Security
Security scanning and vulnerability detection
security-check
by schroneko
Security check skill. Triggers on "Could you please run a security check?", "セキュリティチェックをお願いします。", "请帮我做一次安全检查。". セキュリティチェックのデモスキル。「セキュリティチェックをお願いします。」「请帮我做一次安全检查。」などのリクエストで発動する。
security-checklist
by webdevtodayjason
Comprehensive security checklist covering OWASP Top 10, SQL injection, XSS, CSRF, authentication, authorization, secrets management, input validation, and security headers. Use when scanning for vulnerabilities, reviewing security, implementing authentication/authorization, or handling sensitive data.
clawpinch
by MikeeBuilds
"Security audit toolkit for OpenClaw deployments. Scans 63 checks across 8 categories. Use when asked to audit security, harden an installation, check for vulnerabilities, or review config safety."
git-workflow
by ilude
Git workflow and commit guidelines. Trigger keywords: git, commit, push, .git, version control. MUST be activated before ANY git commit, push, or version control operation. Includes security scanning for secrets (API keys, tokens, .env files), commit message formatting with HEREDOC, logical commit grouping (docs, test, feat, fix, refactor, chore, build, deps), push behavior rules, safety rules for hooks and force pushes, and CRITICAL safeguards for destructive operations (filter-branch, gc --prune, reset --hard). Activate when user requests committing changes, pushing code, creating commits, rewriting history, or performing any git operations including analyzing uncommitted changes.
safe-commit
by meriley
⚠️ MANDATORY - YOU MUST invoke this skill when committing. Complete commit workflow with all safety checks. Invokes security-scan, quality-check, and run-tests skills. Shows diff, gets user approval, creates commit with conventional format. NO AI attribution. User approval REQUIRED except during PR creation. NEVER commit manually.
helm-chart-review
by meriley
Conduct comprehensive Helm chart security and quality audits with automated checks for security contexts, resource limits, and production readiness. Use when reviewing pull requests with Helm chart changes, conducting pre-release chart audits, security scanning Helm manifests, validating chart structure and best practices, or preparing charts for production deployment.
setup-node
by meriley
Sets up Node.js/TypeScript development environment with npm/yarn, dependencies, ESLint, Prettier, testing (Jest/Vitest), and TypeScript type checking. Ensures consistent tooling configuration. Use when starting work on Node.js/TypeScript projects, after cloning repositories, setting up CI/CD, or troubleshooting environment issues.
security-scan
by meriley
⚠️ MANDATORY - Automatically invoked by safe-commit. Performs comprehensive security scanning before commits. Checks for secrets (API keys, passwords, tokens), dependency vulnerabilities, code injection risks, and authentication issues. MUST pass before any commit. NEVER run security scans manually.
mail-digest
by aashari
Email digest for any time period — today, yesterday, last N hours/days, this week, a specific date, or while-I-was-away ranges. Categorizes by urgency, surfaces unread, flags financial/security emails, filters noise. Auto-invoke when user asks about email for any time period: "what came in today", "catch me up", "any emails this week", "what did I miss", "emails from yesterday", "last 3 hours", "since Monday".
Security Check Skill
by hitoshura25
Consider additional security reviews for sensitive changes
security-vuln-analyzer
by swannysec
Multi-agent security vulnerability analysis and remediation skill. Orchestrates parallel security agents to analyze vulnerability reports, validate findings, assess risk, and provide comprehensive fix recommendations. Use when receiving vulnerability reports, security disclosures, bug bounty submissions, or when needing to assess and remediate security issues. Triggers on keywords like "vulnerability report", "security issue", "CVE", "clickjacking", "XSS", "CSRF", "injection", "security disclosure", or requests to analyze/fix security problems.
