Security
Security scanning and vulnerability detection
security-auditor
by seekaxis
"Proactively audit agent skills (SKILL.md and bundled scripts) for security risks including malicious installers, obfuscated payloads, credential exfiltration, and supply-chain attacks. Use when installing, reviewing, or triaging any agent skill, or when the user asks to check a skill for safety."
fda-consultant-specialist
by nimeshgurung
Senior FDA consultant and specialist for medical device companies including HIPAA compliance and requirement management. Provides FDA pathway expertise, QSR compliance, cybersecurity guidance, and regulatory submission support. Use for FDA submission planning, QSR compliance assessments, HIPAA evaluations, and FDA regulatory strategy development.
migration-resolver
by ShotaIuchi
Dependency resolution for migrations. Apply when resolving version conflicts, transitive dependency issues, peer dependency requirements, and incompatible dependency trees.
feature-security
by ShotaIuchi
Security analysis for new features. Apply when reviewing authentication, authorization, input validation, data protection, and security best practices in new feature implementations.
audit-website
by Jackiexiao
(中文)Audit websites for SEO, performance, security, technical, content, and 15 other issue cateories with 230+ rules using the squirrelscan CLI. Returns LLM-optimized reports with health scores, broken links, meta tag analysis, and actionable recommendations. Use to discover and asses website or webapp issues and health.
dotnet-code-review
by Olino3
Forge is a marketplace for a Claude Code Plugins
drupal-update
by Bethamil
Automate Drupal module updates in DDEV environments with safety snapshots, composer update, drush updb, config export, and changelog generation. Handles security updates, patch versions, minor versions, and major version upgrades with compatibility checking. Use when updating Drupal modules, checking for module updates, running composer update, upgrading dependencies, checking outdated packages, or when user mentions DDEV, drush, composer outdated, or module security updates.
prod-ready
by aravhawk
Production-readiness audit covering linting, security, edge cases, and deployment checks. Only trigger when the user explicitly says "run prod-ready workflow" — do not run proactively.
swiff-ios
by Narenreddy2302
Expert assistant for the Swiff iOS subscription and expense management application. Use when working on Swiff iOS features, architecture, SwiftUI/SwiftData development, widgets, notifications, subscriptions, expenses, group billing, security, accessibility, or performance optimization. Provides comprehensive knowledge of MVVM architecture, service layer patterns, and iOS best practices.
scan
by rozwer
SKILL.md ファイルのセキュリティスキャンを行います。2段階: 静的パターンマッチング + AI コンテキストレビュー。
security
by kprsnt2
Application security best practices including OWASP Top 10, authentication, and data protection.
sonarqube-quality-gate-playbook
by AgustinAlbonico
Playbook iterativo para llevar proyectos Node y TypeScript (NestJS + React en monorepo) a cumplir Quality Gates de SonarQube sin romper build ni pipelines. Usar cuando se necesite subir cobertura priorizando New Code, eliminar issues nuevos (Bugs, Vulnerabilities, Code Smells), revisar Security Hotspots y controlar duplicacion y deuda tecnica.
secure-development
by vineethsoma
Security best practices for production applications including PII protection, input validation, SQL injection prevention, XSS mitigation, and secure logging. Apply when handling user data, authentication, or external inputs.
tactic-rules
by soyyotedigo
Reglas y convenciones para el pipeline de TACTIC
mcp-server-development
by bradsjm
Develop, review, and refactor Model Context Protocol (MCP) servers in Python or TypeScript/Node.js. Use when designing MCP tool/resource/prompt contracts, implementing an MCP server (stdio/SSE/Streamable HTTP), tightening JSON Schema inputs, improving error handling, adding security guardrails (secret scrubbing, permissions, destructive confirmations), and creating tests for MCP tools.
database-specialist
by samChang72
優化資料庫查詢,消除慢查詢,設計高效索引與 Schema。
saas-security
by hwatkins
When the user needs to implement or review security for a SaaS application. Covers authentication, authorization, API security, account takeover prevention, session management, and security headers. Also use when mentioning "auth security," "API protection," "account takeover," "session hijacking," "CSRF," "XSS," or "security headers." For spam-specific issues, see spam-prevention.
threat-modeler
by tmart234
Produce structured threat models for software, systems, networks, IoT/embedded devices, medical devices, or business processes. Walks Shostack's Four Question Framework, produces a Mermaid DFD with trust boundaries, runs STRIDE-Per-Element with prioritized mitigations and derived security requirements, and a Q4 self-assessment. Trigger on threat modeling, STRIDE, DFD / data flow diagram, attack surface, abuse / misuse cases, security architecture review, trust boundaries, "what can go wrong / what are the threats to X / how would someone attack X", or pasting architecture and asking about risks. Also trigger when the user names a methodology (LINDDUN, PASTA, DREAD, attack trees) or asks for a regulatory threat-model deliverable (FDA premarket cybersecurity, IEC 62443, IEC 81001-5-1). Greenfield and brownfield. Do NOT trigger for penetration testing planning, vulnerability scanning, or incident response.
backend-development
by brixtonpham
"Production backend systems development. Stack: Node.js/TypeScript, Python, Go, Rust NestJS, FastAPI, Django, Express PostgreSQL, MongoDB, Redis. Capabilities: REST/GraphQL/gRPC APIs, OAuth 2.1/JWT auth, OWASP security, microservices, caching, load balancing, Docker/K8s deployment. Actions: design, build, implement, secure, optimize, deploy, test APIs and services. Keywords: API design, REST, GraphQL, gRPC, authentication, OAuth, JWT, RBAC, database, PostgreSQL, MongoDB, Redis, caching, microservices, Docker, Kubernetes, CI/CD, OWASP, security, performance, scalability, NestJS, FastAPI, Express, middleware, rate limiting. Use when: designing APIs, implementing auth/authz, optimizing queries, building microservices, securing endpoints, deploying containers, setting up CI/CD."
security-review
by Protagonistss
代码安全审查与漏洞风险评估能力。
testing
by williaby
Automated test generation, review, and execution for pytest-based projects. Auto-activates on keywords test, coverage, pytest, unittest, integration test, e2e, performance, benchmark, security testing. Routes to specialized testing workflows based on user intent.
AWS Penetration Testing
by automindtechnologie-jpg
This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.
DevOps Automator
by anorbert-cmyk
DevOps / Platform Engineer focused on safe automation, repeatable environments, and fast delivery.
trivy
by lorenzogirardi
Security vulnerability scanning using Trivy for ecommerce project. Scans dependencies, container images, and IaC. Blocks CRITICAL and HIGH severity. Triggers on "trivy", "vulnerability scan", "security scan", "container scan", "cve", "dependency scan", "npm audit", "docker scan", "security check". PROACTIVE: MUST invoke before committing code with new dependencies.