Security
Security scanning and vulnerability detection
fivem-security
by germanfndez
Best practices and rules for securing FiveM resources against cheaters and exploits. Use this skill when writing or reviewing server-side and client-side code to ensure malicious events, unauthorized entity creations, and client trust issues are prevented. Focuses on strict server authority and safe event handling.
Security Audit Reporter
by Eli-yu-first
"Generates comprehensive security audit reports with findings, risk ratings, and remediation timelines"
security-review
by troykelly
MANDATORY for security-sensitive code changes - OWASP-based security review with dedicated checklist, required before PR for auth, input handling, API, database, or credential code
spring-boot-full-stack
by mduongvandinh
Complete Java Spring Boot skill set for building enterprise applications. Includes modular architecture with optional components: - PostgreSQL database with JPA/Hibernate + Flyway migration - Redis caching (optional) - Kafka/RabbitMQ messaging (optional, choose one) - JWT + OAuth2 authentication (optional OAuth2) - RBAC authorization (optional) - TDD with Mockito - Spec-First Development with OpenSpec
lampson-system-design
by copyleftdev
Design systems using Butler Lampson's principles of abstraction, interfaces, and practical wisdom. Emphasizes clean abstractions, security foundations, and time-tested design hints. Use when making architectural decisions, designing APIs, or building systems that must evolve over decades.
grc
by SherifEldeeb
Governance, Risk, and Compliance documentation and assessment support. Generate policies, assess controls, and track compliance status. Use for GRC programs, audits, and regulatory compliance.
detection
by SherifEldeeb
Security detection use cases for identifying threats across network, endpoint, identity, cloud, application, and email vectors. Use for building detection rules, analyzing security events, and threat hunting operations.
creating-sales-enablement
by amogha-dalvi
Use when sales reps lack deal-stage-specific content, when the founder's sales knowledge lives in their head instead of a system, when win rates are declining or sales cycles are lengthening, when no buying group content map exists, or when reps spend significant time creating content that should already exist. Use when sales and marketing lack shared definitions and feedback loops.
goodvibesonly
by JDDoesDev
Security scanner for vibe-coded projects. AUTO-INVOKE this skill before any git commit, git push, or when user says "commit", "push", "ship it", "deploy", "is this safe?", "check for security issues", or "goodvibesonly". Also invoke after generating code that handles user input, authentication, database queries, or file operations.
threat-modeling
by spjoshis
Master threat modeling with STRIDE, attack trees, risk assessment, and identifying security threats in systems and applications.
Code Review Checklist
by LKB-99
50 skills para Manus com acionamento automático - IA, Marketing, Finanças, Saúde, Produtividade, Desenvolvimento e mais
Security Audit
by LKB-99
"Performs a comprehensive security audit on applications based on OWASP ASVS. Use this skill when users want to perform a security check, audit, or review of their application. Triggers: security audit, security check, vulnerability scan, penetration test, OWASP, ASVS, application security, code review, secure coding, pentest, auditoria de segurança, verificação de segurança, análise de vulnerabilidade, teste de invasão."
threat-modeling
by Logos-Liber
Threat modeling methodologies (STRIDE, PASTA, LINDDUN), attack tree analysis, common attack patterns (OWASP Top 10, CWE), risk assessment frameworks, and security architecture patterns
remediation
by SherifEldeeb
Security incident remediation playbooks for removing threats, restoring systems, and recovering from incidents. Use for post-containment cleanup, system recovery, and returning to normal operations.
vulnerability-management
by SherifEldeeb
Vulnerability assessment, tracking, and remediation management. Process scan results, prioritize findings, and track remediation progress. Use for vulnerability management programs and security assessments.
security-documentation
by spjoshis
Master security documentation with security policies, incident response plans, security procedures, and compliance documentation.
wfc-security
by sam-fakhreddine
Architectural threat modeling (STRIDE) and design-level security analysis for software systems. Analyzes system descriptions, architecture diagrams, or explicitly pasted configuration files. Does NOT perform live CVE scanning, code logic review, or implementation patching. Use when: User requests threat modeling, attack surface mapping, or static dependency risk assessment. Do NOT use when: User requests live vulnerability scanning, code review, specific bug remediation (SQLi, XSS), or compliance auditing.
developing-brand-strategy
by amogha-dalvi
Use when the user needs to build a strategic brand narrative, define thought leadership positioning, codify brand voice, or plan community and earned media presence. Use when brand is accidental rather than intentional, messaging could belong to any competitor, or AI search engines are shaping brand perception without input.
aws-well-architected-framework
by rameshvr
Use when reviewing AWS architecture, designing cloud systems, addressing operational issues, security concerns, reliability problems, performance bottlenecks, cost overruns, or sustainability goals
incident-response
by SherifEldeeb
Incident response documentation, timeline analysis, containment procedures, and IR reporting. Support the full incident lifecycle from detection to lessons learned. Use for security incidents, breach response, and IR planning.
pptx
by SherifEldeeb
Read, modify, and create Microsoft PowerPoint presentations (.pptx). Generate slides from content, apply templates, and build executive presentations. Use when creating presentations or converting content to slides.
reason-about-code-security
by ricardogomes
Develop systematic threat reasoning and adversarial thinking about code security. Use when a learner wants to analyze code for security implications, understand vulnerability patterns, or develop security-minded thinking. This skill teaches systematic threat modeling, assumption surfacing, and defense reasoning—not vulnerability cataloging. Triggers on phrases like "is this secure", "security implications", "could this be exploited", "threat analysis", or when a learner wants to develop security reasoning skills.
reducing-cac
by amogha-dalvi
Use when customer acquisition cost is rising, channel-level CAC is unknown, LTV to CAC ratio is below 3 to 1, or paid spend is growing without proportional pipeline growth. Use when founders feel marketing is not working, when budget needs reallocation, or when organic channels are underinvested relative to paid.
security-assessment
by spjoshis
Master security assessments with vulnerability scanning, penetration testing, security testing, and security audits.