Loading...
Loading...
Found 2,245 Skills
Apiiro CLI commands for querying the Guardian AI agent: ask security questions, get analysis and insights about a repository, and manage repository detection. Use this skill whenever the user wants AI-powered security analysis, security posture review, or wants to ask questions about their codebase's security. Also trigger when they need deep analysis of authentication flows, attack surfaces, or want an AI to explain security concepts. Even without mentioning "apiiro" or "guardian", trigger when the user asks things like "is this code secure?", "what's the attack surface here?", or "explain this vulnerability". For dedicated STRIDE threat modeling of a design or feature spec, use the apiiro-threat-model skill instead. For fixing a known risk, use apiiro-fix.
Verifies that git commits address security audit findings without introducing bugs. This skill should be used when the user asks to "verify these commits fix the audit findings", "check if TOB-XXX was addressed", "review the fix branch", "validate remediation commits", "did these changes address the security report", "post-audit remediation review", "compare fix commits to audit report", or when reviewing commits against security audit reports.
Professional Skills and Methodologies for API Security Testing
AWS CloudFormation patterns for EC2 instances, Security Groups, IAM roles, and load balancers. Use when creating EC2 instances, SPOT instances, Security Groups, IAM roles for EC2, Application Load Balancers (ALB), Target Groups, and implementing template structure with Parameters, Outputs, Mappings, Conditions, and cross-stack references.
Comprehensive quality gate integrating linting, type checking, specification review, and security auditing.
Expert at quality-focused code review with security emphasis. Use when reviewing code changes, performing security audits, identifying bugs, ensuring code quality and maintainability, or analyzing pull requests for issues.
Expert in Windows security hardening and PowerShell security configuration. Specializes in securing automation, enforcing least privilege, and aligning with enterprise security baselines. Use for securing PowerShell environments and Windows systems. Triggers include "PowerShell security", "constrained language mode", "JEA", "execution policy", "security baseline", "PowerShell logging".
Create Claude Code hooks with proper schemas, RBAC integration, and performance requirements. Use when implementing PreToolUse, PostToolUse, SessionStart, or any of the 10 hook event types for automation, validation, or security enforcement.
Apply Convex database best practices for cost optimization, performance, security, and architecture. Use when: building Convex backends, optimizing queries, handling embeddings/vector search, reviewing Convex code, designing schemas, planning migrations, or discussing Convex architecture. Keywords: Convex, real-time database, queries, mutations, actions, indexes, pagination, vector search, embeddings, schema, migrations, ctx.auth, convex-helpers, bandwidth.
Principal backend engineering intelligence for Java services and distributed systems. Actions: plan, design, build, implement, review, fix, optimize, refactor, debug, secure, scale backend code and architectures. Focus: correctness, reliability, performance, security, observability, scalability, operability, cost.
Write GitHub Actions workflows with proper syntax, reusable workflows, composite actions, matrix builds, caching, and security best practices. Use when creating CI/CD workflows for GitHub-hosted projects or automating GitHub repository tasks.
Environment variable validation, security scanning, and management for Next.js, Vite, React, and Node.js applications