Loading...
Loading...
Found 2,578 Skills
Validates environment variables in CI, prevents secret leaks, enforces masking, and provides fail-fast validation with clear documentation. Use for "secrets management", "env var validation", "credential security", or "secret masking".
Turns npm audit/Snyk results into prioritized patch plans with severity assessment, safe upgrade paths, breaking change analysis, and rollback strategies. Use for "dependency security", "vulnerability patching", "npm audit", or "security updates".
Creates comprehensive threat models using STRIDE methodology with asset identification, threat enumeration, mitigation strategies, and residual risk assessment. Use for "threat modeling", "security analysis", "STRIDE", or "risk assessment".
General software development best practices covering code quality, testing, security, performance, and maintainability across technology stacks
NestJS best practices and patterns for building scalable, maintainable backend applications. This skill should be used when writing, reviewing, or refactoring NestJS code to ensure proper architecture, security, performance, and code quality. Triggers on tasks involving NestJS modules, controllers, services, guards, pipes, middleware, Prisma database operations, authentication, or any NestJS-specific patterns.
Security scanner for vibe-coded projects. AUTO-INVOKE this skill before any git commit, git push, or when user says "commit", "push", "ship it", "deploy", "is this safe?", "check for security issues", or "goodvibesonly". Also invoke after generating code that handles user input, authentication, database queries, or file operations.
Analyzes project dependencies for known security vulnerabilities using npm audit, pip-audit, or similar tools. Use when auditing packages, checking for CVEs, or updating vulnerable dependencies.
Scans code for security vulnerabilities, identifies CVE patterns, and provides severity ratings with remediation guidance. Use when scanning for security issues, code vulnerabilities, or OWASP top 10 problems.
Terraform and Infrastructure as Code optimization guidelines from Terramate. This skill should be used when writing, reviewing, or refactoring Terraform/OpenTofu code to ensure optimal patterns for security, maintainability, and reliability. Triggers on tasks involving Terraform modules, infrastructure provisioning, state management, or IaC optimization.
Expert session decisions for iOS/tvOS: token storage security levels, refresh flow architectures, multi-session handling strategies, and logout cleanup requirements. Use when implementing authentication, debugging token issues, or designing session architecture. Trigger keywords: session, authentication, token, Keychain, refresh token, access token, JWT, OAuth2, logout, session expiration, KeychainHelper, SecItemAdd, kSecAttrAccessible
Intershop Commerce Management (ICM) backend development best practices. This skill should be used when writing, reviewing, or refactoring ICM Java code to ensure optimal patterns for customization, performance, B2B features, security, testing, and maintainability. Triggers on tasks involving ICM cartridge development, REST API creation, business objects, pipelines, database operations, jobs, events, or search.
Run Opengrep for pattern-based code search and security scanning. Use when grep is insufficient for finding code patterns that require structural understanding (function calls, data flow, nested structures). Also use for security vulnerability detection with custom YAML rules.