Security
Security scanning and vulnerability detection
nodejs
by kprsnt2
Node.js server development patterns including async patterns, error handling, and security best practices.
sdlc-autopilot
by mrqureshi95
Full software development lifecycle orchestrator for ANY coding task. Triggers on ALL code changes — bug fixes, features, refactors, improvements, performance, security fixes, API changes, UI changes, database changes, config changes, new files, deletions, or any request to modify, create, fix, build, or ship code. This skill should activate FIRST on every coding prompt to orchestrate the full pipeline — understand, plan, implement, test, audit, guard against recurrence, and ship. It automatically discovers and delegates to other installed skills for domain expertise.
maintaining-npm-packages
by lenneTech
Analyzes and optimizes npm package dependencies. Handles outdated packages, npm audit findings, security vulnerabilities, dependency updates, unused dependency removal, and devDependencies recategorization. Recommends the lt-dev:npm-package-maintainer agent via /maintain commands. Activates for "update packages", "npm audit", "check dependencies", "security fix", or package.json optimization. NOT for @lenne.tech/nest-server version updates (use nest-server-updating).
maui-authentication
by Rimblehelm
A brief description of what this skill does
fp-check
by aleister1102
"Systematically verifies suspected security bugs to eliminate false positives. Produces TRUE POSITIVE or FALSE POSITIVE verdicts with documented evidence for each bug."
mac-cleanup
by jwa91
"Interactive macOS system cleanup for any dev machine. Frees disk space by pruning caches, package managers, unused apps, stale dev artifacts, and more. Discovers what's installed rather than assuming a specific setup. Always consults the user before deleting anything. Use when the user asks to: clean up their Mac, free disk space, remove unused apps, prune caches, clean developer artifacts, or any disk space maintenance task."
issue-triage
by aleister1102
Use when triaging GitHub security issues — fetch issues by number or range, classify as false positive or true positive, assess bypass potential, and then label and close each issue with a brief comment. Triggers on "validate issue N", "triage issues 189-199", "check if issue is exploitable", "close false positive issues".
bug-hunter
by isdvsv
"Adversarial bug hunting with a sequential-first pipeline (Recon, Hunter, Skeptic, Referee) that can optionally use safe read-only parallel triage. Finds, verifies, and auto-fixes real bugs by default (with --scan-only opt-out) using checkpointed verification and resume state for large codebases. Use this skill whenever the user wants bug finding, security audits, regression checks, or code review focused on runtime behavior."
fortify-scsast
by crance
ScanCentral SAST guide for MCP tools. Package source code, run SAST scans on ScanCentral sensors, monitor scan progress, and retrieve results from SSC.
solution-architect
by Nsairat
Persona and expertise framework for a senior Solution Architect with 15+ years of experience designing enterprise-scale systems. Deep expertise in cloud architecture (AWS, Azure, GCP), system integration, API design, data architecture, security patterns, and translating business requirements into technical solutions. Use this skill for: system design, architecture reviews, technology selection, cloud migration, integration strategy, scalability planning, security architecture, vendor evaluation, or technical due diligence. Triggers include: solution architecture, system design, enterprise architecture, cloud architecture, integration patterns, API strategy, technical requirements, architecture decision records, migration planning, scalability design.
saferun
by Cocabadger
Safety guardrails for AI agents. Classifies shell commands as BLOCK, ASK, or ALLOW before execution. Prevents dangerous operations like force pushes, recursive deletes, and credential destruction. Works automatically — no configuration needed.
Have I Been Clawned?
by wadim
The known-malicious skills list and CVE version checks are updated regularly. To suggest additions, open an issue with the source reference.
senior-secops
by nimeshgurung
Comprehensive SecOps skill for application security, vulnerability management, compliance, and secure development practices. Includes security scanning, vulnerability assessment, compliance checking, and security automation. Use when implementing security controls, conducting security audits, responding to vulnerabilities, or ensuring compliance requirements.
campaign-assembly
by tonyflo79
Assemble all drafted sections into a cohesive, polished full campaign draft. Use after all upstream drafting skills (10-18) are complete and you need to combine headline, lead, story, root-cause narrative, mechanism narrative, product introduction, offer copy, close, and proof blocks into a unified document. Writes only transition language and ensures threading consistency — does NOT draft new copy. Produces the assembled campaign draft with transition verification, threading audit, and drift report. Trigger when users mention campaign assembly, full draft assembly, section integration, draft compilation, or putting it all together. Requires all upstream drafts from Skills 10-18.
audit-site
by Crawlio-app
Use this skill when the user asks to "audit a site", "analyze a website", "review a site", "site health check", or wants a comprehensive analysis including technology stack, issues, and recommendations. Orchestrates a full crawl, enrichment capture, observation analysis, and findings report.
nehemiah-security
by christopheraaronhogg
Provides expert security analysis, vulnerability assessment, and threat modeling. Use for security reviews, OWASP analysis, auth/authorization assessment, compliance posture, or attack surface analysis. Produces consultant-style reports with prioritized remediation recommendations — does NOT write implementation code.
code-review
by TriNgo0108
Automated code review checklist. Use when reviewing PRs or code changes.
flow
by bvinci1-design
Intelligent skill orchestrator that compiles natural language requests into secure, reusable workflows
audit-website
by kunhai-88
"使用 squirrelscan CLI(squirrel)对网站进行审计,覆盖 SEO、技术、内容、性能、安全等 140+ 规则。当需要分析网站健康、排查技术 SEO、检查死链、校验 meta 与结构化数据、生成站点审计报告、对比改版前后,或提到「网站审计」「audit website」「squirrel」「站点健康检查」时使用。"
security-audit
by Nomik94
프로젝트 보안 패턴, JWT 인증, RBAC, 예외 처리 레퍼런스. Use when: 로그인 구현, 인증 구현, JWT 토큰 발급, 액세스 토큰, 리프레시 토큰, Refresh Token Rotation, 토큰 블랙리스트, Redis 토큰 저장소, 권한 관리, RBAC 설정, 역할 기반 접근제어, require_roles, Role vs UserRole, 예외 처리 설계, UnauthorizedException, ForbiddenException, mappings.py, 패스워드 해싱, 비밀번호 암호화, bcrypt, HashedPassword, 보안 점검, 보안 체크리스트, 취약점 확인, OWASP, 코드 감사, CORS 설정, rate limiting, 에러 응답에 민감정보 노출. NOT for: 일반적인 HTTP 상태코드 의미, OAuth2 프로바이더 연동.
domain-iot
by lywa1998
"Use when building IoT apps. Keywords: IoT, Internet of Things, sensor, MQTT, device, edge computing, telemetry, actuator, smart home, gateway, protocol, 物联网, 传感器, 边缘计算, 智能家居"
security
by Alicoder001
Security best practices for web applications. Use when handling user input, authentication, or sensitive data. Covers XSS, SQL injection, CSRF, environment variables, and secure coding patterns.
translating-project
by Lionad-Morotar
Project Translator Skill - Batch translate project docs and codes,包括管理术语表等功能。
role-reviewer
by teodevlor
Activate Code Reviewer mode for code review and quality assurance. Use when reviewing code for bugs, security issues, or optimization opportunities.