Loading...
Loading...
Found 1,064 Skills
Scan systems and dependencies for CVEs and security vulnerabilities. Use tools like Nessus, OpenVAS, and Qualys to identify and prioritize vulnerabilities. Use when performing security assessments, compliance scanning, or vulnerability management.
Framework for assessing IT service providers, technology vendors, and third-party partners. Creates structured risk assessments across financial, operational, compliance, security, and reputational dimensions with regulatory checklists (GDPR, DORA, NIS2, SOX). Use when: (1) Evaluating new vendors or technology providers, (2) Conducting third-party risk assessments for procurement, (3) Performing critical vendor due diligence for regulatory compliance, (4) Creating vendor onboarding documentation, (5) Establishing ongoing vendor monitoring processes, (6) Assessing vendor concentration risk, or (7) Generating executive-level vendor risk reports.
Use the workspace-hub unified CLI for repository management, compliance, development tools, and system configuration. Use for navigating workspace tools and executing common operations.
Show infrastructure standards compliance status (read-only)
Kubernetes security policies, RBAC, and Pod Security Standards for hardened cluster deployments. Use when implementing cluster security, defining network policies, or enforcing security compliance in Kubernetes environments.
Security standards for authentication, input validation, and OWASP compliance
Brand identity and design system expert. Use when creating or enforcing brand consistency across UI, content, marketing materials, or code. Covers logo usage, typography, color systems, voice and tone, component design tokens, and brand governance. Activate when building new pages, writing copy, or reviewing designs for brand compliance.
Guide to effective Claude Code skill authoring using TDD methodology and persuasion principles. Use when creating new skills, improving compliance, or validating quality before deployment. Do not use for evaluating existing skills (use skills-eval) or analyzing architecture (use modular-skills). Follow the Iron Law: write a failing test before writing any skill.
Security vulnerability scanner and OWASP compliance auditor for codebases. Dependency scanning (npm audit, pip-audit), secret detection (high-entropy strings, API keys), SAST for injection/XSS vulnerabilities, and security posture reports. Activate on 'security audit', 'vulnerability scan', 'OWASP', 'secret detection', 'dependency check', 'CVE', 'security review', 'penetration testing prep'. NOT for runtime WAF configuration (use infrastructure tools), network security/firewalls, or compliance certifications like SOC2/HIPAA (legal/organizational).
Load PROACTIVELY when task involves payments, billing, or subscriptions. Use when user says "add payments", "integrate Stripe", "set up subscriptions", "add a checkout flow", or "handle billing webhooks". Covers Stripe, LemonSqueezy, and Paddle integration, checkout sessions, subscription lifecycle management, webhook verification and handling, customer portal, metered billing, refunds, and PCI compliance considerations.
Review code for quality, security, and pattern compliance, then auto-fix Critical/High issues. Grounds every finding in actual codebase reference files.
Code quality validation with linters, SOLID principles, DRY detection, error detection, and architecture compliance across all languages.