorized analysis, or u..."
security-guardrails
by CsHeng
Comprehensive security implementation standards. Use when security guardrails guidance is required.
check-lightning
by phrazzld
Audit Lightning Network integration. Checks node health, channel balances, peer connectivity, invoice handling, and routing. Use when: reviewing Lightning setup, diagnosing payment failures, or capacity planning. Keywords: lightning, lnd, cln, channels, invoices, bolt11.
check-stripe
by phrazzld
Audit Stripe integration: configuration, webhooks, subscription logic, security. Outputs structured findings. Use log-stripe-issues to create issues. Invoke for: Stripe audit, payment review, subscription analysis.
networking-controls
by CsHeng
Network security and connectivity standards. Use when networking controls guidance is required.
github-actions
by el-feo
Create, evaluate, and optimize GitHub Actions workflows and custom actions. Use when building CI/CD pipelines, creating workflow files, developing custom actions, troubleshooting workflow failures, performing security analysis, optimizing performance, or reviewing GitHub Actions best practices. Covers Ruby/Rails, TypeScript/Node.js, Heroku and Fly.io deployments.
brakeman
by el-feo
Static analysis security vulnerability scanner for Ruby on Rails applications. Use when analyzing Rails code for security issues, running security audits, reviewing code for vulnerabilities, setting up security scanning in CI/CD, managing security warnings, or investigating specific vulnerability types (SQL injection, XSS, command injection, etc.). Also use when configuring Brakeman, reducing false positives, or integrating with automated workflows.
deployment-docker
by CsHeng
Docker and containerization guidelines. Use when deployment docker guidance is required.
quality-standards
by CsHeng
Code quality metrics and continuous improvement. Use when quality standards guidance is required.
security-logging
by CsHeng
Security controls and structured logging implementation. Use when security logging guidance is required.
kubernetes-best-practices
by armanzeroeight
Provides production-ready Kubernetes manifest guidance including resource management, security, high availability, and configuration best practices. This skill should be used when working with Kubernetes YAML files, deployments, pods, services, or when users mention k8s, container orchestration, or cloud-native applications.
image-security-scanner
by armanzeroeight
Scans Docker images for security vulnerabilities, outdated packages, and misconfigurations. Use when checking image security, finding vulnerabilities, or hardening containers.
security-group-analyzer
by armanzeroeight
Audit AWS security groups for overly permissive rules and security vulnerabilities. Use when reviewing AWS security, auditing security groups, or improving network security posture.
Dark Matter Analyzer
by daffy0208
Analyze repositories to reveal unseen patterns, strategic drift, and organizational health. Use when assessing repository coherence, diagnosing project issues, identifying documentation inflation, or understanding why a codebase feels misaligned with its stated goals.
ssl-helper
by armanzeroeight
Configures SSL/TLS certificates, implements secure protocols and ciphers, and sets up security headers. Use when setting up HTTPS, SSL certificates, TLS configuration, or web security hardening.
skill-security-analyzer
by Exploration-labs
Comprehensive security risk analysis for Claude skills. Use when asked to analyze security risks, review security stance, audit skills for vulnerabilities, check security before deployment, or evaluate safety of skill files. Triggers include "analyze security," "security risks," "security audit," "security review," "is this skill safe," or "check for vulnerabilities."
analysis-router
by Zpankz
Routes analysis and debugging tasks. Triggers on analyze, debug, troubleshoot, review, audit, security, performance, optimize, investigate, trace.
code-security-review
by DauQuangThanh
Conducts comprehensive security code reviews including vulnerability detection (OWASP Top 10, CWE), authentication/authorization flaws, injection attacks, cryptography issues, sensitive data exposure, API security, dependency vulnerabilities, security misconfigurations, and compliance validation (PCI-DSS, GDPR, HIPAA). Produces detailed security assessment reports with CVE references, CVSS scores, exploit scenarios, and remediation guidance. Use when reviewing code security, performing security audits, checking for vulnerabilities, validating security controls, assessing security risks, or when users mention "security review", "vulnerability scan", "security audit", "penetration test", "OWASP", "security assessment", "secure coding", or "security compliance".
