Loading...
Loading...
Found 348 Skills
Detect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and WriteOwner abuse paths
Review a GitLab Merge Request and provide findings, and post structured review comments with issue explanation plus pseudo code fixes. Use this skill when asked to review a Gitlab Merge request.
Reviews changes for correctness, edge cases, style, security, and maintainability with severity levels (Blocker/Major/Minor/Nit). Use before finalizing changes.
OWASP security guidelines and Top 10 vulnerabilities USE WHEN: user mentions "OWASP", "security audit", "vulnerability scan", asks about "injection", "XSS", "CSRF", "access control", "authentication security" DO NOT USE FOR: OWASP Top 10:2025 specific - use `owasp-top-10` instead
This skill should be used when the user asks to 'find a token on TRON', 'search TRC-20 token', 'token info on TRON', 'who holds this TRON token', 'is this TRON token safe', 'top TRON tokens', 'trending tokens on TRON', 'token market cap on TRON', 'holder distribution', 'verify TRON contract', or mentions searching for TRC-20 tokens, checking token metadata, holder analysis, contract verification, or discovering trending tokens on the TRON network. For live prices and K-line charts, use tron-market. For swap execution, use tron-swap.
Parallel 3-reviewer code review orchestration: launch Security, Business-Logic, and Architecture reviewers simultaneously, aggregate findings by severity, and produce a unified BLOCK/FIX/APPROVE verdict. Use when reviewing PRs with 5+ files, security-sensitive changes, new features needing broad coverage, or when user requests "parallel review", "comprehensive review", or "full review". Do NOT use for single-file fixes, documentation-only changes, or when systematic-code-review (sequential) is sufficient.
Audit and harden OpenClaw deployments and interpret `openclaw security audit` findings. Use when the user wants to secure OpenClaw, review gateway exposure/auth/reverse proxies/Tailscale Serve or Funnel, check DM/group access (pairing, allowlists, mention gating, `session.dmScope`), minimise tool permissions and sandboxing, review plugins/skills/secrets/transcripts/log retention, or lock down Docker/macOS/laptop/EC2 installs. Not for generic OS, Docker, or cloud hardening unrelated to OpenClaw.
Use this skill to audit existing table permissions on a Power Pages site. Trigger examples: "audit permissions", "check permissions", "review table permissions", "are my permissions correct", "permission security audit", "verify permissions setup", "check for permission issues", "permission health check". This skill analyzes existing table permissions against the site code and Dataverse metadata, generates an HTML audit report with findings grouped by severity (critical, warning, info, pass), and suggests fixes for any issues found.
Produce a report-only HIPAA, PHI, and PII audit for healthcare codebases and delivery systems. Inspects code, configs, data flows, integrations, logging, and deployment boundaries for privacy and security gaps without modifying code.
Multi-perspective code review strategy covering architecture, security, performance, and quality. Follow when reviewing code or analyzing changes.
Security Check - Security review for skills before installation. Triggers: Before installing new skills, regular review of installed skills, or when security issues with a skill are suspected. Security Checks: - Dangerous Commands: rm -rf, sudo, curl|bash, etc. - Network Requests: Potential data leakage risks - File Writes: Writing to sensitive locations - Credentials: Risk of API key/password leakage - Resource Exhaustion: Infinite loops - Privilege Escalation: Privilege escalation attempts - External Dependencies: Suspicious dependencies Commands: - /安检 <skill-path> - Review skill security - /安检 scan <path> - Deep scan - /安检 list - List risks of installed skills - /安检 fix <skill> - Fix security issues - /security <skill-path> - English command Actions: - Auto-fix: Remove or replace dangerous code - Disable: Disable dangerous features - User Confirm: User chooses whether to proceed - Block: Block installation for severe risks Capabilities: Static code analysis, dangerous pattern recognition, risk assessment, auto-fix, user interactive decision making.
Analyze HTTP security headers of web domains to identify vulnerabilities and misconfigurations. Use when you need to audit website security headers, assess header compliance, or get security recommendations for web applications. Trigger with phrases like "analyze security headers", "check HTTP headers", "audit website security headers", or "evaluate CSP and HSTS configuration".