Security
Security scanning and vulnerability detection
skill-evaluator
by alterxyz
Evaluate Agent Skills against agentskills.io specification with three progressive modes and smart visual reports. (1) Static Analysis - SKILL.md-only review for quality and spec compliance, outputs score /60. (2) Semi-Static Analysis - adds environment and user fit assessment without execution, outputs score /100. (3) Full Analysis - complete evaluation with security scanning, trigger testing, and dynamic verification, outputs score /130. Supports Bento-ready JSON report output for visual dashboards with auto-scaling blocks based on issue severity. Trigger phrases include "evaluate skill", "review skill", "audit skill", "is this skill good", "should I use/install this skill", "skill quality check", "rate this skill", "score this skill", "bento report", "visual report", "技能评估", "评测 skill", "审核 skill", "可视化报告".
interview
by takuan-osho
Conduct structured interviews to gather requirements, clarify specifications, or understand context. This skill should be used when starting a new task that requires understanding user intent, requirements, technical specifications, or context. It supports various interview types including requirements definition, debugging investigation, architecture review, and general information gathering.
clawhub-scanner
by elvatis
"Scan installed ClawHub skills for malware, credential theft, prompt injection, and security risks. Detects known C2 infrastructure, obfuscated payloads, and data exfiltration patterns from the ClawHavoc campaign."
everclaw
by profbernardoj
Open-source first AI inference — GLM-5 as default, Claude as fallback only. Own your inference forever via the Morpheus decentralized network. Stake MOR tokens, access GLM-5, GLM-4.7 Flash, Kimi K2.5, and 30+ models with persistent inference by recycling staked MOR. Open-source first model router routes all tiers to Morpheus by default — Claude only kicks in as an escape hatch when needed. Includes Morpheus API Gateway bootstrap for zero-config startup, OpenAI-compatible proxy with auto-session management, automatic retry with fresh sessions, OpenAI-compatible error classification to prevent cooldown cascades, multi-key auth rotation v2 with proactive DIEM balance monitoring and reactive 402 watchdog, Gateway Guardian v5 with direct curl inference probes (eliminates Signal spam), proactive Venice DIEM credit monitoring, circuit breaker for stuck sub-agents, nuclear self-healing restart, always-on proxy-router with launchd auto-restart, smart session archiver, three-shift cyclic execution engine (v2 with 15-minute execution loops), 24/7 always-on power configuration for macOS, bundled security skills, zero-dependency wallet management via macOS Keychain, x402 payment client for agent-to-agent USDC payments, ERC-8004 agent registry reader for discovering trustless agents on Base, and hardware-aware local Ollama fallback with auto model selection (Qwen3.5 family, 1.5B–72B based on available RAM/GPU).
helmet-config-generator
by ehtbanton
Generate Helmet.js security middleware configuration for Express applications. Triggers on "create helmet config", "generate helmet configuration", "express security headers", "helmet setup".
codex-autoresearch
by luizgustavo22
"Autonomous long-running iteration for Codex CLI. Use when the user wants Codex to plan or run an unattended improve-verify loop toward a measurable or verifiable outcome, especially for overnight runs; it also covers repeated debugging, fixing, security auditing, and ship-readiness workflows. Do not use for ordinary one-shot coding help or casual Q&A."
backend-principle-eng-java-pro-max
by PrakharMNNIT
"Principal backend engineering intelligence for Java services and distributed systems. Actions: plan, design, build, implement, review, fix, optimize, refactor, debug, secure, scale backend code and architectures. Focus: correctness, reliability, performance, security, observability, scalability, operability, cost."
openclaw-ops
by ImL1s
OpenClaw 運維全指南 — 安裝設定、模型管理、遷移、cron 任務、安全檢查、除錯。當需要管理、遷移、排錯 OpenClaw 時使用此 skill。觸發關鍵字:"OpenClaw 設定", "OpenClaw 遷移", "Gateway 管理", "cron 任務", "模型設定", "Telegram bot", "OpenClaw 安全檢查"。
ogt-docs-audit
by OpenDNDApps
Run audits on documentation and project health. Routes to specialized audit sub-skills for tasks, definitions, rules, and codebase consistency. Use when reviewing project health, validating documentation, or checking for drift.
scan
by rozwer
Security scan SKILL.md files. Two-phase: static pattern matching + AI contextual review.
deep-audit
by shantoislamdev
Universal security and robustness scanner for any codebase. Use when auditing code for vulnerabilities, security issues, bugs, or robustness problems. Automatically detects tech stack, creates custom audit plans, and performs recursive deep analysis.
sharp-edges
by aleister1102
"Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes. Use when reviewing API designs, configuration schemas, cryptographic library ergonomics, or evaluating whether code follows 'secure by default' and 'pit of success' principles. Triggers: footgun, misuse-resistant, secure defaults, API usability, dangerous configuration."
security-review
by pmco23
Use after build is complete to scan for OWASP Top 10 vulnerabilities. Checks injection, authentication, authorization, data exposure, and misconfiguration risks. Requires .pipeline/build.complete.