Security
Security scanning and vulnerability detection
sca-osv-scanner
by vchirrav
Run Google's OSV-Scanner for Software Composition Analysis. Scans lockfiles and SBOMs across all major ecosystems (npm, PyPI, Maven, Go, Cargo, NuGet, RubyGems) for known vulnerabilities.
iac-scan-tfsec
by vchirrav
Run tfsec (now part of Trivy) to scan Terraform code for security misconfigurations. Deep HCL analysis with support for Terraform modules, variables, and expressions.
prd-completeness-auditor
by Agentient
Systematic completeness audit of Product Requirements Documents using 100+ item MECE checklist, severity-classified gap detection, and anti-pattern scanning. PROACTIVELY activate for: (1) PRD review before development handoff, (2) Requirements completeness assessment, (3) Identifying ambiguous requirements, (4) PRD template validation, (5) Finding missing stakeholder needs, (6) Detecting inconsistent acceptance criteria. Triggers: "audit PRD", "review requirements", "check PRD completeness", "validate requirements document", "PRD review", "requirements audit", "find gaps in PRD", "requirements completeness check", "PRD quality check"
sca-npm-audit
by vchirrav
Run npm audit for Node.js dependency vulnerability scanning. Built-in SCA for npm projects with automatic fix suggestions.
ci-cd
by costa-marcello
"Creates production-ready GitHub Actions workflows for CI/CD, Docker builds, security scanning, and monorepo orchestration. Triggers on requests for CI/CD setup, workflow creation, pipeline automation, GitHub Actions help, deployment workflows, matrix builds, reusable workflows, or security scanning configuration."
production-audit
by costa-marcello
"Audits a codebase for production readiness across six dimensions: API completeness, frontend-backend sync, security, scalability, infrastructure, and dead code/architecture. Use when asked for a launch assessment, production readiness check, pre-deployment audit, or multi-agent patchwork cleanup."
cicd-patterns
by Agentient
Implement CI/CD pipelines with GitHub Actions and Cloud Build for GCP deployments. PROACTIVELY activate for: (1) setting up GitHub Actions workflows for GCP, (2) configuring Cloud Build pipelines, (3) implementing Workload Identity federation. Triggers: "cicd", "github actions", "cloud build"
security-patterns
by masanao-ohba
PHP security best practices and patterns for preventing common vulnerabilities
qa
by clearsmog
Adversarial quality audit loop. Critic finds issues, fixer applies fixes, loops until APPROVED (max 5 rounds). Works with any document format.
design-auditor
by DUBSOpenHub
๐ Design Auditor โ paste a URL, get 5 ranked fixes to improve conversions. Analyzes layout, performance, accessibility, and CTA effectiveness. Say "audit <url>" to start, or "audit local" for a local dev server.
sast-eslint-security
by vchirrav
Run ESLint with security plugins on JavaScript/TypeScript code. Detects eval usage, non-literal RegExp, prototype pollution, and other JS/TS security anti-patterns.
nextjs-deliverable-criteria
by masanao-ohba
Quality gates and acceptance criteria for Next.js 15 App Router projects
tls-scan-testssl
by vchirrav
Run testssl.sh to analyze TLS/SSL configurations. Checks cipher suites, protocols, certificate validity, known vulnerabilities (Heartbleed, POODLE, ROBOT), and compliance.
container-scan-dockle
by vchirrav
Run Dockle to audit container images against CIS Docker Benchmark and best practices. Checks for running as root, sensitive files, HEALTHCHECK, and more.
dast-nuclei
by vchirrav
Run Nuclei template-based vulnerability scanner. Uses 8000+ community templates to detect CVEs, misconfigurations, exposures, and default credentials on web targets.
sast-spotbugs
by vchirrav
Run SpotBugs with Find Security Bugs plugin on Java code. Detects injection flaws, XXE, insecure crypto, SSRF, deserialization, and other JVM security bugs.
review-code
by costa-marcello
"Reviews current git changes with a senior engineer lens. Detects SOLID violations, YAGNI/DRY/KISS breaches, security risks, performance issues, and proposes actionable improvements. Use when reviewing pull requests, checking code quality before merging, or auditing changes for security vulnerabilities."
sast-flawfinder
by vchirrav
Run Flawfinder SAST scans on C/C++ code. Detects buffer overflows, format string vulnerabilities, race conditions, and other memory safety issues.
sast-gosec
by vchirrav
Run gosec SAST scans on Go code. Detects SQL injection, hardcoded credentials, insecure TLS, command injection, and other Go security issues.
dast-zap
by vchirrav
Run OWASP ZAP for Dynamic Application Security Testing. Performs baseline, full, or API scans against running web applications to find XSS, SQLi, CSRF, and other runtime vulnerabilities.
firestore-security-rules-generation
by Agentient
Firestore Security Rules patterns for user-scoped access, RBAC, and field validation. PROACTIVELY activate for: (1) implementing user-scoped data access rules, (2) setting up role-based access with custom claims, (3) validating fields and enforcing immutability. Triggers: "security rules", "rbac", "firestore rules"
api-security-spectral
by vchirrav
Run Spectral to lint OpenAPI and AsyncAPI specs for security issues. Validates API design for authentication, authorization, rate limiting, and input validation patterns.
unity-review-quality
by cuozg
Full Unity project audit โ A-F graded HTML report covering architecture, performance, best practices, tech debt. Triggers โ 'project audit', 'quality audit', 'project review', 'code quality report', 'tech debt audit'.
sca-pip-audit
by vchirrav
Run pip-audit for Python dependency vulnerability scanning. Checks installed packages and requirements files against the OSV and PyPI advisory databases.