Security
Security scanning and vulnerability detection
observation-minimum-set
by CAPHTECH
"観測の最小セットを適用。6つの失敗モード(仕様誤解/境界条件/依存/セキュリティ/並行性/運用)を継続可能なコストで網羅。Use when: プロジェクト開始、リリース前チェック、品質改善振り返り、観測が足りているか確認したい。"
app-audit
by chen-ye
Analyzes installed Termux packages and Android apps to identify redundancies, categorize usage, and suggest cleanups. Use when the user asks to audit apps, check for bloatware, or analyze installed software.
aico-pm-clarification
by yellinzero
Resolve requirement ambiguities through STRUCTURED questioning: one question at a time, with recommended options and reasoning. UNIQUE VALUE: Prevents overwhelming users with multiple questions. Provides expert recommendations for each decision. Use this skill when: - Running /pm.clarify command - User says "unclear", "not sure what this means", "confused about" - User asks "what does X mean?", "how should X work?", "can you clarify?" - Requirements have conflicting or inconsistent details - Stories are missing acceptance criteria or have gaps - Need to fill information gaps BEFORE development can proceed Process: Ask ONE question at a time (max 5 per session), provide recommended option with reasoning. DO NOT ask multiple questions at once - this overwhelms users.
clawvitals
by ANGUARDA
Security health checks and secure configuration auditing for OpenClaw. Reviews your core security vitals across authentication, version currency, and platform config. Tracks whether your security posture improves or regresses over time, and alerts on new critical findings. Run "run clawvitals" to get your first score in under 30 seconds.
attack-tree-construction
by ma1orek
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
starknet-skills
by keep-starknet-strange
Routes Cairo/Starknet coding and audit tasks to the smallest relevant module for focused, high-quality execution.
security-audit-saas-generic
by danielcubas
Perform a full security audit for any SaaS web application regardless of specific framework or ORM. Use before production or after MVP completion.
forge-audit
by fwehrling
FORGE Security Agent — Threat modeling, OWASP audit, and compliance checks. Enterprise track only. Usage: /forge-audit
java-code-review
by theepan
Review Java source code for bugs, security vulnerabilities, performance problems, concurrency issues, AI-generated code quality issues, dependency licensing risks, and best practice violations. Use when a user asks to review Java code, audit Java files, find bugs in Java, check Java code quality, detect AI slop, check library licenses, or perform a code review on .java files. Accepts code provided directly, as local file paths, as directory paths, or as unified diff output.
pre-commit-review
by ichuan
"Comprehensive code review for uncommitted changes before git commit. Use when users want to: (1) Review code changes before committing, (2) Check for security vulnerabilities, bugs, or performance issues, (3) Get feedback on code quality and best practices, (4) Identify issues by severity level. Triggered by phrases like 'review my changes', 'check my code', 'review before commit', 'code review', or similar requests for pre-commit validation."
prompt-guard
by akashp1712
"🛡️ Unbreakable AI Security Guard - Highest-priority protection against prompt injection, jailbreaks, and malicious skill behavior. Auto-activates on threats and cannot be overridden."
enforce-security-vigilance
by starwreckntx
Enforce continuous security vigilance and threat monitoring.
enumeration-protocol-execution
by starwreckntx
Enforce a Divergent-Convergent Scan loop to overcome 'Prevalent Noun Bias' and statistical probability reflexes (System 1).
antidote-threat-handler
by starwreckntx
Detect and respond to ideological drift, sycophantic patterns, and alignment threats using the Antidote Protocol.
solidity-security
by Krosebrook
Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.
narrative-dimensions-analysis
by wmiles81
Physics-inspired story analysis system that treats narrative as trajectories through dimensional space. Tracks dimensions like intimacy, trust, power, and stakes to calculate tension, validate pacing, and diagnose story problems. Genre-aware with formulas for romance, thriller, mystery, and fantasy. Use when analyzing story structure, engineering tension, validating character arcs, diagnosing pacing issues, or generating dimensional targets for scenes.
account-security-validation
by starwreckntx
Validate account security and authentication protocols.
owasp-api-security-top-10
by yariv1025
"OWASP API Security Top 10 - prevention, detection, and remediation for REST/GraphQL/API security. Use when designing or reviewing APIs - object- and function-level authorization, authentication, rate limiting and resource consumption, sensitive business flows, SSRF, API inventory and versioning, or consumption of third-party APIs."
managing-npm
by Git-Fg
"Manages npm, pnpm, and bun dependencies following strict protocols. Use when installing, updating, or auditing packages. Do not use for TypeScript configuration or build tooling."
web-security-standards
by cuioss
Trusted domains, security assessment patterns, and domain research standards for WebFetch permissions
claude-md-bp-context
by getskillsdev
Audit CLAUDE.md for best practices. 18-point checklist.
refine
by meetdave3
Audit, score, and improve any project's Claude Code configuration. Analyzes CLAUDE.md, skills, agents, hooks, MCP servers, and settings. Trigger: /refine, /refine audit, /refine quick
permission-management
by cuioss
Permission validation, architecture patterns, anti-patterns, and best practices for Claude Code settings management
auditing-security
by Git-Fg
"Scans for secrets and performs comprehensive security audits. MUST Use when verifying security of code changes or auditing file safety."