Security
Security scanning and vulnerability detection
fastapi-auth-patterns
by vanman2024
Implement and validate FastAPI authentication strategies including JWT tokens, OAuth2 password flows, OAuth2 scopes for permissions, and Supabase integration. Use when implementing authentication, securing endpoints, handling user login/signup, managing permissions, integrating OAuth providers, or when user mentions JWT, OAuth2, Supabase auth, protected routes, access control, role-based permissions, or authentication errors.
integration-patterns-mastery
by founderjourney
Patrones de integracion robustas para Senior Full-Stack Developer. Usar cuando el usuario necesite disenar o explicar integraciones con APIs externas, webhooks, sincronizacion de datos, retry patterns, manejo de errores en integraciones, o defender experiencia con Stripe, OTAs, WhatsApp API. Activa con palabras como webhook, integracion, API externa, sync, retry, idempotencia, Stripe, iCal, OTA, dead letter queue, reconciliacion. Especializado en sistemas de produccion robustos.
electrobun-distribution
by rajavijayach
Packaging, code signing, notarization, and distribution for Electrobun desktop applications. This skill covers building production bundles, creating installers and distributable packages, code signing for Windows and macOS, Apple notarization for Gatekeeper, auto-updater implementation, delta updates, update servers, cross-platform build processes, CI/CD integration, app icons and resources, version management, release workflows, Windows SmartScreen requirements, macOS DMG creation, Linux package formats (deb, rpm, AppImage), and distribution best practices. Use when preparing app for production, implementing auto-updates, setting up code signing certificates, troubleshooting distribution issues, creating installers, configuring update servers, building for multiple platforms, or releasing new versions. Triggers include "build", "package", "distribute", "code sign", "notarize", "installer", "auto-update", "release", "production build", "DMG", "updater", "delta update", or "certificate".
by AutumnsGrove
"Comprehensive PDF manipulation, extraction, and generation with support for text extraction, form filling, merging, splitting, annotations, and creation. Use when working with .pdf files for: (1) Extracting text and tables, (2) Filling PDF forms, (3) Merging/splitting PDFs, (4) Creating PDFs programmatically, (5) Adding watermarks/annotations, (6) PDF metadata management"
security-headers
by CuriousLearner
Validate and implement HTTP security headers to protect web applications.
code-review-pro
by gked2121
Comprehensive code review covering security vulnerabilities, performance bottlenecks, best practices, and refactoring opportunities. Use when user requests code review, security audit, or performance analysis.
dependency-updater
by CuriousLearner
Smart dependency update checker with changelog summaries and breaking change detection.
code-reviewer
by CuriousLearner
Automated code review with best practices, security checks, and quality standards.
compliance-checker
by CuriousLearner
Check code against security compliance standards and best practices.
secret-scanner
by CuriousLearner
Detect accidentally committed secrets, credentials, and sensitive information in code.
brand-consistency-checker
by gked2121
Scan documents and slides for off-brand colors, fonts, and logos. Validate against brand guidelines and suggest corrections.
dependency-auditor
by CuriousLearner
Automated security auditing of project dependencies to identify known vulnerabilities.
meeting-notes
by CuriousLearner
Convert meeting discussions into clear, actionable notes with tasks, decisions, and follow-ups fo...
skill-vetter
by Tai-ch0802
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
feature-dashboard
by OmniNode-ai
Audit skill connectivity across 8 layers and surface gaps as actionable, machine-readable output. Supports audit (read-only) and ticketize (create Linear tickets for gaps) modes.
pentest-web-application-logic-mapper
by crtvrffnrt
"Security assessment skill for mapping application business logic, state machines, and hidden API surfaces. Use when prompts include spider, crawl, state machine, hidden surface, workflow mapping, or hidden API discovery. Do not use for exploit development or final reporting only."
baseline-security-audit
by enigmatry
Ensures baseline security practices are followed in the project. Use this when asked to perform a security audit on the codebase. Automatically creates Jira stories for each security finding.
pentest-recon-surface-analysis
by crtvrffnrt
"Security assessment skill for reconnaissance, endpoint/service enumeration, and attack-surface mapping. Use when prompts include recon, enumerate, map endpoints, discover assets, inventory interfaces, fingerprint technologies, or identify control-plane surfaces. Do not use when the request is exploit development, payload execution, or final report writing only."
code-review
by yarlson
This skill should be used when the user asks to "review my changes", "review this code", "check my work", "what's wrong with my changes", "review before I push", "security review", "do a code review", or mentions reviewing, auditing, or analyzing local code changes before committing or opening a PR.
infra-code-review
by yarlson
This skill should be used when the user asks to "review my infra changes", "review my IaC", "check my infrastructure code", "review this deploy config", "review my cloud config", "review infra before I push", or mentions reviewing, auditing, or analyzing infrastructure-as-code changes — any tool, any cloud, any format.
skill-safety-audit
by peterbamuhigire
Scan new or updated skills for unsafe or malicious instructions (unknown tools, external installers, credential harvesting) before accepting them into the repository.
ruby-on-rails
by display-design-studio
Comprehensive Ruby on Rails 8.1 best-practices skill covering MVC, Active Record, routing, views, background jobs, storage, security, testing, and performance. Use when the user mentions Rails, Ruby on Rails, ActiveRecord, ActiveJob, ActionMailer, ActionCable, Active Storage, rails generate, rails routes, Hotwire, Turbo, Stimulus, or asks to build, review, debug, or migrate a Rails application or API.
curate-legacy
by OmniNode-ai
Canonicalize legacy docs, archived code, and feature ideas into a handler-first Ideas Registry with provenance, dedup, and executable specs
streamlit-master-architect
by BjornMelin
Architect-level Streamlit development for building, refactoring, debugging, testing, and deploying Streamlit apps (single-page or multipage) with correct rerun/state/caching/fragments, AppTest-based testing, custom components v2, safe theming/CSS, security-by-default, and Playwright MCP end-to-end automation.