Security
Security scanning and vulnerability detection
fastapi
by martinholovsky
REST API and WebSocket development with FastAPI emphasizing security, performance, and async patterns
vibe-coding
by Exploration-labs
Comprehensive guide for AI-assisted vibe coding. Use when the user wants to build applications through natural language prompts using tools like Lovable, Cursor, Replit, or Bolt. Includes best practices, pitfall awareness, tool-specific guidance, architectural decision support, and MVP scope definition with a bias toward cutting features aggressively to ship faster.
audit-plugin
by richfrem
Audits a local plugin directory to ensure it perfectly matches the Agent Skills and Claude Plugin Open Standards.
code-reviewer
by beshkenadze
Review code for quality, security, and best practices. Use when asked to review code, find bugs, or suggest improvements.
audit-plugin-l5
by richfrem
Triggers the L5 Red Team Sub-Agent to rigorously audit a plugin against the 39-point L4 pattern matrix.
red-team-review
by richfrem
"(Industry standard: Review and Critique Pattern) Primary Use Case: Iterative generation paired with adversarial review, continuing until an 'Approved' verdict is reached. Orchestrated adversarial review loop. Use when: research, designs, architectures, or decisions need to be reviewed by red team agents (human, browser, or CLI). Iterates in rounds of research → bundle → review → feedback until approved."
code-review
by odyssey4me
Review PRs, MRs, and Gerrit changes with focus on security, maintainability, and architectural fit. Leverages github, gitlab, or gerrit skills based on repository context.
sonarcloud-analysis
by harshanandak
Pull issues, metrics, quality gates, and analysis data from SonarCloud. Use when checking code quality, security vulnerabilities, test coverage, technical debt, or CI/CD quality gates.
generating-changelogs
by alunadev
Transforms technical git commits into polished, user-friendly changelogs. Use when preparing release notes, creating product update summaries, documenting changes for customers, or maintaining a public changelog page.
copilot-cli-agent
by richfrem
Copilot CLI sub-agent system for persona-based analysis. Use when piping large contexts to GitHub Copilot models for security audits, architecture reviews, QA analysis, or any specialized analysis requiring a fresh model context.
claude-cli-agent
by richfrem
Claude CLI sub-agent system for persona-based analysis. Use when piping large contexts to Anthropic models for security audits, architecture reviews, QA analysis, or any specialized analysis requiring a fresh model context.
cirra-ai-sf-audit
by cirra-ai
Run a comprehensive Salesforce org audit. Inventories and scores Apex classes, Apex triggers, Flows, Process Builders, Workflow Rules, LWC components, custom objects and fields, validation rules, Profiles, and Permission Sets. Generates Word, Excel, and HTML reports. Supports incremental audits that only re-score changed components. Use when asked to audit a Salesforce org, review org health, generate an org inventory, run an org health check, audit permissions, review the data model, or audit apex flows and lwc.
skill-issue
by Shubhgaji
"Audit and review all installed agent skills. Run on-demand or via cron to get a health report: skill inventory, usage tracking, version checks, dependency health, and actionable recommendations (keep, update, review, remove). Use when asked to review skills, check for skill updates, find unused skills, or audit the skill ecosystem."
aws-cloud
by DauQuangThanh
Provides comprehensive AWS (Amazon Web Services) guidance including EC2, S3, RDS, Lambda, ECS/EKS, CloudFormation, API Gateway, CloudFront, cloud migration from on-premise/GCP/Azure, security configuration (IAM, KMS, Security Hub), cost optimization (Savings Plans, Reserved Instances), and multi-region deployment. Produces infrastructure as code (Terraform/CloudFormation/CDK), deployment scripts, security configurations, and architecture designs. Use when deploying to AWS, designing AWS infrastructure, migrating to AWS, configuring EC2 instances, setting up S3 buckets, managing RDS databases, deploying containers on ECS/EKS, building serverless applications, or when users mention AWS, Amazon Cloud, EC2, S3, Lambda, EKS, CloudFormation, CDK, or AWS services.
sca-osv-scanner
by vchirrav
Run Google's OSV-Scanner for Software Composition Analysis. Scans lockfiles and SBOMs across all major ecosystems (npm, PyPI, Maven, Go, Cargo, NuGet, RubyGems) for known vulnerabilities.
secret-scan-trufflehog
by vchirrav
Run TruffleHog to detect secrets in git repos, filesystems, and S3 buckets. Uses verification to confirm if detected secrets are live/active.
sast-gosec
by vchirrav
Run gosec SAST scans on Go code. Detects SQL injection, hardcoded credentials, insecure TLS, command injection, and other Go security issues.
thor-skills
by NextronSystems
Entry point and router for THOR-related work: running scans, analyzing THOR logs, troubleshooting THOR behavior, maintaining THOR installs, THOR Lens workflows, writing THOR plugins (v11+), and creating custom signatures/IOCs.
tls-scan-testssl
by vchirrav
Run testssl.sh to analyze TLS/SSL configurations. Checks cipher suites, protocols, certificate validity, known vulnerabilities (Heartbleed, POODLE, ROBOT), and compliance.
self-serve-motion
by SkeneTechnologies
When the user wants to reduce friction in the self-serve buying experience, optimize in-product checkout, remove "contact sales" gates, or design self-serve onboarding and support. Also use when the user says "frictionless," "self-service," "remove sales gates," "no-demo experience," or "friction audit." For signup flow optimization, see signup-flow-cro. For pricing page design, see pricing-strategy.
serve-md-by-mkdocs
by igamenovoer
Serve markdown/docs/text notes with MkDocs using a specified work directory as the output folder (scripts/config/site).
streaming-output-mcp
by ddunnock
Stream structured content to persistent SQLite storage with automatic session break recovery. Core principle: The content IS the state. Every stream_write is automatically persistent. Supports multi-format export (Markdown, HTML, JSON, YAML, CSV, Text) and 7 document templates. Commands: /stream-init, /stream-status, /stream-read, /stream-write, /stream-export. ALWAYS call stream_status after session breaks to check for resume_from and preserved_context.
find-your-margin
by cdeistopened
Help a knowledge worker find where their attention earns the fattest margin when combined with AI. Maps their skill stack against AI capabilities to identify high-surplus opportunities vs. commodity traps. Use when someone asks where to focus their AI efforts, how to avoid the allocation economy race-to-zero, or how to build a defensible position as an individual operator.
aiken-dex-security-audit
by Flux-Point-Studios
Adversarial security audit playbook for Plutus V3 Aiken DEX contracts (threat model, invariants, findings, tests, tx repro shapes).