Security

tech-debt-report

by IHKREDDY

Find TODOs, deprecated APIs, and outdated patterns in codebase

convex

by MichaelFisher1997

Umbrella skill for all Convex development patterns. Routes to specific skills like convex-functions, convex-realtime, convex-agents, etc.

backend-principle-eng-typescript-pro-max

by PrakharMNNIT

"Principal backend engineering intelligence for TypeScript services. Actions: plan, design, build, implement, review, fix, optimize, refactor, debug, secure, scale backend code and architectures. Focus: correctness, reliability, performance, security, observability, scalability, operability, cost."

dependency-updater

by VisualxIntelligence

Smart dependency management for any language. Auto-detects project type, applies safe updates automatically, prompts for major versions, diagnoses and fixes dependency issues.

code-review

by IHKREDDY

Performs comprehensive code reviews following industry best practices. Use when reviewing pull requests, code changes, or when asked to analyze code quality, security, performance, or maintainability. Checks for common bugs, security vulnerabilities, code smells, and adherence to coding standards.

spec-to-code-compliance

by aleister1102

Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against whitepapers, finding gaps between specs and implementation, or performing compliance checks for protocol implementations.

OWASP Top 10 Security Reviewer

by nguyenhuy158

```

SkillSync MCP — Security-Gated Skill Manager

by Glowboth

Critical threats (prompt injection, RCE, credential theft) permanently block installation. Medium/high risk requires explicit force: true. All output is sanitized against prompt injection.

tool-gdelt-news

by captaindpt

Use the gdelt_news tool to fetch recent headlines via GDELT (free) with shared caching, rate limiting, and basic query normalization.

advanced-skill-creator

by YPYT1

Advanced OpenClaw skill creation handler that executes the official 5-step research flow with comprehensive analysis and best practices. Ensures proper methodology when users request to create or modify OpenClaw/Moltbot/ClawDBot skills following official standards.

immunis

by greatnorthernfishguy-hub

security-review

by HerbHall

Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing sensitive features. Provides comprehensive security checklist and patterns.

laravel-best-practices

by jcastillotx

Laravel development standards. Triggers when working with Laravel applications, Eloquent ORM, Blade templates, or Livewire components.

ai-writing-audit

by iamkaf

Use when the user asks to "audit AI writing", "remove AI patterns", "make this sound less AI", "un-AI this text", or similar requests to identify/remove AI-generated writing patterns.

action-item-organizer

by slurpyb

Systematic framework for extracting actionable items from documents and

attack-tree-construction

by aiagentskills

Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.

code-reviewer

by darrenrolf0481-ship-it

Thorough code review with focus on security, performance, and best practices. Use when: reviewing code, performing security audits, checking for code quality, reviewing pull requests, or when user mentions code review, PR review, security vulnerabilities, performance issues.

AppSec Engineer

by anorbert-cmyk

Application Security Engineer preventing vulnerabilities and enabling secure development.

security

by ruchernchong

Run security audit with GitLeaks pre-commit hook setup and code analysis

securebydesign

by ahmed9500070

Enforce security-by-design in every line of code, architecture decision, and system recommendation. Activate whenever the user is: building an app, writing code, designing an API, setting up infrastructure, integrating an LLM, reviewing code, planning a deployment, or asking about authentication, data storage, or external service integration. Do not wait to be asked. Proactively flag security issues and apply these guidelines.

qa

by pmco23

Use after /build to run the full post-build QA pipeline. Supports --parallel (all audits simultaneously) or --sequential (denoise → qf → qb → qd → security-review in order). Requires .pipeline/build.complete.

opencode-config-audit

by markfred5377

Comprehensive configuration audit skill for OpenCode desktop application. Detects configuration errors, security issues, duplicate files, and optimization opportunities. Supports self-check of installed skills.

python-backend-development

by lct1407

Generate Python FastAPI code following project design patterns. Use when creating models, schemas, repositories, services, controllers, database migrations, authentication, or tests. Enforces layered architecture, async patterns, OWASP security, and Alembic migration naming conventions (yyyymmdd_HHmm_feature).

yandex-cloud-cli

by elsvv

Manage Yandex Cloud infrastructure via the yc CLI. Use when the user asks to create, configure, manage, or troubleshoot any Yandex Cloud resource: VMs, disks, networks, security groups, databases (PostgreSQL, MySQL, ClickHouse, Redis/Valkey, MongoDB, OpenSearch, Greenplum, Kafka), Kubernetes, serverless functions/containers, S3 storage, CDN, load balancers, Lockbox secrets, KMS, certificates, DNS, container registry, DataProc, Data Transfer, logging, audit trails, organizations, WAF, or any other YC service. Triggers: Yandex Cloud, yc CLI, YC, managed-postgresql, managed-kubernetes, compute instance, serverless function, vpc network, alb, lockbox, yandex cloud.