Security

phased-review

by swannysec

Multi-stage implementation review with parallel sub-agents, severity-based autonomous fixes, and gated test verification. Runs code quality, architecture, simplicity, documentation, and security reviews in sequence with test gates between each fix stage. Security review is blocked until all other fixes are complete. Use after completing a feature, implementation phase, or release candidate. Supports scope modes: full, code-only, security, simplicity, docs.

safe-skill-install

by swannysec

Safe skill installation with supply chain security scanning. Wraps Cisco skill-scanner to vet skills before installation. Supports GitHub repos, skills.sh (npx), Claude marketplace plugins, and local paths. Configurable scan depth with static and behavioral analysis by default. Uses GitHub archive downloads to avoid git execution risks, with hardened git clone fallback. Security decisions are made by a deterministic wrapper script, not the LLM agent.

dependency-audit

by 1Mangesh1

Dependency auditing, updating, and vulnerability management for npm, pip, and other package managers. Use when user asks to "audit dependencies", "update packages", "fix vulnerabilities", "check outdated", "npm audit", "pip audit", "upgrade dependencies safely", or any dependency management tasks.

gha-hardening

by swannysec

GitHub Actions security hardening, configuration best practices, and vulnerability detection. Covers workflow syntax, trigger security, permission management, secrets handling, OIDC federation, supply chain protection, self-hosted runner hardening, attack pattern recognition, and security scanning tool rules. 60% security/hardening content, 40% implementation/configuration guidance. Use this skill when users need to: (1) Harden GitHub Actions workflows against injection, supply chain, or privilege escalation attacks (2) Configure workflow permissions, secrets, OIDC, or environment protection rules securely (3) Understand dangerous workflow patterns (pull_request_target + checkout, workflow_run artifact poisoning, script injection via ${{ }}) (4) Choose or configure security scanning tools (zizmor, scorecard, actionlint, poutine, harden-runner, Raven) (5) Respond to supply chain incidents (tj-actions, reviewdog, compromised action tags) (6) Audit workflows for OWASP CI/CD risks, CIS benchmark compliance, or OpenSSF Scorecard checks (7) Write or review workflow YAML (triggers, matrix, reusable workflows, composite actions, caching, artifacts, environments) (8) Secure self-hosted runners (ephemeral patterns, network egress, persistence detection, runner groups)

Cross-Site Scripting (XSS) Assessment

by crtvrffnrt

pentest-exploit-execution-payload-control

by crtvrffnrt

"Security assessment skill for deterministic exploit execution from validated primitives. Use when prompts include exploit implementation, payload hardening, chaining confirmed weaknesses, post-exploitation proof, or controlled impact demonstration. Do not use for early-stage reconnaissance, speculative hypothesis generation, or report-only requests."

code-reviewer

by paulund

Use when reviewing code, pull requests, or auditing code quality and best practices.

pentest-outbound-interaction-oob-detection

by crtvrffnrt

"Security assessment skill for outbound interaction and out-of-band (OOB) validation. Use when prompts include SSRF callback confirmation, blind XSS beacons, webhook abuse, XXE/OOB behavior, DNS/HTTP callback correlation, or asynchronous server-side interaction proof. Do not use when vulnerabilities are fully in-band and require no external callback correlation."

security-audit

by paulund

Use when running a comprehensive security audit on a web application to produce a structured report with severity-ranked findings and remediation guidance.

docker-architect

by BjornMelin

SOTA Docker/Compose architecture, implementation, refactor, and security hardening. Use when working on containerization tasks such as creating or rewriting Dockerfiles, docker-compose files, buildx/bake configs, .dockerignore, and CI pipelines for build/test/scan/publish; auditing existing container setups for security, correctness, size/perf, and best practices (least privilege, non-root, minimal images, pinned base images, BuildKit secrets, healthchecks); debugging Docker build/run issues; or designing dev vs prod compose workflows across services (DB/cache/queues) with correct networking, volumes, secrets, and resource limits.

authentication-patterns

by 1Mangesh1

Authentication and authorization patterns and best practices. Use when user asks to "implement authentication", "OAuth flow", "JWT tokens", "session management", "SSO setup", "API keys", "RBAC", "SAML", "passwordless auth", "multi-factor authentication", or mentions auth design patterns and security.

alibaba-cloud-architecture

by liauw-media

"Alibaba Cloud architecture patterns and best practices. Use when designing, deploying, or reviewing infrastructure on Alibaba Cloud including ECS, ACK, Function Compute, and OSS."

security-reviewer

by paulund

Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.

lighthouse-performance-optimization

by liauw-media

"Use when optimizing website performance. Run Google Lighthouse audits via MCP to measure metrics, identify bottlenecks, and iterate on improvements."

comprehensive-review

by troykelly

Use after implementing features - 7-criteria code review with MANDATORY artifact posting to GitHub issue; blocks PR creation until complete

fivem-basics

by germanfndez

FiveM resource structure, fxmanifest, client/server scripting, events. Use when creating or editing FiveM resources or Lua scripts, or when the user asks how FiveM works.

fivem-nui

by germanfndez

FiveM NUI (New User Interface) development for creating graphical elements and user interfaces. Use when creating or editing NUI interfaces, HTML/CSS/JS for FiveM, or handling NUI callbacks.

code-review

by thechandanbhagat

Perform automated code reviews with best practices, security checks, and refactoring suggestions. Use when reviewing code, checking for vulnerabilities, or analyzing code quality.

review-gate

by troykelly

HARD GATE before PR creation - verifies review artifact exists in issue comments, all findings addressed or tracked, blocks PR creation if requirements not met

secrets-guardian

by timequity

Protect repositories from accidental secret commits. Essential when working with AI agents. Use when: setting up new project, adding pre-commit hooks, scanning for secrets, fixing leaked credentials. Triggers: "настрой защиту секретов", "setup secrets", "check secrets", "scan secrets", "проверь секреты", "pre-commit", "gitleaks". PROACTIVELY suggest when creating new projects or when .pre-commit-config.yaml is missing.

postgres-rls

by troykelly

MANDATORY when touching auth tables, tenant isolation, RLS policies, or multi-tenant database code - enforces Row Level Security best practices and catches common bypass vulnerabilities

security-reviewer

by troykelly

Use when explicitly asked to run the security-reviewer subagent or when another skill requires the security-reviewer agent card.

issue-driven-development

by troykelly

Use for any development work - the master 13-step coding process that orchestrates all other skills, ensuring GitHub issue tracking, proper branching, TDD, code review, and CI verification

Security Checklist

by yebot

Security review checklist for features and changes