Security
Security scanning and vulnerability detection
zscaler
by dvmrry
Answer questions about the Zscaler portfolio — full operational depth (Tier 1, with SDK / TF / OneAPI exposure) on ZIA, ZPA (including AppProtection inline WAF/IPS and Browser Access), ZCC (Client Connector), ZDX (Digital Experience), ZBI (Zero Trust Browser / Cloud Browser Isolation), ZIdentity (unified identity + OneAPI authentication + step-up auth), Cloud & Branch Connector (ZTW/ZTC — VM-based traffic forwarding for cloud workloads and branch offices), and ZWA (Workflow Automation — DLP incident lifecycle); plus extended awareness with reasoning docs (Tier 2a, portal-only / no SDK) on Deception (decoys/honeypots for post-perimeter detection), Risk360 (cyber risk quantification / Monte Carlo / CISO board reporting), the AI Security family (AI Guard runtime guardrails for LLM prompt-injection / jailbreak / sensitive-data / toxicity / refusal detection plus AI Red Teaming / AI Guardrails / four-pillar governance), and ZMS (workload microsegmentation east-west, host-agent + WFP/nftables enforcement); plus paragraph-level awareness (Tier 2b) of ZINS (shadow-IT NSS Collector), EASM, Federal Cloud variants, ITDR, DSPM, Posture Control, and others. Covers URL category coverage, URL filtering rule precedence, wildcard matching semantics, SSL inspection ordering, cloud app control interaction with URL filtering, DLP three-layer model, sandbox / malware / ATP, firewall filtering, ZPA app-segment matching and policy evaluation order, AppProtection profiles / paranoia levels, Browser Access wildcard certificate rules, ZCC forwarding-profile / trusted-network decisions (which decide whether traffic reaches ZIA or ZPA in the first place), ZDX score / probe / diagnostic-session questions about user experience, browser isolation (Isolate action, Smart Browser Isolation, isolation profiles), Cloud Connector provisioning and activation, and Zscaler portfolio breadth ("what is X?", "does Zscaler do Y?"). Use whenever the user mentions Zscaler, ZIA, ZPA, ZCC, ZDX, ZBI, ZWA, ZTW, ZTC, CBC, Zero Trust Browser, Cloud Browser Isolation, Client Connector, AppProtection, Browser Access, Deception, Risk360, AI Guard, AI Guardrails, AI Red Teaming, AI Security, ZMS, microsegmentation, east-west traffic, ZINS, EASM, URL categories, URL filtering, cloud app control, SSL inspection, DLP, sandbox, app segments, forwarding profiles, trusted networks, ZDX score, probes, diagnostic sessions / deeptraces, isolation profiles, prompt injection, jailbreak detection, LLM guardrails, or asks "is $URL covered / blocked / allowed". Also use for "why does this rule win", "what happens when these policies overlap", "why is this user's app slow", "what happens when traffic gets isolated", "what is $product", or "does Zscaler have something for $use-case" questions, even if the user does not explicitly name Zscaler.
audit-openclaw-security
by tristanmanchester
Audit and harden OpenClaw (Gateway + agents) security. Use when the user asks to audit/secure/harden OpenClaw; when troubleshooting risky exposure (especially the Gateway web UI/control plane on port 18789); when reviewing DM/group access control (pairing/allowlists/mention-gating); tool permissions (exec/fs/browser/nodes/gateway/cron); plugins/skills supply-chain risk; secrets/transcripts/log retention; or when deploying OpenClaw on a Mac mini, personal laptop, Docker host, or cloud VM (AWS EC2/VPS).
ask-owasp-security-review
by NavanithanS
Static security analysis for code, auditing for OWASP Top 10 risks. Triggers: "security audit", "is this secure", "check for vulnerabilities". Capabilities: - Static analysis of code snippets. - Mapping findings to OWASP Top 10 (2021). - Providing remediation code patterns.
developing-bash
by sumik5
Comprehensive Bash shell scripting and automation guide covering fundamentals, control flow, I/O pipelines, process control, system administration automation, testing/debugging, security, design patterns, and penetration testing automation (Nmap, web scanning, exploitation, Wi-Fi assessment, reporting). MUST load when .sh files are detected or shell scripts are being written. For Docker-specific patterns, use managing-docker instead. For broader DevOps methodology, use practicing-devops instead.
developing-google-cloud
by sumik5
Google Cloud development guide covering Cloud Run (architecture, scaling, CI/CD), GCP security (IAM, VPC, KMS, DLP, SCC, Zero Trust, Chronicle), data engineering (BigQuery, Dataflow, data pipelines, governance), network engineering (VPC, load balancing, CDN, Traffic Director), and Memorystore (Redis/Memcached, cache patterns, resilience). MUST load when Dockerfile is detected with google-cloud packages, when cloudbuild.yaml is present, or when working with BigQuery, Dataflow, Dataproc, Cloud Interconnect, or Memorystore. For Docker-specific patterns, use managing-docker instead. For general monitoring design, use designing-monitoring instead. For code-level security (OWASP, CodeGuard), use securing-code instead. For data architecture patterns (CQRS, event sourcing), use architecting-data instead. For AWS development, use developing-aws instead. For serverless security (GCS hacking, Cloud Run abuse), use securing-serverless instead. For application logging, use implementing-logging.