oracle-cloud
by DauQuangThanh
Provides comprehensive Oracle Cloud Infrastructure (OCI) guidance including compute instances, networking (VCN, load balancers, VPN), storage (block, object, file), database services (Autonomous Database, MySQL, NoSQL), container orchestration (OKE), identity and access management (IAM), resource management, cost optimization, and infrastructure as code (Terraform OCI provider, Resource Manager). Produces infrastructure code, deployment scripts, configuration guides, and architectural diagrams. Use when designing OCI architecture, provisioning cloud resources, migrating to Oracle Cloud, implementing OCI security, setting up OCI databases, deploying containerized applications on OKE, managing OCI resources, or when users mention "Oracle Cloud", "OCI", "Autonomous Database", "VCN", "OKE", "OCI Terraform", "Resource Manager", "Oracle Cloud Infrastructure", or "OCI migration".
azure-cloud
by DauQuangThanh
Provides comprehensive Microsoft Azure guidance including Azure Virtual Machines, Azure Storage (Blob, Files, Disks), Azure SQL Database, Azure App Service, Azure Functions, AKS (Azure Kubernetes Service), Azure DevOps, ARM templates, Bicep, Terraform for Azure, Azure Active Directory, Azure Key Vault, Azure Monitor, cost optimization, and multi-region deployment. Produces infrastructure as code (Terraform/Bicep/ARM), deployment scripts, security configurations, and architecture designs. Use when deploying to Azure, designing Azure infrastructure, migrating to Microsoft Azure, configuring VMs, setting up Azure Storage, managing Azure SQL, working with AKS, or when users mention Azure, Microsoft Cloud, Azure Portal, ARM templates, Bicep, Azure Functions, App Service, or Azure DevOps.
ibm-cloud
by DauQuangThanh
Provides comprehensive IBM Cloud platform guidance including compute services (VPC, Virtual Servers, IKS, OpenShift, Code Engine, Cloud Functions), storage (Object Storage, Block Storage, File Storage), databases (Db2, Cloudant, PostgreSQL, MySQL, MongoDB, Redis), IAM security (access groups, service IDs, Key Protect, Secrets Manager), networking (VPC, load balancers, Direct Link), CLI automation, Terraform/Schematics infrastructure as code, monitoring, and cost optimization. Covers infrastructure provisioning, application deployment, security configuration, multi-zone high availability, and operational best practices. Use when working with IBM Cloud services, deploying cloud infrastructure, managing cloud resources, configuring security and networking, or when users mention "IBM Cloud", "IKS", "Code Engine", "Db2", "Cloudant", "VPC", "cloud provisioning", "IBM Kubernetes", "OpenShift", "Terraform IBM", "Schematics", or "IBM cloud platform".
keycloak-administration
by DauQuangThanh
Provides comprehensive KeyCloak administration guidance including realm management, user/group administration, client configuration, authentication flows, identity brokering, authorization policies, security hardening, and troubleshooting. Covers SSO configuration, SAML/OIDC setup, role-based access control (RBAC), user federation (LDAP/AD), social login integration, multi-factor authentication (MFA), and high availability deployments. Use when configuring KeyCloak, setting up SSO, managing realms and clients, troubleshooting authentication issues, implementing RBAC, or when users mention "KeyCloak", "SSO", "OIDC", "SAML", "identity provider", "IAM", "authentication flow", "user federation", "realm configuration", or "access management".
jtbd-psychographic-research
by mike-coulbourn
Provides Jobs-to-be-Done and psychographic research frameworks for brand identity work. Auto-activates during brand positioning, voice development, messaging, and strategy phases. Use when discussing target audience, customer research, JTBD, jobs to be done, four forces, push pull anxiety habit, emotional jobs, social jobs, functional jobs, limbic types, VALS segments, psychographics, or customer motivations.