Security
Security scanning and vulnerability detection
writing-blogs
by gajakannan
"Writes technical blog posts, devlogs, tutorials, and retrospectives based on completed project work. Activates when writing blog posts, creating devlogs, writing about features, summarizing builds, writing retrospectives, or documenting learnings. Does not handle official API or operations documentation (technical-writer), writing production code (backend-developer or frontend-developer), or security reviews (security)."
Security Logging & Monitoring
by anorbert-cmyk
Designs audit trails and security telemetry for fast detection and response, aligned with OWASP Logging Cheat Sheet.
test-skill
by h1paastha
A helpful utility skill for testing and validation workflows.
audit-website-pro
by ferdiboxman
Comprehensive website audit with real data — performance, security, SEO, accessibility, and broken links. Powered by x402 micropayments. Use when the user wants a FULL site health check with actual Lighthouse scores, security header analysis, SSL verification, accessibility violations, and broken link detection. Unlike basic audit skills that give checklists, this calls APIs and returns evidence-based reports. Triggers on "website audit," "site health," "is my site secure," "check my website," "performance audit," "accessibility check," "security audit," "broken links," "full site review," or "website health check."
audit
by Nomik94
Use when: 프로젝트 규칙 검증, 커스텀 린트, 커밋 전 검사, audit, 규칙 위반 체크, 프로젝트 컨벤션 확인, 배포 전 검증. NOT for: 일반 린트 (ruff/mypy가 처리), 보안 감사 (security-audit 참조).
file-name-wizard
by Cygnusfear
Audit all filename and naming conventions in the codebase against AGENTS.md standards and common patterns. Use when user asks to check naming conventions, audit filenames, find naming inconsistencies, or validate file naming patterns.
modern-patterns-audit
by karchtho
modern practices Input System async await dependency injection pooling optimization
quality-severity
by jovermier
This skill should be used when classifying issues, findings, or code review problems with severity levels. Triggers on requests like "classify severity", "what is P1/P2/P3", "determine issue priority".
sdk-readiness-audit
by timbenniks
Audit an API surface (OpenAPI 3.0/3.1, GraphQL schema, or REST docs) for SDK readiness and developer experience. Use when asked to evaluate whether an API is SDK friendly, produce a readiness scorecard, list concrete refactors, describe "if we shipped an SDK today" pain points, or suggest OpenAPI fixes and x-* extensions to improve client generation.
solidity-security-best-practices
by whackur
Smart contract security best practices for Solidity development. Use when writing, reviewing, or auditing Solidity code. Covers reentrancy prevention, access control patterns, safe external calls, input validation, upgrade safety, and OWASP Smart Contract Top 10 vulnerabilities. Triggers on tasks involving security, vulnerability detection, access control, CEI pattern, ReentrancyGuard, SafeERC20, or smart contract auditing.
code-reviewer
by shaul1991
Code Reviewer Agent. Frontend/Backend 코드 리뷰를 담당합니다. 코드 품질, 테스트 커버리지, 보안, 성능을 검토합니다.
naver-blog-audit
by doric9
기존 네이버 블로그 포스트의 SEO 상태를 분석하고 개선점을 제안합니다.
sast
by simplerick0
Security reviewer specializing in Static Application Security Testing - analyzing source code without execution. Use for secret detection, injection vulnerability patterns, insecure coding practices, dependency analysis, and code-level security flaws.
aidr
by pc-style
Offload context-heavy but low-complexity codebase work to Aider through a thin CLI wrapper. Use when another AI agent should avoid loading large repository context for tasks like discovery, repetitive refactors, cross-file version bumps, and broad search/explain passes. Supports safe read-only scanning, scoped edit runs, model-mode routing, and setup/model diagnostics.
backend-principle-eng-javascript-pro-max
by PrakharMNNIT
"Principal backend engineering intelligence for JavaScript services. Actions: plan, design, build, implement, review, fix, optimize, refactor, debug, secure, scale backend code and architectures. Focus: correctness, reliability, performance, security, observability, scalability, operability, cost."
securing-data-access-layer
by djankies
Teach Data Access Layer pattern to prevent CVE-2025-29927 middleware authentication bypass. Use when implementing authentication, authorization, protecting routes, or working with server actions that need auth.
validate-implementation-plan
by b-mendoza
Audit and annotate an AI-generated implementation plan for requirements traceability, YAGNI compliance, and assumption risks. Use when reviewing, validating, or auditing an implementation plan or design proposal produced by an AI agent.
security-audit
by pachoroa
Audit installed skills for malicious code, hidden instructions, and security vulnerabilities. Use when users want to scan their skills for potential security issues, verify skill safety before use, or investigate suspicious skill behavior.
php-best-practices
by jcastillotx
PHP coding standards and best practices. This skill should be used when writing, reviewing, or refactoring PHP code. Triggers on tasks involving PHP applications, WordPress plugins, Laravel projects, or any PHP-based backend.
research-synthesis
by tomwangowa
Use after running 2+ research skills (critical-research, tech-feasibility, narrative-auditor, codebase-audit) to synthesize findings into a unified decision document. Resolves conflicts between sources, weighs evidence, and produces an actionable recommendation.
audit-maintenance
by kawaxi
Use when the user wants to ensure the audit environment is persistent and recoverable. This skill manages system-level access to prevent auditor lockout during long-term substation audits.
skill-intake
by arielperez82
This skill should be used when evaluating, sandboxing, or incorporating new skills into a project's skill pipeline. Trigger when the user mentions "intake skill", "add new skill", "evaluate skill", "incorporate skill", "skill pipeline gap", or discusses discovering and integrating external or from-scratch skills.
code-review-master
by Tomlord1122
Code review expert for security, quality, and performance analysis. Use when reviewing code, PRs, conducting security audits, or identifying performance issues.
everclaw
by profbernardoj
Open-source first AI inference — GLM-5 as default, Claude as fallback only. Own your inference forever via the Morpheus decentralized network. Stake MOR tokens, access GLM-5, GLM-4.7 Flash, Kimi K2.5, and 30+ models with persistent inference by recycling staked MOR. Open-source first model router routes all tiers to Morpheus by default — Claude only kicks in as an escape hatch when needed. Includes Morpheus API Gateway bootstrap for zero-config startup, OpenAI-compatible proxy with auto-session management, automatic retry with fresh sessions, OpenAI-compatible error classification to prevent cooldown cascades, multi-key auth rotation v2 with proactive DIEM balance monitoring and reactive 402 watchdog, Gateway Guardian v5 with direct curl inference probes (eliminates Signal spam), proactive Venice DIEM credit monitoring, circuit breaker for stuck sub-agents, nuclear self-healing restart, always-on proxy-router with launchd auto-restart, smart session archiver, three-shift cyclic execution engine (v2 with 15-minute execution loops), 24/7 always-on power configuration for macOS, bundled security skills, zero-dependency wallet management via macOS Keychain, x402 payment client for agent-to-agent USDC payments, ERC-8004 agent registry reader for discovering trustless agents on Base, and hardware-aware local Ollama fallback with auto model selection (Qwen3.5 family, 1.5B–72B based on available RAM/GPU).