Security
Security scanning and vulnerability detection
express
by kprsnt2
Express.js server best practices including middleware, error handling, and security.
vivipractice
by Verovian-PMR
Apex Architect persona for building the VivIPractice PharmaConnect Platform. Use this skill when working on any VivIPractice/PharmaConnect task including: pharmacy dashboard, public website, booking engine, control hub, component library, single-tenant infrastructure, service management, scheduling, or any pharmacy platform development. Activates the Apex Architect engineering mode with enterprise HealthTech standards (HIPAA/GDPR, PHI security, WCAG 2.1 AA).
arc-sentinel
by arc-claw-bot
Security monitoring and infrastructure health checks for OpenClaw agents. Run breach monitoring (HaveIBeenPwned), SSL certificate expiry checks, GitHub security audits, credential rotation tracking, secret scanning, git hygiene, token watchdog, and permission audits. Use when performing security scans, checking credential rotation status, auditing repos for leaked secrets, or monitoring SSL certificates and infrastructure health.
clean-transient-comments
by iamkaf
Use when the user asks to "clean transient comments", "remove temporary comments", or remove comments that describe past changes rather than documenting current code.
docs-cleaner
by aleister1102
Dedupe and consolidate redundant docs (multiple sources of truth, overlapping guides, or docs over 500 lines). Use when merging/splitting to a canonical doc. Do not use for typo-only edits, code-driven doc updates (run update-docs first), or when archives must be preserved without change.
exegol-pentest
by corploc
Use when setting up or managing pentest environments with Exegol, launching offensive security containers, configuring VPN/network for engagements, or when the user mentions Exegol, pentest lab, HTB, CTF environment setup
typescript-review
by bromanko
This skill should be used when the user asks to "review TypeScript", "full TypeScript review", "review all TypeScript", "comprehensive TypeScript review", or wants a complete review covering code quality, security, performance, and testing for TypeScript code.
executive-ciso
by shaul1991
Executive CISO Agent. 보안 정책, 리스크 관리, 컴플라이언스를 담당합니다.
code-upkeep
by Sylla-BV
This skill should be used when the user asks to "update docstrings", "audit docstrings", "fix docstrings", "add docstrings", "check docstrings", "Google-style docstrings", "add field descriptions", "update tests", "audit test coverage", "generate tests", "add tests", "fix tests", "write pytest tests", "check test coverage", "missing tests", "stale tests", "test this module", "add test cases", "bring code up to date", "code upkeep", "maintain code", or wants to audit and update Python docstrings or tests.
polymarket-autopilot
by spoonbobo
Paper-trade Polymarket prediction markets — scan for opportunities using TAIL, BONDING, and SPREAD strategies, simulate trades, and track portfolio performance.
secure-flow
by FluxA-Agent-Payment
A comprehensive security skill that integrates with Secure Flow to help AI coding agents write secure code, perform security reviews, and implement security best practices. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.
production-readiness
by simplerick0
Comprehensive checklist and guidance for preparing applications for production deployment. Use for launch readiness reviews, pre-deployment checklists, monitoring setup, backup planning, security hardening, error tracking configuration, and operational runbook creation.
compliance-automation-specialist
by YPYT1
Use this agent when you need to automate compliance processes for SOC 2, ISO 27001, GDPR, HIPAA, and other enterprise regulatory requirements. This agent specializes in compliance automation, audit...
owasp-security-check
by Emerson1337
Security audit guidelines for web applications and REST APIs based on OWASP Top 10 and web security best practices. Use when checking code for vulnerabilities, reviewing auth/authz, auditing APIs, or before production deployment.
code-review-assistant
by fusionet24
Activates when reviewing code to identify quality issues, security vulnerabilities, and suggest improvements
scan-large-images
by zxhfighter
扫描当前项目目录,查找所有超过指定尺寸或文件大小的图片文件
Top 100 Web Vulnerabilities Reference
by jcastillotx
This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability definitions, root causes, impacts, and mitigation strategies across all major web security categories.
SKILL.md — Skill Tester
by iamthetonyb
Blocks registration if security scan fails
azure-app-service-security
by seligj95
Secure Azure App Service applications with authentication, Managed Identity, Key Vault integration, network restrictions, and compliance configurations. Use when implementing authentication (Easy Auth), configuring Managed Identity, integrating Key Vault secrets, setting up access restrictions, or hardening App Service security posture.
aws-solution-architect
by TriNgo0108
Master AWS solution architecture covering Well-Architected Framework, service selection, high availability, security, cost optimization, and cloud-native design patterns. Use PROACTIVELY for AWS architecture decisions, cloud migrations, security reviews, or cost optimization.
Ethical Hacking Methodology
by jcastillotx
This skill should be used when the user asks to "learn ethical hacking", "understand penetration testing lifecycle", "perform reconnaissance", "conduct security scanning", "exploit vulnerabilities", or "write penetration test reports". It provides comprehensive ethical hacking methodology and techniques.
systemd-units
by rcgsheffield
Create and harden systemd service unit files following modern best practices. Use when writing new systemd units for web applications, background workers, or daemons, or when hardening existing services with security sandboxing and isolation features. Covers service types, dependencies, restart policies, security options, and filesystem restrictions.
configuring-image-optimization
by djankies
Teach image optimization configuration changes in Next.js 16. Use when configuring images, troubleshooting image loading, or migrating image settings.
keyenv-scan
by keyenv
Scan codebases for hardcoded secrets and credentials using KeyEnv's built-in scanner. Use when the user wants to find leaked API keys, passwords, tokens, or private keys in their code, or set up a pre-commit hook to prevent secret commits.