Loading...
Loading...
Found 230 Skills
Use when reviewing code for bugs, security issues, race conditions, N+1 queries, trust boundary violations, or any pre-merge quality check
Use this skill to audit existing table permissions on a Power Pages site. Trigger examples: "audit permissions", "check permissions", "review table permissions", "are my permissions correct", "permission security audit", "verify permissions setup", "check for permission issues", "permission health check". This skill analyzes existing table permissions against the site code and Dataverse metadata, generates an HTML audit report with findings grouped by severity (critical, warning, info, pass), and suggests fixes for any issues found.
Use when researching, compiling, or assessing best practices for any AWS service, building HA/DR/security checklists from official AWS documentation, or checking whether live AWS resources follow official recommendations. Requires aws-knowledge-mcp-server. Triggers on "best practices", "compile checklist", "summarize HA/DR best practices", "what are the best practices for", "find all best practices", "check my cluster", "audit my redis", "assess my redis", "assessment", "是否符合最佳实践", "检查现有资源", "查找最佳实践", "编译检查清单", "总结最佳实践", "帮我查找", "汇总成表", "帮我检查", "审计一下", "评估一下".
Local pentest sandbox for a full black-box engagement. Triggers on "kage", "pentest", "security audit on", "audit the security of". Runs recon, deep testing, exploit verification, and judging inside a per-engagement Kali Docker container. Each host working directory gets its own isolated sandbox. Produces `./results/<target>/audit-report.md`.
[Hyper] Use when working on TanStack Start projects and the task involves auth, sessions, cookies, CSRF, secrets, env exposure, server functions/routes, headers/CSP, webhooks, or security review/fixes. Triggers on protecting routes, hardening auth flows, preventing secret leaks, securing server boundaries, or reviewing HTTP/security behavior in a TanStack Start app.
Authenticated (credentialed) vulnerability scanning uses valid system credentials to log into target hosts and perform deep inspection of installed software, patches, configurations, and security sett
Run Salesforce Code Analyzer to scan code for security, performance, best practice, and code style violations. Supports all engines (PMD, ESLint, CPD, RetireJS, Flow, SFGE, ApexGuru), targets (files, folders, git diff), categories, and severities. TRIGGER when: user says 'scan my code', 'check for security issues', 'run PMD/ESLint', 'find duplicates', 'analyze Flows', 'check vulnerable libraries', 'AppExchange review', 'lint my LWC', 'static analysis', 'code quality', or mentions engines/file types (.cls, .trigger, .js, .flow-meta.xml). DO NOT TRIGGER when: user wants to fix code without scanning, or asks about installation/configuration.
Quality assurance specialist for security, performance, accessibility, and comprehensive testing
Reverse engineer binaries using Ghidra's headless analyzer. Decompile executables, extract functions, strings, symbols, and analyze call graphs without GUI.
Android/Kotlin 코드를 리뷰하고 개선점을 제안합니다. 코드 리뷰, 안드로이드 리뷰, Kotlin 리뷰 요청 시 사용됩니다.
REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues.
OWASP Top 10 security vulnerabilities and mitigations. Use when conducting security audits, implementing security controls, or reviewing code for common vulnerabilities.