Loading...
Loading...
Found 2,006 Skills
Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), container security scanning, dependency vulnerability management, and common vulnerability tools (Snyk, Trivy, OWASP ZAP, SonarQube)
Comprehensive security auditor for AI agent skills, prompts, and instructions. Checks for typosquatting, dangerous permissions, prompt injection, supply chain risks, and data exfiltration patterns — before you use any agent or skill.
Use when the user explicitly requests security best practices guidance, a security review or report, or secure-by-default coding help for Python, JavaScript or TypeScript, or Go code.
Install the full development workflow into a Claude Code project: slash commands for breakdown, spec, work, commit, review, PR, security scanning, and issue triage; agents for architecture, implementation, quality review, and git management. Run this after the greenfield or brownfield skill has set up the project foundation. Trigger phrases: "/workflow", "install workflow", "set up commands", "set up agents", "install breakdown and work commands", "configure my workflow", "install the development workflow".
Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization, rate limiting, input validation, and business logic. The tester uses the OWASP API Security Top 10 as the testing framework, combining Burp Suite interception with Postman collections and custom scripts to test endpoint security at every privilege level. Activates for requests involving API security testing, REST API pentest, GraphQL security assessment, or API vulnerability testing.
Build effective detection rules using Splunk Search Processing Language (SPL) correlation searches to identify security threats in SOC environments.
129 practical Oracle Database and Oracle Container Registry reference guides covering SQL/PL/SQL development, performance tuning (AWR, ASH, explain plan, indexes, wait events, memory), security (TDE, VPD, auditing, network), administration (RMAN, Data Guard, undo/redo, users), monitoring, architecture (RAC, CDB/PDB, Exadata, In-Memory, OCI), DevOps (Liquibase, Flyway, utPLSQL, EBR), migrations from Postgres/MySQL/SQL Server/MongoDB/Snowflake/Redshift/DB2, PL/SQL development (packages, cursors, collections, unit testing, debugging), Oracle features (AQ, DBMS_SCHEDULER, materialized views, APEX), SQLcl (basics, scripting, Liquibase, MCP server, CI/CD), ORDS (architecture, authentication, AutoREST, REST API design, PL/SQL gateway), and Oracle Container Registry images. Use for any Oracle DB question, ORA- errors, DBMS_ packages, v$ views, Oracle tooling, ORDS REST APIs, SQLcl commands, or Oracle container images. Always consult this skill before answering Oracle-specific questions.
Detects and prevents code injection attacks targeting serverless functions (AWS Lambda, Azure Functions, Google Cloud Functions) through event source poisoning, malicious layer injection, runtime command execution, and IAM privilege escalation via function modification. The analyst combines static analysis of function code, CloudTrail event correlation, runtime behavior monitoring, and IAM policy auditing to identify injection vectors across the expanded serverless attack surface including API Gateway, S3, SQS, DynamoDB Streams, and CloudWatch event triggers. Activates for requests involving Lambda security assessment, serverless injection detection, function event poisoning analysis, or serverless privilege escalation investigation.
NestJS best practices and architecture patterns for building production-ready applications. This skill should be used when writing, reviewing, or refactoring NestJS code to ensure proper patterns for modules, dependency injection, security, and performance.
Use when users ask how to write, explain, customize, migrate, secure, or troubleshoot GitHub Actions workflows, workflow syntax, triggers, matrices, runners, reusable workflows, artifacts, caching, secrets, OIDC, deployments, custom actions, or Actions Runner Controller, especially when they need official GitHub documentation, exact links, or docs-grounded YAML guidance.
gws CLI: Shared patterns for authentication, global flags, and output formatting.
Security-first vetting for OpenClaw skills. Use before installing any skill from ClawHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.