Loading...
Loading...
Found 2,245 Skills
Detect exposed secrets, API keys, credentials, and tokens in code. Use before commits, on file saves, or when security is mentioned. Prevents accidental secret exposure. Triggers on file changes, git commits, security checks, .env file modifications.
Database security, access control, and data protection
Analyze git repositories to build a security ownership topology (people-to-file), compute bus factor and sensitive-code ownership, and export CSV/JSON for graph databases and visualization. Trigger only when the user explicitly wants a security-oriented ownership or bus-factor analysis grounded in git history (for example: orphaned sensitive code, security maintainers, CODEOWNERS reality checks for risk, sensitive hotspots, or ownership clusters). Do not trigger for general maintainer lists or non-security ownership questions.
Review code for Government of Canada authentication and identity management compliance. Checks OIDC implementations, session security, scope minimization, logout handling, and RBAC integration against ITSG-33 and TBS security standards.
Configure host-based firewalls (iptables, nftables, UFW) and cloud security groups (AWS, GCP, Azure) with practical rules for common scenarios like web servers, databases, and bastion hosts. Use when exposing services, hardening servers, or implementing network segmentation with defense-in-depth strategies.
Validate TypeScript/JavaScript code quality with ESLint, Prettier, type checking, and security analysis. Use for TypeScript/JS codebases to ensure code quality and standards.
This skill should be used when the user asks to "scan for PHI", "detect PII", "HIPAA compliance check", "audit for protected health information", "find sensitive healthcare data", "generate HIPAA audit report", "check code for PHI leakage", "scan logs for PHI", "check authentication on PHI endpoints", "scan FHIR resources", "check HL7 messages", or mentions PHI detection, HIPAA compliance, healthcare data privacy, medical record security, logging PHI violations, authentication checks for health data, or healthcare data formats (FHIR, HL7, CDA).
Create diagrams, charts, and visual assets for security documentation. Generate network diagrams, architecture visuals, and data visualizations. Use when creating visual content for reports or presentations.
Generates and reviews test scenarios based on IPA non-functional grade standards. Analyzes system requirements to identify critical test viewpoints for performance, security, and availability.
OWASP IoT Top 10 - prevention, detection, and remediation for IoT device and ecosystem security. Use when designing or reviewing IoT devices - passwords, network services, ecosystem interfaces, secure updates, components, data transfer/storage, device management, default settings, physical hardening, privacy.
OWASP Top 10 for LLM Applications - prevention, detection, and remediation for LLM and GenAI security. Use when building or reviewing LLM apps - prompt injection, information disclosure, training/supply chain, poisoning, output handling, excessive agency, system prompt leakage, vectors/embeddings, misinformation, unbounded consumption.
Schedules Claude Code tasks to run automatically at specific times using native OS schedulers (launchd on macOS, crontab on Linux, Task Scheduler on Windows). Handles one-time tasks like "today at 3pm remind me to deploy", "tomorrow morning run the test suite", "next Tuesday at 2pm review the API changes", "January 15th check the quarterly metrics". Also handles recurring tasks like "every weekday at 9am review yesterday's code", "daily at 6pm summarize what I accomplished", "every Monday at 10am check for security vulnerabilities", "every 4 hours check API health". Recognizes time formats like "at 9am", "at 1015am", "at 10:30pm", "at noon", relative times like "tomorrow", "tonight", "later", "next week", and dates like "January 15th". Use this skill instead of executing immediately whenever the user's request contains a time expression like "at Xam", "tomorrow", or any future time reference.