Security
Security scanning and vulnerability detection
aiken-dex-security-audit-operator
by Flux-Point-Studios
"Operator skill: run local Aiken build/test commands and capture evidence for the audit. Manual invoke only."
secure-mcp-install
by HartreeWorks
'This skill should be used when the user asks to install or audit an MCP server, especially from third-party sources. Security-focused: clones at pinned commits, runs security scans.'
frontend-security
by schalkneethling
Audit frontend codebases for security vulnerabilities and bad practices. Use when performing security reviews, auditing code for XSS/CSRF/DOM vulnerabilities, checking Content Security Policy configurations, validating input handling, reviewing file upload security, or examining Node.js/NPM dependencies. Target frameworks include web platform (vanilla HTML/CSS/JS), React, Astro, Twig templates, Node.js, and Bun. Based on OWASP security guidelines.
springboot-security
by Ashfaqbs
Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.
magento-code-reviewer
by maxnorm
Reviews Magento 2 code for quality, security, performance, and compliance with PSR-12 and Magento coding standards. Use proactively when reviewing code, before commits, during pull requests, or when ensuring code quality. Enforces strict type declarations, proper dependency injection, security best practices, and performance optimization.
dependency-risk-audit
by ragnarok22
Review Python dependencies for known security advisories, stale version pins, and unsafe upgrade paths. Use when users ask for dependency security reviews, requirements or lockfile audits, upgrade planning, pre-release risk checks, or remediation prioritization for Python projects.
docker-doctor
by ragnarok22
Verify Dockerfiles and Docker Compose manifests for security issues, reliability risks, optimization opportunities, syntax errors, and misconfiguration before builds or deploys. Run deterministic checks (scripts/verify-docker.sh, docker compose config -q, optional hadolint) and produce a 0-100 health score with prioritized fixes. Use when users ask to validate Dockerfile(s), docker-compose/compose YAML files, harden container configuration, optimize image/runtime setup, debug configuration failures, or run a pre-deploy Docker audit.
django-doctor
by ragnarok22
Audit Django codebases for security, performance, correctness, and architecture antipatterns. Run system checks, migration drift checks, and static rule scans, then output a 0-100 health score with actionable fixes. Use when users ask to scan a Django backend, run a Django health check, review backend code quality, or perform a pre-deploy audit.
compliance-frameworks
by Logos-Liber
SOC 2 compliance requirements, ISO 27001 standards, PCI DSS requirements, HIPAA security rules, GDPR data protection, NIST Cybersecurity Framework, and industry-specific compliance requirements
queryset-optimizer
by ragnarok22
Optimize Django ORM performance by detecting N+1 query patterns, missing select_related/prefetch_related, and likely index gaps. Run targeted static scans, optional runtime query capture, and produce a prioritized remediation plan with expected query-count impact. Use when users ask to speed up Django endpoints, reduce database hits, investigate slow views/serializers, or audit QuerySet efficiency before release.
python-doctor
by ragnarok22
Audit Python codebases for security, performance, correctness, and architecture antipatterns. Run optional trusted runtime checks (syntax, tests, lint, typing) plus static rule scans, then output a 0-100 health score with actionable fixes. Use when users ask to inspect a Python project, run a Python health check, review backend code quality, or perform a pre-release audit.
electrobun-distribution
by rajavijayach
Packaging, code signing, notarization, and distribution for Electrobun desktop applications. This skill covers building production bundles, creating installers and distributable packages, code signing for Windows and macOS, Apple notarization for Gatekeeper, auto-updater implementation, delta updates, update servers, cross-platform build processes, CI/CD integration, app icons and resources, version management, release workflows, Windows SmartScreen requirements, macOS DMG creation, Linux package formats (deb, rpm, AppImage), and distribution best practices. Use when preparing app for production, implementing auto-updates, setting up code signing certificates, troubleshooting distribution issues, creating installers, configuring update servers, building for multiple platforms, or releasing new versions. Triggers include "build", "package", "distribute", "code sign", "notarize", "installer", "auto-update", "release", "production build", "DMG", "updater", "delta update", or "certificate".
magento-security-analyst
by maxnorm
Conducts comprehensive Magento 2 security assessments and implements security measures. Use when auditing security, identifying vulnerabilities, implementing security controls, or ensuring compliance. Masters security auditing, vulnerability management, and compliance frameworks.
security-audit
by paulund
Use when running a comprehensive security audit on a web application to produce a structured report with severity-ranked findings and remediation guidance.
backend-dev
by julianromli
Comprehensive backend development workflow that orchestrates expert analysis, architecture design, implementation, and deployment using the integrated toolset. Handles everything from API design and database architecture to security implementation and DevOps automation.
Python Backend Architecture Review
by rknall
"Comprehensive design architecture review for Python backend applications. Use this skill when users ask you to review, analyze, or provide feedback on backend architecture designs, system design documents, or Python application architecture. Covers scalability, security, performance, database design, API design, microservices patterns, deployment architecture, and best practices."
ai-debug
by breethomas
Diagnose why an AI feature is underperforming, hallucinating, or behaving inconsistently. Uses 4D audit to work backwards from symptoms to root cause.
opengrep
by opengrep
Run Opengrep for pattern-based code search and security scanning. Use when grep is insufficient for finding code patterns that require structural understanding (function calls, data flow, nested structures). Also use for security vulnerability detection with custom YAML rules.
owasp-security-review
by jgamaraalv
"Review code and architectures against the OWASP Top 10:2025 — the ten most critical web application security risks. Use when: (1) reviewing code for security vulnerabilities, (2) auditing a feature or codebase against OWASP categories, (3) providing remediation guidance for identified vulnerabilities, (4) writing new code and needing secure coding patterns. Triggers: 'review for security', 'OWASP audit', 'check for vulnerabilities','security checklist', 'is this code secure', 'security review', 'fix vulnerability'."
managing-dependencies
by andrew
Evaluates packages, manages dependencies, and addresses supply chain security. Use when adding npm/pip/cargo/bundler/go dependencies, auditing packages, reviewing lockfile changes, checking for vulnerabilities, comparing package alternatives, or assessing package trustworthiness.
docker
by jgamaraalv
"Docker containerization reference — multi-stage builds, Compose configs, image optimization, and container security for Yarn 4 monorepos. Use when: (1) creating or optimizing Dockerfiles, (2) configuring docker-compose for dev or production, (3) reducing image size with multi-stage builds, (4) hardening container security, or (5) setting up health checks and resource limits."
security-audit
by mgd34msu
"Load PROACTIVELY when task involves security review, vulnerability assessment, or hardening. Use when user says \"check for security issues\", \"audit for vulnerabilities\", \"scan for secrets\", \"review auth security\", or \"check OWASP compliance\". Covers authentication and session security, authorization and access control, input validation and injection prevention, data protection and encryption, dependency vulnerability scanning, API security (CORS, rate limiting, headers), and infrastructure hardening. Produces structured reports with severity ratings."
vibe-code-health-check
by FuzulsFriend
Scans any codebase and grades it A through F across 6 health dimensions (security, error handling, code structure, performance, deployment readiness, UX basics). Use when asked to "check my code", "audit my project", "is my code ready to ship", "review my codebase", "health check", "code quality check", "is my app secure", "vibe check my code", "scan my project", or "what is wrong with my code". Takes a codebase path and returns a scored report card with plain-English fixes.
akamai-application-security-api
by Lap-Platform
"Akamai: Application Security API skill. Use when working with Akamai: Application Security for activations, api-discovery, configs. Covers 213 endpoints."