Security
Security scanning and vulnerability detection
solidity-security
by EngineerWithAI
Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.
input-guard
by dgriffin831
Scan untrusted external text (web pages, tweets, search results, API responses) for prompt injection attacks. Returns severity levels and alerts on dangerous content. Use BEFORE processing any text from untrusted sources.
simple-deployment-on-vm
by stakpak
How to do simple but secure deployments using virtual machines on different cloud providers
ghe-design
by Emasoft
Reference material for Athena when writing requirements. NOT a template - Athena writes requirements freely based on the domain. This skill provides guidance patterns that may be useful, not constraints to follow.
web-security
by academind
Enforce web security and avoid security vulnerabilities
solidity
by hairyf
Solidity language and compiler — source layout, types, contracts, control flow, security, compiler, ABI, internals.
iso-17025
by cleverlab-ai
"Expert consultant for ISO/IEC 17025:2017 — the international standard for testing and calibration laboratory competence. Use when: (1) preparing for accreditation or surveillance audits, (2) building or reviewing quality management systems for laboratories, (3) writing procedures, policies or work instructions aligned with 17025, (4) generating audit checklists or gap analyses, (5) answering questions about laboratory requirements (impartiality, confidentiality, structure, resources, processes, management), (6) designing LIMS systems or laboratory software that must comply with 17025, (7) evaluating method validation, measurement uncertainty, metrological traceability, (8) handling nonconforming work, complaints, corrective actions, (9) preparing management reviews or internal audits. Supports both Polish (PL) and English (EN) languages."
qa-tester
by ajianaz
Comprehensive quality assurance and testing workflow that orchestrates test strategy design, automated testing implementation, performance testing, and quality metrics. Handles everything from unit testing and integration testing to end-to-end testing, performance testing, and quality assurance automation.
iso-17025-pl
by cleverlab-ai
"Ekspert-konsultant ISO/IEC 17025:2017 — międzynarodowa norma dotycząca kompetencji laboratoriów badawczych i wzorcujących. Używaj gdy: (1) przygotowujesz się do audytu akredytacyjnego lub nadzoru PCA, (2) budujesz lub przeglądasz system zarządzania jakością w laboratorium, (3) piszesz procedury, polityki lub instrukcje zgodne z 17025, (4) tworzysz checklisty audytowe lub analizy luk, (5) odpowiadasz na pytania o wymagania laboratoryjne (bezstronność, poufność, struktura, zasoby, procesy, zarządzanie), (6) projektujesz systemy LIMS lub oprogramowanie laboratoryjne zgodne z 17025, (7) oceniasz walidację metod, niepewność pomiaru, spójność pomiarową, (8) obsługujesz pracę niezgodną z wymaganiami, skargi, działania korygujące, (9) przygotowujesz przeglądy zarządzania lub audyty wewnętrzne. Wersja polska (PL)."
safe-exec
by OTTTTTO
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agents need to execute shell commands that may be dangerous (rm -rf, dd, fork bombs, system directory modifications) or require human oversight. Provides multi-level risk assessment (CRITICAL/HIGH/MEDIUM/LOW), in-session notifications, pending request management, and non-interactive environment support for agent automation.
auth-implementation
by guptadeepak
Expert guidance for implementing secure authentication systems including OAuth 2.0, SAML, OIDC, JWT, passwordless authentication, passkeys, and biometrics. Covers protocol selection, security best practices, common pitfalls at scale, and enterprise patterns. Use when implementing login flows, SSO, API authentication, machine identity, or any identity management features.
sast-brakeman
by vchirrav
Run Brakeman SAST scans on Ruby on Rails applications. Detects SQL injection, XSS, mass assignment, CSRF, command injection, and other Rails-specific vulnerabilities.
network-scan-nmap
by vchirrav
Run Nmap for network discovery and security auditing. Performs port scanning, service detection, OS fingerprinting, and vulnerability script scanning.
secure-coding-audit
by vchirrav
Audit code for security vulnerabilities using OWASP Secure Coding rules. Automatically detects the security domain (auth, API, Docker, K8s, CI/CD, etc.) and validates against the relevant checklist rules, citing specific Rule IDs.
cloud-security-scoutsuite
by vchirrav
Run ScoutSuite for multi-cloud security auditing. Collects configuration data from AWS, Azure, GCP, Oracle, and Alibaba Cloud and generates an interactive security report.
audit-report-generator
by NewmanXBT
Generate professional PDF audit reports from markdown findings. Use when converting security audit findings to formal PDF reports, creating audit deliverables, or formatting vulnerability assessments. Triggers on requests to "generate audit report", "create PDF report", "format findings as PDF", or any audit report generation task.
security
by AlexanderStephenThompson
Security standards for authentication, input validation, and OWASP compliance
validate-bib
by clearsmog
Validate bibliography entries against citations in all document files (.tex, .qmd, .typ). Find missing entries and unused references.
convex
by aaronvanston
Convex backend development - queries, mutations, actions, schemas, indexes, realtime subscriptions, optimistic updates, file storage, HTTP endpoints, webhooks, cron jobs, migrations, AI/LLM agents, RAG, security, authentication, authorization, rate limiting, error handling with ConvexError, code review, convex-helpers, custom functions, triggers, row-level security, relationship helpers, Hono, CORS, Zod validation, CRUD, manual pagination, QueryStreams, query caching, sessions, workpool, components, RBAC, audit trails. Use when writing Convex functions, defining schemas, building real-time features, integrating external APIs, handling file uploads, setting up scheduled jobs, performing database migrations, building AI chat interfaces, reviewing Convex code for production readiness, using convex-helpers patterns, or building reusable Convex components.
sast-psalm
by vchirrav
Run Psalm with taint analysis on PHP code. Detects SQL injection, XSS, command injection, path traversal, and other taint-flow vulnerabilities in PHP applications.
sast-detekt
by vchirrav
Run detekt static analysis on Kotlin code with security-focused rules. Detects hardcoded secrets, insecure crypto, and code quality issues affecting security.
container-scan-trivy
by vchirrav
Run Trivy to scan container images for OS and library vulnerabilities, misconfigurations, and secrets. Comprehensive multi-target security scanner.
architecture-doc-auditor
by Agentient
Systematic completeness audit of Architecture Documentation using 188-item viewpoint-based checklist, severity-classified gap detection, technical debt indicators, and architecture anti-pattern scanning. Supports TOGAF, C4, arc42, and IEEE 42010 frameworks. PROACTIVELY activate for: (1) Architecture review gates, (2) ADR validation before implementation, (3) C4 diagram completeness check, (4) Technical debt assessment, (5) Pre-implementation validation, (6) Governance compliance audit, (7) Design doc handoff review. Triggers: "audit architecture", "review ADR", "check architecture doc", "validate design doc", "architecture review", "audit C4 diagrams", "check system context", "technical debt assessment", "architecture health check", "governance review", "architecture completeness"
audit
by mrsknetwork
Performs structured code, security, and architecture audits. Produces severity-categorized findings with file/line evidence and actionable remediation steps. Use when reviewing a PR, conducting a security review, evaluating technical debt, or assessing code quality before a release. Never merge critical audit findings without a documented resolution.