Security
Security scanning and vulnerability detection
generating-nest-servers
by lenneTech
Handles ALL NestJS and @lenne.tech/nest-server development tasks including module creation, service implementation, controller/resolver development, model definition, and debugging. Activates when working with src/server/ files, NestJS modules, services, controllers, resolvers, models, DTOs, guards, decorators, or REST/GraphQL endpoints. Supports monorepos (projects/api/, packages/api/). Covers lt server commands, @Roles/@Restricted security, CrudService patterns, and API tests. NOT for nest-server version updates (use nest-server-updating). NOT for TDD workflow orchestration (use building-stories-with-tdd).
saas-agent-toolkit
by hexbee
Design agent-usable SaaS tool systems using six reusable tool shapes (Search, Summarize, Draft, Update, Notify, Approve) plus connectors and policy guardrails. Use when turning SaaS features into reliable agent actions with clear contracts, permissions, audit trails, and approval gates.
everclaw
by profbernardoj
Open-source first AI inference — GLM-5 as default, Claude as fallback only. Own your inference forever via the Morpheus decentralized network. Stake MOR tokens, access GLM-5, GLM-4.7 Flash, Kimi K2.5, and 30+ models with persistent inference by recycling staked MOR. Open-source first model router routes all tiers to Morpheus by default — Claude only kicks in as an escape hatch when needed. Includes Morpheus API Gateway bootstrap for zero-config startup, OpenAI-compatible proxy with auto-session management, automatic retry with fresh sessions, OpenAI-compatible error classification to prevent cooldown cascades, multi-key auth rotation v2 with proactive DIEM balance monitoring and reactive 402 watchdog, Gateway Guardian v5 with direct curl inference probes (eliminates Signal spam), proactive Venice DIEM credit monitoring, circuit breaker for stuck sub-agents, nuclear self-healing restart, always-on proxy-router with launchd auto-restart, smart session archiver, three-shift cyclic execution engine (v2 with 15-minute execution loops), 24/7 always-on power configuration for macOS, bundled security skills, zero-dependency wallet management via macOS Keychain, x402 payment client for agent-to-agent USDC payments, ERC-8004 agent registry reader for discovering trustless agents on Base, and hardware-aware local Ollama fallback with auto model selection (Qwen3.5 family, 1.5B–72B based on available RAM/GPU).
_workflow-security-audit
by TriNgo0108
Process for conducting system security reviews and remediating vulnerabilities. Follow the phases sequentially.
skill-validator
by prulloac
Validate agent skills for correctness, readability, workflow clarity, and isolation, ensuring they can be installed independently without dependencies on other skills.
anti-reversing-techniques
by yunaamelia
"Understand anti-reversing, obfuscation, and protection techniques encountered during software analysis. Use when analyzing protected binaries, bypassing anti-debugging for authorized analysis, or u..."
code-review
by IchenDEV
代码审查流程,系统化分析代码质量、安全性和最佳实践
security-analyst
by paixaop
"Use when the user wants a security audit, penetration test, threat model, vulnerability hunt, security fix plan, SBOM, compliance mapping, privacy assessment, or security posture comparison between runs."
typescript-security-review
by bromanko
This skill should be used when the user asks for "security review", "vulnerability scan", "audit TypeScript security", "security audit", "find vulnerabilities", "check for security issues", or wants a deep security analysis of TypeScript code including input validation, auth boundaries, and dependency risks.
clawguard
by jugaad-lab
Security blacklist protecting AI agents from malicious skills, scams, and prompt injection. Use before executing external commands, visiting unknown URLs, or installing new skills. Triggers on "security check", "is this safe", "check this URL", or suspicious command patterns.
nchan-expert
by tailuge
Expert guidance for Nchan, a scalable pub/sub server for Nginx. Use this skill when you need to configure Nchan endpoints (publisher/subscriber), set up horizontal scaling with Redis, implement security patterns (authorization, X-Accel-Redirect), or troubleshoot Nchan performance and metrics.
