Security
Security scanning and vulnerability detection
fullstack-security
by pluginagentmarketplace
Security and performance - hardening, optimization, auditing
iac-security-scanner
by hackIDLE
Scan Terraform, Kubernetes, CloudFormation, ARM templates, and Dockerfiles for security misconfigurations using 790 Terrascan-derived policies with NIST 800-53 control mappings. Use when users need to review IaC for security issues, audit cloud configurations, check compliance posture, harden infrastructure code, or identify misconfigurations across AWS, Azure, GCP, and Kubernetes before deployment.
code-reviewer
by jgarrison929
Use when reviewing code changes, pull requests, or asking for code quality feedback. Covers readability, maintainability, security, performance, error handling, naming conventions, and test coverage.
security-audit
by Prismas33
"Security auditing and pentesting skill. Use when asked 'analyze security', 'how would you attack', 'vulnerabilities', 'pentester mode', or 'security audit'."
percolator
by agentic-reserve
Percolator perpetual futures protocol development (Feb 2026). Educational research project for predictable risk management using profit-as-junior-claims model. Covers core risk engine (Rust), Solana programs, CLI tools, matcher development, testing, and formal verification. Alternative to traditional ADL with global coverage ratio and self-healing mechanics.
test-audit
by juliomrqz
Audit test suites (unit, integration, feature/E2E) for correctness, quality, and best practices. Use when the user wants to review, audit, validate, or improve tests in any programming language or framework (Jest, pytest, RSpec, JUnit, PHPUnit, etc.). Triggers on requests like "audit my tests", "review test quality", "check my test coverage", "are my tests good", or any request to evaluate test effectiveness.
web-design-guidelines
by cybertechajju
Advanced web design patterns with AI-powered suggestions
spring-boot-reviewer
by physics91
WHEN: Spring Boot code review, DI patterns, @Transactional, REST API design, security configuration WHAT: Dependency injection + Transaction management + API design + Security config + JPA patterns WHEN NOT: Kotlin Spring → kotlin-spring-reviewer, Pure Java → java-reviewer, Django/FastAPI → respective reviewers
Ad Audit — Paid Advertising Analysis for OpenClaw
by mmcmedia
â I'll provide Meta, Google, TikTok, LinkedIn benchmarks relevant to your business
security
by pluginagentmarketplace
JavaScript security best practices and vulnerability prevention.
owasp-serverless-top-10
by yariv1025
"OWASP Serverless Top 10 - prevention, detection, and remediation for serverless (Lambda, Functions) security. Use when building or reviewing serverless apps - event injection, over-permissioned functions, insecure deps, secrets, config, and other serverless-specific interpretations of the Web Top 10."
kata-audit-milestone
by gannonh
Verify milestone achievement against its definition of done, checking requirements coverage, cross-phase integration, and end-to-end flows. Triggers include "audit milestone", "verify milestone", "check milestone", and "milestone audit". This skill reads existing phase verification files, aggregates technical debt and gaps, and spawns an integration checker for cross-phase wiring.
decision-auditor
by rohanpatriot
Audits decisions for cognitive biases, runs premortems on plans, and reframes choices to reveal hidden assumptions. Use when evaluating decisions under uncertainty, reviewing plans for bias, assessing probability and risk, running premortems, checking for anchoring or availability bias, or analyzing why a judgment might be wrong.
dependency-updater
by cachemoney
Smart dependency management for any language. Auto-detects project type, applies safe updates automatically, prompts for major versions, diagnoses and fixes dependency issues.
agent-builder
by 101mare
Knowledge for designing Claude Code agents with research-backed identity design (Soul Formula). Teaches experiential identities, anti-patterns, multi-file structure, and consolidation patterns. Use when building new agents or improving existing ones. Recognizes: "create an agent", "new agent for X", "agent that does Y", "how do I make an agent?", "agent configuration", "add a subagent", "agent frontmatter", "agent tools", "agent soul", "agent identity", "agent design"
security-encryption
by pluginagentmarketplace
Game server security including encryption, anti-cheat, and secure communication
fastapi
by BankkRoll
"Scraped from https://fastapi.tiangolo.com/ Source: https://fastapi.tiangolo.com. Use when questions involve: advanced, deployment, how to, reference, tutorial."
devcontainer-security
by daaain
Guide for setting up secured VS Code dev containers for coding agents. Use when creating or hardening a DevContainer to sandbox Claude Code or other coding agents, configuring Docker socket proxies, handling VS Code IPC escape vectors, setting up git worktree support, or verifying security controls. Covers threat model, three-layer defence architecture, Node.js/pnpm setup, and verification testing.
dependency-audit
by fefogarcia
Comprehensive dependency health auditing for JavaScript/TypeScript projects. Run npm audit, detect outdated packages, check for security advisories, and verify license compliance. Prioritises vulnerabilities by severity and provides actionable fix recommendations. Use when: auditing project dependencies, checking for vulnerabilities, updating packages, preparing for release, or investigating "npm audit" warnings. Keywords: audit, vulnerabilities, outdated, security, npm audit, pnpm audit, CVE, GHSA, license.
owasp-top-10
by yariv1025
"OWASP Top 10 web application security risks - prevention, detection, and remediation. Use when implementing or reviewing access control, authentication, crypto/sensitive data, input validation and injection, secure design, security configuration, dependency management, session/identity, deserialization or CI/CD integrity, logging and monitoring, or server-side requests (SSRF)."
observability-audit
by velcrafting
Ensure logging/metrics/tracing and auditability match the quality bar for changed behavior.
security-auditor
by jgarrison929
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
forge-audit-skill
by fwehrling
FORGE Skill Auditor — Security audit of third-party Claude Code skills. Usage: /forge-audit-skill <path-to-skill>
quality-gate
by terraphim
Right-side-of-V verification/validation orchestration for a change or PR. Produces a single Quality Gate Report with evidence covering: code review, security audit, performance regression risk, requirements traceability, acceptance/UAT scenarios, and (when UI changes) visual regression testing. Use when preparing a PR for merge/release, doing a “ready?” check, or enforcing an engineering quality gate.