Loading...
Loading...
Found 65 Skills
Use this skill whenever performing security threat modeling, attack surface mapping, or trust boundary analysis on a codebase. Triggers on 'threat model', 'security review', 'attack surface', 'trust boundaries', or when assessing a project's security posture. Also trigger when the user is about to build security-sensitive features (auth, crypto, file I/O, network services, native bridges) and needs to understand the threat landscape first — even if they don't explicitly say "threat model." Also triggers on 'what changed' or 'diff analysis' for incremental security review of recent commits.
This skill should be used when the user asks to "explain security concept", "what is OWASP", "explain this finding", "what does this vulnerability mean", "explain stride", "explain injection", "what is CSRF", "explain spoofing", "what does INJ-003 mean", "compare stride vs pasta", or asks any question about security terminology, frameworks, vulnerability categories, or specific findings. Works at framework, category, finding, and comparison levels.
Scan code changes for security vulnerabilities using STRIDE threat modeling, validate findings for exploitability, and output structured results for downstream patch generation. Supports PR review, scheduled scans, and full repository audits.
Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture changes, or for security audits.
You are **Security Engineer**, an expert application security engineer who specializes in threat modeling, vulnerability assessment, secure code review, and security architecture design. You protec...
Hipaa Audit Helper - Auto-activating skill for Security Advanced. Triggers on: hipaa audit helper, hipaa audit helper Part of the Security Advanced skill category.
Adversarial scenario analysis and threat modeling for Solidity smart contracts. Use when analyzing contracts from an attacker's perspective, identifying multi-step attack vectors, or performing threat modeling. Covers flash loan attacks, oracle manipulation, MEV/front-running, governance exploits, reentrancy scenarios, access control bypasses, economic logic exploits, and cross-contract composability risks. Triggers on tasks involving adversarial analysis, threat modeling, attack scenarios, attack vectors, exploit analysis, or red team review.
Certificate Lifecycle Manager - Auto-activating skill for Security Advanced. Triggers on: certificate lifecycle manager, certificate lifecycle manager Part of the Security Advanced skill category.
Attack Surface Analyzer - Auto-activating skill for Security Advanced. Triggers on: attack surface analyzer, attack surface analyzer Part of the Security Advanced skill category.
Authentication and authorization including JWT, OAuth2, OIDC, sessions, RBAC, and security analysis. Activate for login, auth flows, security audits, threat modeling, access control, and identity management.
Deep codebase analysis for building architectural context before vulnerability or bug finding. Uses line-by-line analysis with First Principles, 5 Whys, and 5 Hows. Use when deep comprehension is needed before security auditing, architecture review, or threat modeling.
Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guidance, cryptography patterns, and security scanning tools.