fortify-scdast
by crance
ScanCentral DAST guide for MCP tools. Run dynamic application security testing (DAST) scans, list and filter scan results, discover scan settings and policies, and manage web application security scanning using Fortify ScanCentral DAST. Triggers include any mention of 'SC-DAST', 'ScanCentral DAST', 'DAST scan', 'web scan', 'dynamic scan', 'run DAST scan', 'list scans', and similar requests indicating interaction with SC-DAST for dynamic application security scanning.
apple-platform-versions
by antgly
Use ONLY to resolve Apple OS baselines for code and documentation for minimum deployment target, API/SDK availability, #available/@available, “latest/current” docs, or Sequoia (macOS 15) vs Tahoe (macOS 26.x) baseline corrections.
skill-auditor
by DevGuyRash
Perform structured, reproducible audits of agent skills — testing mechanical correctness, agent usability, output quality, context efficiency, EARS compliance, prompt complexity, multi-agent coordination, audit convergence (reproducibility across runs), finding divergence (specificity and tailoring), AGENTS.md adherence (rule absorption verification), documentation/runtime staleness drift detection, CLI discoverability helper coverage, idempotency, error recovery, and credential safety. Covers 25 audit domains (D1–D25) with confidence-scored findings at every level. Use when (1) auditing or health-checking a skill end-to-end, (2) verifying AGENTS.md adherence, audit convergence, or finding divergence, or (3) validating scripts, CLIs, context/token footprint, EARS requirement syntax, prompt complexity, name consistency, dispatch prompt quality, or structured confidence-scored audit reports.
go-developer
by wizact
Go development best practices - clean architecture, testing, security, and idiomatic patterns for production-ready code
quality-manager-qms-iso13485
by nimeshgurung
ISO 13485 Quality Management System specialist for medical device companies. Provides QMS implementation, maintenance, process optimization, and compliance expertise. Use for QMS design, documentation control, management review, internal auditing, corrective actions, and ISO 13485 certification activities.
Security Scanner
by BizShuk
Scan workspace for potential security risks including exposed passwords, API keys, tokens, and other sensitive data
repo-security-audit
by WyrdWerk
Quick security checklist for evaluating GitHub repos and npm packages before/after installation. For non-coders and users. Heavy details live in references/.
code-reviewer
by oyi77
Professional code review skill. Review local changes or PRs for correctness, maintainability, and best practices. Based on playbooks.com community skill.
subscription-audit
by Andy160675
Audit IT, AI, and SaaS subscription fees by searching Gmail and Slack for receipts, invoices, and billing notifications. Use when asked to find subscriptions, audit recurring charges, identify software costs, review SaaS spending, or compile a subscription fee report.
seo-audit
by alexwelcing
Conduct comprehensive SEO audits and provide actionable recommendations
homescout-ingest
by nick-neely
Analyze Homescout output directories (current.json, history/.jsonl(.gz), speedtests.jsonl, speedtests/.jsonl(.gz)) with CLI tools like jq/rg/awk to answer questions about device presence, outages, scan stats, or speedtest trends. Use when an agent needs to ingest Homescout outputs, especially from remote/Tailscale/Taildrive output paths.
security-review
by htooayelwinict
Audit code for security vulnerabilities using OWASP Top 10 guidelines. Use for security audits, pre-deployment checks, authentication reviews, or when checking for XSS, SQL injection, CSRF, or authorization issues. EXCLUSIVE to security-expert agent.
security-agent-efficiency
by aleister1102
Use when running a full security audit of an arbitrary source code repository. Orchestrates a 9-phase workflow combining advisory intelligence, patch bypass analysis, knowledge base construction, SAST, spec gap analysis, deep bug hunting, false positive elimination, and variant analysis. Triggers on "audit this repo", "run a full security audit", "find vulnerabilities in this codebase", "check for security issues", "is this secure?", "run the security agents", or any request combining advisory regression, SAST, and manual review.