Security
Security scanning and vulnerability detection
owasp-llm-top-10
by yariv1025
"OWASP Top 10 for LLM Applications - prevention, detection, and remediation for LLM and GenAI security. Use when building or reviewing LLM apps - prompt injection, information disclosure, training/supply chain, poisoning, output handling, excessive agency, system prompt leakage, vectors/embeddings, misinformation, unbounded consumption."
reflect
by jainabhishek
Self-improving skill that analyzes conversations for corrections and preferences, then persists them to skill files with optional Git versioning. Use when: (1) User runs "/reflect" or "/reflect [skill-name]" to manually extract learnings, (2) User says "reflect on" or "reflect off" to toggle automatic reflection, (3) User says "reflect status" to check mode, (4) User wants Claude to remember corrections for future sessions. Supports manual and automatic (hook-based) modes.
security-practices
by pluginagentmarketplace
Master secure development, OWASP top 10, testing, and compliance. Use when building secure systems, conducting security reviews, or implementing best practices.
security-architecture
by pluginagentmarketplace
Design security architectures with threat modeling and zero trust
vibe-coding-standards-skill
by Pixora-dev-ai
A comprehensive skill for enforcing project-specific architecture, styling, security, and quality rules. Use this skill when: (1) Reviewing code for compliance, (2) Generating new components or modules, (3) Refactoring existing code, or (4) Setting up a new project's coding standards.
audit-methodology
by leobrival
Comprehensive audit methodology for web applications covering accessibility (RGAA 4.1), security (OWASP Top 10), performance (Core Web Vitals), and eco-design. Use when users need guidance on audit processes, testing methodologies, compliance standards, or audit best practices. Includes detailed reference documentation for each audit domain.
ai-code-reviewer
by physics91
WHEN: Deep AI-powered code analysis, multi-model code review, security scanning with Codex and Gemini WHAT: Comprehensive code review using external AI models with severity-based findings, deduplication, and secret detection WHEN NOT: Simple lint checks -> code-reviewer, Quick security only -> security-scanner, Style formatting -> code-quality-checker
google-cloud
by BankkRoll
"Scraped from https://cloud.google.com/docs/ Source: https://cloud.google.com/docs. Use when questions involve: ai ml, authentication, buildpacks, enterprise, generative ai, security, terraform."
agent-safety
by pluginagentmarketplace
Ensure agent safety - guardrails, content filtering, monitoring, and compliance
owasp-kubernetes-top-10
by yariv1025
"OWASP Kubernetes Top 10 - prevention, detection, and remediation for Kubernetes security. Use when designing or reviewing K8s workloads and clusters - workload config, supply chain, RBAC, policy enforcement, logging, authentication, network segmentation, secrets, cluster components, vulnerable components."
skill-shield
by gpu-cli
Security audit and active remediation for agent skills. Analyzes SKILL.md instructions and bundled scripts for prompt injection, data exfiltration, excessive permissions, supply chain risks, and other threats. Presents findings inline, optionally generates reports, and can rewrite skills to remove security concerns.
workers-specialist
by SteveLeve
Provide Cloudflare Workers runtime guidance for routing, bindings, performance, security headers, rate limiting, and Hono patterns used in this repo.
supabase-postgres-best-practices
by Jackiexiao
"Postgres performance optimization and best practices from Supabase for schema, indexing, query tuning, security, and operations."
disciplined-verification
by terraphim
Phase 4 of disciplined development. Verifies implementation against design through unit and integration testing. Builds traceability matrices, tracks coverage, and loops defects back to originating left-side phases.
devsecops
by josavicentevw
DevSecOps skill for security automation, vulnerability management, secure CI/CD pipelines, container security, secrets management, compliance, and security testing. Use when implementing security in development workflows, scanning for vulnerabilities, securing infrastructure, or when user mentions security automation, SAST, DAST, container scanning, or compliance.
clawdefender
by arc-claw-bot
Security scanner and input sanitizer for AI agents. Detects prompt injection, command injection, SSRF, credential exfiltration, and path traversal attacks. Use when (1) installing new skills from ClawHub, (2) processing external input like emails, calendar events, Trello cards, or API responses, (3) validating URLs before fetching, (4) running security audits on your workspace. Protects agents from malicious content in untrusted data sources.
cloud-resources
by SerendipityOneInc
Cloud resource management and monitoring for GCP (云资源管理与监控 - GCP)
security-audit
by chrysos
Run comprehensive security audit on any project. Detects package manager (npm, pnpm, yarn, bun, pip, composer, cargo, go), runs native audit commands, and searches the web for CVEs and security advisories for ALL dependencies — even those that pass the audit. Generates a detailed security report.
python-fastapi
by KaribuLab
FastAPI Secure Engineering
audit-reports
by fethallaheth
Generate formatted security audit findings for Web3 platforms (Sherlock, Code4rena, Cantina). Use when user needs to report vulnerabilities, format findings, or create audit reports for smart contract security contests.
opencode-audit
by IdoKendo
Audit OpenCode configuration quality, safety, and operability with a 100-point rubric and concrete remediations.
auditing-plugins
by Git-Fg
"Comprehensive plugin auditing for compliance with marketplace best practices. MUST Use when validating, refactoring, or improving plugin quality. Do not use for creating new plugins, scaffolding components, or development tasks."
driver-license-eligibility
by Ontos-AI
Provides driver license eligibility requirements based on user's country/state and age. It can specify minimum age, required documents, and any specific conditions.
mesh-security
by hackIDLE
Analyze Istio, Consul, and Linkerd service mesh configurations for security vulnerabilities with NIST 800-53 control mappings. Use when users need to audit mesh security, identify misconfigurations, check mTLS settings, review ACL policies, or prepare for FedRAMP assessments. Triggers on keywords like "mesh config", "istio security", "consul ACL", "linkerd policy", "service mesh audit", or "NIST compliance".