Loading...
Loading...
Found 386 Skills
Review the current branch diff for real bugs and security issues, verify findings against surrounding code, and report only issues that survive context checks. Runs as a forked review workflow so the audit has separate reasoning budget and stays isolated from the main task flow. Use when the user asks to find bugs, review changes, or audit branch risk.
Perform read-only reviews of code changes (`git diff`) for quality, architecture compliance, and security (OWASP Top 10) by delegating to Agent tools. Use for self-reviews before committing/creating PRs, or when requesting "review changes" or "code review". Use implement-review-pr for GitHub PR reviews.
Adversarial code review that breaks the self-review monoculture. Use when you want a genuinely critical review of recent changes, before merging a PR, or when you suspect Claude is being too agreeable about code quality. Forces perspective shifts through hostile reviewer personas that catch blind spots the author's mental model shares with the reviewer.
Validate code quality, test coverage, performance, and security. Use when verifying implemented features meet all standards and requirements before marking complete.
Expert-level code review focusing on quality, security, performance, and maintainability. Use this skill for conducting thorough code reviews, identifying issues, and providing constructive feedback.
Security audit for vulnerabilities, compliance issues, and sensitive data exposure. Use before production deployments or when reviewing security-sensitive code.
Monitor, analyze, and optimize AWS cloud costs. Tracks spending patterns, identifies optimization opportunities, and manages budgets with alerts and recommendations.
Upgrades Python pip/poetry/pipenv dependencies with breaking change handling
Performs security audits and vulnerability assessments on Ruby on Rails application code. Use when reviewing Rails code for security risks, assessing authentication or authorization, auditing parameter handling, redirects, file uploads, secrets management, or checking for XSS, CSRF, SSRF, SQL injection, and other common vulnerabilities.
Local Code Review - analyzes code changes and provides structured feedback before commit
Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing C/C++/Rust code handling secrets, keys, passwords, or other sensitive data.
This skill should be used when the user asks to "check for SSRF", "analyze server-side request forgery", "find URL fetching vulnerabilities", "check for internal network access", or mentions "SSRF", "URL fetching", "cloud metadata", "169.254.169.254", or "request forgery" in a security context. Maps to OWASP Top 10 2021 A10: Server-Side Request Forgery.