Search Results: security-audit

Found 277 Skills

Code Qualityanthropics/knowledge-work...

code-review

Review code for bugs, security vulnerabilities, performance issues, and maintainability. Trigger with "review this code", "check this PR", "look at this diff", "is this code safe?", or when the user shares code and asks for feedback.

🇺🇸|EnglishTranslated

Security & Complianceprompt-security/clawsec

clawsec-nanoclaw

Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot

🇺🇸|EnglishTranslated

12 scripts/Attention

Security & Compliancewshobson/agents

stride-analysis-patterns

Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

guidelines-advisor

Smart contract development advisor based on Trail of Bits' best practices. Analyzes codebase to generate documentation/specifications, review architecture, check upgradeability patterns, assess implementation quality, identify pitfalls, review dependencies, and evaluate testing. Provides actionable recommendations.

🇺🇸|EnglishTranslated

Code Qualityskillcreatorai/ai-agent-s...

code-review

Automated code review for pull requests using specialized review patterns. Analyzes code for quality, security, performance, and best practices. Use when reviewing code changes, PRs, or doing code audits.

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

audit-prep-assistant

Prepares codebases for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures accessibility, and generates documentation (flowcharts, user stories, inline comments).

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

entry-point-analyzer

Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level (public, admin, role-restricted, contract-only), and generates structured audit reports. Excludes view/pure/read-only functions. Use when auditing smart contracts (Solidity, Vyper, Solana/Rust, Move, TON, CosmWasm) or when asked to find entry points, audit flows, external functions, access control patterns, or privileged operations.

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

constant-time-analysis

Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encountering division on secrets, secret-dependent branches, or constant-time programming questions in C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, or Ruby.

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

firebase-apk-scanner

Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use when analyzing APK files for Firebase vulnerabilities, performing mobile app security audits, or testing Firebase endpoint security. For authorized security research only.

🇺🇸|EnglishTranslated

Security & Compliancejeffallan/claude-skills

security-reviewer

Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.

🇺🇸|EnglishTranslated

Code Qualitydavila7/claude-code-templ...

code-review

Perform code reviews following Sentry engineering practices. Use when reviewing pull requests, examining code changes, or providing feedback on code quality. Covers security, performance, testing, and design review.

🇺🇸|EnglishTranslated

Security & Compliancetrailofbits/skills

insecure-defaults

Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.

🇺🇸|EnglishTranslated