Loading...
Loading...
Found 38 Skills
Security assessment skill for reconnaissance, endpoint/service enumeration, and attack-surface mapping. Use when prompts include recon, enumerate, map endpoints, discover assets, inventory interfaces, fingerprint technologies, or identify control-plane surfaces. Do not use when the request is exploit development, payload execution, or final report writing only.
Penetration Test Planner - Auto-activating skill for Security Advanced. Triggers on: penetration test planner, penetration test planner Part of the Security Advanced skill category.
Soc2 Compliance Checker - Auto-activating skill for Security Advanced. Triggers on: soc2 compliance checker, soc2 compliance checker Part of the Security Advanced skill category.
Cloud Security Posture - Auto-activating skill for Security Advanced. Triggers on: cloud security posture, cloud security posture Part of the Security Advanced skill category.
Hardens designs and implementations with structured security reviews.
Application security covering threat modeling (STRIDE), OWASP Top 10 (2025), OWASP API Security Top 10 (2023), secure coding review, authentication/authorization patterns, input validation, encryption, security headers, supply chain security, compliance (GDPR/HIPAA/SOC2/PCI-DSS), and security monitoring. Use when reviewing code for vulnerabilities, implementing auth patterns, securing APIs, configuring security headers, hardening supply chain, preventing injection attacks, or preparing for compliance audits.
This skill should be used when the user asks to "run PASTA analysis", "PASTA threat model", "risk-centric threat analysis", or invokes /appsec:pasta. Dispatches 7 stages SEQUENTIALLY -- each stage's output feeds the next. This is the ONLY framework that runs sequentially.
This skill should be used when the user asks to "calculate risk scores", "prioritize mitigations", "generate remediation roadmap", "analyze business impact", or is running PASTA stage 7. Also triggers when the user asks about risk-weighted findings, compliance gap analysis, or executive security summary in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 7 of 7).
This skill should be used when the user asks to "simulate attacks", "build attack trees", "model exploit chains", "score exploitability", or is running PASTA stage 6. Also triggers when the user asks about attack scenarios, red team simulation, DREAD scoring, or detection gap analysis in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 6 of 7).
Adversarial scenario analysis and threat modeling for Solidity smart contracts. Use when analyzing contracts from an attacker's perspective, identifying multi-step attack vectors, or performing threat modeling. Covers flash loan attacks, oracle manipulation, MEV/front-running, governance exploits, reentrancy scenarios, access control bypasses, economic logic exploits, and cross-contract composability risks. Triggers on tasks involving adversarial analysis, threat modeling, attack scenarios, attack vectors, exploit analysis, or red team review.
Security analysis, vulnerability assessment, and security code reviews
Authentication and authorization including JWT, OAuth2, OIDC, sessions, RBAC, and security analysis. Activate for login, auth flows, security audits, threat modeling, access control, and identity management.