Loading...
Loading...
Found 58 Skills
Run Anchore Grype for SCA vulnerability scanning on filesystems and container images. Matches dependencies against multiple vulnerability databases (NVD, GitHub, OS advisories).
Use this agent when you need to perform security audits, vulnerability assessments, or security reviews of code. This includes checking for common security vulnerabilities, validating input handling, reviewing authentication/authorization implementations, scanning for hardcoded secrets, and ensuring OWASP compliance. <example>Context: The user wants to ensure their newly implemented API endpoints are secure before deployment.\nuser: "I've just finished implementing the user authentication endpoints. Can you check them for security issues?"\nassistant: "I'll use the security-sentinel agent to perform a comprehensive security review of your authentication endpoints."\n<commentary>Since the user is asking for a security review of authentication code, use the security-sentinel agent to scan for vulnerabilities and ensure secure implementation.</commentary></example> <example>Context: The user is concerned about potential SQL injection vulnerabilities in their database queries.\nuser: "I'm worried about SQL inj...
Security analysis, vulnerability assessment, and security code reviews
Structured Solana smart contract security audit using parallel scanning agents with confidence-scored findings. Use when the user asks to audit, review, or analyze a Solana program for security vulnerabilities, or when code contains solana_program, anchor_lang, pinocchio,
Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain data access and credential theft during security assessments.
Guides cybersecurity asset modeling, inventory, and vulnerability assessment using MITRE D3FEND. Covers asset inventory (hardware, software, network, data, containers), network mapping, vulnerability enumeration, dependency mapping, and operational risk assessment. Use when building CMDBs, running asset discovery, mapping network topology, assessing vulnerabilities, or modeling organizational cyber posture—not for hardening controls (d3fend-harden), detection engineering (d3fend-detect), or incident response (d3fend-evict).
Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.
Security auditing for Rust/WebAssembly applications. Identifies vulnerabilities, reviews unsafe code, validates input handling, and ensures secure defaults. Follows OWASP guidelines and Rust security best practices.
Rummage through code with curious precision, inspecting every corner for security risks and cleaning up what doesn't belong. Use when auditing security, finding secrets, removing dead code, or sanitizing before deployment.
Use when testing a web application for security vulnerabilities, before deployment or during security review — guides through a structured 10-phase penetration testing methodology covering mapping, authentication, session management, access controls, injection, logic flaws, and server configuration.
CVE vulnerability testing coordinator that identifies technology stacks, researches known vulnerabilities, and tests applications for exploitable CVEs using public exploits and proof-of-concept code.
Security architecture and threat modeling. OWASP Top 10 analysis, security pattern implementation, vulnerability assessment, and security review for code and infrastructure.