Security
Security scanning and vulnerability detection
dependency-vulnerability-scanner
by Dexploarer
Scans dependencies for known vulnerabilities (npm audit, pip-audit, etc.), generates reports, and suggests fixes. Use when user asks to "check vulnerabilities", "security scan", "audit dependencies", "check CVEs", or "vulnerable packages".
sui-keypair-cryptography
by RandyPen
"Helps Claude Code understand Sui blockchain keypair and cryptography operations, providing guidelines and examples for key generation, signing, verification, address derivation, and multi-signature scheme support. Use when working with cryptography in Sui development or when the user mentions keypairs, cryptography, signing, or verification."
auditing-permission-ux
by clix-so
Audits notification permission request flows. Use when reviewing or improving permission prompts, settings paths, or denial handling.
agent-skills-creator
by theneoai
Agent Skills 全生命周期工程化创建与管理器。严格遵循 agentskills.io 开放标准。 核心能力:创建标准化 Skill、多轮评估、多轮训练与迭代优化、多 Agent 协作模式(并行、层次、辩论、Crew)、质量体系建设、CI/CD 流水线生成、OWASP AST10 安全审查、MCP 集成、团队 Skill 仓库治理与自迭代。 当用户要求"创建 Skill""评估/优化 Skill""多轮训练""多 Agent 协作""建立质量标准""生成 CI/CD""安全审查""管理 Skill 工程体系"时触发。 不用于具体业务任务、普通提示词工程或非 Skill 相关操作。
AI Writing Avoidance
by fabioc-aloha
Skill Version: 1.0.0 Created: 2026-03-05 Category: Writing Quality
Awareness Skill
by fabioc-aloha
"Proactive detection, self-correction, and epistemic vigilance"
security-header-generator
by Dexploarer
Generates security HTTP headers (CSP, HSTS, CORS, etc.) for web applications to prevent common attacks. Use when user asks to "add security headers", "setup CSP", "configure CORS", "secure headers", or "HSTS setup".
AWS Cloud Infrastructure Skill
by FortiumPartners
AWS Provider: â¥5.0.0
sca-npm-audit
by vchirrav
Run npm audit for Node.js dependency vulnerability scanning. Built-in SCA for npm projects with automatic fix suggestions.
auth-patterns
by yanko-belov
Use when implementing authentication. Use when storing passwords. Use when asked to store credentials insecurely.
thor-skills
by NextronSystems
Entry point and router for THOR-related work: running scans, analyzing THOR logs, troubleshooting THOR behavior, maintaining THOR installs, THOR Lens workflows, writing THOR plugins (v11+), and creating custom signatures/IOCs.
code-review
by odyssey4me
Review PRs, MRs, and Gerrit changes with focus on security, maintainability, and architectural fit. Leverages github, gitlab, or gerrit skills based on repository context.
secure-node-typescript
by joacod
'Write secure-by-default Node.js and TypeScript applications following security best practices. Use when: (1) Writing new Node.js/TypeScript code, (2) Creating API endpoints or middleware, (3) Handling user input or form data, (4) Implementing authentication or authorization, (5) Working with secrets or environment variables, (6) Setting up project configurations (tsconfig, eslint), (7) User mentions security concerns, (8) Reviewing code for vulnerabilities, (9) Working with file paths or child processes, (10) Setting up HTTP headers or CORS.'
nginx
by fellipeutaka
Nginx web server and reverse proxy expert: configuration, reverse proxying, load balancing, SSL/TLS termination, rate limiting, caching, gzip compression, WebSocket proxying, and security hardening. Use for nginx.conf creation/review, performance tuning, HTTPS setup, upstream configuration, and troubleshooting.
code-reviewer
by AutumnsGrove
"Automated code review with security scanning, quality metrics, and best practices analysis. Use when reviewing code for: (1) Security vulnerabilities and common attack vectors, (2) Code quality issues and maintainability concerns, (3) Performance bottlenecks and optimization opportunities, (4) Best practices and design patterns, (5) Test coverage and testing strategies, (6) Documentation quality and completeness"
backend-development
by samhvw8
"Production backend systems development. Stack: Node.js/TypeScript, Python, Go, Rust NestJS, FastAPI, Django, Express PostgreSQL, MongoDB, Redis. Capabilities: REST/GraphQL/gRPC APIs, OAuth 2.1/JWT auth, OWASP security, microservices, caching, load balancing, Docker/K8s deployment. Actions: design, build, implement, secure, optimize, deploy, test APIs and services. Keywords: API design, REST, GraphQL, gRPC, authentication, OAuth, JWT, RBAC, database, PostgreSQL, MongoDB, Redis, caching, microservices, Docker, Kubernetes, CI/CD, OWASP, security, performance, scalability, NestJS, FastAPI, Express, middleware, rate limiting. Use when: designing APIs, implementing auth/authz, optimizing queries, building microservices, securing endpoints, deploying containers, setting up CI/CD."
