Loading...
Loading...
Found 31 Skills
Use when the user asks to perform security audits, penetration testing, vulnerability scanning, OWASP Top 10 checks, or offensive security assessments. Covers static analysis, dependency scanning, secret detection, API security testing, and pen test report generation.
Guideline for designing, implementing, and verifying secure Python applications following OWASP Top 10 best practices. Use when the user wants to: (1) review Python code for security vulnerabilities, (2) design a secure Python application architecture, (3) implement security features (authentication, authorization, cryptography, input validation), (4) audit Python dependencies for known vulnerabilities, (5) create security checklists or verification plans, (6) fix security bugs or harden existing Python code, (7) set up security testing and static analysis (bandit, safety, semgrep), or (8) handle any Python security concern including injection prevention, secure deserialization, SSRF protection, secrets management, and secure deployment.
Guideline for designing, implementing, and verifying secure TypeScript and JavaScript applications following OWASP Top 10 best practices. Use when the user wants to: (1) review TypeScript or JavaScript code for security vulnerabilities, (2) design a secure Node.js, Deno, or browser application architecture, (3) implement security features (authentication, authorization, cryptography, input validation), (4) audit npm/yarn/pnpm dependencies for known vulnerabilities, (5) create security checklists or verification plans, (6) fix security bugs or harden existing TypeScript or JavaScript code, (7) set up security testing and static analysis (ESLint security plugins, Semgrep, Snyk), or (8) handle any TypeScript/JavaScript security concern including injection prevention, prototype pollution, XSS protection, SSRF prevention, secrets management, and secure deployment.
OWASP Top 10 security audit and secure coding guidelines for Laravel + React/Inertia.js applications. Use when auditing for vulnerabilities ("run OWASP audit", "security review", "check my app security") or writing secure Laravel code involving auth, payments, file uploads, or API design. Triggers on security-related tasks, payment handling, authentication, or any request to audit a Laravel codebase.
Run security audit with GitLeaks pre-commit hook setup and code analysis
Expert security engineering covering application security, infrastructure security, threat modeling, penetration testing, and compliance.
Identify security vulnerabilities and anti-patterns providing feedback on security issues a senior developer would catch. Use when user mentions security/vulnerability/safety concerns, code involves user input/authentication/data access, working with sensitive data (passwords/PII/financial), code includes SQL queries/file operations/external API calls, user asks about security best practices, or security-sensitive files are being modified (auth, payment, data access).
Expert in application security, OWASP Top 10, authentication, authorization, data protection, and security best practices for React, Next.js, and NestJS applications
Test automate security vulnerability testing covering OWASP Top 10, SQL injection, XSS, CSRF, and authentication issues. Use when performing security assessments, penetration tests, or vulnerability scans. Trigger with phrases like "scan for vulnerabilities", "test security", or "run penetration test".
Security best practices, OWASP Top 10, and secure coding guidelines
Security review and penetration testing: evaluate your application against OWASP Top 10, authentication security, HTTP headers, CORS, CSP, supply chain risks, and common attack vectors with browser-based validation.
Security vulnerability scanner for any application. Use proactively and aggressively whenever the user asks to review code, perform a security audit, scan for vulnerabilities, look for application improvements, harden security, check for OWASP issues, find secrets, or assess risk. Triggers on phrases like code review, security review, audit, vulnerability, OWASP, CVE, improve security, find issues, look for improvements, secure code, pentest, threat model, harden app, audit deps. If the working directory is empty, ask for a GitHub URL and clone with gh before analyzing. Aligned to OWASP Top 10:2025. Writes a structured report to audit/<YYYY-MM-DD>/report.md in the project root.