Security
Security scanning and vulnerability detection
security
by scottymcandrew
Security audit specialist. Use before releases, after authentication/authorization changes, when handling sensitive data, or for periodic security reviews of code.
code-reviewer
by aig787
Perform comprehensive code reviews with focus on correctness, performance, security, and maintainability. Use when reviewing pull requests, merge requests, or code changes.
agentaudit-skill
by starbuck100
Automatic security gate that checks packages against a vulnerability database before installation. Use before any npm install, pip install, yarn add, or package manager operation.
owasp-iot-top-10
by yariv1025
"OWASP IoT Top 10 - prevention, detection, and remediation for IoT device and ecosystem security. Use when designing or reviewing IoT devices - passwords, network services, ecosystem interfaces, secure updates, components, data transfer/storage, device management, default settings, physical hardening, privacy."
owasp-privacy-top-10
by yariv1025
"OWASP Top 10 Privacy Risks - prevention, detection, and remediation for privacy in web applications. Use when addressing app vulnerabilities, data leakage, breach response, consent, transparency, data deletion, data quality, session expiration, user access rights, excessive data collection."
react-doctor
by Jackiexiao
Run after making React changes to catch issues early. Use when reviewing code, finishing a feature, or fixing bugs in a React project.
acr
by johnsonshi
'Comprehensive Azure Container Registry (ACR) knowledge skill. Use when users ask about: container registries, ACR authentication, private endpoints, geo-replication, ACR Tasks, image signing (Notation), artifact cache, connected registry, vulnerability scanning, customer-managed keys, RBAC, network security, artifact streaming, Helm charts in ACR, ORAS, or any Azure container registry feature. Triggers: "ACR", "container registry", "azurecr.io", "az acr", "docker push/pull to Azure", "registry authentication", "private registry", "geo-replicated registry", "image signing", "Notation", "Ratify".'
cui-java-cdi
by cuioss
CDI and Quarkus development standards for CUI projects, including CDI aspects, container configuration, testing, and native optimization
owasp-cicd-top-10
by yariv1025
"OWASP Top 10 CI/CD Security Risks - prevention, detection, and remediation for pipeline security. Use when securing or reviewing CI/CD - flow control, IAM, dependency chain, poisoned pipeline execution, PBAC, credential hygiene, system config, third-party services, artifact integrity, logging and visibility."
titvo
by KaribuLab
Analyze generated code, identify vulnerabilities, and report them to the user.
code-review
by dmonteroh
"Provides high-signal, fast code review with selectable modes (quality, security, performance, tooling). Includes an optional safe-by-default review script to summarize diffs, scan for risky patterns, and produce a deterministic report."
owasp-mobile-top-10
by yariv1025
"OWASP Mobile Top 10 - prevention, detection, and remediation for iOS/Android app security. Use when building or reviewing mobile apps - credentials, supply chain, auth, input/output validation, communication, privacy, binary protection, config, data storage, cryptography."
wcag-audit-perceivable-color
by Jkense
Route color usage and visual distinction accessibility requirements
Compensation Benchmarks
by yamz8
This skill should be used when the user asks about "salary ranges", "equity grants", "compensation benchmarks", "how much to pay", "competitive offer", "market rate", "startup compensation", "equity percentages", "option grants", or mentions specific compensation questions like "what should I pay a senior engineer" or "how much equity for a VP".
vue-doctor
by Arjun-Ingole
Diagnose and fix Vue/Nuxt codebase health issues. Use when reviewing Vue code, fixing performance problems, auditing security, or improving code quality.
dev-client
by gigs-slc
Build and distribute Expo development clients locally or via TestFlight
smart-contract-security
by pluginagentmarketplace
Master smart contract security with auditing, vulnerability detection, and incident response
disciplined-validation
by terraphim
Phase 5 of disciplined development. Validates system against original requirements through system testing and user acceptance testing (UAT). Uses structured stakeholder interviews to gather sign-off and traces defects back to research or design phases.
wcag-audit-perceivable-media
by Jkense
Route audio, video, and multimedia accessibility requirements
audit-website
by Jackiexiao
"Audit websites for SEO, performance, security, technical and content issues with actionable recommendations."
simplisticate
by HemSoft
V1.0 - Identifies complexity in code and proposes targeted simplifications with risk assessment. Use when reducing code complexity.
brand-analyzer
by nguyendinhquocx
This skill should be used when the user requests brand analysis, brand guidelines creation, brand audits, or establishing brand identity and consistency standards. It provides comprehensive frameworks for analyzing brand elements and creating actionable brand guidelines based on requirements.
wcag-audit-perceivable-layout
by Jkense
Route page structure and spatial organization accessibility requirements
reviewer
by scottymcandrew
Code review specialist. Use when code needs review, before merging changes, or to assess code quality. Provides structured feedback with severity levels.