Security
Security scanning and vulnerability detection
epic-security
by rubenpenap
Guide on security practices including CSP, rate limiting, and session security for Epic Stack
openclaw-doctor
by AnthemFlynn
"Comprehensive OpenClaw diagnostic audit — an agent-on-agent health check. Use when asked to check system health, diagnose issues, or audit OpenClaw subsystems. Covers gateway, security, channels, models, memory, context, heartbeat, hooks, skills, workspace integrity, and network."
sox-compliance
by peixotorms
Use when building financial reporting systems, accounting software, ERP integrations, payment reconciliation, ledger systems, audit trails, or any code handling financial data at publicly traded companies — SOX Section 302, Section 404, ITGC, IT General Controls, segregation of duties, SoD, change management, access review, audit trail, hash chain, WORM storage, 7-year retention, COSO framework, material weakness, internal controls, audit logging
compounder
by vxcozy
Weekly review partner that compounds productivity gains over time. Tracks velocity, logs friction, sets next-week targets, recognizes patterns across weeks, and feeds insights back to the audit for the next loop. Use when you want a weekly review, need to identify friction, want to see patterns, or want to update your system map. Part of the architect-system loop. Outputs to system/compounder/week-{date}.md.
quality-gate
by terraphim
Right-side-of-V verification/validation orchestration for a change or PR. Produces a single Quality Gate Report with evidence covering: code review, security audit, performance regression risk, requirements traceability, acceptance/UAT scenarios, and (when UI changes) visual regression testing. Use when preparing a PR for merge/release, doing a “ready?” check, or enforcing an engineering quality gate.
solana-security-auditor
by x4484
Audit Anchor programs for common vulnerabilities. Reentrancy, PDA collisions, missing signer checks, and pre-deploy security checklists.
design-reviewer
by gaebalai
Copilot agent that assists with systematic design review using ATAM (Architecture Tradeoff Analysis Method), SOLID principles, design patterns, coupling/cohesion analysis, error handling, and security requirements Trigger terms: design review, architecture review, ATAM, SOLID principles, design patterns, coupling, cohesion, ADR review, C4 review, architecture analysis, design quality Use when: User requests involve design document review, architecture evaluation, or design quality assessment tasks.
transparency-and-disclosures
by SanctifiedOps
Write clear disclosures for Solana projects: risks, unlocks, authority states, and data sources. Use for websites, docs, and announcements.
openclaw-admin
by AnthemFlynn
"Fix, configure, tune, or troubleshoot OpenClaw. Use for config changes, security fixes, performance tuning, doctor --fix, or when openclaw-doctor flags issues that need remediation."
php-security
by peixotorms
Use when handling user input, database queries, file operations, authentication, sessions, or any security-sensitive PHP code. Covers SQL injection prevention with prepared statements, PDO parameterized queries, XSS with htmlspecialchars, CSRF tokens, input validation (filter_var, FILTER_VALIDATE_*, FILTER_SANITIZE_*), output escaping by context, password_hash, password_verify, bcrypt, Argon2, file upload security, session management, SameSite cookies, Content-Security-Policy headers, serialization security, process execution security, error exposure, php.ini hardening (open_basedir, disable_functions, allow_url_include), OWASP Top 10 for PHP, rate limiting, brute force protection, directory traversal, path traversal, and common vulnerability patterns.
pci-compliance
by peixotorms
Use when building payment processing, handling credit card data, PAN, CVV, cardholder data environment (CDE), implementing checkout flows, tokenization, Stripe, Braintree, or any code that touches cardholder information — PCI DSS v4.0 coding patterns, SAQ selection, data classification, AES-256 encryption, TLS 1.2, audit log, data masking, Luhn validation, payment gateway integration, 3-D Secure, scope reduction, network segmentation
code-reviewer
by gaebalai
Copilot agent that assists with comprehensive code review focusing on code quality, SOLID principles, security, performance, and best practices Trigger terms: code review, review code, code quality, best practices, SOLID principles, code smells, refactoring suggestions, code analysis, static analysis Use when: User requests involve code reviewer tasks.
security-review
by thoreinstein
Perform enterprise security review of the codebase
audit
by vxcozy
Productivity analyst that maps your workflow, scores tasks by time cost and energy drain, and builds a prioritized 4-week automation plan. Use when you want to audit your workflow, figure out what to automate, do a productivity review, identify high-leverage tasks, feel overwhelmed and need to prioritize, or after the compounder surfaces new friction. Part of the architect-system loop. Outputs to system/audit-report.md.
code-reviewer
by icartsh
"보안 스캔, 품질 지표 및 모범 사례 분석을 포함한 자동화된 코드 리뷰입니다. 다음을 위한 코드 리뷰 시 사용합니다: (1) 보안 취약점 및 일반적인 공격 벡터, (2) 코드 품질 이슈 및 유지보수 문제, (3) 성능 병목 현상 및 최적화 기회, (4) 모범 사례 및 디자인 패턴, (5) 테스트 커버리지 및 테스트 전략, (6) 문서 품질 및 완전성"
cve-audit
by Mearman
Scan project dependencies for known vulnerabilities. Automatically detect and parse package files (package.json, requirements.txt, Gemfile, go.mod, pom.xml) and check all dependencies against the CVE database. Use when you want to audit a project for security vulnerabilities, check if dependencies have known CVEs, or generate a vulnerability report for compliance.
release-readiness-checklist
by asteroid-belt
Interactive release readiness checklist with semantic versioning guidance. Use when preparing a software release, cutting a version, deploying to production, or when user asks about release preparation. Triggers on phrases like "prepare release", "release checklist", "ready to release", "cut a version", "version bump", or "/release-readiness-checklist".
design-audit
by devanshuDesai
UI/UX design audit with Steve Jobs and Jony Ive design philosophy
backend-development
by zircote
Build robust backend systems with modern technologies (Node.js, Python, Go, Rust), frameworks (NestJS, FastAPI, Django), databases (PostgreSQL, MongoDB, Redis), APIs (REST, GraphQL, gRPC), authentication (OAuth 2.1, JWT), testing strategies, security best practices (OWASP Top 10), performance optimization, scalability patterns (microservices, caching, sharding), DevOps practices (Docker, Kubernetes, CI/CD), and monitoring. Use when designing APIs, implementing authentication, optimizing database queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or developing production-ready backend systems.
code-analyze
by icartsh
.NET 코드에서 정적 분석(Static analysis), 보안 스캔(Security scan) 및 종속성 체크(Dependency check)를 수행합니다. 코드 품질, 보안 감사 또는 취약점 탐지가 포함된 작업에서 사용합니다.
production
by pluginagentmarketplace
Unit testing, performance optimization, security implementation, Play Store deployment.
community-ops-playbook
by SanctifiedOps
Moderate and grow Solana communities (TG/Discord): rules, mod actions, FUD handling, legitimacy cues. Use for community operations.
analyzing-response-quality
by C0ntr0lledCha0s
Expert at analyzing the quality of Claude's responses and outputs. Use when evaluating response completeness, accuracy, clarity, or effectiveness. Auto-invokes during self-reflection or when quality assessment is needed.
audit-skills
by Tharun-Balaji
"Review, audit, and harden AI skills for security risks including prompt injection, hidden instructions, tool misuse, data exfiltration, and malicious payloads; use when analyzing SKILL.md, scripts, references, or assets for vulnerabilities and when producing remediation guidance."