ask-security-sentinel
by NavanithanS
Pre-flight security checker. Scan for secrets and vulnerabilities.
kube-audit-kit
by ViniciusMarsili
Performs read-only Kubernetes security audits by exporting resources, sanitizing metadata, grouping applications by topology, and generating PSS/NSA-compliant audit reports. Use when the user requests auditing Kubernetes clusters, Namespaces, security reviews, or configuration analysis.
compliance-officer
by famaoai-creator
status: implemented
doctor
by ScarXparth
Audits any project for security, test coverage, and Claude Code automation. 46 checks across 6 layers: secrets, CLAUDE.md, hooks, skills, agents, rules, MCP, CI, memory. Adaptive scoring — auto-detects project maturity (Starter/Growing/Mature/Pro). Diagnoses gaps, prescribes project-specific fixes, applies them. Usage: /doctor — full audit (all 6 layers) /doctor quick — TOP-3 priorities + score (30 seconds) /doctor scan — diagnose only (no changes) /doctor fix — prescribe + apply fixes /doctor layer <N> — audit specific layer (0-5) /doctor verify — health check Triggers: "/doctor", "audit", "setup automation", "configure Claude Code", "project health", "what's missing", "security check", "аудит", "проверь проект"
euler-vaults
by euler-xyz
Core guide for interacting with Euler Finance V2 protocol. This skill should be used when building DeFi integrations, managing lending positions, or understanding Euler architecture. Triggers on tasks involving lending, borrowing, collateral, liquidation, EVC, EVK, or core Euler operations. For specialized topics, see companion skills.
agent-delegation
by ichi-h
orchestratorが使用するサブエージェント選択ガイドと委譲パターンを定義します。エージェントカタログ、共通委譲指示、エラーハンドリングパターンを提供します。
Security Validation
by auldsyababua
Pre-merge security validation detecting secrets, user-specific paths, insecure SSH configurations, and security-weakening flags
typescript-code-review
by Exploration-labs
Perform comprehensive code reviews for TypeScript projects, analyzing type safety, best practices, performance, security, and code quality with actionable feedback
skill-security-analyzer
by auldsyababua
Comprehensive security risk analysis for Claude skills. Use when asked to analyze security risks, review security stance, audit skills for vulnerabilities, check security before deployment, or evaluate safety of skill files. Triggers include "analyze security," "security risks," "security audit," "security review," "is this skill safe," or "check for vulnerabilities."
security-validation
by auldsyababua
Pre-merge security validation detecting secrets, user-specific paths, insecure SSH configurations, and security-weakening flags. Use before committing code/documentation, before creating PRs, or during QA validation. Supports automated scanning with severity-based enforcement (CRITICAL blocks merge, HIGH requires fixes).
brand-analyzer
by auldsyababua
This skill should be used when the user requests brand analysis, brand guidelines creation, brand audits, or establishing brand identity and consistency standards. It provides comprehensive frameworks for analyzing brand elements and creating actionable brand guidelines based on requirements.
soc2-compliance
by peixotorms
Use when building SaaS platforms, cloud services, customer-facing APIs, multi-tenant systems, or any service handling customer data that requires SOC 2 certification — Trust Services Criteria, TSC, CC1 through CC9, Type I, Type II, AICPA, security, availability, processing integrity, confidentiality, privacy, evidence collection, vendor management, penetration testing, risk assessment, access review, change management, incident response
frontend-security-basics
by SanctifiedOps
Secure Solana frontends against phishing, bad prompts, and unsafe signing requests. Use for audits of wallet UX and dApp sites.
gitlab-vulnerability
by grandcamel
"GitLab vulnerability operations via API. ALWAYS use this skill when user wants to: (1) list security vulnerabilities, (2) view vulnerability details, (3) confirm/dismiss/resolve vulnerabilities, (4) view vulnerability findings."
rust-fintech
by peixotorms
Use when building financial, trading, or payment systems in Rust. Covers money handling, financial calculations, rounding, decimal precision with rust_decimal and BigDecimal, currency newtypes, ledger, journal entry, reconciliation, idempotency, ACID transactions, regulatory compliance, immutable transaction records, audit trails, checked arithmetic, and double-entry patterns.
code-reviewer
by beshkenadze
Review code for quality, security, and best practices. Use when asked to review code, find bugs, or suggest improvements.
suggesting-improvements
by C0ntr0lledCha0s
Expert at suggesting specific, actionable improvements to Claude's responses and work. Use when Claude's output needs enhancement, when quality issues are identified, or when iterating on solutions.
context-audit
by HJewkes
Audit context window composition and identify optimization targets.
agentic-structure
by BackGwa
Collaborative programming framework for production-ready development. Use when starting features, writing code, handling security/errors, adding comments, discussing requirements, or encountering knowledge gaps. Applies to all development tasks for clear, safe, maintainable code.