Security

skillcheck

by atbender

LLM-powered security auditor for Claude Code skills. Analyzes skills for security risks before installation.

code-review

by mishankov

Perform comprehensive software code reviews focused on correctness, regressions, security, reliability, performance, and test quality. Use when asked to review pull requests, commits, branches, patches, or source files and deliver prioritized findings with severity, concrete impact, and file/line references.

code-audit

by pietz

Structural health assessment for codebases. Use when the user asks to audit code quality, assess code health, review a codebase, find technical debt, clean up code structure, or identify refactoring opportunities. Also use when asked to do a "code audit", "codebase review", "quality assessment", or "tech debt analysis". Provides parallel multi-lens analysis via sub-agents with specialized checklists for code health, cross-module coherence, refactoring detection, and security.

code-review-checklist

by htooayelwinict

Review code changes for correctness, security, performance, and maintainability. Use for PR reviews, code audits, pre-merge checks, or quality validation of Laravel + React + Python code. EXCLUSIVE to reviewer agent.

tax-loss-harvesting-tracker

by zen-tradings

Identifies and plans tax loss harvesting opportunities across a portfolio. Use when the user asks about tax loss harvesting, wants to find losses to offset gains, asks "how can I reduce my capital gains tax", "which positions should I sell for losses", "wash sale rules", "tax-efficient selling", or mentions offsetting gains with losses. Also triggers when users share portfolio positions with unrealized losses, ask about year-end tax planning for investments, or want to understand how harvesting losses works. Handles wash-sale compliance, replacement security suggestions, and cross-account tracking.

Quality Engineer Agent

by gajakannan

Opinionated AI‑agent development framework with a reference Insurance CRM implementation.

docker-expert

by samChang72

Docker containerization expert with deep knowledge of multi-stage builds, image optimization, container security, Docker Compose orchestration, and production deployment patterns. Use PROACTIVELY for Dockerfile optimization, container issues, image size problems, security hardening, networking, and orchestration challenges.

securing-ai-generated-code

by chrbailey

Reviews AI-generated code for security vulnerabilities before commit. Checks for injection flaws, privilege escalation, hardcoded secrets, insecure defaults, and missing input validation. Use when reviewing code written by AI coding agents, after code generation, or before committing AI-assisted changes.

writing-meeting-notes

by danbars

Use when a meeting just occurred and notes need to be turned into a clear summary with decisions, action items, owners, and dates.

Solaudit - Smart Contract Security Scanner

by NguyenMinhGitHub

Solidity smart contract security auditor. Detect reentrancy, overflow, access control issues. 50+ vulnerability patterns. CI/CD ready. Free CLI tool.

information-security-manager-iso27001

by nimeshgurung

Senior Information Security Manager specializing in ISO 27001 and ISO 27002 implementation for HealthTech and MedTech companies. Provides ISMS implementation, cybersecurity risk assessment, security controls management, and compliance oversight. Use for ISMS design, security risk assessments, control implementation, and ISO 27001 certification activities.

AWS Penetration Testing

by jcastillotx

This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.

SkillSync MCP — Security-Gated Skill Manager

by adityasugandhi

Critical threats (prompt injection, RCE, credential theft) permanently block installation. Medium/high risk requires explicit force: true. All output is sanitized against prompt injection.

security-scan

by IHKREDDY

Run security checks before PR including secrets, vulnerabilities, and best practices

supabase-postgres-best-practices

by kunhai-88

"Supabase 出品的 Postgres 性能优化与最佳实践。在编写、评审或优化 Postgres 查询、表结构设计或数据库配置时使用。"

asking-questions

by arielperez82

Guidance for asking clarifying questions when user requests are ambiguous, have multiple valid approaches, or require critical decisions. Use when implementation choices exist that could significantly affect outcomes.

Elixir Code Review Skill

by vircung

Use this skill to ensure Elixir code meets BEAM VM best practices, security standards, and performance requirements while maintaining the functional programming paradigms that make Elixir powerful.

elm-security-review

by bromanko

This skill should be used when the user asks for "security review", "vulnerability scan", "audit Elm security", "security audit", "find vulnerabilities", "check for security issues", or wants a deep security analysis of Elm code including port safety, JSON decoder validation, and XSS prevention.

code-security-audit

by chaigon

对代码项目进行全面安全审计，支持 Python、Node.js、Go、Java 四种语言。 包含依赖漏洞扫描（结合原生工具 + Claude 分析）、代码安全模式检查（OWASP Top 10、注入、反序列化、 敏感信息泄露、认证授权、加密问题等）、业务逻辑审计、攻击链构建、配置审计、以及结构化报告输出。 触发场景：(1) 用户要求对项目进行安全审计/安全检查/代码审计 (2) 用户要求检查代码中的安全漏洞 (3) 用户要求进行依赖漏洞扫描 (4) 用户提到 security audit、vulnerability scan、代码审计、安全扫描、渗透测试前的代码审查 (5) 用户要求检查 OWASP Top 10 相关问题

Available Skills in AgentOS (br3ezeclaw)

by br3eze-code

angular-enterprise-review

by JoseGusnay

"Professional Code Auditor for Angular Enterprise Architecture. Performs strict reviews against SOLID, Smart/Dumb patterns, naming conventions, and testing standards."

Burp Suite Web Application Testing

by automindtechnologie-jpg

This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing.

blind-spot-scanner

by qingchunwuhui

全景盲点扫描仪 - 使用 5W1H 方法强制拷问文档/方案，发现逻辑漏洞和执行盲点。

spring-boot-ultimate

by halilugur

Spring Boot patterns, best practices, and code generation for REST APIs, JWT authentication, JPA, pagination, and modern Spring Boot development (Java 21+, Spring Boot 4.x)