Loading...
Loading...
Found 230 Skills
Use when reviewing code, pull requests, or diffs. Provides patterns, checklists, and templates for systematic code review with a focus on correctness, security, readability, performance, and maintainability.
Verify fix commits address audit findings without new bugs
Upgrades Python pip/poetry/pipenv dependencies with breaking change handling
Research-backed code review skill with OWASP Top 10 security checks, SAST tool integration (SonarQube, CodeQL, Snyk), performance pattern detection, and automated quality standards enforcement. Auto-invoked for code review, security audit, PR analysis, and bug checking. Implements 2025 best practices with 92% faster vulnerability remediation.
Full-codebase audit using 1M context window. Security, architecture, and dependency analysis in a single pass. Use when you need whole-project analysis.
Use the squirrelscan CLI (squirrel) to audit websites, covering over 140 rules in SEO, technical aspects, content, performance, security, etc. This skill applies when you need to analyze website health, troubleshoot technical SEO issues, check for broken links, verify meta tags and structured data, generate site audit reports, compare before and after website revamps, or when terms like 'website audit', 'audit website', 'squirrel', 'site health check' are mentioned.
Review secret detection patterns and scanning workflows. Use for identifying high-signal secrets like AWS keys, GitHub tokens, and DB passwords. Use proactively during all security audits to scan code and history. Examples: - user: "Scan for secrets in this repo" → run high-signal rg patterns and gitleaks - user: "Check for AWS keys" → scan for AKIA patterns and server-side exposure - user: "Audit my .env files" → ensure secrets are gitignored and not committed - user: "Verify secret redaction" → check that reported secrets follow 4+4 format - user: "Scan build artifacts for keys" → search dist/ and build/ for secret patterns
Perform general code reviews for PRs and code changes. Evaluate code quality, security, and design based on common standards to make approve/reject decisions. Use this for requests like "Review this PR", "Do a code review", "Pre-merge check", or when executing the gh pr view command.
Coordinates dependency upgrades across all detected package managers
Env & Secrets Manager
Audit AI agent skills for security vulnerabilities. Use when scanning installed skills against the OWASP Agentic Skills Top 10, checking skills before running them, gating CI/CD on skill safety, or generating audit reports (text, JSON, SARIF, HTML) for stakeholders.
Review web application code for bugs, security issues, performance problems, and stack-specific anti-patterns. Use this skill whenever the user wants to review code, debug a production issue, investigate a build failure, audit security, or check a PR before merging. Triggers on code review, review my code, debug, build error, broken, not working, why is X failing, check this code, security check, PR review, audit code, refactor. Also triggers when investigating 4xx or 5xx errors, deploy failures, environment variable issues, and CMS integration problems.