data-governance
by dtsong
"Use this skill when implementing data governance as part of engineering work. Covers data cataloging (dbt docs, external tools), lineage documentation, data classification (PII/PHI taxonomy), access control patterns (RBAC, row-level security), and compliance frameworks (GDPR, HIPAA, SOX, CCPA). Common phrases: \"data catalog\", \"data lineage\", \"PII classification\", \"access control\", \"RBAC\", \"data governance\", \"compliance requirements\". Do NOT use for writing dbt models (use dbt-transforms), pipeline orchestration (use data-pipelines), or data quality testing (use data-testing)."
intershop-icm-best-practices
by bartundmett
Intershop Commerce Management (ICM) backend development best practices. This skill should be used when writing, reviewing, or refactoring ICM Java code to ensure optimal patterns for customization, performance, B2B features, security, testing, and maintainability. Triggers on tasks involving ICM cartridge development, REST API creation, business objects, pipelines, database operations, jobs, events, or search.
c-framework
by founderjourney
Universal contractual development mode enforcer. Reads project-specific rules from CLAUDE.md dynamically. Activate for any project requiring verified claims, security checks, evidence-based recommendations, or strict development standards. Triggers: /c-framework, /cf, "modo contractual", "verify code", "enforce rules", "contract mode". Works with any stack (Node, Python, Go, etc.) and any project type (API, SaaS, CLI, web-app).
testing-validation
by vanman2024
Comprehensive testing and validation tools for Clerk authentication integrations. Includes E2E auth flow testing, security audits, configuration validation, unit testing patterns for sign-in/sign-up flows. Use when implementing Clerk tests, validating authentication setup, testing auth flows, running security audits, creating E2E tests for Clerk, or when user mentions Clerk testing, auth validation, E2E authentication tests, security audit, or test coverage.
postgresql-performance-expert
by founderjourney
Optimizacion de PostgreSQL para Senior Full-Stack Developer. Usar cuando el usuario necesite diagnosticar queries lentos, optimizar performance de base de datos, disenar indices, resolver N+1 queries, o defender experiencia en optimizacion. Activa con palabras como PostgreSQL, query lento, performance, EXPLAIN, indice, N+1, optimizar base de datos, latencia. Especializado en aplicaciones SaaS con Node.js.
saas-business-logic-analyst
by founderjourney
Senior Business Logic Analyst (15+ years) specialized in SaaS systems (YC/SV standard). Activate when user needs: (1) Audit business logic in code, (2) Detect revenue leakage or billing bugs, (3) Review subscription/billing/multi-tenant logic, (4) Analyze edge cases with business impact, (5) Evaluate code for scaling/pivot readiness, (6) Due diligence on SaaS codebase, (7) Identify invariant violations, (8) Assess organizational/knowledge risks in code. Triggers: "audit business logic", "review billing code", "check subscription logic", "find revenue leakage", "SaaS code review", "multi-tenant security", "pricing logic", "analyze edge cases", "due diligence", "business logic analyst".
digitaliza-data-extractor
by founderjourney
Extract and prepare client data for digitalizaweb.vercel.app LinkTree-style digital cards. Use when: (1) Processing restaurant/business client folders containing screenshots, scraped HTML, or LinkTree data, (2) Extracting brand colors from logos/images, (3) Generating Digitaliza-ready JSON with slug, name, links, colors, and theme configuration, (4) Batch processing multiple client folders for 100+ restaurants project, (5) User mentions "digitaliza", "tarjeta digital", "linktree", "extraer datos de cliente", or "procesar carpeta de restaurante".
technical-storytelling
by founderjourney
Sistema para convertir logros tecnicos en narrativas que comunican senioridad e impacto. Usar cuando el usuario necesite escribir sobre sus proyectos, preparar presentaciones tecnicas, documentar decisiones de arquitectura, o comunicar complejidad a audiencias no-tecnicas. Activa con palabras como explicar proyecto, presentacion, documentar, caso de estudio, blog tecnico, conferencia. Especializado en developers senior que necesitan comunicar impacto business.