Security
Security scanning and vulnerability detection
Coherence Check
by reggiechan74
This skill should be used when the user asks to "check this code", "validate this", "verify this implementation", "is this correct", "review this code", "check for errors", "multi-agent verification", or mentions production-critical code, financial calculations, security implementations, or high-stakes operations. Provides comprehensive multi-agent verification workflow with specialized critic agents.
Acceptance Criteria
by reggiechan74
This skill should be used when the user asks to "define acceptance criteria", "what are the success criteria", "set quality gates", "establish acceptance tests", "define what success looks like", or needs to specify pre-declared success criteria before code execution begins.
rails-ai:security
by zerobearing2
CRITICAL - Use when securing Rails applications - XSS, SQL injection, CSRF, file uploads, command injection prevention
insecure-defaults
by lv416e
"Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling."
security-hunter-go
by skyosev
Audit Go code for security vulnerabilities — hardcoded secrets, injection risks (SQL, command, template, path), missing input validation at trust boundaries, insecure defaults, auth gaps, sensitive data exposure, unsafe package usage, and weak crypto. Use when: reviewing Go code before deployment, auditing trust boundaries, preparing for a security review, onboarding third-party integrations, or hardening an application.
simplicity-hunter-ts
by skyosev
Audit TypeScript code for unnecessary structural complexity — duplication, avoidable abstractions, dead logic paths, flag-heavy APIs, deep nesting, and mixed concerns. Recommends the simplest shape that preserves intended behavior. Use when: reviewing TypeScript code for over-engineering, reducing complexity after prototyping, enforcing reuse over addition, or simplifying before a refactor.
azure-tenant-assessment
by markus41
Deep expertise in running an initial Azure tenant assessment - subscription inventory, resource catalog, security posture snapshot, cost overview, and plugin setup recommendations via ARM REST API and microsoft-azure-mcp tools. Acts as the entry point for any new Azure engagement, surveying the tenant and mapping discovered resource types to the right plugins.
compliance
by luisschmitzheadline
Navigate privacy regulations (GDPR, CCPA), review DPAs, and handle data subject requests. Use when reviewing data processing agreements, responding to data subject access or deletion requests, assessing cross-border data transfer requirements, or evaluating privacy compliance.
iosdev-cn
by kuangre123
通用 iOS App 开发、构建、签名、测试与 App Store 上架流程(中国区)指南。用于当用户询问 iOS 开发/上架/审核/签名/TestFlight/App Store Connect/隐私合规/订阅配置,或输入触发词 iosdev 时。
audit-support
by luisschmitzheadline
Support SOX 404 compliance with control testing methodology, sample selection, and documentation standards. Use when generating testing workpapers, selecting audit samples, classifying control deficiencies, or preparing for internal or external audits.
code-reviewer
by 9tykeshav
Use when asked to review MERN stack code - comprehensive code reviewer that checks project health, security, maintainability, performance, testing, and architecture. Combines general code quality analysis with MERN-specific expertise.
Technology Assessment
by zircote
This skill should be used when the user asks to "assess technology", "technology evaluation", "tech stack analysis", "technical feasibility", "technology trends", "build vs buy", "technology roadmap", "architecture assessment", or needs guidance on evaluating technologies, technical due diligence, or technology strategy decisions.
analyze-repo
by miles990
Enterprise-grade repository analysis with arc42/C4 architecture documentation, technical debt quantification, security assessment, and multi-stakeholder reporting
security-practices
by miles990
OWASP Top 10, authentication, and secure coding practices
jtbd-psychographic-research
by mike-coulbourn
Provides Jobs-to-be-Done and psychographic research frameworks for brand identity work. Auto-activates during brand positioning, voice development, messaging, and strategy phases. Use when discussing target audience, customer research, JTBD, jobs to be done, four forces, push pull anxiety habit, emotional jobs, social jobs, functional jobs, limbic types, VALS segments, psychographics, or customer motivations.
gtm-analytics-audit
by aimonk2025
Comprehensive analytics audit of website codebase to identify trackable elements and assess analytics readiness. Use when users want to "audit my analytics", "scan for trackable elements", "find what I can track", "analyze my website for tracking opportunities", or before implementing GTM tracking. Scans HTML/JSX/TSX/Vue for all clickable elements (buttons, links, forms, etc.), identifies existing tracking code, evaluates DOM structure for analytics, and provides recommendations. Acts as senior frontend engineer with GA4 expertise.
appsec-expert
by martinholovsky
"Elite Application Security engineer specializing in secure SDLC, OWASP Top 10 2025, SAST/DAST/SCA integration, threat modeling (STRIDE), and vulnerability remediation. Expert in security testing, cryptography, authentication patterns, and DevSecOps automation. Use when securing applications, implementing security controls, or conducting security assessments."
Encryption Skill
by martinholovsky
Encryption done wrong is worse than no encryption - it provides false confidence.
OS Keychain Skill
by martinholovsky
The OS keychain is your first line of defense. Misuse negates all downstream encryption.
Auto-Update Systems Expert
by martinholovsky
Expert in Tauri auto-update implementation with focus on signature verification, rollback mechanisms, staged rollouts, and secure update distribution
rust
by martinholovsky
Systems programming expertise for Tauri desktop application backend development with memory safety and performance optimization
python
by martinholovsky
Backend services development with Python emphasizing security, performance, and maintainability for JARVIS AI Assistant
prompt-engineering
by martinholovsky
"Expert skill for prompt engineering and task routing/orchestration. Covers secure prompt construction, injection prevention, multi-step task orchestration, and LLM output validation for JARVIS AI assistant."
devsecops-expert
by martinholovsky
"Expert DevSecOps engineer specializing in secure CI/CD pipelines, shift-left security, security automation, and compliance as code. Use when implementing security gates, container security, infrastructure scanning, secrets management, or building secure supply chains."