Security
Security scanning and vulnerability detection
Sandboxing Skill
by martinholovsky
Sandboxing is your last line of defense. When everything else fails, the sandbox must hold.
linux-at-spi2
by martinholovsky
"Expert in AT-SPI2 (Assistive Technology Service Provider Interface) for Linux desktop automation. Specializes in accessible automation of GTK/Qt applications via D-Bus accessibility interface. HIGH-RISK skill requiring security controls for system-wide access."
harbor-expert
by martinholovsky
"Expert Harbor container registry administrator specializing in registry operations, vulnerability scanning with Trivy, artifact signing with Notary, RBAC, and multi-region replication. Use when managing container registries, implementing security policies, configuring image scanning, or setting up disaster recovery."
SQLCipher Encrypted Database Expert
by martinholovsky
Expert in SQLCipher encrypted database development with focus on encryption key management, key rotation, secure data handling, and cryptographic best practices
Security Auditing Skill
by martinholovsky
If it's not logged, it didn't happen. If logs can be tampered, you can't prove anything.
kanidm-expert
by martinholovsky
"Expert in Kanidm modern identity management system specializing in user/group management, OAuth2/OIDC, LDAP, RADIUS, SSH key management, WebAuthn, and MFA. Deep expertise in secure authentication flows, credential policies, access control, and platform integrations. Use when implementing identity management, SSO, authentication systems, or securing access to infrastructure."
dbus
by martinholovsky
"Expert in D-Bus IPC (Inter-Process Communication) on Linux systems. Specializes in secure service communication, method calls, signal handling, and system integration. HIGH-RISK skill due to system service access and privileged operations."
SQLite Database Expert
by martinholovsky
Expert in SQLite embedded database development for Tauri/desktop applications with focus on SQL injection prevention, migrations, FTS search, and secure data handling
cicd-expert
by martinholovsky
"Elite CI/CD pipeline engineer specializing in GitHub Actions, GitLab CI, Jenkins automation, secure deployment strategies, and supply chain security. Expert in building efficient, secure pipelines with proper testing gates, artifact management, and ArgoCD/GitOps patterns. Use when designing pipelines, implementing security gates, or troubleshooting CI/CD issues."
CI/CD Pipeline Security Expert
by martinholovsky
Expert in CI/CD pipeline design with focus on secret management, code signing, artifact security, and supply chain protection for desktop application builds
Model Context Protocol (MCP) Skill
by martinholovsky
Commit only when all pass
applescript
by martinholovsky
"Expert in AppleScript and JavaScript for Automation (JXA) for macOS system scripting. Specializes in secure script execution, application automation, and system integration. HIGH-RISK skill due to shell command execution and system-wide control capabilities."
macos-accessibility
by martinholovsky
"Expert in macOS Accessibility APIs (AXUIElement) for desktop automation. Specializes in secure automation of macOS applications with proper TCC permissions, element discovery, and system interaction. HIGH-RISK skill requiring strict security controls."
fastapi
by martinholovsky
REST API and WebSocket development with FastAPI emphasizing security, performance, and async patterns
vibe-coding
by Exploration-labs
Comprehensive guide for AI-assisted vibe coding. Use when the user wants to build applications through natural language prompts using tools like Lovable, Cursor, Replit, or Bolt. Includes best practices, pitfall awareness, tool-specific guidance, architectural decision support, and MVP scope definition with a bias toward cutting features aggressively to ship faster.
audit-plugin
by richfrem
Audits a local plugin directory to ensure it perfectly matches the Agent Skills and Claude Plugin Open Standards.
code-reviewer
by beshkenadze
Review code for quality, security, and best practices. Use when asked to review code, find bugs, or suggest improvements.
audit-plugin-l5
by richfrem
Triggers the L5 Red Team Sub-Agent to rigorously audit a plugin against the 39-point L4 pattern matrix.
red-team-review
by richfrem
"(Industry standard: Review and Critique Pattern) Primary Use Case: Iterative generation paired with adversarial review, continuing until an 'Approved' verdict is reached. Orchestrated adversarial review loop. Use when: research, designs, architectures, or decisions need to be reviewed by red team agents (human, browser, or CLI). Iterates in rounds of research → bundle → review → feedback until approved."
code-review
by odyssey4me
Review PRs, MRs, and Gerrit changes with focus on security, maintainability, and architectural fit. Leverages github, gitlab, or gerrit skills based on repository context.
sonarcloud-analysis
by harshanandak
Pull issues, metrics, quality gates, and analysis data from SonarCloud. Use when checking code quality, security vulnerabilities, test coverage, technical debt, or CI/CD quality gates.
generating-changelogs
by alunadev
Transforms technical git commits into polished, user-friendly changelogs. Use when preparing release notes, creating product update summaries, documenting changes for customers, or maintaining a public changelog page.
copilot-cli-agent
by richfrem
Copilot CLI sub-agent system for persona-based analysis. Use when piping large contexts to GitHub Copilot models for security audits, architecture reviews, QA analysis, or any specialized analysis requiring a fresh model context.
claude-cli-agent
by richfrem
Claude CLI sub-agent system for persona-based analysis. Use when piping large contexts to Anthropic models for security audits, architecture reviews, QA analysis, or any specialized analysis requiring a fresh model context.