Security
Security scanning and vulnerability detection
Burp Suite Web Application Testing
by jcastillotx
This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing.
code-review
by uwe-schwarz
Comprehensive code review guidelines for ensuring code quality, security, and maintainability. Use when reviewing pull requests, refactoring code, or ensuring best practices.
Pentest Commands
by jcastillotx
This skill should be used when the user asks to "run pentest commands", "scan with nmap", "use metasploit exploits", "crack passwords with hydra or john", "scan web vulnerabilities with nikto", "enumerate networks", or needs essential penetration testing command references.
repo-scan-2-jira
by ReGYChang
Scan a repo scope for actionable work items (bugs, TODO/FIXME, doc inconsistencies, performance/maintainability risks) and emit Jira-ready issues in a strict JSON schema. Use when asked to scan a specific module/path/page/route and produce evidence-backed Jira tickets.
reviewing-server-actions
by djankies
Review Server Actions for security, validation, and best practices in React 19. Use when reviewing forms, mutations, or server-side logic.
ai-prompt-engineering-safety-review
by williamlimasilva
'Comprehensive AI prompt engineering safety review and improvement prompt. Analyzes prompts for safety, bias, security vulnerabilities, and effectiveness while providing detailed improvement recommendations with extensive frameworks, testing methodologies, and educational content.'
quick
by pmco23
Use when implementing small features, bug fixes, typo corrections, config tweaks, or any well-understood change that does not require the full pipeline. Completely independent of the brief/design/review/plan/build/qa flow. Use --deep to escalate to Opus for trickier problems.
design-hig-principles
by jacoblewisau
Audit iOS/macOS UI against Apple Human Interface Guidelines. Provides context-aware, multi-perspective feedback on colors, typography, layout, accessibility, and platform conventions.
csp-header-generator
by ehtbanton
Generate Content Security Policy (CSP) header configurations for web security. Triggers on "create csp header", "generate content security policy", "csp config", "security headers".
code-audit
by lukhanteanini21-glitch
Professional code security audit skill covering 55+ vulnerability types. Enhanced with WooYun 88,636 real-world vulnerability cases (2010-2016). This skill should be used when performing security audits, vulnerability scanning, penetration testing preparation, or code review for security issues. Supports 9 languages: Java, Python, Go, PHP, JavaScript/Node.js, C/C++, .NET/C#, Ruby, Rust. Includes 143 mandatory detection items across all languages with language-specific checklists. Covers SQL injection, XSS, RCE, deserialization, SSRF, JNDI injection, JDBC protocol injection, authentication bypass, business logic flaws, race conditions, and modern security domains (LLM, Serverless, Android). WooYun integration adds: statistical-driven parameter priority, bypass techniques library, logic vulnerability patterns, and real-case references. v1.0: Initial public release with Docker deployment verification framework.
marketing-os
by ideola-ai
Complete AI agent system for social media content marketing workflow. Use when user wants to create content briefs, plan content calendars, generate social media content assets, plan ad campaigns, or audit existing ad performance. Includes 5 integrated skills: brief (research-backed strategy), content-plan (calendar + ClickUp tasks), content-create (ready-to-use content), campaign (paid media strategy), and ads-audit (comprehensive ads audit).
adversarial-reasoning
by kimasplund
Stress-test solutions using the STRIKE framework. Systematically attack proposals to find weaknesses before deployment.
agent-guardrails
by GaBySuGy
"Stop AI agents from secretly bypassing your rules. Mechanical enforcement with git hooks, secret detection, deployment verification, and import registries. Born from real production incidents: server crashes, token leaks, code rewrites. Works with Claude Code, Clawdbot, Cursor. Install once, enforce forever."
pwn-exploit
by xuziqiang98
Comprehensive binary exploitation techniques covering stack overflow, format string, heap exploitation, integer overflow, and advanced exploitation methods. Use when working on CTF challenges, binary vulnerability analysis, exploit development, or debugging memory corruption vulnerabilities in Linux binaries (x86/x64).
react-doctor
by Jackiexiao
Run after making React changes to catch issues early. Use when reviewing code, finishing a feature, or fixing bugs in a React project.
review
by thanhnk1602
Review code changes for quality, patterns, and Acme standards compliance
WSTG Test Planner
by anorbert-cmyk
Web Security Test Planner generating systematic, prioritized security testing plans based on OWASP WSTG.
security-check
by iulspop
Security audit for web applications based on OWASP Top 10 and common vulnerabilities. Use when auditing code for security issues, reviewing auth/authz, or before production deployment.
dast
by simplerick0
Security reviewer specializing in Dynamic Application Security Testing - analyzing running application behavior and runtime vulnerabilities. Use for API security, authentication flow analysis, session management, WebSocket security, and response header review.
security-analysis
by kimasplund
Security assessment using STRIDE threat modeling, OWASP Top 10, and CVSS scoring. Use for security reviews, threat modeling, and secure coding guidance.
Fullstack Web Engineer
by anorbert-cmyk
World-class Full-Stack Web Engineer and Tech Lead focusing on security, accessibility, performance, and maintainability.
senior-security
by nimeshgurung
Comprehensive security engineering skill for application security, penetration testing, security architecture, and compliance auditing. Includes security assessment tools, threat modeling, crypto implementation, and security automation. Use when designing security architecture, conducting penetration tests, implementing cryptography, or performing security audits.
mobb-vulnerabilities-fixer
by jonathansantilli
Scan, fix, and remediate security vulnerabilities in a local code repository using Mobb MCP/CLI. Use when the user asks to scan for vulnerabilities, run a security check, auto-fix issues, remediate findings, or apply Mobb fixes (e.g., \"scan this repo\", \"fix security issues\", \"remediate vulnerabilities\", \"run Mobb on my changes\").
ue5-blueprint-audio
by koshimazaki
Unreal Engine 5 Blueprint audio specialist. Use when working with Blueprint audio logic, game event detection, parameter wiring, audio components, scanning blueprints for audio nodes, listing project assets, or connecting game state to audio systems via UE5.