solidity-security-audit
by mariano-aguero
Comprehensive Solidity smart contract security auditing and vulnerability analysis skill. Based on methodologies from Trail of Bits, OpenZeppelin, Consensys Diligence, Sherlock, CertiK, Cyfrin, Spearbit, Halborn, and other leading Web3 security firms. This skill should be used whenever the user asks to "audit a smart contract", "review Solidity code for security", "find vulnerabilities", "check for reentrancy", "analyze gas optimization", "review access control", "check proxy patterns", "analyze DeFi protocol security", "review ERC20/ERC721 implementation", "check oracle manipulation risks", "review upgrade patterns", or mentions any security review of EVM-compatible smart contracts. Also triggers for keywords like "slither", "echidna", "foundry fuzz", "formal verification", "invariant testing", "flash loan attack", "MEV", "sandwich attack", "front-running", "delegatecall", "selfdestruct", "reentrancy guard", "access control vulnerability", "storage collision", "proxy upgrade security", "smart contract exploit", "L2 security", "cross-chain", "bridge security", "sequencer", "LayerZero", "CCIP", "account abstraction", "ERC-4337", "smart account", "paymaster", "bundler", "UserOperation", "re-audit", "diff audit", "remediation review", "fix verification", "Uniswap v4 hooks", "Chainlink integration", "Aave integration", "flash loan receiver", "ERC-4626 vault", "restaking", "EigenLayer", "severity classification", "severity decision". Even if the user simply pastes Solidity code and asks "is this safe?" or "any issues here?", use this skill.
security-hardening
by 1Mangesh1
Security hardening and secure coding practices. Use when user asks to "harden security", "secure coding", "OWASP vulnerabilities", "input validation", "sanitization", "SQL injection prevention", "XSS protection", "CORS security", "secure headers", "vulnerability scanning", or mentions security best practices and threat mitigation.
wordpress-pro
by paulund
Use when developing WordPress themes, plugins, customizing Gutenberg blocks, implementing WooCommerce features, or optimizing WordPress performance and security.
secret-scanner
by 1Mangesh1
This skill should be used when the user asks to "scan for secrets", "find API keys", "detect credentials", "check for hardcoded passwords", "find leaked tokens", "scan for sensitive keys", "check git history for secrets", "audit repository for credentials", or mentions secret detection, credential scanning, API key exposure, token leakage, password detection, or security key auditing.
backend-development
by vibery-studio
Build robust backend systems with modern technologies (Node.js, Python, Go, Rust), frameworks (NestJS, FastAPI, Django), databases (PostgreSQL, MongoDB, Redis), APIs (REST, GraphQL, gRPC), authentication (OAuth 2.1, JWT), testing strategies, security best practices (OWASP Top 10), performance optimization, scalability patterns (microservices, caching, sharding), DevOps practices (Docker, Kubernetes, CI/CD), and monitoring. Use when designing APIs, implementing authentication, optimizing database queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or developing production-ready backend systems.
Feature Development Skill
by hitoshura25
This skill references all of them in the proper order.
product-management
by ProjAnvil
Expertise in product management lifecycle, from ideation to launch. Covers requirements gathering, user story creation, prioritization, and product strategy. Use this skill for product planning, writing PRDs, defining MVPs, or competitive analysis.
code-audit-readonly
by Jpkovas
Execute a complete, deterministic, read-only repository audit and produce a single improvements.md action plan with traceable findings (file + lines), severity, category, impact, and high-level fixes. Use when users ask for full code audits, security/performance/architecture reviews, file-by-file analysis, or technical debt mapping without modifying project files.
system-architect
by liauw-media
"Use when performing security audits or system hardening. Teaches security assessment principles and prioritization."
code-review
by liauw-media
"Self-review before declaring work complete"
Security Setup Skill
by hitoshura25
Create runbook for handling vulnerabilities
pentest-evidence-structuring-report-synthesis
by crtvrffnrt
"Security assessment skill for structuring evidence, deduplicating findings, and producing decision-ready security reports. Use when prompts include write report, consolidate findings, severity ranking, remediation guidance, executive summary, or technical appendix generation. Do not use for live exploit execution, reconnaissance, or payload experimentation tasks."
housekeeping
by lidessen
Manages project housekeeping including documentation organization, dependency management, directory structure, code cleanup, technical debt tracking, and infrastructure configuration. Use when organizing documentation, cleaning up dependencies, reorganizing folders, removing dead code, addressing tech debt, or maintaining project structure.